fbec7dba01
Include stdio.h for snprintf.
...
Patch from vapier@gentoo.org .
2019-09-30 18:01:12 +10:00
0a403bfde7
Add SKIP_LTESTS for skipping specific tests.
2019-09-30 14:11:42 +10:00
4d59f7a516
upstream: Test for empty result in expected bits. Remove CRs from log
...
as they confuse tools on some platforms. Re-enable the 3des-cbc test.
OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250
2019-09-27 15:36:22 +10:00
7c817d129e
Re-enable dhgex test.
...
Since we've added larger fallback groups to dh.c this test will pass
even if there is no moduli file installed on the system.
2019-09-27 15:26:22 +10:00
c1e0a32fa8
Add more ToS bits, currently only used by netcat.
2019-09-24 21:17:20 +10:00
5a273a33ca
Privsep is now required.
2019-09-19 15:41:23 +10:00
8aa2aa3cd4
upstream: Allow testing signature syntax and validity without verifying
...
that a signature came from a trusted signer. To discourage accidental or
unintentional use, this is invoked by the deliberately ugly option name
"check-novalidate"
from Sebastian Kinne
OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b
2019-09-16 13:25:53 +10:00
7047d5afe3
upstream: clarify that IdentitiesOnly also applies to the default
...
~/.ssh/id_* keys; bz#3062
OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa
2019-09-13 14:53:45 +10:00
b36ee3fcb2
upstream: Plug mem leaks on error paths, based in part on github
...
pr#120 from David Carlier. ok djm@.
OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e
2019-09-13 14:53:45 +10:00
2aefdf1aef
upstream: whitespace
...
OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700
2019-09-13 14:53:45 +10:00
fbe24b1429
upstream: allow %n to be expanded in ProxyCommand strings
...
From Zachary Harmany via github.com/openssh/openssh-portable/pull/118
ok dtucker@
OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
2019-09-13 14:28:44 +10:00
2ce1d11600
upstream: clarify that ConnectTimeout applies both to the TCP
...
connection and to the protocol handshake/KEX. From Jean-Charles Longuet via
Github PR140
OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf
2019-09-13 14:09:21 +10:00
df78011427
upstream: Fix potential truncation warning. ok deraadt.
...
OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff
2019-09-13 14:09:20 +10:00
ec0e624366
memleak of buffer in sshpam_query
...
coverity report via Ed Maste; ok dtucker@
2019-09-13 13:15:19 +10:00
c17e4638e5
explicitly test set[ug]id() return values
...
Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste
ok dtucker@
2019-09-13 13:15:14 +10:00
91a2135f32
upstream: Allow prepending a list of algorithms to the default set
...
by starting the list with the '^' character, e.g.
HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.com ,aes256-gcm@openssh.com
ok djm@ dtucker@
OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
2019-09-08 14:49:04 +10:00
c8bdd2db77
upstream: key conversion should fail for !openssl builds, not fall
...
through to the key generation code
OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9
2019-09-08 14:49:04 +10:00
823f6c37eb
upstream: typo in previous
...
OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e
2019-09-08 14:49:04 +10:00
6a710d3e06
needs time.h for --without-openssl
2019-09-08 14:48:11 +10:00
f61f29afda
make unittests pass for no-openssl case
2019-09-08 10:37:17 +10:00
105e1c9218
upstream: avoid compiling certain files that deeply depend on
...
libcrypto when WITH_OPENSSL isn't set
OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061
2019-09-06 17:54:21 +10:00
670104b923
upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
...
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06 17:54:21 +10:00
be02d7cbde
upstream: lots of things were relying on libcrypto headers to
...
transitively include various system headers (mostly stdlib.h); include them
explicitly
OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
2019-09-06 17:54:21 +10:00
d05aaaaadc
upstream: remove leakmalloc reference; we used this early when
...
refactoring but not since
OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c
2019-09-06 16:06:22 +10:00
1268f0bcd8
upstream: Check for RSA support before using it for the user key,
...
otherwise use ed25519 which is supported when built without OpenSSL.
OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7
2019-09-06 14:37:23 +10:00
fd7a2dec65
Provide explicit path to configure-check.
...
On some platforms (at least OpenBSD) make won't search VPATH for target
files, so building out-of-tree will fail at configure-check. Provide
explicit path. ok djm@
2019-09-06 14:09:41 +10:00
00865c2969
upstream: better error code for bad arguments; inspired by
...
OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a
2019-09-06 12:01:45 +10:00
afdf27f5ac
revert config.h/config.h.in freshness checks
...
turns out autoreconf and configure don't touch some files if their content
doesn't change, so the mtime can't be relied upon in a makefile rule
2019-09-05 21:38:40 +10:00
a97609e850
extend autoconf freshness test
...
make it cover config.h.in and config.h separately
2019-09-05 20:54:39 +10:00
182297c10e
check that configure/config.h is up to date
...
Ensure they are newer than the configure.ac / aclocal.m4 source
2019-09-05 20:35:33 +10:00
7d6034bd02
upstream: if a PKCS#11 token returns no keys then try to login and
...
refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@
OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43
2019-09-05 20:07:12 +10:00
76f09bd959
upstream: sprinkle in some explicit errors here, otherwise the
...
percolate all the way up to dispatch_run_fatal() and lose all meaninful
context
to help with bz#3063; ok dtucker@
OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a
2019-09-05 20:07:12 +10:00
0ea332497b
upstream: only send ext_info for KEX_INITIAL; bz#2929 ok dtucker
...
OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63
2019-09-05 20:07:12 +10:00
f23d91f9fa
upstream: macro fix; ok djm
...
OpenBSD-Commit-ID: e891dd6c7996114cb32f0924cb7898ab55efde6e
2019-09-05 20:07:12 +10:00
8b57337c1c
update fuzzing makefile to more recent clang
2019-09-05 15:46:39 +10:00
ae631ad77d
fuzzer for sshsig allowed_signers option parsing
2019-09-05 15:46:11 +10:00
69159afe24
upstream: memleak on error path; found by libfuzzer
...
OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7
2019-09-05 15:44:19 +10:00
bab6feb01f
upstream: expose allowed_signers options parsing code in header for
...
fuzzing
rename to make more consistent with philosophically-similar auth
options parsing API.
OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
2019-09-05 14:56:51 +10:00
4f9d75fbaf
upstream: Call comma-separated lists as such to clarify semantics.
...
Options such as Ciphers take values that may be a list of ciphers; the
complete list, not indiviual elements, may be prefixed with a dash or plus
character to remove from or append to the default list, respectively.
Users might read the current text as if each elment took an optional prefix,
so tweak the wording from "values" to "list" to prevent such ambiguity for
all options supporting these semantics.
Fix instances missed in first commit. ok jmc@ kn@
OpenBSD-Commit-ID: 7112522430a54fb9f15a7a26d26190ed84d5e417
2019-09-05 14:56:51 +10:00
db1e6f60f0
upstream: tweak previous;
...
OpenBSD-Commit-ID: 0abd728aef6b5b35f6db43176aa83b7e3bf3ce27
2019-09-05 14:56:51 +10:00
0f44e5956c
upstream: repair typo and editing mishap
...
OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e
2019-09-05 14:56:51 +10:00
f4846dfc6a
Fuzzer harness for sshsig
2019-09-05 14:26:39 +10:00
b08a6bc1cc
oops; missed including the actual file
2019-09-03 18:45:42 +10:00
1a72c0dd89
portability fixes for sshsig
2019-09-03 18:44:10 +10:00
6d6427d013
upstream: regress test for sshsig; feedback and ok markus@
...
OpenBSD-Regress-ID: 74c0974f2cdae8d9599b9d76a09680bae55d8a8b
2019-09-03 18:42:22 +10:00
59650f0eaf
upstream: only add plain keys to prevent any certs laying around
...
from confusing the test.
OpenBSD-Regress-ID: b8f1508f822bc560b98dea910e61ecd76f34100f
2019-09-03 18:42:14 +10:00
d637c4aee6
upstream: sshsig tweaks and improvements from and suggested by
...
Markus
ok markus/me
OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9
2019-09-03 18:40:24 +10:00
2a9c9f7272
upstream: sshsig: lightweight signature and verification ability
...
for OpenSSH
This adds a simple manual signature scheme to OpenSSH.
Signatures can be made and verified using ssh-keygen -Y sign|verify
Signatures embed the key used to make them. At verification time, this
is matched via principal name against an authorized_keys-like list
of allowed signers.
Mostly by Sebastian Kinne w/ some tweaks by me
ok markus@
OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb
2019-09-03 18:40:23 +10:00
5485f8d50a
upstream: move authorized_keys option parsing helpsers to misc.c
...
and make them public; ok markus@
OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2
2019-09-03 18:39:31 +10:00
f8df0413f0
upstream: make get_sigtype public as sshkey_get_sigtype(); ok
...
markus@
OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8
2019-09-03 18:39:31 +10:00
Darren Tucker
dtucker@openbsd.org
djm@openbsd.org
Damien Miller
naddy@openbsd.org
jmc@openbsd.org