24757c1ae3
upstream: cleanup PKCS#11 ECDSA pubkey loading: the returned
...
object should never have a DER header
work by markus; feedback and ok djm@
OpenBSD-Commit-ID: b617fa585eddbbf0b1245b58b7a3c4b8d613db17
2019-01-21 10:54:37 +11:00
749aef3032
upstream: cleanup unnecessary code in ECDSA pkcs#11 signature
...
work by markus@, feedback and ok djm@
OpenBSD-Commit-ID: affa5ca7d58d59fbd16169f77771dcdbd2b0306d
2019-01-21 10:54:37 +11:00
0c50992af4
upstream: cleanup pkcs#11 client code: use sshkey_new in instead
...
of stack- allocating a sshkey
work by markus@, ok djm@
OpenBSD-Commit-ID: a048eb6ec8aa7fa97330af927022c0da77521f91
2019-01-21 10:54:37 +11:00
854bd8674e
upstream: allow override of the pkcs#11 helper binary via
...
$SSH_PKCS11_HELPER; needed for regress tests.
work by markus@, ok me
OpenBSD-Commit-ID: f78d8185500bd7c37aeaf7bd27336db62f0f7a83
2019-01-21 10:54:37 +11:00
93f02107f4
upstream: add support for ECDSA keys in PKCS#11 tokens
...
Work by markus@ and Pedro Martelletto, feedback and ok me@
OpenBSD-Commit-ID: a37d651e221341376636056512bddfc16efb4424
2019-01-21 10:54:37 +11:00
aa22c20e0c
upstream: add option to test whether keys in an agent are usable,
...
by performing a signature and a verification using each key "ssh-add -T
pubkey [...]"
work by markus@, ok djm@
OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b
2019-01-21 10:46:04 +11:00
a36b0b14a1
upstream: Fix BN_is_prime_* calls in SSH, the API returns -1 on
...
error.
Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.
ok djm, dtucker
OpenBSD-Commit-ID: 1ee832be3c44b1337f76b8562ec6d203f3b072f8
2019-01-21 10:46:04 +11:00
ec4776bb01
upstream: DH-GEX min value is now specified in RFC8270. ok djm@
...
OpenBSD-Commit-ID: 1229d0feb1d0ecefe05bf67a17578b263e991acc
2019-01-21 10:46:03 +11:00
c90a7928c4
Check for cc before gcc.
...
If cc is something other than gcc and is the system compiler prefer using
that, unless otherwise told via $CC. ok djm@
2019-01-21 09:22:36 +11:00
9b655dc9c9
last bits of old packet API / active_state global
2019-01-20 14:55:27 +11:00
3f0786bbe7
remove PAM dependencies on old packet API
...
Requires some caching of values, because the PAM code isn't
always called with packet context.
2019-01-20 10:22:18 +11:00
08f66d9f17
remove vestiges of old packet API from loginrec.c
2019-01-20 09:58:45 +11:00
c327813ea1
depend
2019-01-20 09:45:38 +11:00
135e302cfd
upstream: fix error in refactor: use ssh_packet_disconnect() instead of
...
sshpkt_error(). The first one logs the error and exits (what we want) instead
of just logging and blundering on.
OpenBSD-Commit-ID: 39f51b43641dce9ce0f408ea6c0e6e077e2e91ae
2019-01-20 09:45:18 +11:00
245c6a0b22
upstream: remove last traces of old packet API!
...
with & ok markus@
OpenBSD-Commit-ID: 9bd10437026423eb8245636ad34797a20fbafd7d
2019-01-20 09:45:18 +11:00
04c091fc19
upstream: remove last references to active_state
...
with & ok markus@
OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
2019-01-20 09:45:18 +11:00
ec00f918b8
upstream: convert monitor.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5
2019-01-20 09:45:18 +11:00
6350e03169
upstream: convert sshd.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: ea569d3eaf9b5cf1bad52779fbfa5fa0b28af891
2019-01-20 09:45:18 +11:00
a5e2ad88ac
upstream: convert session.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: fae817207e23099ddd248960c984f7b7f26ea68e
2019-01-20 09:45:18 +11:00
3a00a92159
upstream: convert auth.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
2019-01-20 09:45:17 +11:00
7ec5cb4d15
upstream: convert serverloop.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: c92dd19b55457541478f95c0d6b318426d86d885
2019-01-20 09:45:17 +11:00
64c9598ac0
upstream: convert the remainder of sshconnect2.c to new packet
...
API
with & ok markus@
OpenBSD-Commit-ID: 0986d324f2ceb5e8a12ac21c1bb10b3b4b1e0f71
2019-01-20 09:45:17 +11:00
bc5e1169d1
upstream: convert the remainder of clientloop.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: ce2fbbacb86a290f31da1e7bf04cddf2bdae3d1e
2019-01-20 09:45:17 +11:00
5ebce136a6
upstream: convert auth2.c to new packet API
...
OpenBSD-Commit-ID: ed831bb95ad228c6791bc18b60ce7a2edef2c999
2019-01-20 09:44:53 +11:00
172a592a53
upstream: convert servconf.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4
2019-01-20 09:02:44 +11:00
8cc7a679d2
upstream: convert channels.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 0b8279b56113cbd4011fc91315c0796b63dc862c
2019-01-20 09:02:37 +11:00
06232038c7
upstream: convert sshconnect.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 222337cf6c96c347f1022d976fac74b4257c061f
2019-01-20 09:02:36 +11:00
25b2ed6672
upstream: convert ssh.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: eb146878b24e85c2a09ee171afa6797c166a2e21
2019-01-20 09:02:36 +11:00
e3128b3862
upstream: convert mux.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 4e3893937bae66416e984b282d8f0f800aafd802
2019-01-20 09:02:36 +11:00
ed1df7226c
upstream: convert sshconnect2.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 1cb869e0d6e03539f943235641ea070cae2ebc58
2019-01-20 09:02:36 +11:00
23f22a4aaa
upstream: convert clientloop.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 497b36500191f452a22abf283aa8d4a9abaee7fa
2019-01-20 09:02:36 +11:00
ad60b1179c
upstream: allow sshpkt_fatal() to take a varargs format; we'll
...
use this to give packet-related fatal error messages more context (esp. the
remote endpoint) ok markus@
OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50
2019-01-20 09:02:20 +11:00
0fa174ebe1
upstream: begin landing remaining refactoring of packet parsing
...
API, started almost exactly six years ago.
This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.
with & ok markus@
OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
4ae7f80dfd
upstream: Print an \r in front of the password prompt so parts of
...
a password that was entered too early are likely clobbered by the prompt.
Idea from doas.
from and ok djm
"i like it" deraadt
OpenBSD-Commit-ID: 5fb97c68df6d8b09ab37f77bca1d84d799c4084e
2019-01-20 09:01:57 +11:00
a6258e5dc3
Add minimal fchownat and fchmodat implementations.
...
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
2019-01-18 11:09:01 +11:00
091093d258
Add a minimal implementation of utimensat().
...
Some systems (eg older OS X) do not have utimensat, so provide minimal
implementation in compat layer. Fixes build on at least El Capitan.
2019-01-18 10:16:11 +11:00
609644027d
upstream: regress bits for banner processing refactor (this test was
...
depending on ssh returning a particular error message for banner parsing
failure)
reminded by bluhm@
OpenBSD-Regress-ID: f24fc303d40931157431df589b386abf5e1be575
2019-01-17 16:27:05 +11:00
f47d72ddad
upstream: tun_fwd_ifnames variable should b
...
=?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: d53dede6e521161bf04d39d09947db6253a38271
2019-01-17 15:47:24 +11:00
943d096526
upstream: include time.h for time(3)/nanosleep(2); from Ian
...
McKellar
OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51
2019-01-17 15:47:24 +11:00
dbb4dec6d5
upstream: many of the global variables in this file can be made static;
...
patch from Markus Schmidt
OpenBSD-Commit-ID: f3db619f67beb53257b21bac0e92b4fb7d5d5737
2019-01-17 13:01:25 +11:00
60d8c84e08
upstream: Add "-h" flag to sftp chown/chgrp/chmod commands to
...
request they do not follow symlinks. Requires recently-committed
lsetstat@openssh.com extension on the server side.
ok markus@ dtucker@
OpenBSD-Commit-ID: f93bb3f6f7eb2fb7ef1e59126e72714f1626d604
2019-01-17 11:08:13 +11:00
dbbc7e0eab
upstream: add support for a "lsetstat@openssh.com" extension. This
...
replicates the functionality of the existing SSH2_FXP_SETSTAT operation but
does not follow symlinks. Based on a patch from Bert Haverkamp in bz#2067 but
with more attribute modifications supported.
ok markus@ dtucker@
OpenBSD-Commit-ID: f7234f6e90db19655d55d936a115ee4ccb6aaf80
2019-01-17 11:08:13 +11:00
4a526941d3
upstream: eliminate function-static attempt counters for
...
passwd/kbdint authmethods by moving them to the client authctxt; Patch from
Markus Schmidt, ok markus@
OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f
2019-01-04 14:29:37 +11:00
8a8183474c
upstream: fix memory leak of ciphercontext when rekeying; bz#2942
...
Patch from Markus Schmidt; ok markus@
OpenBSD-Commit-ID: 7877f1b82e249986f1ef98d0ae76ce987d332bdd
2019-01-04 14:29:37 +11:00
5bed70afce
upstream: static on global vars, const on handler tables that contain
...
function pointers; from Mike Frysinger
OpenBSD-Commit-ID: 7ef2305e50d3caa6326286db43cf2cfaf03960e0
2019-01-03 10:25:37 +11:00
007a88b48c
upstream: Request RSA-SHA2 signatures for
...
rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@
OpenBSD-Commit-ID: afc6f7ca216ccd821656d1c911d2a3deed685033
2018-12-28 10:06:50 +11:00
eb347d086c
upstream: ssh_packet_set_state() now frees ssh->kex implicitly, so
...
don't do explicit kex_free() beforehand
OpenBSD-Regress-ID: f2f73bad47f62a2040ccba0a72cadcb12eda49cf
2018-12-27 14:39:53 +11:00
bb542f0cf6
upstream: remove unused and problematic sudo clean. ok espie
...
OpenBSD-Regress-ID: ca90c20a15a85b661e13e98b80c10e65cd662f7b
2018-12-27 14:39:53 +11:00
0a843d9a0e
upstream: move client/server SSH-* banners to buffers under
...
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.
Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).
Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@
OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-12-27 14:38:22 +11:00
434b587afe
upstream: Fix calculation of initial bandwidth limits. Account for
...
written bytes before the initial timer check so that the first buffer written
is accounted. Set the threshold after which the timer is checked such that
the limit starts being computed as soon as possible, ie after the second
buffer is written. This prevents an initial burst of traffic and provides a
more accurate bandwidth limit. bz#2927, ok djm.
OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6
2018-12-27 14:30:17 +11:00
djm@openbsd.org
tb@openbsd.org
dtucker@openbsd.org
Darren Tucker
Damien Miller
tedu@openbsd.org