Age | Commit message (Collapse) | Author |
|
OpenBSD-Commit-ID: e579e4d95eef13059c30931ea1f09ed8296b819c
|
|
In some architecture/libc configurations we need to explicitly include
sys/syscall.h for the syscall number (__NR_xxx) definitions. bz#3085,
patch from blowfist at xroutine.net.
|
|
duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key
type check in the ECDSA_CERT parsing path.
feedback and ok markus@
OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9
|
|
RemoteForward.
OpenBSD-Regress-ID: 90fcbc60d510eb114a2b6eaf4a06ff87ecd80a89
|
|
OpenBSD-Regress-ID: 433708d11165afdb189fe635151d21659dd37a37
|
|
when used for Unix domain socket forwarding. Factor out the code for the
config keywords that use the most common subset of TOKENS into its own
function. bz#3014, ok jmc@ (man page bits) djm@
OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
|
|
unencrypted envelope of private key files if not sidecar public key file is
present.
ok markus@
OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040
|
|
ok markus@
OpenBSD-Commit-ID: 05a5d46562aafcd70736c792208b1856064f40ad
|
|
Extracts a public key from the unencrypted envelope of a new-style
OpenSSH private key.
ok markus@
OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
|
|
Try new format parser for all key types first, fall back to PEM
parser only for invalid format errors.
ok markus@
OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77
|
|
new-style private decoding; ok markus@
OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662
|
|
private key
(this public key is currently unusued)
ok markus@
OpenBSD-Commit-ID: 634a60b5e135d75f48249ccdf042f3555112049c
|
|
Split out the base64 decoding and private section decryption steps in
to separate functions. This will make the decryption step easier to fuzz
as well as making it easier to write a "load public key from new-format
private key" function.
ok markus@
OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e
|
|
Fixes problem where unsuitable chacha20 code in libressl would be used
unintentionally.
|
|
|
|
OpenBSD-Regress-ID: 409a7b0e59d1272890fda507651c0c3d2d3c0d89
|
|
Solaris' native "id" doesn't support the options we use but the one
in /usr/bin/xp4g does, so use that instead.
|
|
short hostname instead.
OpenBSD-Regress-ID: ebcf36a6fdf287c9336b0d4f6fc9f793c05307a7
|
|
OpenBSD-Regress-ID: 94d1366e8105274858b88a1f9ad2e62801e49770
|
|
|
|
local hostname and it doesn't work on any machine except mine... spotted by
djm@
OpenBSD-Regress-ID: 2d4c3585b9fcbbff14f4a5a5fde51dbd0d690401
|
|
OpenBSD-Commit-ID: 1af8851fd7a99e4a887b19aa8f4c41a6b3d25477
|
|
OpenBSD-Commit-ID: 5b00e8db37c2b0a54c7831fed9e5f4db53ada332
|
|
OpenBSD-Commit-ID: 1d29c51ac844b287c4c8bcaf04c63c7d9ba3b8c7
|
|
OpenBSD-Regress-ID: 445040036cec714d28069a20da25553a04a28451
|
|
OpenBSD-Regress-ID: a41c14fd6a0b54d66aa1e9eebfb9ec962b41232f
|
|
Darren and his tinderbox tests
OpenBSD-Commit-ID: 3b4587c3d9d46a7be9bdf028704201943fba96c2
|
|
mode; requested in bz3135; ok dtucker
OpenBSD-Commit-ID: 5ad2ed0e6440562ba9c84b666a5bbddc1afe2e2b
|
|
Based on patch from Yuriy M. Kaminskiy. ok + lots of assistance along the
way at a2k20 tb@
OpenBSD-Commit-ID: 5e08754c13d31258bae6c5e318cc96219d6b10f0
|
|
part of a larger diff at a2k20
OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd
|
|
OpenBSD-Commit-ID: 42c6edeeda5ce88b51a20d88c93be3729ce6b916
|
|
committed earlier had an off-by-one. Fix this and add some debugging that
would have made it apparent sooner.
OpenBSD-Commit-ID: 082f8f72b1423bd81bbdad750925b906e5ac6910
|
|
remote user not local user.
OpenBSD-Commit-ID: 80f1d976938f2a55ee350c11d8b796836c8397e2
|
|
OpenBSD-Regress-ID: 7283be8b2733ac1cbefea3048a23d02594485288
|
|
the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker
OpenBSD-Commit-ID: ef4b4808de0a419c17579b1081da768625c1d735
|
|
percent_expansions more consistent. - %C is moved into its own function and
added to Match Exec. - move the common (global) options into a macro. This
is ugly but it's the least-ugly way I could come up with. - move
IdentityAgent and ForwardAgent percent expansion to before the config dump
to make it regression-testable. - document all of the above
ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest.
OpenBSD-Commit-ID: 4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75
|
|
binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker
OpenBSD-Commit-ID: b76afc4e3b74ab735dbde4e5f0cfa1f02356033b
|
|
dtucker as part of a larger diff
OpenBSD-Commit-ID: 037e2965bd50eacc2ffb49889ecae41552744fa0
|
|
comparison warning on 32bit arches. Spotted by deraadt, ok djm.
OpenBSD-Commit-ID: 7a75b2540bff5ab4fa00b4d595db1df13bb0515a
|
|
It's required for fido_dev_t, otherwise configure fails with
when given --with-security-key-builtin.
|
|
OpenBSD-Regress-ID: 02471c079805471c546b7a69d9ab1d34e9a57443
|
|
failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok
dtucker
OpenBSD-Commit-ID: b8b849621b4a98e468942efd0a1c519c12ce089e
|
|
errors. This ensures that the logged errors are consistent with other
transport- layer errors and that the relevant IP addresses are logged. bz3129
ok dtucker@
OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab
|
|
these timers were used for regenerating the SSH1 ephemeral host keys but
those are now gone so there's no need to clear the timers either. ok
deraadt@
OpenBSD-Commit-ID: 280d2b885e4a1ce404632e8cc38fcb17be7dafc0
|
|
OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
|
|
prompt for a PIN until the token has told us that it needs one. Avoids
double-prompting on devices that implement on-device authentication (e.g. a
touchscreen PIN pad on the Trezor Model T). ok dtucker@
OpenBSD-Commit-ID: 38b78903dd4422d7d3204095a31692fb69130817
|
|
|
|
|
|
from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
|
|
OpenBSD-Commit-ID: fa29b0da3c93cbc3a1d4c6bcd58af43c00ffeb5b
|