8a2467583f
upstream: use EVP_PKEY_get0_EC_KEY() instead of direct access of
...
EC_KEY internals as that won't work on OpenSSL
work by markus@, feedback and ok djm@
OpenBSD-Commit-ID: 4a99cdb89fbd6f5155ef8c521c99dc66e2612700
2019-01-21 10:54:37 +11:00
24757c1ae3
upstream: cleanup PKCS#11 ECDSA pubkey loading: the returned
...
object should never have a DER header
work by markus; feedback and ok djm@
OpenBSD-Commit-ID: b617fa585eddbbf0b1245b58b7a3c4b8d613db17
2019-01-21 10:54:37 +11:00
749aef3032
upstream: cleanup unnecessary code in ECDSA pkcs#11 signature
...
work by markus@, feedback and ok djm@
OpenBSD-Commit-ID: affa5ca7d58d59fbd16169f77771dcdbd2b0306d
2019-01-21 10:54:37 +11:00
0c50992af4
upstream: cleanup pkcs#11 client code: use sshkey_new in instead
...
of stack- allocating a sshkey
work by markus@, ok djm@
OpenBSD-Commit-ID: a048eb6ec8aa7fa97330af927022c0da77521f91
2019-01-21 10:54:37 +11:00
854bd8674e
upstream: allow override of the pkcs#11 helper binary via
...
$SSH_PKCS11_HELPER; needed for regress tests.
work by markus@, ok me
OpenBSD-Commit-ID: f78d8185500bd7c37aeaf7bd27336db62f0f7a83
2019-01-21 10:54:37 +11:00
93f02107f4
upstream: add support for ECDSA keys in PKCS#11 tokens
...
Work by markus@ and Pedro Martelletto, feedback and ok me@
OpenBSD-Commit-ID: a37d651e221341376636056512bddfc16efb4424
2019-01-21 10:54:37 +11:00
aa22c20e0c
upstream: add option to test whether keys in an agent are usable,
...
by performing a signature and a verification using each key "ssh-add -T
pubkey [...]"
work by markus@, ok djm@
OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b
2019-01-21 10:46:04 +11:00
a36b0b14a1
upstream: Fix BN_is_prime_* calls in SSH, the API returns -1 on
...
error.
Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.
ok djm, dtucker
OpenBSD-Commit-ID: 1ee832be3c44b1337f76b8562ec6d203f3b072f8
2019-01-21 10:46:04 +11:00
ec4776bb01
upstream: DH-GEX min value is now specified in RFC8270. ok djm@
...
OpenBSD-Commit-ID: 1229d0feb1d0ecefe05bf67a17578b263e991acc
2019-01-21 10:46:03 +11:00
c90a7928c4
Check for cc before gcc.
...
If cc is something other than gcc and is the system compiler prefer using
that, unless otherwise told via $CC. ok djm@
2019-01-21 09:22:36 +11:00
9b655dc9c9
last bits of old packet API / active_state global
2019-01-20 14:55:27 +11:00
3f0786bbe7
remove PAM dependencies on old packet API
...
Requires some caching of values, because the PAM code isn't
always called with packet context.
2019-01-20 10:22:18 +11:00
08f66d9f17
remove vestiges of old packet API from loginrec.c
2019-01-20 09:58:45 +11:00
c327813ea1
depend
2019-01-20 09:45:38 +11:00
135e302cfd
upstream: fix error in refactor: use ssh_packet_disconnect() instead of
...
sshpkt_error(). The first one logs the error and exits (what we want) instead
of just logging and blundering on.
OpenBSD-Commit-ID: 39f51b43641dce9ce0f408ea6c0e6e077e2e91ae
2019-01-20 09:45:18 +11:00
245c6a0b22
upstream: remove last traces of old packet API!
...
with & ok markus@
OpenBSD-Commit-ID: 9bd10437026423eb8245636ad34797a20fbafd7d
2019-01-20 09:45:18 +11:00
04c091fc19
upstream: remove last references to active_state
...
with & ok markus@
OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
2019-01-20 09:45:18 +11:00
ec00f918b8
upstream: convert monitor.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5
2019-01-20 09:45:18 +11:00
6350e03169
upstream: convert sshd.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: ea569d3eaf9b5cf1bad52779fbfa5fa0b28af891
2019-01-20 09:45:18 +11:00
a5e2ad88ac
upstream: convert session.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: fae817207e23099ddd248960c984f7b7f26ea68e
2019-01-20 09:45:18 +11:00
3a00a92159
upstream: convert auth.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
2019-01-20 09:45:17 +11:00
7ec5cb4d15
upstream: convert serverloop.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: c92dd19b55457541478f95c0d6b318426d86d885
2019-01-20 09:45:17 +11:00
64c9598ac0
upstream: convert the remainder of sshconnect2.c to new packet
...
API
with & ok markus@
OpenBSD-Commit-ID: 0986d324f2ceb5e8a12ac21c1bb10b3b4b1e0f71
2019-01-20 09:45:17 +11:00
bc5e1169d1
upstream: convert the remainder of clientloop.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: ce2fbbacb86a290f31da1e7bf04cddf2bdae3d1e
2019-01-20 09:45:17 +11:00
5ebce136a6
upstream: convert auth2.c to new packet API
...
OpenBSD-Commit-ID: ed831bb95ad228c6791bc18b60ce7a2edef2c999
2019-01-20 09:44:53 +11:00
172a592a53
upstream: convert servconf.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4
2019-01-20 09:02:44 +11:00
8cc7a679d2
upstream: convert channels.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 0b8279b56113cbd4011fc91315c0796b63dc862c
2019-01-20 09:02:37 +11:00
06232038c7
upstream: convert sshconnect.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 222337cf6c96c347f1022d976fac74b4257c061f
2019-01-20 09:02:36 +11:00
25b2ed6672
upstream: convert ssh.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: eb146878b24e85c2a09ee171afa6797c166a2e21
2019-01-20 09:02:36 +11:00
e3128b3862
upstream: convert mux.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 4e3893937bae66416e984b282d8f0f800aafd802
2019-01-20 09:02:36 +11:00
ed1df7226c
upstream: convert sshconnect2.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 1cb869e0d6e03539f943235641ea070cae2ebc58
2019-01-20 09:02:36 +11:00
23f22a4aaa
upstream: convert clientloop.c to new packet API
...
with & ok markus@
OpenBSD-Commit-ID: 497b36500191f452a22abf283aa8d4a9abaee7fa
2019-01-20 09:02:36 +11:00
ad60b1179c
upstream: allow sshpkt_fatal() to take a varargs format; we'll
...
use this to give packet-related fatal error messages more context (esp. the
remote endpoint) ok markus@
OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50
2019-01-20 09:02:20 +11:00
0fa174ebe1
upstream: begin landing remaining refactoring of packet parsing
...
API, started almost exactly six years ago.
This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.
with & ok markus@
OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
4ae7f80dfd
upstream: Print an \r in front of the password prompt so parts of
...
a password that was entered too early are likely clobbered by the prompt.
Idea from doas.
from and ok djm
"i like it" deraadt
OpenBSD-Commit-ID: 5fb97c68df6d8b09ab37f77bca1d84d799c4084e
2019-01-20 09:01:57 +11:00
a6258e5dc3
Add minimal fchownat and fchmodat implementations.
...
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
2019-01-18 11:09:01 +11:00
091093d258
Add a minimal implementation of utimensat().
...
Some systems (eg older OS X) do not have utimensat, so provide minimal
implementation in compat layer. Fixes build on at least El Capitan.
2019-01-18 10:16:11 +11:00
609644027d
upstream: regress bits for banner processing refactor (this test was
...
depending on ssh returning a particular error message for banner parsing
failure)
reminded by bluhm@
OpenBSD-Regress-ID: f24fc303d40931157431df589b386abf5e1be575
2019-01-17 16:27:05 +11:00
f47d72ddad
upstream: tun_fwd_ifnames variable should b
...
=?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: d53dede6e521161bf04d39d09947db6253a38271
2019-01-17 15:47:24 +11:00
943d096526
upstream: include time.h for time(3)/nanosleep(2); from Ian
...
McKellar
OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51
2019-01-17 15:47:24 +11:00
dbb4dec6d5
upstream: many of the global variables in this file can be made static;
...
patch from Markus Schmidt
OpenBSD-Commit-ID: f3db619f67beb53257b21bac0e92b4fb7d5d5737
2019-01-17 13:01:25 +11:00
60d8c84e08
upstream: Add "-h" flag to sftp chown/chgrp/chmod commands to
...
request they do not follow symlinks. Requires recently-committed
lsetstat@openssh.com extension on the server side.
ok markus@ dtucker@
OpenBSD-Commit-ID: f93bb3f6f7eb2fb7ef1e59126e72714f1626d604
2019-01-17 11:08:13 +11:00
dbbc7e0eab
upstream: add support for a "lsetstat@openssh.com" extension. This
...
replicates the functionality of the existing SSH2_FXP_SETSTAT operation but
does not follow symlinks. Based on a patch from Bert Haverkamp in bz#2067 but
with more attribute modifications supported.
ok markus@ dtucker@
OpenBSD-Commit-ID: f7234f6e90db19655d55d936a115ee4ccb6aaf80
2019-01-17 11:08:13 +11:00
4a526941d3
upstream: eliminate function-static attempt counters for
...
passwd/kbdint authmethods by moving them to the client authctxt; Patch from
Markus Schmidt, ok markus@
OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f
2019-01-04 14:29:37 +11:00
8a8183474c
upstream: fix memory leak of ciphercontext when rekeying; bz#2942
...
Patch from Markus Schmidt; ok markus@
OpenBSD-Commit-ID: 7877f1b82e249986f1ef98d0ae76ce987d332bdd
2019-01-04 14:29:37 +11:00
5bed70afce
upstream: static on global vars, const on handler tables that contain
...
function pointers; from Mike Frysinger
OpenBSD-Commit-ID: 7ef2305e50d3caa6326286db43cf2cfaf03960e0
2019-01-03 10:25:37 +11:00
007a88b48c
upstream: Request RSA-SHA2 signatures for
...
rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@
OpenBSD-Commit-ID: afc6f7ca216ccd821656d1c911d2a3deed685033
2018-12-28 10:06:50 +11:00
eb347d086c
upstream: ssh_packet_set_state() now frees ssh->kex implicitly, so
...
don't do explicit kex_free() beforehand
OpenBSD-Regress-ID: f2f73bad47f62a2040ccba0a72cadcb12eda49cf
2018-12-27 14:39:53 +11:00
bb542f0cf6
upstream: remove unused and problematic sudo clean. ok espie
...
OpenBSD-Regress-ID: ca90c20a15a85b661e13e98b80c10e65cd662f7b
2018-12-27 14:39:53 +11:00
0a843d9a0e
upstream: move client/server SSH-* banners to buffers under
...
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.
Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).
Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@
OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-12-27 14:38:22 +11:00
djm@openbsd.org
tb@openbsd.org
dtucker@openbsd.org
Darren Tucker
Damien Miller
tedu@openbsd.org