summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* upstream: expose vasnmprintf(); ok (as part of other commit) markusdjm@openbsd.org2020-05-012-4/+4
| | | | | | deraadt OpenBSD-Commit-ID: 2e80cea441c599631a870fd40307d2ade5a7f9b5
* upstream: avoid NULL dereference when attempting to convert invaliddjm@openbsd.org2020-05-011-4/+5
| | | | | | ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298
* See if SA_RESTART signals will interrupt select().Darren Tucker2020-05-012-0/+39
| | | | | | | | | | | On some platforms (at least older HP-UXes such as 11.11, possibly others) setting SA_RESTART on signal handers will cause it to not interrupt select(), at least for calls that do not specify a timeout. Try to detect this and if found, don't use SA_RESTART. POSIX says "If SA_RESTART has been set for the interrupting signal, it is implementation-dependent whether select() restarts or returns with [EINTR]" so this behaviour is within spec.
* fix reversed testDamien Miller2020-05-011-1/+1
|
* wrap sha2.h inclusion in #ifdef HAVE_SHA2_HDamien Miller2020-05-011-0/+2
|
* upstream: adapt dummy FIDO middleware to API change; ok markus@djm@openbsd.org2020-05-011-4/+10
| | | | OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
* upstream: tweak previous; ok markusjmc@openbsd.org2020-05-011-3/+3
| | | | OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd
* upstream: bring back debug() removed in rev 1.74; noted by pradeepmarkus@openbsd.org2020-05-011-1/+2
| | | | | | kumar OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65
* upstream: run the 2nd ssh with BatchMode for scp -3markus@openbsd.org2020-05-012-4/+8
| | | | OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748
* upstream: when signing a challenge using a FIDO toke, perform thedjm@openbsd.org2020-05-014-18/+37
| | | | | | | | hashing in the middleware layer rather than in ssh code. This allows middlewares that call APIs that perform the hashing implicitly (including Microsoft's AFAIK). ok markus@ OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d
* upstream: Fix comment typo. Patch from mforney at mforney.org.dtucker@openbsd.org2020-05-011-2/+2
| | | | OpenBSD-Commit-ID: 3565f056003707a5e678e60e03f7a3efd0464a2b
* upstream: We've standardized on memset over bzero, replace a coupledtucker@openbsd.org2020-05-012-4/+4
| | | | | | that had slipped in. ok deraadt markus djm. OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6
* Include sys/byteorder.h for htons and friends.Darren Tucker2020-05-012-0/+4
| | | | | | These are usually in netinet/in.h but on HP-UX they are not defined if _XOPEN_SOURCE_EXTENDED is set. Only needed for netcat in the regression tests.
* Fix conditional for openssl-based chacha20.Darren Tucker2020-05-011-1/+1
| | | | | Fixes warnings or link errors when building against older OpenSSLs. ok djm
* Error out if given RDomain if unsupported.Darren Tucker2020-04-241-0/+6
| | | | | | | If the config contained 'RDomain %D' on a platform that did not support it, the error would not be detected until runtime resulting in a broken sshd. Detect this earlier and error out if found. bz#3126, based on a patch from jjelen at redhat.com, tweaks and ok djm@
* upstream: Fix incorrect error message for "too many known hosts files."dtucker@openbsd.org2020-04-241-2/+2
| | | | | | bz#3149, patch from jjelen at redhat.com. OpenBSD-Commit-ID: e0fcb07ed5cf7fd54ce340471a747c24454235e5
* upstream: Remove leave_non_blocking() which is now dead codedtucker@openbsd.org2020-04-241-16/+1
| | | | | | | because nothing sets in_non_blocking_mode any more. Patch from michaael.meeks at collabora.com, ok djm@ OpenBSD-Commit-ID: c403cefe97a5a99eca816e19cc849cdf926bd09c
* upstream: ce examples of "Ar arg Ar arg" with "Ar arg arg" andjmc@openbsd.org2020-04-241-4/+4
| | | | | | stop the spread; OpenBSD-Commit-ID: af0e952ea0f5e2019c2ce953ed1796eca47f0705
* Update .depend.Darren Tucker2020-04-241-3/+4
|
* Mailing list is now closed to non-subscribers.Darren Tucker2020-04-221-4/+4
| | | | While there, add a reference to the bugzilla. ok djm@
* Put the values from env vars back.Darren Tucker2020-04-221-18/+18
| | | | | This merges the values from the recently removed environment into make's command line arguments since we actually need those.
* Pass configure's egrep through to test-exec.sh.Darren Tucker2020-04-222-0/+11
| | | | | | Use it to create a wrapper function to call it from tests. Fixes the keygen-comment test on platforms with impoverished default egrep (eg Solaris).
* Remove unneeded env vars from t-exec invocation.Darren Tucker2020-04-221-20/+0
|
* upstream: Backslash '$' at then end of string. Prevents warning ondtucker@openbsd.org2020-04-221-1/+1
| | | | | | some shells. OpenBSD-Regress-ID: 5dc27ab624c09d34078fd326b10e38c1ce9c741f
* Sync rev 1.49.Darren Tucker2020-04-211-3/+3
| | | | | Prevent infinite for loop since i went from ssize_t to size_t. Patch from eagleoflqj via OpenSSH github PR#178, ok djm@, feedback & ok millert@
* upstream: regression test for printing of private key fingerprints anddjm@openbsd.org2020-04-202-3/+55
| | | | | | | key comments, mostly by loic AT venez.fr (slightly tweaked for portability) ok dtucker@ OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004
* upstream: fix a bug I introduced in r1.406: when printing private keydjm@openbsd.org2020-04-201-10/+14
| | | | | | | fingerprint of old-format key, key comments were not being displayed. Spotted by loic AT venez.fr, ok dtucker OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533
* upstream: repair private key fingerprint printing to also printdjm@openbsd.org2020-04-171-9/+8
| | | | | | | comment after regression caused by my recent pubkey loading refactor. Reported by loic AT venez.fr, ok dtucker@ OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e
* upstream: refactor out some duplicate private key loading code;djm@openbsd.org2020-04-171-34/+9
| | | | | | based on patch from loic AT venez.fr, ok dtucker@ OpenBSD-Commit-ID: 5eff2476b0d8d0614924c55e350fb7bb9c84f45e
* upstream: add space beteen macro arg and punctuation;jmc@openbsd.org2020-04-171-2/+2
| | | | OpenBSD-Commit-ID: c93a6cbb4bf9468fc4c13e64bc1fd4efee201a44
* upstream: auth2-pubkey r1.89 changed the order of operations todjm@openbsd.org2020-04-171-5/+3
| | | | | | | checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand if no key was found in a file. Document this order here; bz3134 OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
* sys/sysctl.h is only used on OpenBSDDamien Miller2020-04-171-1/+1
| | | | | so change the preprocessor test used to include it to check __OpenBSD__, matching the code that uses the symbols it declares.
* upstream: fix reversed test that caused IdentitiesOnly=yes to notdjm@openbsd.org2020-04-171-2/+2
| | | | | | apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@ OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677
* upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv aredjm@openbsd.org2020-04-171-3/+3
| | | | | | | not considered for HostbasedAuthentication when the target user is root; bz3148 OpenBSD-Commit-ID: fe4c1256929e53f23af17068fbef47852f4bd752
* upstream: make IgnoreRhosts a tri-state option: "yes" ignoredjm@openbsd.org2020-04-174-14/+43
| | | | | | | rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@ OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9
* upstream: allow the IgnoreRhosts directive to appear anywhere in adjm@openbsd.org2020-04-172-4/+6
| | | | | | sshd_config, not just before any Match blocks; bz3148, ok dtucker@ OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a62bf3825736e8
* upstream: add space between macro arg and punctuation;jmc@openbsd.org2020-04-171-3/+3
| | | | OpenBSD-Commit-ID: e579e4d95eef13059c30931ea1f09ed8296b819c
* Add sys/syscall.h for syscall numbers.Darren Tucker2020-04-151-0/+1
| | | | | | In some architecture/libc configurations we need to explicitly include sys/syscall.h for the syscall number (__NR_xxx) definitions. bz#3085, patch from blowfist at xroutine.net.
* upstream: Refactor private key parsing. Eliminates a fair bit ofdjm@openbsd.org2020-04-111-147/+40
| | | | | | | | | duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key type check in the ECDSA_CERT parsing path. feedback and ok markus@ OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9
* upstream: Add tests for TOKEN expansion of LocalForward anddtucker@openbsd.org2020-04-101-2/+9
| | | | | | RemoteForward. OpenBSD-Regress-ID: 90fcbc60d510eb114a2b6eaf4a06ff87ecd80a89
* upstream: Add utf8.c for asmprintf used by krl.cdtucker@openbsd.org2020-04-104-4/+8
| | | | OpenBSD-Regress-ID: 433708d11165afdb189fe635151d21659dd37a37
* upstream: Add TOKEN percent expansion to LocalFoward and RemoteForwarddtucker@openbsd.org2020-04-102-59/+109
| | | | | | | | when used for Unix domain socket forwarding. Factor out the code for the config keywords that use the most common subset of TOKENS into its own function. bz#3014, ok jmc@ (man page bits) djm@ OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
* upstream: let sshkey_try_load_public() load public keys from thedjm@openbsd.org2020-04-081-1/+37
| | | | | | | | | unencrypted envelope of private key files if not sidecar public key file is present. ok markus@ OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040
* upstream: simplify sshkey_try_load_public()djm@openbsd.org2020-04-081-39/+19
| | | | | | ok markus@ OpenBSD-Commit-ID: 05a5d46562aafcd70736c792208b1856064f40ad
* upstream: add sshkey_parse_pubkey_from_private_fileblob_type()djm@openbsd.org2020-04-082-2/+68
| | | | | | | | | Extracts a public key from the unencrypted envelope of a new-style OpenSSH private key. ok markus@ OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
* upstream: simplify sshkey_parse_private_fileblob_type()djm@openbsd.org2020-04-081-16/+5
| | | | | | | | | Try new format parser for all key types first, fall back to PEM parser only for invalid format errors. ok markus@ OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77
* upstream: check private key type against requested key type indjm@openbsd.org2020-04-081-1/+7
| | | | | | new-style private decoding; ok markus@ OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662
* upstream: check that pubkey in private key envelope matches actualdjm@openbsd.org2020-04-081-8/+19
| | | | | | | | | | private key (this public key is currently unusued) ok markus@ OpenBSD-Commit-ID: 634a60b5e135d75f48249ccdf042f3555112049c
* upstream: refactor private key parsing a littledjm@openbsd.org2020-04-081-40/+114
| | | | | | | | | | | Split out the base64 decoding and private section decryption steps in to separate functions. This will make the decryption step easier to fuzz as well as making it easier to write a "load public key from new-format private key" function. ok markus@ OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e
* Include openssl-compat.h before checking ifdefs.Darren Tucker2020-04-062-0/+6
| | | | | Fixes problem where unsuitable chacha20 code in libressl would be used unintentionally.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 10:10:42 +0100