8654e35617
upstream: ce examples of "Ar arg Ar arg" with "Ar arg arg" and
...
stop the spread;
OpenBSD-Commit-ID: af0e952ea0f5e2019c2ce953ed1796eca47f0705
2020-04-24 12:57:50 +10:00
67697e4a82
Update .depend.
2020-04-24 11:10:18 +10:00
d6cc761762
Mailing list is now closed to non-subscribers.
...
While there, add a reference to the bugzilla. ok djm@
2020-04-22 14:07:00 +10:00
cecde6a416
Put the values from env vars back.
...
This merges the values from the recently removed environment into make's
command line arguments since we actually need those.
2020-04-22 12:09:40 +10:00
300c4322b9
Pass configure's egrep through to test-exec.sh.
...
Use it to create a wrapper function to call it from tests. Fixes the
keygen-comment test on platforms with impoverished default egrep (eg
Solaris).
2020-04-22 11:35:49 +10:00
c8d9796cfe
Remove unneeded env vars from t-exec invocation.
2020-04-22 11:35:49 +10:00
01d4cdcd45
upstream: Backslash '$' at then end of string. Prevents warning on
...
some shells.
OpenBSD-Regress-ID: 5dc27ab624c09d34078fd326b10e38c1ce9c741f
2020-04-22 11:35:49 +10:00
8854724cce
Sync rev 1.49.
...
Prevent infinite for loop since i went from ssize_t to size_t. Patch from
eagleoflqj via OpenSSH github PR#178, ok djm@, feedback & ok millert@
2020-04-21 18:28:19 +10:00
d00d07b674
upstream: regression test for printing of private key fingerprints and
...
key comments, mostly by loic AT venez.fr (slightly tweaked for portability)
ok dtucker@
OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004
2020-04-20 14:47:26 +10:00
a98d5ba31e
upstream: fix a bug I introduced in r1.406: when printing private key
...
fingerprint of old-format key, key comments were not being displayed. Spotted
by loic AT venez.fr, ok dtucker
OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533
2020-04-20 14:46:40 +10:00
32f2d0aad4
upstream: repair private key fingerprint printing to also print
...
comment after regression caused by my recent pubkey loading refactor.
Reported by loic AT venez.fr, ok dtucker@
OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e
2020-04-17 17:17:48 +10:00
094dd513f4
upstream: refactor out some duplicate private key loading code;
...
based on patch from loic AT venez.fr, ok dtucker@
OpenBSD-Commit-ID: 5eff2476b0d8d0614924c55e350fb7bb9c84f45e
2020-04-17 17:17:47 +10:00
4e04f46f24
upstream: add space beteen macro arg and punctuation;
...
OpenBSD-Commit-ID: c93a6cbb4bf9468fc4c13e64bc1fd4efee201a44
2020-04-17 17:17:47 +10:00
44ae009a01
upstream: auth2-pubkey r1.89 changed the order of operations to
...
checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand
if no key was found in a file. Document this order here; bz3134
OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
2020-04-17 17:17:47 +10:00
f96f17f920
sys/sysctl.h is only used on OpenBSD
...
so change the preprocessor test used to include it to check
__OpenBSD__, matching the code that uses the symbols it declares.
2020-04-17 14:07:15 +10:00
54688e937a
upstream: fix reversed test that caused IdentitiesOnly=yes to not
...
apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@
OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677
2020-04-17 14:03:36 +10:00
267cbc87b5
upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv are
...
not considered for HostbasedAuthentication when the target user is root;
bz3148
OpenBSD-Commit-ID: fe4c1256929e53f23af17068fbef47852f4bd752
2020-04-17 14:03:36 +10:00
c90f72d29e
upstream: make IgnoreRhosts a tri-state option: "yes" ignore
...
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow
.shosts files but not .rhosts. ok dtucker@
OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9
2020-04-17 14:03:36 +10:00
321c714707
upstream: allow the IgnoreRhosts directive to appear anywhere in a
...
sshd_config, not just before any Match blocks; bz3148, ok dtucker@
OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a62bf3825736e8
2020-04-17 14:03:36 +10:00
ca5403b085
upstream: add space between macro arg and punctuation;
...
OpenBSD-Commit-ID: e579e4d95eef13059c30931ea1f09ed8296b819c
2020-04-17 14:03:16 +10:00
8af0244d7b
Add sys/syscall.h for syscall numbers.
...
In some architecture/libc configurations we need to explicitly include
sys/syscall.h for the syscall number (__NR_xxx) definitions. bz#3085,
patch from blowfist at xroutine.net.
2020-04-15 10:58:02 +10:00
3779b50ee9
upstream: Refactor private key parsing. Eliminates a fair bit of
...
duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key
type check in the ECDSA_CERT parsing path.
feedback and ok markus@
OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9
2020-04-11 20:20:58 +10:00
b6a4013647
upstream: Add tests for TOKEN expansion of LocalForward and
...
RemoteForward.
OpenBSD-Regress-ID: 90fcbc60d510eb114a2b6eaf4a06ff87ecd80a89
2020-04-10 11:47:40 +10:00
abc3e0a517
upstream: Add utf8.c for asmprintf used by krl.c
...
OpenBSD-Regress-ID: 433708d11165afdb189fe635151d21659dd37a37
2020-04-10 11:47:40 +10:00
990687a033
upstream: Add TOKEN percent expansion to LocalFoward and RemoteForward
...
when used for Unix domain socket forwarding. Factor out the code for the
config keywords that use the most common subset of TOKENS into its own
function. bz#3014, ok jmc@ (man page bits) djm@
OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
2020-04-10 11:47:19 +10:00
2b13d3934d
upstream: let sshkey_try_load_public() load public keys from the
...
unencrypted envelope of private key files if not sidecar public key file is
present.
ok markus@
OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040
2020-04-08 10:14:21 +10:00
d01f39304e
upstream: simplify sshkey_try_load_public()
...
ok markus@
OpenBSD-Commit-ID: 05a5d46562aafcd70736c792208b1856064f40ad
2020-04-08 10:14:21 +10:00
f290ab0833
upstream: add sshkey_parse_pubkey_from_private_fileblob_type()
...
Extracts a public key from the unencrypted envelope of a new-style
OpenSSH private key.
ok markus@
OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
2020-04-08 10:14:21 +10:00
8d514eea4a
upstream: simplify sshkey_parse_private_fileblob_type()
...
Try new format parser for all key types first, fall back to PEM
parser only for invalid format errors.
ok markus@
OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77
2020-04-08 10:14:21 +10:00
421169d0e7
upstream: check private key type against requested key type in
...
new-style private decoding; ok markus@
OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662
2020-04-08 10:14:21 +10:00
6aabfb6d22
upstream: check that pubkey in private key envelope matches actual
...
private key
(this public key is currently unusued)
ok markus@
OpenBSD-Commit-ID: 634a60b5e135d75f48249ccdf042f3555112049c
2020-04-08 10:14:21 +10:00
c0f5b22947
upstream: refactor private key parsing a little
...
Split out the base64 decoding and private section decryption steps in
to separate functions. This will make the decryption step easier to fuzz
as well as making it easier to write a "load public key from new-format
private key" function.
ok markus@
OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e
2020-04-08 10:14:21 +10:00
8461a5b3db
Include openssl-compat.h before checking ifdefs.
...
Fixes problem where unsuitable chacha20 code in libressl would be used
unintentionally.
2020-04-06 20:54:34 +10:00
931c50c588
fix inverted test for LibreSSL version
2020-04-06 10:04:56 +10:00
d1d5f72851
upstream: Indicate if we're using a cached key in trace output.
...
OpenBSD-Regress-ID: 409a7b0e59d1272890fda507651c0c3d2d3c0d89
2020-04-05 10:58:53 +10:00
a398251a46
Use /usr/bin/xp4g/id if necessary.
...
Solaris' native "id" doesn't support the options we use but the one
in /usr/bin/xp4g does, so use that instead.
2020-04-05 08:43:57 +10:00
db0fdd4833
upstream: Some platforms don't have "hostname -s", so use cut to trim
...
short hostname instead.
OpenBSD-Regress-ID: ebcf36a6fdf287c9336b0d4f6fc9f793c05307a7
2020-04-05 08:40:46 +10:00
e7e59a9cc8
upstream: Compute hash locally and re-enable %C tests.
...
OpenBSD-Regress-ID: 94d1366e8105274858b88a1f9ad2e62801e49770
2020-04-05 08:15:46 +10:00
abe2b245b3
prefer libcrypto chacha20-poly1305 where possible
2020-04-03 17:26:29 +11:00
bc5c5d01ad
upstream: Temporarily remove tests for '%C' since the hash contains the
...
local hostname and it doesn't work on any machine except mine... spotted by
djm@
OpenBSD-Regress-ID: 2d4c3585b9fcbbff14f4a5a5fde51dbd0d690401
2020-04-03 17:24:42 +11:00
8162402698
upstream: r1.522 deleted one too many lines; repair
...
OpenBSD-Commit-ID: 1af8851fd7a99e4a887b19aa8f4c41a6b3d25477
2020-04-03 17:09:42 +11:00
668cb3585c
upstream: sort -N and add it to usage();
...
OpenBSD-Commit-ID: 5b00e8db37c2b0a54c7831fed9e5f4db53ada332
2020-04-03 17:09:42 +11:00
338ccee1e7
upstream: avoid another compiler warning spotted in -portable
...
OpenBSD-Commit-ID: 1d29c51ac844b287c4c8bcaf04c63c7d9ba3b8c7
2020-04-03 16:53:50 +11:00
9f8a42340b
upstream: this needs utf8.c too
...
OpenBSD-Regress-ID: 445040036cec714d28069a20da25553a04a28451
2020-04-03 15:46:13 +11:00
92115ea7c3
upstream: Add percent_expand test for 'Match Exec'.
...
OpenBSD-Regress-ID: a41c14fd6a0b54d66aa1e9eebfb9ec962b41232f
2020-04-03 15:46:13 +11:00
de34a44027
upstream: fix format string (use %llu for uint64, not %lld). spotted by
...
Darren and his tinderbox tests
OpenBSD-Commit-ID: 3b4587c3d9d46a7be9bdf028704201943fba96c2
2020-04-03 15:45:12 +11:00
9cd40b829a
upstream: Add a flag to re-enable verbose output when in batch
...
mode; requested in bz3135; ok dtucker
OpenBSD-Commit-ID: 5ad2ed0e6440562ba9c84b666a5bbddc1afe2e2b
2020-04-03 15:41:28 +11:00
6ce51a5da5
upstream: chacha20-poly1305 AEAD using libcrypto EVP_chacha20
...
Based on patch from Yuriy M. Kaminskiy. ok + lots of assistance along the
way at a2k20 tb@
OpenBSD-Commit-ID: 5e08754c13d31258bae6c5e318cc96219d6b10f0
2020-04-03 15:41:27 +11:00
eba523f0a1
upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as
...
part of a larger diff at a2k20
OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd
2020-04-03 15:36:57 +11:00
ebd29e9012
upstream: fix debug statement
...
OpenBSD-Commit-ID: 42c6edeeda5ce88b51a20d88c93be3729ce6b916
2020-04-03 15:35:28 +11:00
jmc@openbsd.org
Darren Tucker
dtucker@openbsd.org
djm@openbsd.org
Damien Miller