summaryrefslogtreecommitdiffstats
path: root/ssh-ecdsa.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-01-08upstream: add a variant of send_status() that allows overriding thedjm@openbsd.org1-4/+11
default, generic error message. feedback/ok markus & jsg OpenBSD-Commit-ID: 81f251e975d759994131b717ee7c0b439659c40f
2022-01-08upstream: refactor tilde_expand_filename() and make it handle ~userdjm@openbsd.org1-30/+46
paths with no trailing slash; feedback/ok markus and jsg OpenBSD-Commit-ID: a2ab365598a902f0f14ba6a4f8fb2d07a9b5d51d
2022-01-06upstream: Don't explicitly set HostbasedAuthentication indtucker@openbsd.org1-2/+1
sshd_config. It defaults to "no", and not explicitly setting it allows us to enable it for the (optional) hostbased test. OpenBSD-Regress-ID: aa8e3548eb5793721641d26e56c29f363b767c0c
2022-01-06upstream: Add test for hostbased auth. It requires some externaldtucker@openbsd.org2-3/+65
setup (see comments at the top) and thus is disabled unless TEST_SSH_HOSTBASED_AUTH and SUDO are set. OpenBSD-Regress-ID: 3ec8ba3750c5b595fc63e7845d13483065a4827a
2022-01-06dependDamien Miller1-3/+3
2022-01-06upstream: allow hostbased auth to select RSA keys when onlydjm@openbsd.org1-4/+5
RSA/SHA2 are configured (this is the default case); ok markus@ OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827
2022-01-06upstream: add a helper function to match a key type to a list ofdjm@openbsd.org2-2/+29
signature algorithms. RSA keys can make signatures with multiple algorithms, so some special handling is required. ok markus@ OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff
2022-01-06upstream: log some details on hostkeys that ssh loads fordjm@openbsd.org1-1/+7
hostbased authn ok markus@ OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38
2022-01-06upstream: log signature algorithm during verification by monitor;djm@openbsd.org1-2/+3
ok markus OpenBSD-Commit-ID: 02b92bb42c4d4bf05a051702a56eb915151d9ecc
2022-01-06upstream: piece of UpdateHostkeys client strictification: whendjm@openbsd.org1-2/+2
updating known_hosts with new keys, ignore NULL keys (forgot to include in prior commit) OpenBSD-Commit-ID: 49d2eda6379490e1ceec40c3b670b973f63dea08
2022-01-06upstream: include rejected signature algorithm in error messagedjm@openbsd.org1-3/+3
and not the (useless) key type; ok markus OpenBSD-Commit-ID: 4180b5ec7ab347b43f84e00b1972515296dab023
2022-01-06upstream: make ssh-keysign use the requested signature algorithmdjm@openbsd.org1-9/+20
and not the default for the keytype. Part of unbreaking hostbased auth for RSA/SHA2 keys. ok markus@ OpenBSD-Commit-ID: b5639a14462948970da3a8020dc06f9a80ecccdc
2022-01-06upstream: stricter UpdateHostkey signature verification logic ondjm@openbsd.org1-14/+34
the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when RSA/SHA1 was explicitly negotiated during initial KEX; bz3375 ok markus@ OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29
2022-01-06upstream: Fix signature algorithm selection logic fordjm@openbsd.org3-11/+44
UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2 signatures for RSA keys if the client proposed these algorithms in initial KEX. bz3375 Mostly by Dmitry Belyavskiy with some tweaks by me. ok markus@ OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029
2022-01-06upstream: convert ssh, sshd mainloops from select() to poll();djm@openbsd.org4-281/+436
feedback & ok deraadt@ and markus@ has been in snaps for a few months OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c
2022-01-06upstream: prepare for conversion of ssh, sshd mainloop fromdjm@openbsd.org2-83/+139
select() to poll() by moving FD_SET construction out of channel handlers into separate functions. ok markus OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027
2022-01-06upstream: add a comment so I don't make this mistake againdjm@openbsd.org1-3/+5
OpenBSD-Commit-ID: 69c7f2362f9de913bb29b6318580c5a1b52c921e
2022-01-06upstream: fix cut-and-pasto in error messagedjm@openbsd.org1-2/+2
OpenBSD-Commit-ID: 4cc5c619e4b456cd2e9bb760d17e3a9c84659198
2022-01-05upstream: select all RSA hostkey algorithms for UpdateHostkeys tests,djm@openbsd.org1-4/+13
not just RSA-SHA1 OpenBSD-Regress-ID: b40e62b65863f2702a0c10aca583b2fe76772bd8
2022-01-05upstream: regress test both sshsig message hash algorithms, possibledjm@openbsd.org1-8/+18
now because the algorithm is controllable via the CLI OpenBSD-Regress-ID: 0196fa87acc3544b2b4fd98de844a571cb09a39f
2022-01-05upstream: allow selection of hash at sshsig signing time; codedjm@openbsd.org2-17/+39
already supported either sha512 (default) or sha256, but plumbing wasn't there mostly by Linus Nordberg OpenBSD-Commit-ID: 1b536404b9da74a84b3a1c8d0b05fd564cdc96cd
2022-01-05upstream: add missing -O option to usage() for ssh-keygen -Y sign;djm@openbsd.org1-2/+2
from Linus Nordberg OpenBSD-Commit-ID: 4e78feb4aa830727ab76bb2e3d940440ae1d7af0
2022-01-05upstream: move sig_process_opts() to before sig_sign(); nodjm@openbsd.org1-38/+39
functional code change OpenBSD-Commit-ID: da02d61f5464f72b4e8b299f83e93c3b657932f9
2022-01-05upstream: regression test for find-principals NULL deref; from Fabiandjm@openbsd.org1-1/+9
Stelzer OpenBSD-Regress-ID: f845a8632a5a7d5ae26978004c93e796270fd3e5
2022-01-05upstream: NULL deref when using find-principals when matching andjm@openbsd.org1-2/+2
allowed_signers line that contains a namespace restriction, but no restriction specified on the command-line; report and fix from Fabian Stelzer OpenBSD-Commit-ID: 4a201b86afb668c908d1a559c6af456a61f4b145
2022-01-05upstream: Log command invocation while debugging.dtucker@openbsd.org2-2/+4
This will aid in manually reproducing failing commands. OpenBSD-Regress-ID: b4aba8d5ac5675ceebeeeefa3261ce344e67333a
2022-01-05Always save config.h as build artifact.Darren Tucker2-0/+10
Should allow better comparison between failing and succeeding test platforms.
2022-01-05Add OpenBSD 7.0 target. Retire 6.8.Darren Tucker2-2/+2
2022-01-04upstream: spellingjsg@openbsd.org3-6/+6
OpenBSD-Commit-ID: c63e43087a64d0727af13409c708938e05147b62
2022-01-04upstream: unbreak test: was picking up system ssh-add instead of thedjm@openbsd.org1-3/+3
one supposedly being tested. Spotted by dtucker and using his VM zoo (which includes some systems old enough to lack ed25519 key support) OpenBSD-Regress-ID: 7976eb3df11cc2ca3af91030a6a8c0cef1590bb5
2022-01-01upstream: fix memleak in process_extension(); oss-fuzz issue #42719djm@openbsd.org1-1/+2
OpenBSD-Commit-ID: d8d49f840162fb7b8949e3a5adb8107444b6de1e
2022-01-01upstream: spelling ok dtucker@jsg@openbsd.org11-26/+26
OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19
2021-12-27upstream: split method list search functionality fromdjm@openbsd.org1-16/+35
authmethod_lookup() into a separate authmethod_byname(), for cases where we don't need to check whether a method is enabled, etc. use this to fix the "none" authentication method regression reported by Nam Nguyen via bugs@ ok deraadt@ OpenBSD-Commit-ID: 8cd188dc3a83aa8abe5b7693e762975cd8ea8a17
2021-12-27upstream: sort -H and -h in SYNOPSIS/usage(); tweak the -H text;jmc@openbsd.org2-9/+9
ok djm OpenBSD-Commit-ID: 90721643e41e9e09deb5b776aaa0443456ab0965
2021-12-23Use SHA.*_HMAC_BLOCK_SIZE if needed.Darren Tucker1-0/+10
If the platform has a native SHA2, does not define SHA.*_BLOCK_LENGTH but does define SHA.*_HMAC_BLOCK_SIZE (eg Solaris) then use the latter. Should fix --without-openssl build on Solaris.
2021-12-21remove sys/param.h in -portable, after upstreamDamien Miller22-23/+13