summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-10-09upstream: fix an unreachable integer overflow similar to the XMSSdjm@openbsd.org
case, and some other NULL dereferences found by fuzzing. fix with and ok markus@ OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b
2019-10-09upstream: fix integer overflow in XMSS private key parsing.djm@openbsd.org
Reported by Adam Zabrocki via SecuriTeam's SSH program. Note that this code is experimental and not compiled by default. ok markus@ OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
2019-10-09upstream: Correct type for end-of-list sentinel; fixes initializerdtucker@openbsd.org
warnings on some platforms. ok deraadt. OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2
2019-10-09upstream: reversed test yielded incorrect debug messagedjm@openbsd.org
OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3
2019-10-09dependDamien Miller
2019-10-09Make MAKE_CLONE no-op macro more correct.Darren Tucker
Similar to the previous change to DEF_WEAK, some compilers don't like the empty statement, so convert into a no-op function prototype.
2019-10-09wrap stdint.h include in HAVE_STDINT_HDamien Miller
make the indenting a little more consistent too.. Fixes Solaris 2.6; reported by Tom G. Christensen
2019-10-08avoid "return (value)" in void-declared functionDamien Miller
spotted by Tim Rice; ok dtucker
2019-10-08Make DEF_WEAK more likely to be correct.Darren Tucker
Completely nop-ing out DEF_WEAK leaves an empty statemment which some compilers don't like. Replace with a no-op function template. ok djm@
2019-10-07upstream: Instead of running sed over the whole log to remove CRs,dtucker@openbsd.org
remove them only where it's needed (and confuses test(1) on at least OS X in portable). OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0
2019-10-05Enable specific ioctl call for EP11 crypto card (s390)Eduardo Barretto
The EP11 crypto card needs to make an ioctl call, which receives an specific argument. This crypto card is for s390 only. Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
2019-10-04upstream: fix memory leak in error path; bz#3074 patch fromdjm@openbsd.org
krishnaiah.bommu@intel.com, ok dtucker OpenBSD-Commit-ID: d031853f3ecf47b35a0669588f4d9d8e3b307b3c
2019-10-04upstream: spacedjm@openbsd.org
OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac
2019-10-04upstream: more sshsig regress tests: check key revocation, thedjm@openbsd.org
check-novalidate signature test mode and signing keys in ssh-agent. From Sebastian Kinne (slightly tweaked) OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2
2019-10-04upstream: Check for gmtime failure in moduli generation. Based ondtucker@openbsd.org
patch from krishnaiah.bommu@intel.com, ok djm@ OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa
2019-10-04upstream: use a more common options order in SYNOPSIS and syncjmc@openbsd.org
usage(); while here, no need for Bk/Ek; ok dtucker OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90
2019-10-02upstream: thinko in previous; spotted by Mantasdjm@openbsd.org
=?UTF-8?q?=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d
2019-10-02upstream: make signature format match PROTOCOdjm@openbsd.org
=?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?= =?UTF-8?q?s=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f
2019-10-02upstream: ban empty namespace strings for sdjm@openbsd.org
=?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698
2019-10-02Put ssherr.h back as it's actually needed.Darren Tucker
2019-10-02Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.Lonnie Abelbeck
New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
2019-10-02remove duplicate #includesDamien Miller
Prompted by Jakub Jelen
2019-10-02typo in commentDamien Miller
2019-10-02upstream: remove some duplicate #includesdjm@openbsd.org
OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
2019-10-01upstream: revert unconditional forced login implemented in r1.41 ofdjm@openbsd.org
ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the token returns no objects and this is less disruptive for users of tokens directly in ssh (rather than via ssh-agent) and in ssh-keygen bz3006, patch from Jakub Jelen; ok markus OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e
2019-10-01upstream: group and sort single letter options; ok deraadtjmc@openbsd.org
OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f
2019-10-01upstream: fix the DH-GEX text in -a; because this required a comma,jmc@openbsd.org
i added a comma to the first part, for balance... OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58
2019-10-01upstream: identity_file[] should be PATH_MAX, not the arbitraryderaadt@openbsd.org
number 1024 OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7
2019-10-01upstream: new sentence, new line;jmc@openbsd.org
OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698
2019-09-30Include stdio.h for snprintf.Darren Tucker
Patch from vapier@gentoo.org.
2019-09-30Add SKIP_LTESTS for skipping specific tests.Darren Tucker
2019-09-27upstream: Test for empty result in expected bits. Remove CRs from logdtucker@openbsd.org
as they confuse tools on some platforms. Re-enable the 3des-cbc test. OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250
2019-09-27Re-enable dhgex test.Darren Tucker
Since we've added larger fallback groups to dh.c this test will pass even if there is no moduli file installed on the system.
2019-09-24Add more ToS bits, currently only used by netcat.Darren Tucker
2019-09-19Privsep is now required.Darren Tucker
2019-09-16upstream: Allow testing signature syntax and validity without verifyingdjm@openbsd.org
that a signature came from a trusted signer. To discourage accidental or unintentional use, this is invoked by the deliberately ugly option name "check-novalidate" from Sebastian Kinne OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b
2019-09-13upstream: clarify that IdentitiesOnly also applies to the defaultdjm@openbsd.org
~/.ssh/id_* keys; bz#3062 OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa
2019-09-13upstream: Plug mem leaks on error paths, based in part on githubdtucker@openbsd.org
pr#120 from David Carlier. ok djm@. OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e
2019-09-13upstream: whitespacedjm@openbsd.org
OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700
2019-09-13upstream: allow %n to be expanded in ProxyCommand stringsdjm@openbsd.org
From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@ OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
2019-09-13upstream: clarify that ConnectTimeout applies both to the TCPdjm@openbsd.org
connection and to the protocol handshake/KEX. From Jean-Charles Longuet via Github PR140 OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf
2019-09-13upstream: Fix potential truncation warning. ok deraadt.dtucker@openbsd.org
OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff
2019-09-13memleak of buffer in sshpam_queryDamien Miller
coverity report via Ed Maste; ok dtucker@
2019-09-13explicitly test set[ug]id() return valuesDamien Miller
Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste ok dtucker@
2019-09-08upstream: Allow prepending a list of algorithms to the default setnaddy@openbsd.org
by starting the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@ OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
2019-09-08upstream: key conversion should fail for !openssl builds, not falldjm@openbsd.org
through to the key generation code OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9
2019-09-08upstream: typo in previousdjm@openbsd.org
OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e
2019-09-08needs time.h for --without-opensslDamien Miller
2019-09-08make unittests pass for no-openssl caseDamien Miller
2019-09-06upstream: avoid compiling certain files that deeply depend ondjm@openbsd.org
libcrypto when WITH_OPENSSL isn't set OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061