summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-05-02upstream: we have a sshkey_save_public() function to save public keys;djm@openbsd.org
use it and save a bunch of redundant code. Patch from loic AT venez.fr; ok markus@ djm@ OpenBSD-Commit-ID: f93e030a0ebcd0fd9054ab30db501ec63454ea5f
2020-05-01Use LONG_LONG_MAX and friends if available.Darren Tucker
If we don't have LLONG_{MIN,MAX} but do have LONG_LONG_{MIN,MAX} then use those instead. We do calculate these values in configure, but it turns out that at least one compiler (old HP ANSI C) can't parse "-9223372036854775808LL" without mangling it. (It can parse "-9223372036854775807LL" which is presumably why its limits.h defines LONG_LONG_MIN as the latter minus 1.) Fixes rekey test when compiled with the aforementioned compiler.
2020-05-01upstream: when receving a file in sink(), be careful to send atdjm@openbsd.org
most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache. ok deraadt@ markus@ OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035
2020-05-01upstream: expose vasnmprintf(); ok (as part of other commit) markusdjm@openbsd.org
deraadt OpenBSD-Commit-ID: 2e80cea441c599631a870fd40307d2ade5a7f9b5
2020-05-01upstream: avoid NULL dereference when attempting to convert invaliddjm@openbsd.org
ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298
2020-05-01See if SA_RESTART signals will interrupt select().Darren Tucker
On some platforms (at least older HP-UXes such as 11.11, possibly others) setting SA_RESTART on signal handers will cause it to not interrupt select(), at least for calls that do not specify a timeout. Try to detect this and if found, don't use SA_RESTART. POSIX says "If SA_RESTART has been set for the interrupting signal, it is implementation-dependent whether select() restarts or returns with [EINTR]" so this behaviour is within spec.
2020-05-01fix reversed testDamien Miller
2020-05-01wrap sha2.h inclusion in #ifdef HAVE_SHA2_HDamien Miller
2020-05-01upstream: adapt dummy FIDO middleware to API change; ok markus@djm@openbsd.org
OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
2020-05-01upstream: tweak previous; ok markusjmc@openbsd.org
OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd
2020-05-01upstream: bring back debug() removed in rev 1.74; noted by pradeepmarkus@openbsd.org
kumar OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65
2020-05-01upstream: run the 2nd ssh with BatchMode for scp -3markus@openbsd.org
OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748
2020-05-01upstream: when signing a challenge using a FIDO toke, perform thedjm@openbsd.org
hashing in the middleware layer rather than in ssh code. This allows middlewares that call APIs that perform the hashing implicitly (including Microsoft's AFAIK). ok markus@ OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d
2020-05-01upstream: Fix comment typo. Patch from mforney at mforney.org.dtucker@openbsd.org
OpenBSD-Commit-ID: 3565f056003707a5e678e60e03f7a3efd0464a2b
2020-05-01upstream: We've standardized on memset over bzero, replace a coupledtucker@openbsd.org
that had slipped in. ok deraadt markus djm. OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6
2020-05-01Include sys/byteorder.h for htons and friends.Darren Tucker
These are usually in netinet/in.h but on HP-UX they are not defined if _XOPEN_SOURCE_EXTENDED is set. Only needed for netcat in the regression tests.
2020-05-01Fix conditional for openssl-based chacha20.Darren Tucker
Fixes warnings or link errors when building against older OpenSSLs. ok djm
2020-04-24Error out if given RDomain if unsupported.Darren Tucker
If the config contained 'RDomain %D' on a platform that did not support it, the error would not be detected until runtime resulting in a broken sshd. Detect this earlier and error out if found. bz#3126, based on a patch from jjelen at redhat.com, tweaks and ok djm@
2020-04-24upstream: Fix incorrect error message for "too many known hosts files."dtucker@openbsd.org
bz#3149, patch from jjelen at redhat.com. OpenBSD-Commit-ID: e0fcb07ed5cf7fd54ce340471a747c24454235e5
2020-04-24upstream: Remove leave_non_blocking() which is now dead codedtucker@openbsd.org
because nothing sets in_non_blocking_mode any more. Patch from michaael.meeks at collabora.com, ok djm@ OpenBSD-Commit-ID: c403cefe97a5a99eca816e19cc849cdf926bd09c
2020-04-24upstream: ce examples of "Ar arg Ar arg" with "Ar arg arg" andjmc@openbsd.org
stop the spread; OpenBSD-Commit-ID: af0e952ea0f5e2019c2ce953ed1796eca47f0705
2020-04-24Update .depend.Darren Tucker
2020-04-22Mailing list is now closed to non-subscribers.Darren Tucker
While there, add a reference to the bugzilla. ok djm@
2020-04-22Put the values from env vars back.Darren Tucker
This merges the values from the recently removed environment into make's command line arguments since we actually need those.
2020-04-22Pass configure's egrep through to test-exec.sh.Darren Tucker
Use it to create a wrapper function to call it from tests. Fixes the keygen-comment test on platforms with impoverished default egrep (eg Solaris).
2020-04-22Remove unneeded env vars from t-exec invocation.Darren Tucker
2020-04-22upstream: Backslash '$' at then end of string. Prevents warning ondtucker@openbsd.org
some shells. OpenBSD-Regress-ID: 5dc27ab624c09d34078fd326b10e38c1ce9c741f
2020-04-21Sync rev 1.49.Darren Tucker
Prevent infinite for loop since i went from ssize_t to size_t. Patch from eagleoflqj via OpenSSH github PR#178, ok djm@, feedback & ok millert@
2020-04-20upstream: regression test for printing of private key fingerprints anddjm@openbsd.org
key comments, mostly by loic AT venez.fr (slightly tweaked for portability) ok dtucker@ OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004
2020-04-20upstream: fix a bug I introduced in r1.406: when printing private keydjm@openbsd.org
fingerprint of old-format key, key comments were not being displayed. Spotted by loic AT venez.fr, ok dtucker OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533
2020-04-17upstream: repair private key fingerprint printing to also printdjm@openbsd.org
comment after regression caused by my recent pubkey loading refactor. Reported by loic AT venez.fr, ok dtucker@ OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e
2020-04-17upstream: refactor out some duplicate private key loading code;djm@openbsd.org
based on patch from loic AT venez.fr, ok dtucker@ OpenBSD-Commit-ID: 5eff2476b0d8d0614924c55e350fb7bb9c84f45e
2020-04-17upstream: add space beteen macro arg and punctuation;jmc@openbsd.org
OpenBSD-Commit-ID: c93a6cbb4bf9468fc4c13e64bc1fd4efee201a44
2020-04-17upstream: auth2-pubkey r1.89 changed the order of operations todjm@openbsd.org
checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand if no key was found in a file. Document this order here; bz3134 OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
2020-04-17sys/sysctl.h is only used on OpenBSDDamien Miller
so change the preprocessor test used to include it to check __OpenBSD__, matching the code that uses the symbols it declares.
2020-04-17upstream: fix reversed test that caused IdentitiesOnly=yes to notdjm@openbsd.org
apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@ OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677
2020-04-17upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv aredjm@openbsd.org
not considered for HostbasedAuthentication when the target user is root; bz3148 OpenBSD-Commit-ID: fe4c1256929e53f23af17068fbef47852f4bd752
2020-04-17upstream: make IgnoreRhosts a tri-state option: "yes" ignoredjm@openbsd.org
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@ OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9
2020-04-17upstream: allow the IgnoreRhosts directive to appear anywhere in adjm@openbsd.org
sshd_config, not just before any Match blocks; bz3148, ok dtucker@ OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a62bf3825736e8
2020-04-17upstream: add space between macro arg and punctuation;jmc@openbsd.org
OpenBSD-Commit-ID: e579e4d95eef13059c30931ea1f09ed8296b819c
2020-04-15Add sys/syscall.h for syscall numbers.Darren Tucker
In some architecture/libc configurations we need to explicitly include sys/syscall.h for the syscall number (__NR_xxx) definitions. bz#3085, patch from blowfist at xroutine.net.
2020-04-11upstream: Refactor private key parsing. Eliminates a fair bit ofdjm@openbsd.org
duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key type check in the ECDSA_CERT parsing path. feedback and ok markus@ OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9
2020-04-10upstream: Add tests for TOKEN expansion of LocalForward anddtucker@openbsd.org
RemoteForward. OpenBSD-Regress-ID: 90fcbc60d510eb114a2b6eaf4a06ff87ecd80a89
2020-04-10upstream: Add utf8.c for asmprintf used by krl.cdtucker@openbsd.org
OpenBSD-Regress-ID: 433708d11165afdb189fe635151d21659dd37a37
2020-04-10upstream: Add TOKEN percent expansion to LocalFoward and RemoteForwarddtucker@openbsd.org
when used for Unix domain socket forwarding. Factor out the code for the config keywords that use the most common subset of TOKENS into its own function. bz#3014, ok jmc@ (man page bits) djm@ OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
2020-04-08upstream: let sshkey_try_load_public() load public keys from thedjm@openbsd.org
unencrypted envelope of private key files if not sidecar public key file is present. ok markus@ OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040
2020-04-08upstream: simplify sshkey_try_load_public()djm@openbsd.org
ok markus@ OpenBSD-Commit-ID: 05a5d46562aafcd70736c792208b1856064f40ad
2020-04-08upstream: add sshkey_parse_pubkey_from_private_fileblob_type()djm@openbsd.org
Extracts a public key from the unencrypted envelope of a new-style OpenSSH private key. ok markus@ OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
2020-04-08upstream: simplify sshkey_parse_private_fileblob_type()djm@openbsd.org
Try new format parser for all key types first, fall back to PEM parser only for invalid format errors. ok markus@ OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77
2020-04-08upstream: check private key type against requested key type indjm@openbsd.org
new-style private decoding; ok markus@ OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662