summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-04-08upstream: simplify sshkey_try_load_public()djm@openbsd.org
ok markus@ OpenBSD-Commit-ID: 05a5d46562aafcd70736c792208b1856064f40ad
2020-04-08upstream: add sshkey_parse_pubkey_from_private_fileblob_type()djm@openbsd.org
Extracts a public key from the unencrypted envelope of a new-style OpenSSH private key. ok markus@ OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
2020-04-08upstream: simplify sshkey_parse_private_fileblob_type()djm@openbsd.org
Try new format parser for all key types first, fall back to PEM parser only for invalid format errors. ok markus@ OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77
2020-04-08upstream: check private key type against requested key type indjm@openbsd.org
new-style private decoding; ok markus@ OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662
2020-04-08upstream: check that pubkey in private key envelope matches actualdjm@openbsd.org
private key (this public key is currently unusued) ok markus@ OpenBSD-Commit-ID: 634a60b5e135d75f48249ccdf042f3555112049c
2020-04-08upstream: refactor private key parsing a littledjm@openbsd.org
Split out the base64 decoding and private section decryption steps in to separate functions. This will make the decryption step easier to fuzz as well as making it easier to write a "load public key from new-format private key" function. ok markus@ OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e
2020-04-06Include openssl-compat.h before checking ifdefs.Darren Tucker
Fixes problem where unsuitable chacha20 code in libressl would be used unintentionally.
2020-04-06fix inverted test for LibreSSL versionDamien Miller
2020-04-05upstream: Indicate if we're using a cached key in trace output.dtucker@openbsd.org
OpenBSD-Regress-ID: 409a7b0e59d1272890fda507651c0c3d2d3c0d89
2020-04-05Use /usr/bin/xp4g/id if necessary.Darren Tucker
Solaris' native "id" doesn't support the options we use but the one in /usr/bin/xp4g does, so use that instead.
2020-04-05upstream: Some platforms don't have "hostname -s", so use cut to trimdtucker@openbsd.org
short hostname instead. OpenBSD-Regress-ID: ebcf36a6fdf287c9336b0d4f6fc9f793c05307a7
2020-04-05upstream: Compute hash locally and re-enable %C tests.dtucker@openbsd.org
OpenBSD-Regress-ID: 94d1366e8105274858b88a1f9ad2e62801e49770
2020-04-03prefer libcrypto chacha20-poly1305 where possibleDamien Miller
2020-04-03upstream: Temporarily remove tests for '%C' since the hash contains thedtucker@openbsd.org
local hostname and it doesn't work on any machine except mine... spotted by djm@ OpenBSD-Regress-ID: 2d4c3585b9fcbbff14f4a5a5fde51dbd0d690401
2020-04-03upstream: r1.522 deleted one too many lines; repairdjm@openbsd.org
OpenBSD-Commit-ID: 1af8851fd7a99e4a887b19aa8f4c41a6b3d25477
2020-04-03upstream: sort -N and add it to usage();jmc@openbsd.org
OpenBSD-Commit-ID: 5b00e8db37c2b0a54c7831fed9e5f4db53ada332
2020-04-03upstream: avoid another compiler warning spotted in -portabledjm@openbsd.org
OpenBSD-Commit-ID: 1d29c51ac844b287c4c8bcaf04c63c7d9ba3b8c7
2020-04-03upstream: this needs utf8.c toodjm@openbsd.org
OpenBSD-Regress-ID: 445040036cec714d28069a20da25553a04a28451
2020-04-03upstream: Add percent_expand test for 'Match Exec'.dtucker@openbsd.org
OpenBSD-Regress-ID: a41c14fd6a0b54d66aa1e9eebfb9ec962b41232f
2020-04-03upstream: fix format string (use %llu for uint64, not %lld). spotted bydjm@openbsd.org
Darren and his tinderbox tests OpenBSD-Commit-ID: 3b4587c3d9d46a7be9bdf028704201943fba96c2
2020-04-03upstream: Add a flag to re-enable verbose output when in batchdjm@openbsd.org
mode; requested in bz3135; ok dtucker OpenBSD-Commit-ID: 5ad2ed0e6440562ba9c84b666a5bbddc1afe2e2b
2020-04-03upstream: chacha20-poly1305 AEAD using libcrypto EVP_chacha20djm@openbsd.org
Based on patch from Yuriy M. Kaminskiy. ok + lots of assistance along the way at a2k20 tb@ OpenBSD-Commit-ID: 5e08754c13d31258bae6c5e318cc96219d6b10f0
2020-04-03upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ asdjm@openbsd.org
part of a larger diff at a2k20 OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd
2020-04-03upstream: fix debug statementdjm@openbsd.org
OpenBSD-Commit-ID: 42c6edeeda5ce88b51a20d88c93be3729ce6b916
2020-04-03upstream: the tunnel-forwarding vs ExitOnForwardFailure fix that Idjm@openbsd.org
committed earlier had an off-by-one. Fix this and add some debugging that would have made it apparent sooner. OpenBSD-Commit-ID: 082f8f72b1423bd81bbdad750925b906e5ac6910
2020-04-03upstream: %C expansion just added to Match Exec should includedtucker@openbsd.org
remote user not local user. OpenBSD-Commit-ID: 80f1d976938f2a55ee350c11d8b796836c8397e2
2020-04-03upstream: Add regression test for percent expansions where possible.dtucker@openbsd.org
OpenBSD-Regress-ID: 7283be8b2733ac1cbefea3048a23d02594485288
2020-04-03upstream: make failures when establishing "Tunnel" forwarding terminatedjm@openbsd.org
the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker OpenBSD-Commit-ID: ef4b4808de0a419c17579b1081da768625c1d735
2020-04-03upstream: Make with config keywords support whichdtucker@openbsd.org
percent_expansions more consistent. - %C is moved into its own function and added to Match Exec. - move the common (global) options into a macro. This is ugly but it's the least-ugly way I could come up with. - move IdentityAgent and ForwardAgent percent expansion to before the config dump to make it regression-testable. - document all of the above ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest. OpenBSD-Commit-ID: 4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75
2020-04-03upstream: give ssh-keygen the ability to dump the contents of adjm@openbsd.org
binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker OpenBSD-Commit-ID: b76afc4e3b74ab735dbde4e5f0cfa1f02356033b
2020-04-03upstream: add allocating variant of the safe utf8 printer; okdjm@openbsd.org
dtucker as part of a larger diff OpenBSD-Commit-ID: 037e2965bd50eacc2ffb49889ecae41552744fa0
2020-03-17upstream: Cast lifetime to u_long for comparison to prevent unsigneddtucker@openbsd.org
comparison warning on 32bit arches. Spotted by deraadt, ok djm. OpenBSD-Commit-ID: 7a75b2540bff5ab4fa00b4d595db1df13bb0515a
2020-03-14Include fido.h when checking for fido/credman.h.Darren Tucker
It's required for fido_dev_t, otherwise configure fails with when given --with-security-key-builtin.
2020-03-14upstream: some more speeling mistakes fromdjm@openbsd.org
OpenBSD-Regress-ID: 02471c079805471c546b7a69d9ab1d34e9a57443
2020-03-14upstream: improve error messages for some common PKCS#11 C_Logindjm@openbsd.org
failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok dtucker OpenBSD-Commit-ID: b8b849621b4a98e468942efd0a1c519c12ce089e
2020-03-14upstream: use sshpkt_fatal() for kex_exchange_identification()djm@openbsd.org
errors. This ensures that the logged errors are consistent with other transport- layer errors and that the relevant IP addresses are logged. bz3129 ok dtucker@ OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab
2020-03-14upstream: Don't clear alarm timers in listening sshd. Previouslydtucker@openbsd.org
these timers were used for regenerating the SSH1 ephemeral host keys but those are now gone so there's no need to clear the timers either. ok deraadt@ OpenBSD-Commit-ID: 280d2b885e4a1ce404632e8cc38fcb17be7dafc0
2020-03-14upstream: spelling errors in comments; no code change fromdjm@openbsd.org
OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
2020-03-14upstream: when downloading FIDO2 resident keys from a token, don'tdjm@openbsd.org
prompt for a PIN until the token has told us that it needs one. Avoids double-prompting on devices that implement on-device authentication (e.g. a touchscreen PIN pad on the Trezor Model T). ok dtucker@ OpenBSD-Commit-ID: 38b78903dd4422d7d3204095a31692fb69130817
2020-03-13sync fnmatch.c with upstream to fix another typoDamien Miller
2020-03-13another spelling error in commentDamien Miller
2020-03-13spelling mistakesDamien Miller
from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
2020-03-13upstream: fix relative includes in sshd_config; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: fa29b0da3c93cbc3a1d4c6bcd58af43c00ffeb5b
2020-03-13upstream: fix use-after-free in do_download_sk; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 96b49623d297797d4fc069f1f09e13c8811f8863
2020-03-13upstream: do not leak oprincipals; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 4691d9387eab36f8fda48f5d8009756ed13a7c4c
2020-03-13upstream: initialize seconds for debug message; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 293fbefe6d00b4812a180ba02e26170e4c855b81
2020-03-13upstream: correct return code; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 319d09e3b7f4b2bc920c67244d9ff6426b744810
2020-03-13upstream: principalsp is optional, pubkey required; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 2cc3ea5018c28ed97edaccd7f17d2cc796f01024
2020-03-13upstream: remove unused variables in ssh-pkcs11-helper; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 13e572846d0d1b28f1251ddd2165e9cf18135ae1
2020-03-13upstream: return correct error in sshsk_ed25519_sig; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 52bf733df220303c260fee4f165ec64b4a977625