summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-04-03prefer libcrypto chacha20-poly1305 where possibleDamien Miller
2020-04-03upstream: Temporarily remove tests for '%C' since the hash contains thedtucker@openbsd.org
local hostname and it doesn't work on any machine except mine... spotted by djm@ OpenBSD-Regress-ID: 2d4c3585b9fcbbff14f4a5a5fde51dbd0d690401
2020-04-03upstream: r1.522 deleted one too many lines; repairdjm@openbsd.org
OpenBSD-Commit-ID: 1af8851fd7a99e4a887b19aa8f4c41a6b3d25477
2020-04-03upstream: sort -N and add it to usage();jmc@openbsd.org
OpenBSD-Commit-ID: 5b00e8db37c2b0a54c7831fed9e5f4db53ada332
2020-04-03upstream: avoid another compiler warning spotted in -portabledjm@openbsd.org
OpenBSD-Commit-ID: 1d29c51ac844b287c4c8bcaf04c63c7d9ba3b8c7
2020-04-03upstream: this needs utf8.c toodjm@openbsd.org
OpenBSD-Regress-ID: 445040036cec714d28069a20da25553a04a28451
2020-04-03upstream: Add percent_expand test for 'Match Exec'.dtucker@openbsd.org
OpenBSD-Regress-ID: a41c14fd6a0b54d66aa1e9eebfb9ec962b41232f
2020-04-03upstream: fix format string (use %llu for uint64, not %lld). spotted bydjm@openbsd.org
Darren and his tinderbox tests OpenBSD-Commit-ID: 3b4587c3d9d46a7be9bdf028704201943fba96c2
2020-04-03upstream: Add a flag to re-enable verbose output when in batchdjm@openbsd.org
mode; requested in bz3135; ok dtucker OpenBSD-Commit-ID: 5ad2ed0e6440562ba9c84b666a5bbddc1afe2e2b
2020-04-03upstream: chacha20-poly1305 AEAD using libcrypto EVP_chacha20djm@openbsd.org
Based on patch from Yuriy M. Kaminskiy. ok + lots of assistance along the way at a2k20 tb@ OpenBSD-Commit-ID: 5e08754c13d31258bae6c5e318cc96219d6b10f0
2020-04-03upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ asdjm@openbsd.org
part of a larger diff at a2k20 OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd
2020-04-03upstream: fix debug statementdjm@openbsd.org
OpenBSD-Commit-ID: 42c6edeeda5ce88b51a20d88c93be3729ce6b916
2020-04-03upstream: the tunnel-forwarding vs ExitOnForwardFailure fix that Idjm@openbsd.org
committed earlier had an off-by-one. Fix this and add some debugging that would have made it apparent sooner. OpenBSD-Commit-ID: 082f8f72b1423bd81bbdad750925b906e5ac6910
2020-04-03upstream: %C expansion just added to Match Exec should includedtucker@openbsd.org
remote user not local user. OpenBSD-Commit-ID: 80f1d976938f2a55ee350c11d8b796836c8397e2
2020-04-03upstream: Add regression test for percent expansions where possible.dtucker@openbsd.org
OpenBSD-Regress-ID: 7283be8b2733ac1cbefea3048a23d02594485288
2020-04-03upstream: make failures when establishing "Tunnel" forwarding terminatedjm@openbsd.org
the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker OpenBSD-Commit-ID: ef4b4808de0a419c17579b1081da768625c1d735
2020-04-03upstream: Make with config keywords support whichdtucker@openbsd.org
percent_expansions more consistent. - %C is moved into its own function and added to Match Exec. - move the common (global) options into a macro. This is ugly but it's the least-ugly way I could come up with. - move IdentityAgent and ForwardAgent percent expansion to before the config dump to make it regression-testable. - document all of the above ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest. OpenBSD-Commit-ID: 4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75
2020-04-03upstream: give ssh-keygen the ability to dump the contents of adjm@openbsd.org
binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker OpenBSD-Commit-ID: b76afc4e3b74ab735dbde4e5f0cfa1f02356033b
2020-04-03upstream: add allocating variant of the safe utf8 printer; okdjm@openbsd.org
dtucker as part of a larger diff OpenBSD-Commit-ID: 037e2965bd50eacc2ffb49889ecae41552744fa0
2020-03-17upstream: Cast lifetime to u_long for comparison to prevent unsigneddtucker@openbsd.org
comparison warning on 32bit arches. Spotted by deraadt, ok djm. OpenBSD-Commit-ID: 7a75b2540bff5ab4fa00b4d595db1df13bb0515a
2020-03-14Include fido.h when checking for fido/credman.h.Darren Tucker
It's required for fido_dev_t, otherwise configure fails with when given --with-security-key-builtin.
2020-03-14upstream: some more speeling mistakes fromdjm@openbsd.org
OpenBSD-Regress-ID: 02471c079805471c546b7a69d9ab1d34e9a57443
2020-03-14upstream: improve error messages for some common PKCS#11 C_Logindjm@openbsd.org
failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok dtucker OpenBSD-Commit-ID: b8b849621b4a98e468942efd0a1c519c12ce089e
2020-03-14upstream: use sshpkt_fatal() for kex_exchange_identification()djm@openbsd.org
errors. This ensures that the logged errors are consistent with other transport- layer errors and that the relevant IP addresses are logged. bz3129 ok dtucker@ OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab
2020-03-14upstream: Don't clear alarm timers in listening sshd. Previouslydtucker@openbsd.org
these timers were used for regenerating the SSH1 ephemeral host keys but those are now gone so there's no need to clear the timers either. ok deraadt@ OpenBSD-Commit-ID: 280d2b885e4a1ce404632e8cc38fcb17be7dafc0
2020-03-14upstream: spelling errors in comments; no code change fromdjm@openbsd.org
OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
2020-03-14upstream: when downloading FIDO2 resident keys from a token, don'tdjm@openbsd.org
prompt for a PIN until the token has told us that it needs one. Avoids double-prompting on devices that implement on-device authentication (e.g. a touchscreen PIN pad on the Trezor Model T). ok dtucker@ OpenBSD-Commit-ID: 38b78903dd4422d7d3204095a31692fb69130817
2020-03-13sync fnmatch.c with upstream to fix another typoDamien Miller
2020-03-13another spelling error in commentDamien Miller
2020-03-13spelling mistakesDamien Miller
from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
2020-03-13upstream: fix relative includes in sshd_config; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: fa29b0da3c93cbc3a1d4c6bcd58af43c00ffeb5b
2020-03-13upstream: fix use-after-free in do_download_sk; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 96b49623d297797d4fc069f1f09e13c8811f8863
2020-03-13upstream: do not leak oprincipals; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 4691d9387eab36f8fda48f5d8009756ed13a7c4c
2020-03-13upstream: initialize seconds for debug message; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 293fbefe6d00b4812a180ba02e26170e4c855b81
2020-03-13upstream: correct return code; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 319d09e3b7f4b2bc920c67244d9ff6426b744810
2020-03-13upstream: principalsp is optional, pubkey required; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 2cc3ea5018c28ed97edaccd7f17d2cc796f01024
2020-03-13upstream: remove unused variables in ssh-pkcs11-helper; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 13e572846d0d1b28f1251ddd2165e9cf18135ae1
2020-03-13upstream: return correct error in sshsk_ed25519_sig; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 52bf733df220303c260fee4f165ec64b4a977625
2020-03-13upstream: fix possible null-deref in check_key_not_revoked; okmarkus@openbsd.org
djm OpenBSD-Commit-ID: 80855e9d7af42bb6fcc16c074ba69876bfe5e3bf
2020-03-13upstream: ssh_fetch_identitylist() returns the return value frommarkus@openbsd.org
ssh_request_reply() so we should also check against != 0 ok djm OpenBSD-Commit-ID: 28d0028769d03e665688c61bb5fd943e18614952
2020-03-13upstream: sshkey_cert_check_authority requires reason to be set;markus@openbsd.org
ok djm OpenBSD-Commit-ID: 6f7a6f19540ed5749763c2f9530c0897c94aa552
2020-03-13upstream: passphrase depends on kdfname, not ciphername (possiblemarkus@openbsd.org
null-deref); ok djm OpenBSD-Commit-ID: 0d39668edf5e790b5837df4926ee1141cec5471c
2020-03-13upstream: consistently check packet_timeout_ms against 0; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: e8fb8cb2c96c980f075069302534eaf830929928
2020-03-13upstream: initialize cname in case ai_canonname is NULL or toomarkus@openbsd.org
long; ok djm OpenBSD-Commit-ID: c27984636fdb1035d1642283664193e91aab6e37
2020-03-13upstream: fix uninitialized pointers for forward_cancel; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 612778e6d87ee865d0ba97d0a335f141cee1aa37
2020-03-13upstream: exit on parse failures in input_service_request; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 6a7e1bfded26051d5aa893c030229b1ee6a0d5d2
2020-03-13upstream: fix null-deref on calloc failure; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: a313519579b392076b7831ec022dfdefbec8724a
2020-03-13upstream: exit if ssh_krl_revoke_key_sha256 fails; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 0864ad4fe8bf28ab21fd1df766e0365c11bbc0dc
2020-03-13upstream: pkcs11_register_provider: return < 0 on error; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: cfc8321315b787e4d40da4bdb2cbabd4154b0d97
2020-03-13upstream: sshsig: return correct error, fix null-deref; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 1d1af7cd538b8b23e621cf7ab84f11e7a923edcd