summaryrefslogtreecommitdiffstats
path: root/ssh-ed25519.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2017-05-01upstream commitdjm@openbsd.org15-1682/+407
remove compat20/compat13/compat15 variables ok markus@ Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
2017-05-01upstream commitdjm@openbsd.org5-93/+26
remove options.protocol and client Protocol configuration knob ok markus@ Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
2017-05-01upstream commitdjm@openbsd.org16-972/+15
unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
2017-05-01upstream commitjmc@openbsd.org1-6/+6
tweak previous; Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9
2017-05-01upstream commitdjm@openbsd.org2-5/+60
allow ssh-keygen to include arbitrary string or flag certificate extensions and critical options. ok markus@ dtucker@ Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646
2017-05-01upstream commitjmc@openbsd.org1-7/+7
sort; Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a
2017-04-28Typo.Darren Tucker1-1/+1
Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308
2017-04-28Add 2 regress commits I applied by hand.Darren Tucker1-0/+2
Upstream-Regress-ID: 30c20180c87cbc99fa1020489fe7fd8245b6420c Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308
2017-04-28Merge integrity.sh rev 1.22.Darren Tucker1-3/+5
Merge missing bits from Colin Watson's patch in bz#2658 which make integrity tests more robust against timeouts. ok djm@
2017-04-28Id sync for integrity.sh rev 1.21 which pulls in some shell portability fixesDarren Tucker1-1/+1
2017-04-28upstream commitjsg@openbsd.org2-4/+4
Change COMPILER_VERSION tests which limited additional warnings to gcc4 to instead skip them on gcc3 as clang can handle -Wpointer-sign and -Wold-style-definition. Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f
2017-04-28upstream commitdjm@openbsd.org1-3/+12
include key fingerprint in "Offering public key" debug message Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52
2017-04-28upstream commitmillert@openbsd.org1-6/+13
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@ Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135
2017-04-28upstream commitdtucker@openbsd.org4-9/+35
Add SyslogFacility option to ssh(1) matching the equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok djm@ Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed
2017-04-28upstream commitjsg@openbsd.org1-8/+1
remove a static array unused since rev 1.306 spotted by clang ok djm@ Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8
2017-04-28upstream commitmillert@openbsd.org1-4/+9
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@ Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02
2017-04-25Fix typo in "socketcall".Darren Tucker1-1/+1
Pointed out by jjelen at redhat.com.
2017-04-24Deny socketcall in seccomp filter on ppc64le.Darren Tucker1-0/+1
OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys in privsep child. The socket() syscall is already denied in the seccomp filter, but in ppc64le kernel, it is implemented using socketcall() syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and therefore fails hard. Patch from jjelen at redhat.com.
2017-04-18upstream commitschwarze@openbsd.org1-2/+3
Recognize nl_langinfo(CODESET) return values "646" and "" as aliases for "US-ASCII", useful for different versions of NetBSD and Solaris. Found by dtucker@ and by Tom G. Christensen <tgc at jupiterrise dot com>. OK dtucker@ deraadt@ Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384
2017-04-18upstream commitjsg@openbsd.org1-0/+1
Change COMPILER_VERSION tests which limited additional warnings to gcc4 to instead skip them on gcc3 as clang can handle -Wpointer-sign and -Wold-style-definition. Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a
2017-04-04upstream commitdjm@openbsd.org1-3/+3
disallow creation (of empty files) in read-only mode; reported by Michal Zalewski, feedback & ok deraadt@ Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b
2017-04-04upstream commitderaadt@openbsd.org1-2/+2
incorrect renditions of this quote bother me Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49
2017-03-31Check for and use gcc's -pipe.Darren Tucker1-0/+1
Speeds up configure and build by a couple of percent. ok djm@
2017-03-29Import fmt_scaled.c rev 1.16 from OpenBSD.Darren Tucker1-3/+11
Fix overly-conservative overflow checks on mulitplications and add checks on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN will still be flagged as a range error). ok millert@
2017-03-29Import fmt_scaled.c rev 1.15 from OpenBSD.Darren Tucker1-7/+4
Collapse underflow and overflow checks into a single block. ok djm@ millert@
2017-03-29Import fmt_scaled.c rev 1.14 from OpenBSD.Darren Tucker1-1/+6
Catch integer underflow in scan_scaled reported by Nicolas Iooss. ok deraadt@ djm@
2017-03-29Don't check privsep user or path when unprivilegedDarren Tucker1-3/+5
If running with privsep (mandatory now) as a non-privileged user, we don't chroot or change to an unprivileged user however we still checked the existence of the user and directory. Don't do those checks if we're not going to use them. Based in part on a patch from Lionel Fourquaux via Corinna Vinschen, ok djm@
2017-03-29Remove SHA256 EVP wrapper implementation.Darren Tucker3-95/+1
All supported versions of OpenSSL should now have SHA256 so remove our EVP wrapper implementaion. ok djm@
2017-03-29Remove check for OpenSSL < 0.9.8g.Darren Tucker1-9/+0
We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC in OpenSSL < 0.9.8g.
2017-03-29Remove compat code for OpenSSL < 0.9.7.Darren Tucker1-5/+1
Resyncs that code with OpenBSD upstream.
2017-03-29Remove SSHv1 code path.Darren Tucker1-12/+9
Server-side support for Protocol 1 has been removed so remove !compat20 PAM code path.
2017-03-23Enable ldns when using ldns-config.Darren Tucker1-0/+1
Actually enable ldns when attempting to use ldns-config. bz#2697, patch from fredrik at fornwall.net.
2017-03-22Missing header on Linux/s390Damien Miller1-0/+3
Patch from Jakub Jelen
2017-03-20upstream commitdjm@openbsd.org1-10/+5
remove /usr/bin/time calls around tests, makes diffing test runs harder. Based on patch from Mike Frysinger Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c
2017-03-20Fix syntax error on Linux/X32Damien Miller1-1/+1
Patch from Mike Frysinger
2017-03-20Add llabs() implementation.V_7_5_P1Darren Tucker3-0/+13
2017-03-20crank version numbersDamien Miller3-3/+3
2017-03-20upstream commitdjm@openbsd.org1-2/+2
openssh-7.5 Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5
2017-03-20I'm a doofus.Damien Miller1-1/+1
Unbreak obvious syntax error.
2017-03-20on Cygwin, check paths from server for backslashesDamien Miller1-1/+8
Pointed out by Jann Horn of Google Project Zero
2017-03-20Yet another synonym for ASCII: "646"Damien Miller1-1/+1
Used by NetBSD; this unbreaks mprintf() and friends there for the C locale (caught by dtucker@ and his menagerie of test systems).
2017-03-20create test mux socket in /tmpDamien Miller1-1/+1
Creating the socket in $OBJ could blow past the (quite limited) path limit for Unix domain sockets. As a bandaid for bz#2660, reported by Colin Watson; ok dtucker@
2017-03-17upstream commitmarkus@openbsd.org1-2/+3
disallow KEXINIT before NEWKEYS; ok djm; report by vegard.nossum at oracle.com Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234
2017-03-16Include includes.h for compat bits.Darren Tucker1-0/+2
2017-03-16Wrap stdint.h in #ifdef HAVE_STDINT_HDarren Tucker1-0/+2
2017-03-16Adapt Cygwin config script to privsep knob removalDamien Miller1-34/+9
Patch from Corinna Vinschen.
2017-03-15upstream commitderaadt@openbsd.org2-3/+4
accidents happen to the best of us; ok djm Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
2017-03-15upstream commitdjm@openbsd.org1-4/+11
fix regression in 7.4: deletion of PKCS#11-hosted keys would fail unless they were specified by full physical pathname. Report and fix from Jakub Jelen via bz#2682; ok dtucker@ Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
2017-03-15upstream commitdjm@openbsd.org1-1/+10
Fix segfault when sshd attempts to load RSA1 keys (can only happen when protocol v.1 support is enabled for the client). Reported by Jakub Jelen in bz#2686; ok dtucker Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
2017-03-15upstream commitdjm@openbsd.org3-36/+5
Mark the sshd_config UsePrivilegeSeparation option as deprecated, effectively making privsep mandatory in sandboxing mode. ok markus@ deraadt@ (note: this doesn't remove the !privsep code paths, though that will happen eventually). Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a