djm@openbsd.org
d85e062459
upstream commit
...
be a bit more careful in these tests to ensure that
known_hosts is clean
2015-01-20 00:26:13 +11:00
djm@openbsd.org
7947810eab
upstream commit
...
regression test for known_host file editing using
ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok
markus@
2015-01-20 00:26:13 +11:00
djm@openbsd.org
3a2b09d147
upstream commit
...
more and better key tests
test signatures and verification
test certificate generation
flesh out nested cert test
removes most of the XXX todo markers
2015-01-20 00:25:12 +11:00
djm@openbsd.org
589e69fd82
upstream commit
...
make the signature fuzzing test much more rigorous:
ensure that the fuzzed input cases do not match the original (using new
fuzz_matches_original() function) and check that the verification fails in
each case
2015-01-20 00:24:40 +11:00
djm@openbsd.org
80603c0daa
upstream commit
...
add a fuzz_matches_original() function to the fuzzer to
detect fuzz cases that are identical to the original data. Hacky
implementation, but very useful when you need the fuzz to be different, e.g.
when verifying signature
2015-01-20 00:24:39 +11:00
djm@openbsd.org
87d5495bd3
upstream commit
...
better dumps from the fuzzer (shown on errors) -
include the original data as well as the fuzzed copy.
2015-01-20 00:24:39 +11:00
djm@openbsd.org
d59ec478c4
upstream commit
...
enable hostkey-agent.sh test
2015-01-20 00:24:17 +11:00
djm@openbsd.org
26b3425170
upstream commit
...
unit test for hostkeys in ssh-agent
2015-01-20 00:23:43 +11:00
markus@openbsd.org
9e06a0fb23
upstream commit
...
add kex unit tests
2015-01-20 00:22:50 +11:00
deraadt@openbsd.org
d2099dec6d
upstream commit
...
djm, your /usr/include tree is old
2015-01-20 00:20:45 +11:00
djm@openbsd.org
2b3c3c76c3
upstream commit
...
some feedback from markus@: comment hostkeys_foreach()
context and avoid a member in it.
2015-01-20 00:20:44 +11:00
djm@openbsd.org
cecb30bc2b
upstream commit
...
make ssh-keygen use hostkeys_foreach(). Removes some
horrendous code; ok markus@
2015-01-20 00:20:44 +11:00
djm@openbsd.org
ec3d065df3
upstream commit
...
convert load_hostkeys() (hostkey ordering and
known_host matching) to use the new hostkey_foreach() iterator; ok markus
2015-01-20 00:20:44 +11:00
djm@openbsd.org
c29811cc48
upstream commit
...
introduce hostkeys_foreach() to allow iteration over a
known_hosts file or controlled subset thereof. This will allow us to pull out
some ugly and duplicated code, and will be used to implement hostkey rotation
later.
feedback and ok markus
2015-01-20 00:20:43 +11:00
deraadt@openbsd.org
f101d8291d
upstream commit
...
string truncation due to sizeof(size) ok djm markus
2015-01-20 00:20:17 +11:00
djm@openbsd.org
35d6022b55
upstream commit
...
avoid trailing ',' in host key algorithms
2015-01-20 00:20:00 +11:00
djm@openbsd.org
7efb455789
upstream commit
...
infer key length correctly when user specified a fully-
qualified key name instead of using the -b bits option; ok markus@
2015-01-20 00:19:59 +11:00
djm@openbsd.org
83f8ffa6a5
upstream commit
...
fix hostkeys on ssh agent; found by unit test I'm about
to commit
2015-01-20 00:18:45 +11:00
schwarze@openbsd.org
369d61f176
upstream commit
...
garbage collect empty .No macros mandoc warns about
2015-01-20 00:18:44 +11:00
djm@openbsd.org
bb8b442d32
upstream commit
...
regression: incorrect error message on
otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
2015-01-20 00:18:44 +11:00
djm@openbsd.org
9010902954
upstream commit
...
when hostname canonicalisation is enabled, try to parse
hostnames as addresses before looking them up for canonicalisation. fixes
bz#2074 and avoids needless DNS lookups in some cases; ok markus
2015-01-16 18:24:49 +11:00
deraadt@openbsd.org
2ae4f337b2
upstream commit
...
Replace <sys/param.h> with <limits.h> and other less
dirty headers where possible. Annotate <sys/param.h> lines with their
current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of
MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
These are the files confirmed through binary verification. ok guenther,
millert, doug (helped with the verification protocol)
2015-01-16 18:24:48 +11:00
markus@openbsd.org
3c4726f4c2
upstream commit
...
remove xmalloc, switch to sshbuf
2015-01-16 18:22:24 +11:00
markus@openbsd.org
e17ac01f8b
upstream commit
...
switch to sshbuf
2015-01-16 18:21:33 +11:00
naddy@openbsd.org
ddef9995a1
upstream commit
...
handle UMAC128 initialization like UMAC; ok djm@ markus@
2015-01-16 18:21:32 +11:00
djm@openbsd.org
f14564c1f7
upstream commit
...
fix regression reported by brad@ for passworded keys without
agent present
2015-01-15 22:08:56 +11:00
Damien Miller
45c0fd70bb
make bitmap test compile
2015-01-15 22:08:23 +11:00
djm@openbsd.org
d333f89abf
upstream commit
...
unit tests for KRL bitmap
2015-01-15 21:39:18 +11:00
markus@openbsd.org
7613f828f4
upstream commit
...
re-add comment about full path
2015-01-15 21:39:17 +11:00
markus@openbsd.org
6c43b48b30
upstream commit
...
don't reset to the installed sshd; connect before
reconfigure, too
2015-01-15 21:39:17 +11:00
djm@openbsd.org
771bb47a1d
upstream commit
...
implement a SIGINFO handler so we can discern a stuck
fuzz test from a merely glacial one; prompted by and ok markus
2015-01-15 21:39:16 +11:00
djm@openbsd.org
cfaa57962f
upstream commit
...
use $SSH instead of installed ssh to allow override;
spotted by markus@
2015-01-15 21:39:16 +11:00
djm@openbsd.org
0920553d0a
upstream commit
...
regress test for PubkeyAcceptedKeyTypes; ok markus@
2015-01-15 21:39:15 +11:00
markus@openbsd.org
27ca1a5c00
upstream commit
...
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
2015-01-15 21:39:15 +11:00
djm@openbsd.org
55358f0b4e
upstream commit
...
fatal if soft-PKCS11 library is missing rather (rather
than continue and fail with a more cryptic error)
2015-01-15 21:39:15 +11:00
djm@openbsd.org
c3554cdd2a
upstream commit
...
let this test all supporte key types; pointed out/ok
markus@
2015-01-15 21:39:14 +11:00
djm@openbsd.org
1129dcfc5a
upstream commit
...
sync ssh-keysign, ssh-keygen and some dependencies to the
new buffer/key API; mostly mechanical, ok markus@
2015-01-15 21:39:14 +11:00
djm@openbsd.org
e4ebf55864
upstream commit
...
remove commented-out test code now that it has moved to a
proper unit test
2015-01-15 21:37:34 +11:00
djm@openbsd.org
e81cba066c
upstream commit
...
whitespace
2015-01-15 21:37:34 +11:00
djm@openbsd.org
141efe4954
upstream commit
...
move authfd.c and its tentacles to the new buffer/key
API; ok markus@
2015-01-15 21:37:34 +11:00
djm@openbsd.org
0088c57af3
upstream commit
...
fix small regression: ssh-agent would return a success
message but an empty signature if asked to sign using an unknown key; ok
markus@
2015-01-15 21:37:33 +11:00
Damien Miller
b03ebe2c22
more --without-openssl
...
fix some regressions caused by upstream merges
enable KRLs now that they no longer require BIGNUMs
2015-01-15 03:08:58 +11:00
Damien Miller
bc42cc6fe7
kludge around tun API mismatch betterer
2015-01-15 03:08:29 +11:00
Damien Miller
c332110291
some systems lack SO_REUSEPORT
2015-01-15 02:59:51 +11:00
Damien Miller
83b9678a62
fix merge botch
2015-01-15 02:35:50 +11:00
Damien Miller
0cdc5a3eb6
unbreak across API change
2015-01-15 02:35:33 +11:00
Damien Miller
6e2549ac2b
need includes.h for portable OpenSSH
2015-01-15 02:30:18 +11:00
Damien Miller
72ef7c148c
support --without-openssl at configure time
...
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
2015-01-15 02:28:36 +11:00
Damien Miller
4f38c61c68
add files missed in last commit
2015-01-15 02:28:00 +11:00
djm@openbsd.org
a165bab605
upstream commit
...
avoid BIGNUM in KRL code by using a simple bitmap;
feedback and ok markus
2015-01-15 02:22:18 +11:00