summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-02-09upstream commitdtucker@openbsd.org
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@ OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
2018-02-08Set SO_REUSEADDR in regression test netcat.Darren Tucker
Sometimes multiplex tests fail on Solaris with "netcat: local_listen: Address already in use" which is likely due to previous invocations leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to SO_REUSEPORT which is alread set on platforms that support it). ok djm@
2018-02-08upstream commitjsing@openbsd.org
Convert some explicit_bzero()/free() calls to freezero(). ok deraadt@ dtucker@ OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609
2018-02-08upstream commitjsing@openbsd.org
Remove some #ifdef notyet code from OpenSSL 0.9.8 days. These functions have never appeared in OpenSSL and are likely never to do so. "kill it with fire" djm@ OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e
2018-02-08upstream commitjsing@openbsd.org
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@ OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
2018-02-07Remove obsolete "Smartcard support" messageDarren Tucker
The configure checks that populated $SCARD_MSG were removed in commits 7ea845e4 and d8f60022 when the smartcard support was replaced with PKCS#11.
2018-02-07upstream commitdtucker@openbsd.org
Replace "trojan horse" with the correct term (MITM). From maikel at predikkta.com via bz#2822, ok markus@ OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53
2018-02-07upstream committb@openbsd.org
Add a couple of non-negativity checks to avoid close(-1). ok djm OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880
2018-02-07upstream committb@openbsd.org
The file descriptors for socket, stdin, stdout and stderr aren't necessarily distinct, so check if they are the same to avoid closing the same fd several times. ok djm OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
2018-02-07upstream commitdjm@openbsd.org
I accidentially a word OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a
2018-02-07upstream commitdjm@openbsd.org
certificate options are case-sensitive; fix case on one that had it wrong. move a badly-place sentence to a less bad place OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
2018-01-24crypto_api.h needs includes.hDamien Miller
2018-01-24upstream commitstsp@openbsd.org
Fix a logic bug in sshd_exchange_identification which prevented clients using major protocol version 2 from connecting to the server. ok millert@ OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9
2018-01-24upstream commitstsp@openbsd.org
Add missing braces; fixes 'write: Socket is not connected' error in ssh. ok deraadt@ OpenBSD-Commit-ID: db73a3a9e147722d410866cac34d43ed52e1ad24
2018-01-23rebuild dependsDamien Miller
2018-01-23one SSH_BUG_BANNER instance that got awayDamien Miller
2018-01-23upstream commitdjm@openbsd.org
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2018-01-23upstream commitdjm@openbsd.org
try harder to preserve errno during ssh_connect_direct() to make the final error message possibly accurate; bz#2814, ok dtucker@ OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca
2018-01-23upstream commitdjm@openbsd.org
unbreak support for clients that advertise a protocol version of "1.99" (indicating both v2 and v1 support). Busted by me during SSHv1 purge in r1.358; bz2810, ok dtucker OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b
2018-01-23upstream commitdjm@openbsd.org
don't attempt to force hostnames that are addresses to lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to remove ambiguities (e.g. ::0001 => ::1) before they are matched against known_hosts; bz#2763, ok dtucker@ OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0
2018-01-23upstream commitdjm@openbsd.org
avoid modifying pw->pw_passwd; let endpwent() clean up for us, but keep a scrubbed copy; bz2777, ok dtucker@ OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752
2018-01-23upstream commitnaddy@openbsd.org
clarify authorship; prodded by and ok markus@ OpenBSD-Commit-ID: e1938eee58c89b064befdabe232835fa83bb378c
2018-01-23upstream commitmarkus@openbsd.org
group shared source files (e.g. SRCS_KEX) and allow compilation w/o OPENSSL ok djm@ OpenBSD-Commit-ID: fa728823ba21c4b45212750e1d3a4b2086fd1a62
2018-01-23upstream commitmarkus@openbsd.org
move subprocess() so scp/sftp do not need uidswap.o; ok djm@ OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8
2018-01-23upstream commitmarkus@openbsd.org
switch ssh-pkcs11-helper to new API; ok djm@ OpenBSD-Commit-ID: e0c0ed2a568e25b1d2024f3e630f3fea837c2a42
2018-01-23upstream commitmarkus@openbsd.org
split client/server kex; only ssh-keygen needs uuencode.o; only scp/sftp use progressmeter.o; ok djm@ OpenBSD-Commit-ID: f2c9feb26963615c4fece921906cf72e248b61ee
2018-01-23upstream commitmarkus@openbsd.org
only ssh-keygen needs uuencode.o; only scp/sftp use progressmeter.o OpenBSD-Commit-ID: a337e886a49f96701ccbc4832bed086a68abfa85
2018-01-23upstream commitmarkus@openbsd.org
uuencode.h is not used OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c
2018-01-03unbreak fuzz harnessDamien Miller
2018-01-03upstream commitdjm@openbsd.org
another libssh casualty OpenBSD-Regress-ID: 839b970560246de23e7c50215095fb527a5a83ec
2018-01-03upstream commitdjm@openbsd.org
missed one (unbreak after ssh/lib removal) OpenBSD-Regress-ID: cfdd132143131769e2d2455e7892b5d55854c322
2018-01-03upstream commitdjm@openbsd.org
unbreak unit tests after removal of src/usr.bin/ssh/lib OpenBSD-Regress-ID: 3a79760494147b20761cbd2bd5c20e86c63dc8f9
2017-12-21upstream commitdjm@openbsd.org
revert stricter key type / signature type checking in userauth path; too much software generates inconsistent messages, so we need a better plan. OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519
2017-12-19upstream commitdjm@openbsd.org
explicitly test all key types and their certificate counterparts refactor a little OpenBSD-Regress-ID: e9ecd5580821b9ef8b7106919c6980d8e45ca8c4
2017-12-19upstream commitdtucker@openbsd.org
use cmp in a loop instead of diff -N to compare directories. The former works on more platforms for Portable. OpenBSD-Regress-ID: c3aa72807f9c488e8829a26ae50fe5bcc5b57099
2017-12-19remove blocks.c from MakefileDamien Miller
2017-12-19upstream commitdjm@openbsd.org
include signature type and CA key (if applicable) in some debug messages OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5
2017-12-19upstream commitdjm@openbsd.org
unbreak hostkey rotation; attempting to sign with a desired signature algorithm of kex->hostkey_alg is incorrect when the key type isn't capable of making those signatures. ok markus@ OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906
2017-12-19upstream commitdjm@openbsd.org
log mismatched RSA signature types; ok markus@ OpenBSD-Commit-ID: 381bddfcc1e297a42292222f3bcb5ac2b7ea2418
2017-12-19upstream commitdjm@openbsd.org
pass kex->hostkey_alg and kex->hostkey_nid from pre-auth to post-auth unpriviledged child processes; ok markus@ OpenBSD-Commit-ID: 4a35bc7af0a5f8a232d1361f79f4ebc376137302
2017-12-19upstream commitmillert@openbsd.org
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@ OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a
2017-12-19upstream commitdjm@openbsd.org
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
2017-12-19upstream commitdjm@openbsd.org
sshkey_sigtype() function to return the type of a signature; ok markus@ OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8
2017-12-19upstream commitnaddy@openbsd.org
Replace ED25519's private SHA-512 implementation with a call to the regular digest code. This speeds up compilation considerably. ok markus@ OpenBSD-Commit-ID: fcce8c3bcfe7389462a28228f63c823e80ade41c
2017-12-19upstream commitnaddy@openbsd.org
Create a persistent umac128.c source file: #define the output size and the name of the entry points for UMAC-128 before including umac.c. Idea from FreeBSD. ok dtucker@ OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1
2017-12-12Update .depend with empty config.hDarren Tucker
2017-12-12Ensure config.h is always in dependencies.Darren Tucker
Put an empty config.h into the dependency list to ensure that it's always listed and consistent.
2017-12-12upstream commitderaadt@openbsd.org
ssh/lib hasn't worked towards our code-sharing goals for a quit while, perhaps it is too verbose? Change each */Makefile to specifying exactly what sources that program requires, compiling it seperate. Maybe we'll iterate by sorting those into seperatable chunks, splitting up files which contain common code + server/client specific code, or whatnot. But this isn't one step, or we'd have done it a long time ago.. ok dtucker markus djm OpenBSD-Commit-ID: 5317f294d63a876bfc861e19773b1575f96f027d
2017-12-12upstream commitdtucker@openbsd.org
Put remote client info back into the ClientAlive connection termination message. Based in part on diff from lars.nooden at gmail, ok djm OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0
2017-12-12upstream commitderaadt@openbsd.org
time_t printing needs %lld and (long long) casts ok djm OpenBSD-Commit-ID: 4a93bc2b0d42a39b8f8de8bb74d07ad2e5e83ef7