| Age | Commit message (Collapse) | Author |
|---|
|
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.
Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).
Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@
OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
|
|
written bytes before the initial timer check so that the first buffer written
is accounted. Set the threshold after which the timer is checked such that
the limit starts being computed as soon as possible, ie after the second
buffer is written. This prevents an initial burst of traffic and provides a
more accurate bandwidth limit. bz#2927, ok djm.
OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6
|
|
KEX. It shouldn't be sent in subsequent ones, but if it is present we should
ignore it.
This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy
these clients. Reported by Jakub Jelen via bz2929; ok dtucker@
OpenBSD-Commit-ID: 91564118547f7807030ec537480303e2371902f9
|
|
OpenBSD-Commit-ID: e26c8bf2f2a808f3c47960e1e490d2990167ec39
|
|
authorized_keys) and -R (remove host from authorized_keys) options may accept
either a bare hostname or a [hostname]:port combo. bz#2935
OpenBSD-Commit-ID: 5535cf4ce78375968b0d2cd7aa316fa3eb176780
|
|
This makes the connection 4-tuple available to PAM modules that
wish to use it in decision-making. bz#2741
|
|
In 120a1ec74, loginmsg was changed from the legacy Buffer type
to struct sshbuf*, but it missed changing calls to
sys_auth_allowed_user and sys_auth_record_login which passed
loginmsg by address. Now that it's a pointer, just pass it directly.
This only affects AIX, unless there are out of tree users.
|
|
channel_init_channels() as we do it anyway in channel_handler_init() that we
call at the end of the function. Fix from Markus Schmidt via bz#2938
OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed
|
|
OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929
|
|
OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360
|
|
OpenBSD-Commit-ID: 08f096922eb00c98251501c193ff9e83fbb5de4f
|
|
|
|
Try the new init function (OPENSSL_init_crypto) before falling back to
the old one (OpenSSL_add_all_algorithms).
|
|
OpenSSL_add_all_algorithms() may be a macro so check for that too.
|
|
Matches in same pass as "Match canonical" but doesn't require
hostname canonicalisation be enabled. bz#2906 ok markus
OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa
|
|
now always used for SIGUSR1 even when SIGINFO is not defined. This will make
things simpler in -portable.
OpenBSD-Regress-ID: 4ff0265b335820b0646d37beb93f036ded0dc43f
|
|
RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code
This fixes the build with configureed --without-openssl.
|
|
|
|
square brackets in case statements may be eaten by autoconf.
Report and fix from Filipp Gunbin; tweaked by naddy@
|
|
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.
Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().
Prompted by patch from Rosen Penev
|
|
SIGINFO to resync with portable. (ID sync only).
OpenBSD-Regress-ID: 699d153e2de22dce51a1b270c40a98472d1a1b16
|
|
trap for them. This allows multiple instances of tests to run without
colliding.
OpenBSD-Regress-ID: 57add105ecdfc54752d8003acdd99eb68c3e0b4c
|
|
test "yes" and "sandbox".
OpenBSD-Regress-ID: 80e685ed8990766527dc629b1affc09a75bfe2da
|
|
UNITTEST_FAST?= no # Skip slow tests (e.g. less intensive fuzzing).
UNITTEST_SLOW?= no # Include slower tests (e.g. more intensive fuzzing).
UNITTEST_VERBOSE?= no # Verbose test output (inc. per-test names).
useful if you want to run the tests as a smoke test to exercise the
functionality without waiting for all the fuzzers to run.
OpenBSD-Regress-ID: e04d82ebec86068198cd903acf1c67563c57315e
|
|
It's unused in -portable, but having it out of sync makes other syncs
fail to apply.
|
|
loading the default hostkeys. Hostkeys explicitly specified in the
configuration or on the command-line are still reported as errors, and
failure to load at least one host key remains a fatal error.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Based on patch from Dag-Erling Smørgrav via
https://github.com/openssh/openssh-portable/pull/103
ok markus@
OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684
|
|
/dev/null. Fixes mosh in proxycommand mode that was broken by the previous
ProxyCommand change that was reported by matthieu@. ok djm@ danj@
OpenBSD-Commit-ID: c6fc9641bc250221a0a81c6beb2e72d603f8add6
|
|
started with ControlPersist; based on patch from Steffen Prohaska
OpenBSD-Commit-ID: 1bcaa14a03ae80369d31021271ec75dce2597957
|
|
use-after-free faults if the ancestors are freed before the descendents.
Nothing in OpenSSH uses this deallocation pattern. Reported by Jann Horn
OpenBSD-Commit-ID: d93501d1d2734245aac802a252b9bb2eccdba0f2
|
|
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
|
|
Check for the presence of OPENSSL_init_crypto and all the flags we want
before trying to use it (bz#2931).
|
|
current directory; based on report/patch from Harry Sintonen
OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
|
|
socket around for the life of the connection; bz#2912; reported by Simon
Tatham; ok dtucker@
OpenBSD-Commit-ID: 4ded588301183d343dce3e8c5fc1398e35058478
|
|
PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were
specified, then authentication would always fail for RSA keys as the monitor
checks only the base key (not the signature algorithm) type against
*AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker
OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b
|
|
commands; bz#2926; ok dtucker@
OpenBSD-Commit-ID: 9d635636bc84aeae796467e059f7634de990a79d
|
|
Mike Frysinger <vapier at gentoo dot org>
OpenBSD-Commit-ID: 1bc5392f795ca86318d695e0947eaf71a5a4f6d9
|
|
Colin Watson
OpenBSD-Commit-ID: bff614c7bd1f4ca491a84e9b5999f848d0d66758
|
|
OpenBSD-Commit-ID: a0c228390856a215bb66319c89cb3959d3af8c87
|
|
OpenBSD-Commit-ID: c07772f58028fda683ee6abd41c73da3ff70d403
|
|
key type at start of doc
OpenBSD-Commit-ID: b46b0149256d67f05f2d5d01e160634ed1a67324
|
|
If configure could not find a working OpenSSL installation it would
fall back to checking in /usr/local/ssl. This made sense back when
systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't
use that as a default any more. The fallback behaviour also meant
that if you pointed --with-ssl-dir at a specific directory and it
didn't work, it would silently use either the system libs or the ones
in /usr/local/ssl. If you want to use /usr/local/ssl you'll need to
pass configure --with-ssl-dir=/usr/local/ssl. ok djm@
|
|
Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix
compile-time check for 1.0.1 to match.
|
|
bz#2922, patch from vinschen at redhat.com.
|
|
bz#2922, patch from Christian.Lupien at USherbrooke.ca, sanity check
by vinschen at redhat.com.
|
|
|
|
Correct error message when OpenSSL doesn't support certain ECDSA key
lengths.
|
|
ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
guarded by OPENSSL_HAS_ECC
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single
AC_CHECK_FUNCS. ok djm@
|
|
Prevents unnecessary redefinition. Patch from mforney at mforney.org.
|
|
|
