djm@openbsd.org
f14564c1f7
upstream commit
...
fix regression reported by brad@ for passworded keys without
agent present
2015-01-15 22:08:56 +11:00
Damien Miller
45c0fd70bb
make bitmap test compile
2015-01-15 22:08:23 +11:00
djm@openbsd.org
d333f89abf
upstream commit
...
unit tests for KRL bitmap
2015-01-15 21:39:18 +11:00
markus@openbsd.org
7613f828f4
upstream commit
...
re-add comment about full path
2015-01-15 21:39:17 +11:00
markus@openbsd.org
6c43b48b30
upstream commit
...
don't reset to the installed sshd; connect before
reconfigure, too
2015-01-15 21:39:17 +11:00
djm@openbsd.org
771bb47a1d
upstream commit
...
implement a SIGINFO handler so we can discern a stuck
fuzz test from a merely glacial one; prompted by and ok markus
2015-01-15 21:39:16 +11:00
djm@openbsd.org
cfaa57962f
upstream commit
...
use $SSH instead of installed ssh to allow override;
spotted by markus@
2015-01-15 21:39:16 +11:00
djm@openbsd.org
0920553d0a
upstream commit
...
regress test for PubkeyAcceptedKeyTypes; ok markus@
2015-01-15 21:39:15 +11:00
markus@openbsd.org
27ca1a5c00
upstream commit
...
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
2015-01-15 21:39:15 +11:00
djm@openbsd.org
55358f0b4e
upstream commit
...
fatal if soft-PKCS11 library is missing rather (rather
than continue and fail with a more cryptic error)
2015-01-15 21:39:15 +11:00
djm@openbsd.org
c3554cdd2a
upstream commit
...
let this test all supporte key types; pointed out/ok
markus@
2015-01-15 21:39:14 +11:00
djm@openbsd.org
1129dcfc5a
upstream commit
...
sync ssh-keysign, ssh-keygen and some dependencies to the
new buffer/key API; mostly mechanical, ok markus@
2015-01-15 21:39:14 +11:00
djm@openbsd.org
e4ebf55864
upstream commit
...
remove commented-out test code now that it has moved to a
proper unit test
2015-01-15 21:37:34 +11:00
djm@openbsd.org
e81cba066c
upstream commit
...
whitespace
2015-01-15 21:37:34 +11:00
djm@openbsd.org
141efe4954
upstream commit
...
move authfd.c and its tentacles to the new buffer/key
API; ok markus@
2015-01-15 21:37:34 +11:00
djm@openbsd.org
0088c57af3
upstream commit
...
fix small regression: ssh-agent would return a success
message but an empty signature if asked to sign using an unknown key; ok
markus@
2015-01-15 21:37:33 +11:00
Damien Miller
b03ebe2c22
more --without-openssl
...
fix some regressions caused by upstream merges
enable KRLs now that they no longer require BIGNUMs
2015-01-15 03:08:58 +11:00
Damien Miller
bc42cc6fe7
kludge around tun API mismatch betterer
2015-01-15 03:08:29 +11:00
Damien Miller
c332110291
some systems lack SO_REUSEPORT
2015-01-15 02:59:51 +11:00
Damien Miller
83b9678a62
fix merge botch
2015-01-15 02:35:50 +11:00
Damien Miller
0cdc5a3eb6
unbreak across API change
2015-01-15 02:35:33 +11:00
Damien Miller
6e2549ac2b
need includes.h for portable OpenSSH
2015-01-15 02:30:18 +11:00
Damien Miller
72ef7c148c
support --without-openssl at configure time
...
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
2015-01-15 02:28:36 +11:00
Damien Miller
4f38c61c68
add files missed in last commit
2015-01-15 02:28:00 +11:00
djm@openbsd.org
a165bab605
upstream commit
...
avoid BIGNUM in KRL code by using a simple bitmap;
feedback and ok markus
2015-01-15 02:22:18 +11:00
djm@openbsd.org
7d845f4a0b
upstream commit
...
update sftp client and server to new buffer API. pretty
much just mechanical changes; with & ok markus
2015-01-15 02:22:18 +11:00
markus@openbsd.org
139ca81866
upstream commit
...
switch to sshbuf/sshkey; with & ok djm@
2015-01-15 02:22:17 +11:00
Damien Miller
81bfbd0bd3
support --without-openssl at configure time
...
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
2015-01-14 21:48:18 +11:00
djm@openbsd.org
54924b53af
upstream commit
...
avoid an warning for the !OPENSSL case
2015-01-14 21:46:49 +11:00
markus@openbsd.org
ae8b463217
upstream commit
...
swith auth-options to new sshbuf/sshkey; ok djm@
2015-01-14 21:34:20 +11:00
djm@openbsd.org
540e891191
upstream commit
...
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok
markus@
2015-01-14 21:32:55 +11:00
markus@openbsd.org
60c2c4ea5e
upstream commit
...
remove unneeded includes, sync my copyright across files
& whitespace; ok djm@
2015-01-14 21:32:54 +11:00
markus@openbsd.org
128343bcdb
upstream commit
...
adapt mac.c to ssherr.h return codes (de-fatal) and
simplify dependencies ok djm@
2015-01-14 20:43:11 +11:00
djm@openbsd.org
e7fd952f4e
upstream commit
...
sync changes from libopenssh; prepared by markus@ mostly
debug output tweaks, a couple of error return value changes and some other
minor stuff
2015-01-14 20:32:42 +11:00
Damien Miller
76c0480a85
add --without-ssh1 option to configure
...
Allows disabling support for SSH protocol 1.
2015-01-13 19:38:18 +11:00
djm@openbsd.org
1f729f0614
upstream commit
...
add sshd_config HostbasedAcceptedKeyTypes and
PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
will be accepted. Currently defaults to all. Feedback & ok markus@
2015-01-13 19:27:18 +11:00
markus@openbsd.org
816d1538c2
upstream commit
...
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
2015-01-13 19:26:12 +11:00
markus@openbsd.org
0097565f84
upstream commit
...
missing error assigment on sshbuf_put_string()
2015-01-13 19:26:12 +11:00
djm@openbsd.org
a7f49dcb52
upstream commit
...
apparently memcpy(x, NULL, 0) is undefined behaviour
according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls
when length==0; ok markus@
2015-01-13 19:25:52 +11:00
markus@openbsd.org
905fe30fca
upstream commit
...
free->sshkey_free; ok djm@
2015-01-13 19:25:52 +11:00
markus@openbsd.org
f067cca2bc
upstream commit
...
allow WITH_OPENSSL w/o WITH_SSH1; ok djm@
2015-01-13 19:25:08 +11:00
djm@openbsd.org
c4bfafcc2a
upstream commit
...
adjust for sshkey_load_file() API change
2015-01-09 00:46:04 +11:00
djm@openbsd.org
e752c6d547
upstream commit
...
fix ssh_config FingerprintHash evaluation order; from Petr
Lautrbach
2015-01-09 00:45:50 +11:00
djm@openbsd.org
ab24ab847b
upstream commit
...
reorder hostbased key attempts to better match the
default hostkey algorithms order in myproposal.h; ok markus@
2015-01-09 00:20:25 +11:00
djm@openbsd.org
1195f4cb07
upstream commit
...
deprecate key_load_private_pem() and
sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.
ok markus@
2015-01-09 00:17:12 +11:00
tedu@openbsd.org
febbe09e4e
upstream commit
...
workaround for the Meyer, et al, Bleichenbacher Side
Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm
markus
2015-01-09 00:13:35 +11:00
djm@openbsd.org
5191df927d
upstream commit
...
KNF and add a little more debug()
2015-01-09 00:13:35 +11:00
jmc@openbsd.org
8abd80315d
upstream commit
...
add fingerprinthash to the options list;
2015-01-09 00:13:35 +11:00
jmc@openbsd.org
296ef0560f
upstream commit
...
tweak previous;
2015-01-09 00:13:34 +11:00
Damien Miller
462082eacb
avoid uninitialised free of ldns_res
...
If an invalid rdclass was passed to getrrsetbyname() then
this would execute a free on an uninitialised pointer.
OpenSSH only ever calls this with a fixed and valid rdclass.
Reported by Joshua Rogers
2014-12-30 08:16:11 +11:00