summaryrefslogtreecommitdiffstats
path: root/mux.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-05-01upstream: avoid NULL dereference when attempting to convert invaliddjm@openbsd.org1-4/+5
ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298
2020-05-01See if SA_RESTART signals will interrupt select().Darren Tucker2-0/+39
On some platforms (at least older HP-UXes such as 11.11, possibly others) setting SA_RESTART on signal handers will cause it to not interrupt select(), at least for calls that do not specify a timeout. Try to detect this and if found, don't use SA_RESTART. POSIX says "If SA_RESTART has been set for the interrupting signal, it is implementation-dependent whether select() restarts or returns with [EINTR]" so this behaviour is within spec.
2020-05-01fix reversed testDamien Miller1-1/+1
2020-05-01wrap sha2.h inclusion in #ifdef HAVE_SHA2_HDamien Miller1-0/+2
2020-05-01upstream: adapt dummy FIDO middleware to API change; ok markus@djm@openbsd.org1-4/+10
OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
2020-05-01upstream: tweak previous; ok markusjmc@openbsd.org1-3/+3
OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd
2020-05-01upstream: bring back debug() removed in rev 1.74; noted by pradeepmarkus@openbsd.org1-1/+2
kumar OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65
2020-05-01upstream: run the 2nd ssh with BatchMode for scp -3markus@openbsd.org2-4/+8
OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748
2020-05-01upstream: when signing a challenge using a FIDO toke, perform thedjm@openbsd.org4-18/+37
hashing in the middleware layer rather than in ssh code. This allows middlewares that call APIs that perform the hashing implicitly (including Microsoft's AFAIK). ok markus@ OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d
2020-05-01upstream: Fix comment typo. Patch from mforney at mforney.org.dtucker@openbsd.org1-2/+2
OpenBSD-Commit-ID: 3565f056003707a5e678e60e03f7a3efd0464a2b
2020-05-01upstream: We've standardized on memset over bzero, replace a coupledtucker@openbsd.org2-4/+4
that had slipped in. ok deraadt markus djm. OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6
2020-05-01Include sys/byteorder.h for htons and friends.Darren Tucker2-0/+4
These are usually in netinet/in.h but on HP-UX they are not defined if _XOPEN_SOURCE_EXTENDED is set. Only needed for netcat in the regression tests.
2020-05-01Fix conditional for openssl-based chacha20.Darren Tucker1-1/+1
Fixes warnings or link errors when building against older OpenSSLs. ok djm
2020-04-24Error out if given RDomain if unsupported.Darren Tucker1-0/+6
If the config contained 'RDomain %D' on a platform that did not support it, the error would not be detected until runtime resulting in a broken sshd. Detect this earlier and error out if found. bz#3126, based on a patch from jjelen at redhat.com, tweaks and ok djm@
2020-04-24upstream: Fix incorrect error message for "too many known hosts files."dtucker@openbsd.org1-2/+2
bz#3149, patch from jjelen at redhat.com. OpenBSD-Commit-ID: e0fcb07ed5cf7fd54ce340471a747c24454235e5
2020-04-24upstream: Remove leave_non_blocking() which is now dead codedtucker@openbsd.org1-16/+1
because nothing sets in_non_blocking_mode any more. Patch from michaael.meeks at collabora.com, ok djm@ OpenBSD-Commit-ID: c403cefe97a5a99eca816e19cc849cdf926bd09c
2020-04-24upstream: ce examples of "Ar arg Ar arg" with "Ar arg arg" andjmc@openbsd.org1-4/+4
stop the spread; OpenBSD-Commit-ID: af0e952ea0f5e2019c2ce953ed1796eca47f0705
2020-04-24Update .depend.Darren Tucker1-3/+4
2020-04-22Mailing list is now closed to non-subscribers.Darren Tucker1-4/+4
While there, add a reference to the bugzilla. ok djm@
2020-04-22Put the values from env vars back.Darren Tucker1-18/+18
This merges the values from the recently removed environment into make's command line arguments since we actually need those.
2020-04-22Pass configure's egrep through to test-exec.sh.Darren Tucker2-0/+11
Use it to create a wrapper function to call it from tests. Fixes the keygen-comment test on platforms with impoverished default egrep (eg Solaris).
2020-04-22Remove unneeded env vars from t-exec invocation.Darren Tucker1-20/+0
2020-04-22upstream: Backslash '$' at then end of string. Prevents warning ondtucker@openbsd.org1-1/+1
some shells. OpenBSD-Regress-ID: 5dc27ab624c09d34078fd326b10e38c1ce9c741f
2020-04-21Sync rev 1.49.Darren Tucker1-3/+3
Prevent infinite for loop since i went from ssize_t to size_t. Patch from eagleoflqj via OpenSSH github PR#178, ok djm@, feedback & ok millert@
2020-04-20upstream: regression test for printing of private key fingerprints anddjm@openbsd.org2-3/+55
key comments, mostly by loic AT venez.fr (slightly tweaked for portability) ok dtucker@ OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004
2020-04-20upstream: fix a bug I introduced in r1.406: when printing private keydjm@openbsd.org1-10/+14
fingerprint of old-format key, key comments were not being displayed. Spotted by loic AT venez.fr, ok dtucker OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533
2020-04-17upstream: repair private key fingerprint printing to also printdjm@openbsd.org1-9/+8
comment after regression caused by my recent pubkey loading refactor. Reported by loic AT venez.fr, ok dtucker@ OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e
2020-04-17upstream: refactor out some duplicate private key loading code;djm@openbsd.org1-34/+9
based on patch from loic AT venez.fr, ok dtucker@ OpenBSD-Commit-ID: 5eff2476b0d8d0614924c55e350fb7bb9c84f45e
2020-04-17upstream: add space beteen macro arg and punctuation;jmc@openbsd.org1-2/+2
OpenBSD-Commit-ID: c93a6cbb4bf9468fc4c13e64bc1fd4efee201a44
2020-04-17upstream: auth2-pubkey r1.89 changed the order of operations todjm@openbsd.org1-5/+3
checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand if no key was found in a file. Document this order here; bz3134 OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
2020-04-17sys/sysctl.h is only used on OpenBSDDamien Miller1-1/+1
so change the preprocessor test used to include it to check __OpenBSD__, matching the code that uses the symbols it declares.
2020-04-17upstream: fix reversed test that caused IdentitiesOnly=yes to notdjm@openbsd.org1-2/+2
apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@ OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677
2020-04-17upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv aredjm@openbsd.org1-3/+3
not considered for HostbasedAuthentication when the target user is root; bz3148 OpenBSD-Commit-ID: fe4c1256929e53f23af17068fbef47852f4bd752
2020-04-17upstream: make IgnoreRhosts a tri-state option: "yes" ignoredjm@openbsd.org4-14/+43
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@ OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9
2020-04-17upstream: allow the IgnoreRhosts directive to appear anywhere in adjm@openbsd.org2-4/+6
sshd_config, not just before any Match blocks; bz3148, ok dtucker@ OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a62bf3825736e8
2020-04-17upstream: add space between macro arg and punctuation;jmc@openbsd.org1-3/+3
OpenBSD-Commit-ID: e579e4d95eef13059c30931ea1f09ed8296b819c
2020-04-15Add sys/syscall.h for syscall numbers.Darren Tucker1-0/+1
In some architecture/libc configurations we need to explicitly include sys/syscall.h for the syscall number (__NR_xxx) definitions. bz#3085, patch from blowfist at xroutine.net.
2020-04-11upstream: Refactor private key parsing. Eliminates a fair bit ofdjm@openbsd.org1-147/+40
duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key type check in the ECDSA_CERT parsing path. feedback and ok markus@ OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9
2020-04-10upstream: Add tests for TOKEN expansion of LocalForward anddtucker@openbsd.org1-2/+9
RemoteForward. OpenBSD-Regress-ID: 90fcbc60d510eb114a2b6eaf4a06ff87ecd80a89
2020-04-10upstream: Add utf8.c for asmprintf used by krl.cdtucker@openbsd.org4-4/+8
OpenBSD-Regress-ID: 433708d11165afdb189fe635151d21659dd37a37
2020-04-10upstream: Add TOKEN percent expansion to LocalFoward and RemoteForwarddtucker@openbsd.org2-59/+109
when used for Unix domain socket forwarding. Factor out the code for the config keywords that use the most common subset of TOKENS into its own function. bz#3014, ok jmc@ (man page bits) djm@ OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
2020-04-08upstream: let sshkey_try_load_public() load public keys from thedjm@openbsd.org1-1/+37
unencrypted envelope of private key files if not sidecar public key file is present. ok markus@ OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040
2020-04-08upstream: simplify sshkey_try_load_public()djm@openbsd.org1-39/+19
ok markus@ OpenBSD-Commit-ID: 05a5d46562aafcd70736c792208b1856064f40ad
2020-04-08upstream: add sshkey_parse_pubkey_from_private_fileblob_type()djm@openbsd.org2-2/+68
Extracts a public key from the unencrypted envelope of a new-style OpenSSH private key. ok markus@ OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
2020-04-08upstream: simplify sshkey_parse_private_fileblob_type()djm@openbsd.org1-16/+5
Try new format parser for all key types first, fall back to PEM parser only for invalid format errors. ok markus@ OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77
2020-04-08upstream: check private key type against requested key type indjm@openbsd.org1-1/+7
new-style private decoding; ok markus@ OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662
2020-04-08upstream: check that pubkey in private key envelope matches actualdjm@openbsd.org1-8/+19
private key (this public key is currently unusued) ok markus@ OpenBSD-Commit-ID: 634a60b5e135d75f48249ccdf042f3555112049c
2020-04-08upstream: refactor private key parsing a littledjm@openbsd.org1-40/+114
Split out the base64 decoding and private section decryption steps in to separate functions. This will make the decryption step easier to fuzz as well as making it easier to write a "load public key from new-format private key" function. ok markus@ OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e
2020-04-06Include openssl-compat.h before checking ifdefs.Darren Tucker2-0/+6
Fixes problem where unsuitable chacha20 code in libressl would be used unintentionally.
2020-04-06fix inverted test for LibreSSL versionDamien Miller1-1/+1
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 03:17:51 +0100