6c43b48b30
upstream commit
...
don't reset to the installed sshd; connect before
reconfigure, too
2015-01-15 21:39:17 +11:00
771bb47a1d
upstream commit
...
implement a SIGINFO handler so we can discern a stuck
fuzz test from a merely glacial one; prompted by and ok markus
2015-01-15 21:39:16 +11:00
cfaa57962f
upstream commit
...
use $SSH instead of installed ssh to allow override;
spotted by markus@
2015-01-15 21:39:16 +11:00
0920553d0a
upstream commit
...
regress test for PubkeyAcceptedKeyTypes; ok markus@
2015-01-15 21:39:15 +11:00
27ca1a5c00
upstream commit
...
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
2015-01-15 21:39:15 +11:00
55358f0b4e
upstream commit
...
fatal if soft-PKCS11 library is missing rather (rather
than continue and fail with a more cryptic error)
2015-01-15 21:39:15 +11:00
c3554cdd2a
upstream commit
...
let this test all supporte key types; pointed out/ok
markus@
2015-01-15 21:39:14 +11:00
1129dcfc5a
upstream commit
...
sync ssh-keysign, ssh-keygen and some dependencies to the
new buffer/key API; mostly mechanical, ok markus@
2015-01-15 21:39:14 +11:00
e4ebf55864
upstream commit
...
remove commented-out test code now that it has moved to a
proper unit test
2015-01-15 21:37:34 +11:00
e81cba066c
upstream commit
...
whitespace
2015-01-15 21:37:34 +11:00
141efe4954
upstream commit
...
move authfd.c and its tentacles to the new buffer/key
API; ok markus@
2015-01-15 21:37:34 +11:00
0088c57af3
upstream commit
...
fix small regression: ssh-agent would return a success
message but an empty signature if asked to sign using an unknown key; ok
markus@
2015-01-15 21:37:33 +11:00
b03ebe2c22
more --without-openssl
...
fix some regressions caused by upstream merges
enable KRLs now that they no longer require BIGNUMs
2015-01-15 03:08:58 +11:00
bc42cc6fe7
kludge around tun API mismatch betterer
2015-01-15 03:08:29 +11:00
c332110291
some systems lack SO_REUSEPORT
2015-01-15 02:59:51 +11:00
83b9678a62
fix merge botch
2015-01-15 02:35:50 +11:00
0cdc5a3eb6
unbreak across API change
2015-01-15 02:35:33 +11:00
6e2549ac2b
need includes.h for portable OpenSSH
2015-01-15 02:30:18 +11:00
72ef7c148c
support --without-openssl at configure time
...
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
2015-01-15 02:28:36 +11:00
4f38c61c68
add files missed in last commit
2015-01-15 02:28:00 +11:00
a165bab605
upstream commit
...
avoid BIGNUM in KRL code by using a simple bitmap;
feedback and ok markus
2015-01-15 02:22:18 +11:00
7d845f4a0b
upstream commit
...
update sftp client and server to new buffer API. pretty
much just mechanical changes; with & ok markus
2015-01-15 02:22:18 +11:00
139ca81866
upstream commit
...
switch to sshbuf/sshkey; with & ok djm@
2015-01-15 02:22:17 +11:00
81bfbd0bd3
support --without-openssl at configure time
...
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
2015-01-14 21:48:18 +11:00
54924b53af
upstream commit
...
avoid an warning for the !OPENSSL case
2015-01-14 21:46:49 +11:00
ae8b463217
upstream commit
...
swith auth-options to new sshbuf/sshkey; ok djm@
2015-01-14 21:34:20 +11:00
540e891191
upstream commit
...
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok
markus@
2015-01-14 21:32:55 +11:00
60c2c4ea5e
upstream commit
...
remove unneeded includes, sync my copyright across files
& whitespace; ok djm@
2015-01-14 21:32:54 +11:00
128343bcdb
upstream commit
...
adapt mac.c to ssherr.h return codes (de-fatal) and
simplify dependencies ok djm@
2015-01-14 20:43:11 +11:00
e7fd952f4e
upstream commit
...
sync changes from libopenssh; prepared by markus@ mostly
debug output tweaks, a couple of error return value changes and some other
minor stuff
2015-01-14 20:32:42 +11:00
76c0480a85
add --without-ssh1 option to configure
...
Allows disabling support for SSH protocol 1.
2015-01-13 19:38:18 +11:00
1f729f0614
upstream commit
...
add sshd_config HostbasedAcceptedKeyTypes and
PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
will be accepted. Currently defaults to all. Feedback & ok markus@
2015-01-13 19:27:18 +11:00
816d1538c2
upstream commit
...
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
2015-01-13 19:26:12 +11:00
0097565f84
upstream commit
...
missing error assigment on sshbuf_put_string()
2015-01-13 19:26:12 +11:00
a7f49dcb52
upstream commit
...
apparently memcpy(x, NULL, 0) is undefined behaviour
according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls
when length==0; ok markus@
2015-01-13 19:25:52 +11:00
905fe30fca
upstream commit
...
free->sshkey_free; ok djm@
2015-01-13 19:25:52 +11:00
f067cca2bc
upstream commit
...
allow WITH_OPENSSL w/o WITH_SSH1; ok djm@
2015-01-13 19:25:08 +11:00
c4bfafcc2a
upstream commit
...
adjust for sshkey_load_file() API change
2015-01-09 00:46:04 +11:00
e752c6d547
upstream commit
...
fix ssh_config FingerprintHash evaluation order; from Petr
Lautrbach
2015-01-09 00:45:50 +11:00
ab24ab847b
upstream commit
...
reorder hostbased key attempts to better match the
default hostkey algorithms order in myproposal.h; ok markus@
2015-01-09 00:20:25 +11:00
1195f4cb07
upstream commit
...
deprecate key_load_private_pem() and
sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.
ok markus@
2015-01-09 00:17:12 +11:00
febbe09e4e
upstream commit
...
workaround for the Meyer, et al, Bleichenbacher Side
Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm
markus
2015-01-09 00:13:35 +11:00
5191df927d
upstream commit
...
KNF and add a little more debug()
2015-01-09 00:13:35 +11:00
8abd80315d
upstream commit
...
add fingerprinthash to the options list;
2015-01-09 00:13:35 +11:00
296ef0560f
upstream commit
...
tweak previous;
2015-01-09 00:13:34 +11:00
462082eacb
avoid uninitialised free of ldns_res
...
If an invalid rdclass was passed to getrrsetbyname() then
this would execute a free on an uninitialised pointer.
OpenSSH only ever calls this with a fixed and valid rdclass.
Reported by Joshua Rogers
2014-12-30 08:16:11 +11:00
01b6349880
pull updated OpenBSD BCrypt PBKDF implementation
...
Includes fix for 1 byte output overflow for large key length
requests (not reachable in OpenSSH).
Pointed out by Joshua Rogers
2014-12-29 18:10:18 +11:00
c528c1b4af
fix variable name for IPv6 case in construct_utmpx
...
patch from writeonce AT midipix.org via bz#2296
2014-12-23 15:26:13 +11:00
293cac52dc
include and use OpenBSD netcat in regress/
2014-12-23 08:38:12 +11:00
8f6784f0cb
upstream commit
...
mention ssh -Q feature to list supported { MAC, cipher,
KEX, key } algorithms in more places and include the query string used to
list the relevant information; bz#2288
2014-12-22 20:05:41 +11:00
markus@openbsd.org
djm@openbsd.org
Damien Miller
tedu@openbsd.org
jmc@openbsd.org
Damien Miller