dtucker@openbsd.org
727ce36c8c
upstream: Replace OPENSSL as the variable that points to the
...
openssl binary with OPENSSL_BIN. This will allow us to use the OPENSSL
variable from mk.conf or the make(1) command line indicating if we're
building with our without OpenSSL, and ultimately get the regress tests
working in the OPENSSL=no configuration.
OpenBSD-Regress-ID: 2d788fade3264d7803e5b54cae8875963f688c4e
2021-07-25 22:35:24 +10:00
dtucker@openbsd.org
55e17101a9
upstream: Skip RFC4716 format import and export tests when built
...
without OpenSSL.
OpenBSD-Regress-ID: d2c2d5d38c1acc2b88cc99cfe00a2eb8bb39dfa4
2021-07-24 14:22:45 +10:00
dtucker@openbsd.org
f5ccb5895d
upstream: Don't omit ssh-keygen -y from usage when built without
...
OpenSSL. It is actually available, albeit only for ed25519 keys.
OpenBSD-Commit-ID: 7a254c33d0e6a55c30c6b016a8d298d3cb7a7674
2021-07-24 14:22:26 +10:00
dtucker@openbsd.org
819d57ac23
upstream: Exclude key conversion options from usage when built
...
without OpenSSL since those are not available, similar to what we currently
do with the moduli screening options. We can also use this to skip the
conversion regression tests in this case.
OpenBSD-Commit-ID: 3c82caa398cf99cd4518c23bba5a2fc66b16bafe
2021-07-24 14:22:26 +10:00
Darren Tucker
b6673b1d2e
Test OpenBSD upstream with and without OpenSSL.
2021-07-24 14:20:12 +10:00
djm@openbsd.org
9d38074b54
upstream: test for first-match-wins in authorized_keys environment=
...
options
OpenBSD-Regress-ID: 1517c90276fe84b5dc5821c59f88877fcc34c0e8
2021-07-24 12:31:05 +10:00
dtucker@openbsd.org
2b76f1dd19
upstream: Simplify keygen-convert by using $SSH_KEYTYPES directly.
...
OpenBSD-Regress-ID: cdbe408ec3671ea9ee9b55651ee551370d2a4108
2021-07-24 12:31:05 +10:00
djm@openbsd.org
7d64a9fb58
upstream: don't leak environment= variable when it is not the first
...
match
OpenBSD-Commit-ID: 7fbdc3dfe0032deaf003fd937eeb4d434ee4efe0
2021-07-24 12:30:58 +10:00
jmc@openbsd.org
db2130e234
upstream: punctuation;
...
OpenBSD-Commit-ID: 64be152e378c45975073ab1c07e0db7eddd15806
2021-07-24 12:30:58 +10:00
djm@openbsd.org
03190d1098
upstream: mention in comment that read_passphrase(..., RP_ALLOW_STDIN)
...
will try to use askpass first. bz3314
convert a couple of debug() -> debug_f() while here
OpenBSD-Commit-ID: c7e812aebc28fcc5db06d4710e0f73613dee545c
2021-07-23 15:57:56 +10:00
dtucker@openbsd.org
1653ece683
upstream: Test conversion of ed25519 and ecdsa keys too.
...
OpenBSD-Regress-ID: 3676d2d00e58e0d6d37f2878f108cc2b83bbe4bb
2021-07-23 15:25:34 +10:00
dtucker@openbsd.org
8b7af02dcf
upstream: Add test for exporting pubkey from a passphrase-protected
...
private key.
OpenBSD-Regress-ID: da99d93e7b235fbd5b5aaa01efc411225e6ba8ac
2021-07-23 15:25:34 +10:00
djm@openbsd.org
441095d4a3
upstream: regression test for time-limited signature keys
...
OpenBSD-Regress-ID: 2a6f3bd900dbee0a3c96f1ff23e032c93ab392bc
2021-07-23 15:25:34 +10:00
djm@openbsd.org
9e1882ef64
upstream: note successful authentication method in final "Authenticated
...
to ..." message and partial auth success messages (all at LogLevel=verbose)
ok dtucker@
OpenBSD-Commit-ID: 06834b89ceb89f8f16c5321d368a66c08f441984
2021-07-23 15:25:19 +10:00
djm@openbsd.org
a917e973a1
upstream: Add a ForkAfterAuthentication ssh_config(5) counterpart
...
to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok
dtucker
OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
2021-07-23 14:07:19 +10:00
djm@openbsd.org
e0c5088f1c
upstream: Add a StdinNull directive to ssh_config(5) that allows
...
the config file to do the same thing as -n does on the ssh(1) commandline.
Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
2021-07-23 14:07:19 +10:00
djm@openbsd.org
e3957e21ff
upstream: make authorized_keys environment="..." directives
...
first-match-wins and more strictly limit their maximum number; prompted by
OOM reported by OSS-fuzz (35470).
feedback and ok dtucker@
OpenBSD-Commit-ID: 01f63fc10dcd995e7aed9c378ad879161af83121
2021-07-23 14:07:19 +10:00
djm@openbsd.org
d0bb1ce731
upstream: Let allowed signers files used by ssh-keygen(1)
...
signatures support key lifetimes, and allow the verification mode to specify
a signature time to check at. This is intended for use by git to support
signing objects using ssh keys. ok dtucker@
OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
2021-07-23 14:07:19 +10:00
dtucker@openbsd.org
44142068dc
upstream: Use SUDO when setting up hostkey.
...
OpenBSD-Regress-ID: 990cf4481cab8dad62e90818a9b4b36c533851a7
2021-07-19 19:20:33 +10:00
dtucker@openbsd.org
6b67f3f1d1
upstream: Increase time margin for rekey tests. Should help
...
reliability on very heavily loaded hosts.
OpenBSD-Regress-ID: 4c28a0fce3ea89ebde441d7091464176e9730533
2021-07-19 17:08:56 +10:00
Darren Tucker
7953e1bfce
Add sshfp-connect.sh file missed in previous.
2021-07-19 13:47:51 +10:00
dtucker@openbsd.org
b75a80fa83
upstream: Ensure that all returned SSHFP records for the specified host
...
name and hostkey type match instead of only one. While there, simplify the
code somewhat and add some debugging. Based on discussion in bz#3322, ok
djm@.
OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4
2021-07-19 13:46:13 +10:00
dtucker@openbsd.org
1cc1fd0953
upstream: Id sync only, -portable already has this.
...
Put dh_set_moduli_file call inside ifdef WITH_OPENSSL. Fixes
build with OPENSSL=no.
OpenBSD-Commit-ID: af54abbebfb12bcde6219a44d544e18204defb15
2021-07-19 13:04:52 +10:00
dtucker@openbsd.org
33abbe2f41
upstream: Add test for host key verification via SSHFP records. This
...
requires some external setup to operate so is disabled by default (see
comments in sshfp-connect.sh).
OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9
2021-07-19 13:02:55 +10:00
dtucker@openbsd.org
f0cd000d8e
upstream: Add ed25519 key and test SSHFP export of it. Only test
...
RSA SSHFP export if we have RSA functionality compiled in.
OpenBSD-Regress-ID: b4ff5181b8c9a5862e7f0ecdd96108622333a9af
2021-07-19 12:50:51 +10:00
dtucker@openbsd.org
0075511e27
upstream: Group keygen tests together.
...
OpenBSD-Regress-ID: 07e2d25c527bb44f03b7c329d893a1f2d6c5c40c
2021-07-19 12:50:12 +10:00
dtucker@openbsd.org
034828820c
upstream: Add test for ssh-keygen printing of SSHFP records.
...
OpenBSD-Regress-ID: fde9566b56eeb980e149bbe157a884838507c46b
2021-07-19 09:23:57 +10:00
djm@openbsd.org
52c3b6985e
upstream: wrap some long lines
...
OpenBSD-Commit-ID: 4f5186b1466656762dae37d3e569438d900c350d
2021-07-17 10:43:23 +10:00
djm@openbsd.org
43ec991a78
upstream: fix sftp on ControlPersist connections, broken by recent
...
SessionType change; spotted by sthen@
OpenBSD-Commit-ID: 4c5ddc5698790ae6ff50d2a4f8f832f0eeeaa234
2021-07-17 10:43:23 +10:00
djm@openbsd.org
073f45c236
upstream: Explicitly check for and start time-based rekeying in the
...
client and server mainloops.
Previously the rekey timeout could expire but rekeying would not start
until a packet was sent or received. This could cause us to spin in
select() on the rekey timeout if the connection was quiet.
ok markus@
OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987
2021-07-16 19:21:04 +10:00
jmc@openbsd.org
ef7c4e52d5
upstream: reorder SessionType; ok djm
...
OpenBSD-Commit-ID: c7dd0b39e942b1caf4976a0b1cf0fed33d05418c
2021-07-16 19:21:04 +10:00
Darren Tucker
8aa2f9aeb5
Make whitespace consistent.
2021-07-14 11:27:24 +10:00
Darren Tucker
4f4297ee9b
Add ARM64 Linux self-hosted runner.
2021-07-14 11:27:24 +10:00
djm@openbsd.org
eda8909d1b
upstream: add a SessionType directive to ssh_config, allowing the
...
configuration file to offer equivalent control to the -N (no session) and -s
(subsystem) command-line flags.
Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
feedback and ok dtucker@
OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
2021-07-14 09:49:47 +10:00
djm@openbsd.org
7ae69f2628
upstream: fix some broken tests; clean up output
...
OpenBSD-Regress-ID: 1d5038edb511dc4ce1622344c1e724626a253566
2021-07-14 09:20:56 +10:00
Darren Tucker
f5fc6a4c34
Add configure-time detection for SSH_TIME_T_MAX.
...
Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms
were time_t is a long long. The limit used is for the signed type, so if
some system has a 32bit unsigned time_t then the lower limit will still
be imposed and we would need to add some way to detect this. Anyone using
an unsigned 64bit can let us know when it starts being a problem.
2021-07-12 18:21:26 +10:00
dtucker@openbsd.org
fd2d06ae44
upstream: Make limit for time_t test unconditional in the
...
format_absolute_time fix for bz#3329 that allows printing of timestamps past
INT_MAX. This was incorrectly included with the previous commit. Based on
discussion with djm@.
OpenBSD-Commit-ID: 835936f6837c86504b07cabb596b613600cf0f6e
2021-07-12 17:38:47 +10:00
dtucker@openbsd.org
6c29b387cd
upstream: Use existing format_absolute_time() function when
...
printing cert validity instead of doing it inline. Part of bz#3329.
OpenBSD-Commit-ID: a13d4e3c4f59644c23745eb02a09b2a4e717c00c
2021-07-12 17:38:47 +10:00
djm@openbsd.org
99981d5f8b
upstream: silence redundant error message; reported by Fabian Stelzer
...
OpenBSD-Commit-ID: 9349a703016579a60557dafd03af2fe1d44e6aa2
2021-07-09 19:57:16 +10:00
John Ericson
e860978134
Re-indent krb5 section after pkg-config addition.
2021-07-09 15:35:13 +10:00
John Ericson
32dd2daa56
Support finding Kerberos via pkg-config
...
This makes cross compilation easier.
2021-07-09 15:27:09 +10:00
Darren Tucker
def7a72234
Update comments about EGD to include prngd.
2021-07-09 14:34:06 +10:00
dtucker@openbsd.org
b5d23150b4
upstream: Fix a couple of whitespace things. Portable already has
...
these so this removes two diffs between the two.
OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56
2021-07-08 14:57:17 +10:00
dtucker@openbsd.org
8f57be9f27
upstream: Order includes as per style(9). Portable already has
...
these so this removes a handful of diffs between the two.
OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77
2021-07-08 14:51:47 +10:00
dtucker@openbsd.org
b75624f873
upstream: Remove comment referencing now-removed
...
RhostsRSAAuthentication. ok djm@
OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9
2021-07-08 14:50:59 +10:00
djm@openbsd.org
b67eb12f01
upstream: allow spaces to appear in usernames for local to remote,
...
and scp -3 remote to remote copies. with & ok dtucker bz#1164
OpenBSD-Commit-ID: e9b550f3a85ffbb079b6720833da31317901d6dd
2021-07-05 10:27:03 +10:00
dtucker@openbsd.org
8c4ef0943e
upstream: Remove obsolete comments about SSHv1 auth methods. ok
...
djm@
OpenBSD-Commit-ID: 6060f70966f362d8eb4bec3da2f6c4712fbfb98f
2021-07-05 10:27:03 +10:00
Darren Tucker
88908c9b61
Remove reference to ChallengeResponse.
...
challenge_response_authentication was removed from the struct, keeping
kbd_interactive_authentication.
2021-07-03 23:00:19 +10:00
Darren Tucker
321874416d
Move signal.h up include order to match upstream.
2021-07-03 20:38:09 +10:00
Darren Tucker
4fa83e2d0e
Remove old OpenBSD version marker.
...
Looks like an accidental leftover from a sync.
2021-07-03 20:36:06 +10:00