summaryrefslogtreecommitdiffstats
path: root/kexgexs.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2018-12-27upstream: fix option letter pasto in previousdjm@openbsd.org1-2/+2
OpenBSD-Commit-ID: e26c8bf2f2a808f3c47960e1e490d2990167ec39
2018-12-27upstream: mention that the ssh-keygen -F (find host indjm@openbsd.org1-5/+7
authorized_keys) and -R (remove host from authorized_keys) options may accept either a bare hostname or a [hostname]:port combo. bz#2935 OpenBSD-Commit-ID: 5535cf4ce78375968b0d2cd7aa316fa3eb176780
2018-12-14expose $SSH_CONNECTION in the PAM environmentDamien Miller2-4/+17
This makes the connection 4-tuple available to PAM modules that wish to use it in decision-making. bz#2741
2018-12-13Don't pass loginmsg by address now that it's an sshbuf*Kevin Adler2-3/+3
In 120a1ec74, loginmsg was changed from the legacy Buffer type to struct sshbuf*, but it missed changing calls to sys_auth_allowed_user and sys_auth_record_login which passed loginmsg by address. Now that it's a pointer, just pass it directly. This only affects AIX, unless there are out of tree users.
2018-12-07upstream: no need to allocate channels_pre/channels_post indjm@openbsd.org1-6/+2
channel_init_channels() as we do it anyway in channel_handler_init() that we call at the end of the function. Fix from Markus Schmidt via bz#2938 OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed
2018-12-07upstream: don't attempt to connect to empty SSH_AUTH_SOCK; bz#293djm@openbsd.org1-2/+2
OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929
2018-12-07upstream: don't truncate user or host name in "user@host'sdjm@openbsd.org1-6/+5
OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360
2018-12-07upstream: tweak previous;jmc@openbsd.org1-4/+4
OpenBSD-Commit-ID: 08f096922eb00c98251501c193ff9e83fbb5de4f
2018-11-25Include stdio.h for FILE if needed.Darren Tucker1-0/+1
2018-11-25Reverse order of OpenSSL init functions.Darren Tucker1-3/+3
Try the new init function (OPENSSL_init_crypto) before falling back to the old one (OpenSSL_add_all_algorithms).
2018-11-25Improve OpenSSL_add_all_algorithms check.Darren Tucker1-1/+10
OpenSSL_add_all_algorithms() may be a macro so check for that too.
2018-11-23upstream: add a ssh_config "Match final" predicatedjm@openbsd.org5-36/+76
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa
2018-11-23upstream: Remove now-unneeded ifdef SIGINFO around handler since it isdtucker@openbsd.org1-3/+1
now always used for SIGUSR1 even when SIGINFO is not defined. This will make things simpler in -portable. OpenBSD-Regress-ID: 4ff0265b335820b0646d37beb93f036ded0dc43f
2018-11-23Move RANDOM_SEED_SIZE outside ifdef.Darren Tucker1-2/+2
RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code This fixes the build with configureed --without-openssl.
2018-11-23Resync with OpenBSD by pulling in an ifdef SIGINFO.Darren Tucker1-0/+2
2018-11-23fix configure test for OpenSSL versionDamien Miller1-1/+1
square brackets in case statements may be eaten by autoconf. Report and fix from Filipp Gunbin; tweaked by naddy@
2018-11-23refactor libcrypto initialisationDamien Miller16-93/+63
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually supports it. Move all libcrypto initialisation to a single function, and call that from seed_rng() that is called early in each tool's main(). Prompted by patch from Rosen Penev
2018-11-22upstream: Output info on SIGUSR1 as well asdtucker@openbsd.org1-1/+1
SIGINFO to resync with portable. (ID sync only). OpenBSD-Regress-ID: 699d153e2de22dce51a1b270c40a98472d1a1b16
2018-11-22upstream: Append pid to temp files in /var/run and set a cleanupdtucker@openbsd.org4-13/+10
trap for them. This allows multiple instances of tests to run without colliding. OpenBSD-Regress-ID: 57add105ecdfc54752d8003acdd99eb68c3e0b4c
2018-11-22upstream: UsePrivilegeSeparation no is deprecateddtucker@openbsd.org4-9/+9
test "yes" and "sandbox". OpenBSD-Regress-ID: 80e685ed8990766527dc629b1affc09a75bfe2da
2018-11-22upstream: add some knobs:djm@openbsd.org8-34/+103
UNITTEST_FAST?= no # Skip slow tests (e.g. less intensive fuzzing). UNITTEST_SLOW?= no # Include slower tests (e.g. more intensive fuzzing). UNITTEST_VERBOSE?= no # Verbose test output (inc. per-test names). useful if you want to run the tests as a smoke test to exercise the functionality without waiting for all the fuzzers to run. OpenBSD-Regress-ID: e04d82ebec86068198cd903acf1c67563c57315e
2018-11-22Resync Makefile.inc with upstream.Darren Tucker1-0/+17
It's unused in -portable, but having it out of sync makes other syncs fail to apply.
2018-11-19upstream: silence (to log level debug2) failure messages whendjm@openbsd.org3-19/+39
loading the default hostkeys. Hostkeys explicitly specified in the configuration or on the command-line are still reported as errors, and failure to load at least one host key remains a fatal error. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Based on patch from Dag-Erling Smørgrav via https://github.com/openssh/openssh-portable/pull/103 ok markus@ OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684
2018-11-19upstream: Fix inverted logic for redirecting ProxyCommand stderr todtucker@openbsd.org1-3/+5
/dev/null. Fixes mosh in proxycommand mode that was broken by the previous ProxyCommand change that was reported by matthieu@. ok djm@ danj@ OpenBSD-Commit-ID: c6fc9641bc250221a0a81c6beb2e72d603f8add6
2018-11-16upstream: redirect stderr of ProxyCommands to /dev/null when ssh isdjm@openbsd.org1-5/+32
started with ControlPersist; based on patch from Steffen Prohaska OpenBSD-Commit-ID: 1bcaa14a03ae80369d31021271ec75dce2597957
2018-11-16upstream: make grandparent-parent-child sshbuf chains robust todjm@openbsd.org1-7/+10
use-after-free faults if the ancestors are freed before the descendents. Nothing in OpenSSH uses this deallocation pattern. Reported by Jann Horn OpenBSD-Commit-ID: d93501d1d2734245aac802a252b9bb2eccdba0f2
2018-11-16upstream: use path_absolute() for pathname checks; from Manoj Ampalamdjm@openbsd.org8-17/+25
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
2018-11-16Test for OPENSSL_init_crypto before using.Darren Tucker2-3/+7
Check for the presence of OPENSSL_init_crypto and all the flags we want before trying to use it (bz#2931).
2018-11-16upstream: disallow empty incoming filename or ones that refer to thedjm@openbsd.org1-2/+3
current directory; based on report/patch from Harry Sintonen OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
2018-11-16upstream: fix bug in client that was keeping a redundant ssh-agentdjm@openbsd.org1-3/+5
socket around for the life of the connection; bz#2912; reported by Simon Tatham; ok dtucker@ OpenBSD-Commit-ID: 4ded588301183d343dce3e8c5fc1398e35058478
2018-11-16upstream: fix bug in HostbasedAcceptedKeyTypes anddjm@openbsd.org1-5/+34
PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were specified, then authentication would always fail for RSA keys as the monitor checks only the base key (not the signature algorithm) type against *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b
2018-11-16upstream: support a prefix of '@' to suppress echo of sftp batchdjm@openbsd.org2-28/+40
commands; bz#2926; ok dtucker@ OpenBSD-Commit-ID: 9d635636bc84aeae796467e059f7634de990a79d
2018-11-16upstream: fix markup error (missing blank before delimiter); fromschwarze@openbsd.org1-3/+3
Mike Frysinger <vapier at gentoo dot org> OpenBSD-Commit-ID: 1bc5392f795ca86318d695e0947eaf71a5a4f6d9
2018-11-16upstream: typo in error message; caught by Debian lintian, viadjm@openbsd.org1-2/+2
Colin Watson OpenBSD-Commit-ID: bff614c7bd1f4ca491a84e9b5999f848d0d66758
2018-11-16upstream: correct local variable name; from yawang AT microsoft.comdjm@openbsd.org1-3/+3
OpenBSD-Commit-ID: a0c228390856a215bb66319c89cb3959d3af8c87
2018-11-16upstream: Import new moduli.dtucker@openbsd.org1-0/+1
OpenBSD-Commit-ID: c07772f58028fda683ee6abd41c73da3ff70d403
2018-11-16upstream: mention ssh-ed25519-cert-v01@openssh.com in list of certdjm@openbsd.org1-1/+2
key type at start of doc OpenBSD-Commit-ID: b46b0149256d67f05f2d5d01e160634ed1a67324
2018-11-16Remove fallback check for /usr/local/ssl.Darren Tucker1-20/+4
If configure could not find a working OpenSSL installation it would fall back to checking in /usr/local/ssl. This made sense back when systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't use that as a default any more. The fallback behaviour also meant that if you pointed --with-ssl-dir at a specific directory and it didn't work, it would silently use either the system libs or the ones in /usr/local/ssl. If you want to use /usr/local/ssl you'll need to pass configure --with-ssl-dir=/usr/local/ssl. ok djm@
2018-11-16Fix check for OpenSSL 1.0.1 exactly.Darren Tucker1-1/+1
Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix compile-time check for 1.0.1 to match.
2018-11-11Improve warnings in cygwin service setup.Darren Tucker1-5/+5
bz#2922, patch from vinschen at redhat.com.
2018-11-11Remove hardcoded service name in cygwin setup.Darren Tucker1-1/+1
bz#2922, patch from Christian.Lupien at USherbrooke.ca, sanity check by vinschen at redhat.com.
2018-11-10AC_CHECK_SIZEOF() no longer needs a second argument.Dag-Erling Smørgrav1-4/+4
2018-11-10Fix error message w/out nistp521.Manoj Ampalam1-0/+4
Correct error message when OpenSSL doesn't support certain ECDSA key lengths.
2018-11-09fix compilation with openssl built without ECCEneas U de Queiroz2-0/+8
ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be guarded by OPENSSL_HAS_ECC Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-11-08Simplify OpenSSL 1.1 function checks.Darren Tucker1-113/+37
Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single AC_CHECK_FUNCS. ok djm@
2018-11-05Fix pasto for HAVE_EVP_CIPHER_CTX_SET_IV.Darren Tucker1-1/+1
Prevents unnecessary redefinition. Patch from mforney at mforney.org.
2018-10-31Import new moduli.Darren Tucker1-427/+451
2018-10-28Update check for minimum OpenSSL version.Darren Tucker1-2/+2
2018-10-28Update required OpenSSL versions to match current.Darren Tucker1-5/+5
2018-10-28Use detected version functions in openssl compat.Darren Tucker1-3/+10
Use detected functions in compat layer instead of guessing based on versions. Really fixes builds with LibreSSL, not just configure.