dbab02f920
upstream: fix leaks in unit test; with this, all unit tests are
...
leak free (as far as valgrind can spot anyway)
OpenBSD-Regress-ID: b824d8b27998365379963440e5d18b95ca03aa17
2018-07-13 12:14:38 +10:00
2f6accff50
Enable leak checks for unit tests with valgrind
...
Leave the leak checking on unconditionally when running with valgrind.
The unit tests are leak-free and I want them to stay that way.
2018-07-13 11:41:33 +10:00
e46cfbd9db
increase timeout to match cfgmatch.sh
...
lets test pass under valgrind (on my workstation at least)
2018-07-13 11:41:33 +10:00
6aa1bf475c
rm regress/misc/kexfuzz/*.o in distclean target
2018-07-13 11:41:33 +10:00
eef1447ddb
repair !WITH_OPENSSL build
2018-07-13 11:41:33 +10:00
4d3b2f36fd
missing headers
2018-07-13 11:41:33 +10:00
3f420a692b
Remove key.h from portable files too.
...
Commit 5467fbcb
2018-07-12 14:57:46 +10:00
e2c4af3115
upstream: remove prototype to long-gone function
...
OpenBSD-Commit-ID: 0414642ac7ce01d176b9f359091a66a8bbb640bd
2018-07-12 14:36:12 +10:00
394a842e60
upstream: treat ssh_packet_write_wait() errors as fatal; ok djm@
...
OpenBSD-Commit-ID: f88ba43c9d54ed2d911218aa8d3f6285430629c3
2018-07-12 13:18:25 +10:00
5467fbcb09
upstream: remove legacy key emulation layer; ok djm@
...
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
5dc4c59d54
upstream: s/wuth/with/ in comment
...
OpenBSD-Commit-ID: 9de41468afd75f54a7f47809d2ad664aa577902c
2018-07-12 11:47:57 +10:00
1c688801e9
Include stdlib.h for declaration of free.
...
Fixes build with -Werror on at least Fedora and probably others.
2018-07-11 12:14:09 +10:00
fccfa239de
VALGRIND_CHECK_LEAKS logic was backwards :(
2018-07-11 10:19:56 +10:00
416287d45f
Fix sshbuf_new error path in skey.
2018-07-11 10:11:17 +10:00
7aab109b8b
Supply missing third arg in skey.
...
During the change to the new buffer api the third arg to
sshbuf_get_cstring was ommitted. Fixes build when configured with skey.
2018-07-11 10:11:17 +10:00
380320bb72
Supply some more missing "int r" in skey
2018-07-11 10:11:17 +10:00
d20720d373
disable valgrind memleak checking by default
...
Add VALGRIND_CHECK_LEAKS knob to turn it back on.
2018-07-11 09:57:44 +10:00
79c9d35018
Supply missing "int r" in skey code.
2018-07-11 09:54:00 +10:00
984bacfaac
upstream: re-remove some pre-auth compression bits
...
This time, make sure to not remove things that are necessary for
pre-auth compression on the client. Add a comment that pre-auth
compression is still supported in the client.
ok markus@
OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784
2018-07-11 09:52:08 +10:00
120a1ec74e
Adapt portable to legacy buffer API removal
2018-07-10 19:39:52 +10:00
0f3958c1e6
upstream: kerberos/gssapi fixes for buffer removal
...
OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
2018-07-10 19:15:35 +10:00
c74ae8e7c4
upstream: buffer.[ch] and bufaux.c are no more
...
OpenBSD-Commit-ID: d1a1852284e554f39525eb4d4891b207cfb3d3a0
2018-07-10 18:07:49 +10:00
a881e5a133
upstream: one mention of Buffer that almost got away :)
...
OpenBSD-Commit-ID: 30d7c27a90b4544ad5dfacf654595710cd499f02
2018-07-10 18:07:49 +10:00
49f47e656b
upstream: replace cast with call to sshbuf_mutable_ptr(); ok djm@
...
OpenBSD-Commit-ID: 4dfe9d29fa93d9231645c89084f7217304f7ba29
2018-07-10 16:44:17 +10:00
cb30cd4704
upstream: remove legacy buffer API emulation layer; ok djm@
...
OpenBSD-Commit-ID: 2dd5dc17cbc23195be4299fa93be2707a0e08ad9
2018-07-10 16:44:17 +10:00
235c7c4e3b
upstream: sshd: switch monitor to sshbuf API; lots of help & ok
...
djm@
OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48
2018-07-10 16:40:18 +10:00
b8d9214d96
upstream: sshd: switch GSSAPI to sshbuf API; ok djm@
...
OpenBSD-Commit-ID: e48449ab4be3f006f7ba33c66241b7d652973e30
2018-07-10 15:28:30 +10:00
c7d39ac8dc
upstream: sshd: switch authentication to sshbuf API; ok djm@
...
OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
2018-07-10 15:27:43 +10:00
c3cb7790e9
upstream: sshd: switch config to sshbuf API; ok djm@
...
OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd
2018-07-10 15:25:25 +10:00
2808d18ca4
upstream: sshd: switch loginmsg to sshbuf API; ok djm@
...
OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
2018-07-10 15:21:58 +10:00
89dd615b8b
upstream: ttymodes: switch to sshbuf API; ok djm@
...
OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429
2018-07-10 15:19:12 +10:00
f4608a7065
upstream: client: switch mux to sshbuf API; with & ok djm@
...
OpenBSD-Commit-ID: 5948fb98d704f9c4e075b92edda64e0290b5feb2
2018-07-10 15:14:26 +10:00
cecee2d607
upstream: client: switch to sshbuf API; ok djm@
...
OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
2018-07-10 15:14:26 +10:00
ff55f4ad89
upstream: pkcs11: switch to sshbuf API; ok djm@
...
OpenBSD-Commit-ID: 98cc4e800f1617c51caf59a6cb3006f14492db79
2018-07-10 15:13:41 +10:00
168b46f405
upstream: Revert previous two commits
...
It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:
date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
Rename COMP_DELAYED to COMP_ZLIB
Only delayed compression is supported nowadays.
ok markus@
date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
Remove leftovers from pre-authentication compression
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
2018-07-10 15:13:41 +10:00
ab39267fa1
upstream: Rename COMP_DELAYED to COMP_ZLIB
...
Only delayed compression is supported nowadays.
ok markus@
OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821
2018-07-10 15:13:40 +10:00
95db395d2e
upstream: Remove leftovers from pre-authentication compression
...
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58
2018-07-10 15:13:40 +10:00
f28a4d5cd2
upstream: Remove unused ssh_packet_start_compression()
...
ok markus@
OpenBSD-Commit-ID: 9d34cf2f59aca5422021ae2857190578187dc2b4
2018-07-10 15:13:40 +10:00
872517ddbb
Defer setting bufsiz in getdelim.
...
Do not write to bufsiz until we are sure the malloc has succeeded,
in case any callers rely on it (which they shouldn't). ok djm@
2018-07-06 13:32:02 +10:00
3deb56f719
Fix other callers of read_environment_file.
...
read_environment_file recently gained an extra argument Some platform
specific code also calls it so add the argument to those too. Fixes
build on Solaris and AIX.
2018-07-05 13:32:01 +10:00
314908f451
upstream: deal with API rename: match_filter_list() =>
...
match_filter_blacklist()
OpenBSD-Regress-ID: 2da342be913efeb51806351af906fab01ba4367f
2018-07-04 23:52:50 +10:00
89f54cdf6b
upstream: exercise new expansion behaviour of
...
PubkeyAcceptedKeyTypes and, by proxy, test kex_assemble_names()
ok markus@
OpenBSD-Regress-ID: 292978902e14d5729aa87e492dd166c842f72736
2018-07-04 23:52:50 +10:00
187633f24c
upstream: add a comment that could have saved me 45 minutes of wild
...
goose chasing
OpenBSD-Regress-ID: d469b29ffadd3402c090e21b792d627d46fa5297
2018-07-04 23:52:50 +10:00
312d2f2861
upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA
...
signature work - returns ability to add/remove/specify algorithms by
wildcard.
Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.
Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.
(lots of) feedback, ok markus@
OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
2018-07-04 23:51:52 +10:00
303af5803b
upstream: some magic for RSA-SHA2 checks
...
OpenBSD-Regress-ID: e5a9b11368ff6d86e7b25ad10ebe43359b471cd4
2018-07-04 00:07:12 +10:00
7d68e26294
depend
2018-07-03 23:27:11 +10:00
b4d4eda633
upstream: some finesse to fix RSA-SHA2 certificate authentication
...
for certs hosted in ssh-agent
OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f
2018-07-03 23:26:47 +10:00
d78b75df4a
upstream: check correct variable; unbreak agent keys
...
OpenBSD-Commit-ID: c36981fdf1f3ce04966d3310826a3e1e6233d93e
2018-07-03 23:26:47 +10:00
2f30300c5e
upstream: crank version number to 7.8; needed for new compat flag
...
for prior version; part of RSA-SHA2 strictification, ok markus@
OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b
2018-07-03 23:26:47 +10:00
4ba0d54794
upstream: Improve strictness and control over RSA-SHA2 signature
...
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
2018-07-03 23:26:36 +10:00
djm@openbsd.org
Damien Miller
Darren Tucker
markus@openbsd.org
martijn@openbsd.org
sf@openbsd.org