Commit Graph

8972 Commits

Author SHA1 Message Date
djm@openbsd.org 966ef47833 upstream commit
log mismatched RSA signature types; ok markus@

OpenBSD-Commit-ID: 381bddfcc1e297a42292222f3bcb5ac2b7ea2418
2017-12-19 15:21:37 +11:00
djm@openbsd.org 349ecd4da3 upstream commit
pass kex->hostkey_alg and kex->hostkey_nid from pre-auth
to post-auth unpriviledged child processes; ok markus@

OpenBSD-Commit-ID: 4a35bc7af0a5f8a232d1361f79f4ebc376137302
2017-12-19 15:21:37 +11:00
millert@openbsd.org c9e37a8725 upstream commit
Add helper function for uri handing in scp where a
missing path simply means ".".  Also fix exit code and add warnings when an
invalid uri is encountered.  OK otto@

OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a
2017-12-19 15:21:37 +11:00
djm@openbsd.org 04c7e28f83 upstream commit
pass negotiated signing algorithm though to
sshkey_verify() and check that the negotiated algorithm matches the type in
the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@

OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
2017-12-19 15:21:37 +11:00
djm@openbsd.org 931c78dfd7 upstream commit
sshkey_sigtype() function to return the type of a
signature; ok markus@

OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8
2017-12-19 15:20:44 +11:00
naddy@openbsd.org 4cdc5956f2 upstream commit
Replace ED25519's private SHA-512 implementation with a
call to the regular digest code.  This speeds up compilation considerably. ok
markus@

OpenBSD-Commit-ID: fcce8c3bcfe7389462a28228f63c823e80ade41c
2017-12-19 15:20:43 +11:00
naddy@openbsd.org 012e5cb839 upstream commit
Create a persistent umac128.c source file: #define the
output size and the name of the entry points for UMAC-128 before including
umac.c. Idea from FreeBSD. ok dtucker@

OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1
2017-12-19 15:17:38 +11:00
Darren Tucker b35addfb4c Update .depend with empty config.h 2017-12-12 11:17:22 +11:00
Darren Tucker 2d96f28246 Ensure config.h is always in dependencies.
Put an empty config.h into the dependency list to ensure that it's
always listed and consistent.
2017-12-12 11:17:22 +11:00
deraadt@openbsd.org ac4987a55e upstream commit
ssh/lib hasn't worked towards our code-sharing goals for
a quit while, perhaps it is too verbose?  Change each */Makefile to
specifying exactly what sources that program requires, compiling it seperate.
 Maybe we'll iterate by sorting those into seperatable chunks, splitting up
files which contain common code + server/client specific code, or whatnot.
But this isn't one step, or we'd have done it a long time ago.. ok dtucker
markus djm

OpenBSD-Commit-ID: 5317f294d63a876bfc861e19773b1575f96f027d
2017-12-12 10:32:30 +11:00
dtucker@openbsd.org 48c23a39a8 upstream commit
Put remote client info back into the ClientAlive
connection termination message.  Based in part on diff from  lars.nooden at
gmail, ok djm

OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0
2017-12-12 10:32:04 +11:00
deraadt@openbsd.org aabd75ec76 upstream commit
time_t printing needs %lld and (long long) casts ok djm

OpenBSD-Commit-ID: 4a93bc2b0d42a39b8f8de8bb74d07ad2e5e83ef7
2017-12-12 10:32:04 +11:00
djm@openbsd.org fd4eeeec16 upstream commit
fix ordering in previous to ensure errno isn't clobbered
before logging.

OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2
2017-12-12 10:32:04 +11:00
djm@openbsd.org 155072fdb0 upstream commit
for some reason unix_listener() logged most errors twice
with each message containing only some of the useful information; merge these

OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a
2017-12-12 10:32:04 +11:00
Darren Tucker 79c0e1d299 Add autogenerated dependency info to Makefile.
Adds a .depend file containing dependency information generated by
makedepend, which is appended to the generated Makefile by configure.

You can regen the file with "make -f Makefile.in depend" if necessary,
but we'll be looking at some way to automatically keep this up to date.

"no objection" djm@
2017-12-11 14:38:33 +11:00
Darren Tucker f001de8fbf Fix pasto in ldns handling.
When ldns-config is not found, configure would check the wrong variable.
ok djm@
2017-12-11 13:42:51 +11:00
Darren Tucker c5bfe83f67 Portable switched to git so s/CVS/git/. 2017-12-09 10:12:23 +11:00
Darren Tucker bb82e61a40 Remove now-used check for perl. 2017-12-09 08:06:00 +11:00
djm@openbsd.org e0ce54c0b9 upstream commit
don't accept junk after "yes" or "no" responses to
hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@

OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c
2017-12-07 11:49:00 +11:00
dtucker@openbsd.org 609d96b3d5 upstream commit
Replace atoi and strtol conversions for integer arguments
to config keywords with a checking wrapper around strtonum.  This will
prevent and flag invalid and negative arguments to these keywords.  ok djm@

OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
2017-12-07 11:49:00 +11:00
dtucker@openbsd.org 168ecec13f upstream commit
Add missing break for rdomain.  Prevents spurious
"Deprecated option" warnings.  ok djm@

OpenBSD-Commit-ID: ba28a675d39bb04a974586241c3cba71a9c6099a
2017-12-07 11:46:35 +11:00
djm@openbsd.org 927f8514ce upstream commit
include the addr:port in bind/listen failure messages

OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e
2017-12-07 11:46:35 +11:00
dtucker@openbsd.org a8c8949954 upstream commit
Import updated moduli.

OpenBSD-Commit-ID: 524d210f982af6007aa936ca7f4c977f4d32f38a
2017-12-07 11:40:38 +11:00
dtucker@openbsd.org 3dde09ab38 upstream commit
Have sftp print a warning about shell cleanliness when
decoding the first packet fails, which is usually caused by shells polluting
stdout of non-interactive starups.  bz#2800, ok markus@ deraadt@.

OpenBSD-Commit-ID: 88d6a9bf3470f9324b76ba1cbd53e50120f685b5
2017-12-07 11:38:50 +11:00
Darren Tucker 6c8a246437 Replace mkinstalldirs with mkdir -p.
Check for MIKDIR_P and use it instead of mkinstalldirs.  Should fix "mkdir:
cannot create directory:... File exists" during "make install".
Patch from eb at emlix.com.
2017-12-01 17:13:34 +11:00
Darren Tucker 3058dd78d2 Pull in newer install-sh from autoconf-2.69.
Suggested by eb at emlix.com
2017-12-01 17:07:08 +11:00
Darren Tucker 79226e5413 Remove RSA1 host key generation.
SSH1 support is now gone, remove SSH1 key generation.
Patch from eb at emlix.com.
2017-12-01 16:55:35 +11:00
djm@openbsd.org 2937dd02c5 upstream commit
more whitespace errors

OpenBSD-Commit-ID: 5e11c125378327b648940b90145e0d98beb05abb
2017-11-28 17:19:06 +11:00
djm@openbsd.org@openbsd.org 7f257bf3fd upstream commit
whitespace at EOL

OpenBSD-Commit-ID: 76d3965202b22d59c2784a8df3a8bfa5ee67b96a
2017-11-28 17:05:42 +11:00
dtucker@openbsd.org@openbsd.org 5db6fbf143 upstream commit
Add monotime_ts and monotime_tv that return monotonic
timespec and timeval respectively.  Replace calls to gettimeofday() in packet
timing with monotime_tv so that the callers will work over a clock step.
Should prevent integer overflow during clock steps reported by wangle6 at
huawei.com. "I like" markus@

OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a
2017-11-28 12:01:49 +11:00
dtucker@openbsd.org@openbsd.org 2d638e9860 upstream commit
Remove get_current_time() and replace with calls to
monotime_double() which uses CLOCK_MONOTONIC and works over clock steps.  "I
like" markus@

OpenBSD-Commit-ID: 3ad2f7d2414e2cfcaef99877a7a5b0baf2242952
2017-11-28 11:39:13 +11:00
Darren Tucker ba460acae4 Include string.h for explicit_bzero. 2017-11-24 16:24:31 +11:00
Damien Miller a65655fb1a fix incorrect range of OpenSSL versions supported
Pointed out by Solar Designer
2017-11-24 10:23:47 +11:00
djm@openbsd.org@openbsd.org 83a1e5dbec upstream commit
downgrade a couple more request parsing errors from
process-fatal to just returning failure, making them consistent with the
others that were already like that.

OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918
2017-11-15 13:25:16 +11:00
djm@openbsd.org@openbsd.org 93c68a8f3d upstream commit
fix regression in 7.6: failure to parse a signature request
message shouldn't be fatal to the process, just the request. Reported by Ron
Frederick

OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05
2017-11-15 11:14:28 +11:00
djm@openbsd.org@openbsd.org 548d3a66fe upstream commit
fix problem in configuration parsing when in config dump mode
(sshd -T) without providing a full connection specification (sshd -T -C ...)

spotted by bluhm@

OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f
2017-11-14 11:46:38 +11:00
djm@openbsd.org@openbsd.org 33edb6ebdc upstream commit
reuse parse_multistate for parse_flag (yes/no arguments).
Saves a few lines of code and makes the parser more consistent wrt case-
sensitivity.  bz#2664 ok dtucker@

OpenBSD-Commit-ID: b2ad1b6086858d5db71c7b11e5a74dba6d60efef
2017-11-03 16:20:41 +11:00
djm@openbsd.org@openbsd.org d52131a983 upstream commit
allow certificate validity intervals that specify only a
start or stop time (we already support specifying both or neither)

OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42
2017-11-03 16:20:41 +11:00
djm@openbsd.org@openbsd.org fbe8e7ac94 upstream commit
allow "cd" and "lcd" commands with no explicit path
argument. lcd will change to the local user's home directory as usual. cd
will change to the starting directory for session (because the protocol
offers no way to obtain the remote user's home directory). bz#2760 ok
dtucker@

OpenBSD-Commit-ID: 15333f5087cee8c1ed1330cac1bd0a3e6a767393
2017-11-03 16:20:41 +11:00
dtucker@openbsd.org@openbsd.org 0208a48517 upstream commit
When doing a config test with sshd -T, only require the
attributes that are actually used in Match criteria rather than (an
incomplete list of) all criteria.  ok djm@, man page help jmc@

OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc
2017-11-03 16:20:41 +11:00
djm@openbsd.org@openbsd.org c357eed5a5 upstream commit
typos in ECDSA certificate names; bz#2787 reported by
Mike Gerow

OpenBSD-Commit-ID: 824938b6aba1b31321324ba1f56c05f84834b163
2017-11-03 16:20:41 +11:00
djm@openbsd.org@openbsd.org ecbf005b8f upstream commit
Private keys in PEM format have been encrypted by AES-128 for
a while (not 3DES). bz#2788 reported by Calum Mackay

OpenBSD-Commit-ID: bd33da7acbbb3c882f0a0ee56007a35ce0d8a11a
2017-11-03 16:20:41 +11:00
Darren Tucker 81c9ccdbf6 Check for linux/if.h when enabling rdomain.
musl libc doesn't seem to have linux/if.h, so check for its presence
before enabling rdomain support on Linux.
2017-11-03 14:52:51 +11:00
Darren Tucker fa1b834cce Add headers for sys/sysctl.h and net/route.h
On at least older OpenBSDs, sys/sysctl.h and net/route.h require
sys/types and, in the case of sys/sysctl.h, sys/param.h for MAXLOGNAME.
2017-11-03 14:09:45 +11:00
djm@openbsd.org@openbsd.org 41bff4da21 upstream commit
avoid unused variable warnings for !WITH_OPENSSL; patch from
Marcus Folkesson

OpenBSD-Commit-ID: c01d27a3f907acdc3dd4ea48170fac3ba236d229
2017-11-03 13:24:59 +11:00
Marcus Folkesson 6b373e4635 only enable functions in dh.c when openssl is used
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
2017-11-03 13:13:54 +11:00
djm@openbsd.org@openbsd.org 939b30ba23 upstream commit
fix broken stdout in ControlPersist mode, introduced by me in
r1.467 and reported by Alf Schlichting

OpenBSD-Commit-ID: 3750a16e02108fc25f747e4ebcedb7123c1ef509
2017-11-01 11:08:56 +11:00
Darren Tucker f21455a084 Include includes.h for HAVE_GETPAGESIZE.
The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in
config.h, but bsd-getpagesize.c forgot to include includes.h (which
indirectly includes config.h) so the checks always fails, causing linker
issues when linking statically on systems with getpagesize().

Patch from Peter Korsgaard <peter at korsgaard.com>
2017-10-31 10:09:33 +11:00
djm@openbsd.org@openbsd.org f2ad63c071 upstream commit
whitespace at EOL

OpenBSD-Regress-ID: f4b5df99b28c6f63478deb916c6ed0e794685f07
2017-10-31 09:08:52 +11:00
djm@openbsd.org@openbsd.org c6415b1f8f upstream commit
whitespace at EOL

OpenBSD-Regress-ID: 19b1394393deee4c8a2114a3b7d18189f27a15cd
2017-10-31 09:08:51 +11:00