summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-01-03upstream commitdjm@openbsd.org
missed one (unbreak after ssh/lib removal) OpenBSD-Regress-ID: cfdd132143131769e2d2455e7892b5d55854c322
2018-01-03upstream commitdjm@openbsd.org
unbreak unit tests after removal of src/usr.bin/ssh/lib OpenBSD-Regress-ID: 3a79760494147b20761cbd2bd5c20e86c63dc8f9
2017-12-21upstream commitdjm@openbsd.org
revert stricter key type / signature type checking in userauth path; too much software generates inconsistent messages, so we need a better plan. OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519
2017-12-19upstream commitdjm@openbsd.org
explicitly test all key types and their certificate counterparts refactor a little OpenBSD-Regress-ID: e9ecd5580821b9ef8b7106919c6980d8e45ca8c4
2017-12-19upstream commitdtucker@openbsd.org
use cmp in a loop instead of diff -N to compare directories. The former works on more platforms for Portable. OpenBSD-Regress-ID: c3aa72807f9c488e8829a26ae50fe5bcc5b57099
2017-12-19remove blocks.c from MakefileDamien Miller
2017-12-19upstream commitdjm@openbsd.org
include signature type and CA key (if applicable) in some debug messages OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5
2017-12-19upstream commitdjm@openbsd.org
unbreak hostkey rotation; attempting to sign with a desired signature algorithm of kex->hostkey_alg is incorrect when the key type isn't capable of making those signatures. ok markus@ OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906
2017-12-19upstream commitdjm@openbsd.org
log mismatched RSA signature types; ok markus@ OpenBSD-Commit-ID: 381bddfcc1e297a42292222f3bcb5ac2b7ea2418
2017-12-19upstream commitdjm@openbsd.org
pass kex->hostkey_alg and kex->hostkey_nid from pre-auth to post-auth unpriviledged child processes; ok markus@ OpenBSD-Commit-ID: 4a35bc7af0a5f8a232d1361f79f4ebc376137302
2017-12-19upstream commitmillert@openbsd.org
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@ OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a
2017-12-19upstream commitdjm@openbsd.org
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
2017-12-19upstream commitdjm@openbsd.org
sshkey_sigtype() function to return the type of a signature; ok markus@ OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8
2017-12-19upstream commitnaddy@openbsd.org
Replace ED25519's private SHA-512 implementation with a call to the regular digest code. This speeds up compilation considerably. ok markus@ OpenBSD-Commit-ID: fcce8c3bcfe7389462a28228f63c823e80ade41c
2017-12-19upstream commitnaddy@openbsd.org
Create a persistent umac128.c source file: #define the output size and the name of the entry points for UMAC-128 before including umac.c. Idea from FreeBSD. ok dtucker@ OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1
2017-12-12Update .depend with empty config.hDarren Tucker
2017-12-12Ensure config.h is always in dependencies.Darren Tucker
Put an empty config.h into the dependency list to ensure that it's always listed and consistent.
2017-12-12upstream commitderaadt@openbsd.org
ssh/lib hasn't worked towards our code-sharing goals for a quit while, perhaps it is too verbose? Change each */Makefile to specifying exactly what sources that program requires, compiling it seperate. Maybe we'll iterate by sorting those into seperatable chunks, splitting up files which contain common code + server/client specific code, or whatnot. But this isn't one step, or we'd have done it a long time ago.. ok dtucker markus djm OpenBSD-Commit-ID: 5317f294d63a876bfc861e19773b1575f96f027d
2017-12-12upstream commitdtucker@openbsd.org
Put remote client info back into the ClientAlive connection termination message. Based in part on diff from lars.nooden at gmail, ok djm OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0
2017-12-12upstream commitderaadt@openbsd.org
time_t printing needs %lld and (long long) casts ok djm OpenBSD-Commit-ID: 4a93bc2b0d42a39b8f8de8bb74d07ad2e5e83ef7
2017-12-12upstream commitdjm@openbsd.org
fix ordering in previous to ensure errno isn't clobbered before logging. OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2
2017-12-12upstream commitdjm@openbsd.org
for some reason unix_listener() logged most errors twice with each message containing only some of the useful information; merge these OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a
2017-12-11Add autogenerated dependency info to Makefile.Darren Tucker
Adds a .depend file containing dependency information generated by makedepend, which is appended to the generated Makefile by configure. You can regen the file with "make -f Makefile.in depend" if necessary, but we'll be looking at some way to automatically keep this up to date. "no objection" djm@
2017-12-11Fix pasto in ldns handling.Darren Tucker
When ldns-config is not found, configure would check the wrong variable. ok djm@
2017-12-09Portable switched to git so s/CVS/git/.Darren Tucker
2017-12-09Remove now-used check for perl.Darren Tucker
2017-12-07upstream commitdjm@openbsd.org
don't accept junk after "yes" or "no" responses to hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@ OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c
2017-12-07upstream commitdtucker@openbsd.org
Replace atoi and strtol conversions for integer arguments to config keywords with a checking wrapper around strtonum. This will prevent and flag invalid and negative arguments to these keywords. ok djm@ OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
2017-12-07upstream commitdtucker@openbsd.org
Add missing break for rdomain. Prevents spurious "Deprecated option" warnings. ok djm@ OpenBSD-Commit-ID: ba28a675d39bb04a974586241c3cba71a9c6099a
2017-12-07upstream commitdjm@openbsd.org
include the addr:port in bind/listen failure messages OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e
2017-12-07upstream commitdtucker@openbsd.org
Import updated moduli. OpenBSD-Commit-ID: 524d210f982af6007aa936ca7f4c977f4d32f38a
2017-12-07upstream commitdtucker@openbsd.org
Have sftp print a warning about shell cleanliness when decoding the first packet fails, which is usually caused by shells polluting stdout of non-interactive starups. bz#2800, ok markus@ deraadt@. OpenBSD-Commit-ID: 88d6a9bf3470f9324b76ba1cbd53e50120f685b5
2017-12-01Replace mkinstalldirs with mkdir -p.Darren Tucker
Check for MIKDIR_P and use it instead of mkinstalldirs. Should fix "mkdir: cannot create directory:... File exists" during "make install". Patch from eb at emlix.com.
2017-12-01Pull in newer install-sh from autoconf-2.69.Darren Tucker
Suggested by eb at emlix.com
2017-12-01Remove RSA1 host key generation.Darren Tucker
SSH1 support is now gone, remove SSH1 key generation. Patch from eb at emlix.com.
2017-11-28upstream commitdjm@openbsd.org
more whitespace errors OpenBSD-Commit-ID: 5e11c125378327b648940b90145e0d98beb05abb
2017-11-28upstream commitdjm@openbsd.org@openbsd.org
whitespace at EOL OpenBSD-Commit-ID: 76d3965202b22d59c2784a8df3a8bfa5ee67b96a
2017-11-28upstream commitdtucker@openbsd.org@openbsd.org
Add monotime_ts and monotime_tv that return monotonic timespec and timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@ OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a
2017-11-28upstream commitdtucker@openbsd.org@openbsd.org
Remove get_current_time() and replace with calls to monotime_double() which uses CLOCK_MONOTONIC and works over clock steps. "I like" markus@ OpenBSD-Commit-ID: 3ad2f7d2414e2cfcaef99877a7a5b0baf2242952
2017-11-24Include string.h for explicit_bzero.Darren Tucker
2017-11-24fix incorrect range of OpenSSL versions supportedDamien Miller
Pointed out by Solar Designer
2017-11-15upstream commitdjm@openbsd.org@openbsd.org
downgrade a couple more request parsing errors from process-fatal to just returning failure, making them consistent with the others that were already like that. OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918
2017-11-15upstream commitdjm@openbsd.org@openbsd.org
fix regression in 7.6: failure to parse a signature request message shouldn't be fatal to the process, just the request. Reported by Ron Frederick OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05
2017-11-14upstream commitdjm@openbsd.org@openbsd.org
fix problem in configuration parsing when in config dump mode (sshd -T) without providing a full connection specification (sshd -T -C ...) spotted by bluhm@ OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f
2017-11-03upstream commitdjm@openbsd.org@openbsd.org
reuse parse_multistate for parse_flag (yes/no arguments). Saves a few lines of code and makes the parser more consistent wrt case- sensitivity. bz#2664 ok dtucker@ OpenBSD-Commit-ID: b2ad1b6086858d5db71c7b11e5a74dba6d60efef
2017-11-03upstream commitdjm@openbsd.org@openbsd.org
allow certificate validity intervals that specify only a start or stop time (we already support specifying both or neither) OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42
2017-11-03upstream commitdjm@openbsd.org@openbsd.org
allow "cd" and "lcd" commands with no explicit path argument. lcd will change to the local user's home directory as usual. cd will change to the starting directory for session (because the protocol offers no way to obtain the remote user's home directory). bz#2760 ok dtucker@ OpenBSD-Commit-ID: 15333f5087cee8c1ed1330cac1bd0a3e6a767393
2017-11-03upstream commitdtucker@openbsd.org@openbsd.org
When doing a config test with sshd -T, only require the attributes that are actually used in Match criteria rather than (an incomplete list of) all criteria. ok djm@, man page help jmc@ OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc
2017-11-03upstream commitdjm@openbsd.org@openbsd.org
typos in ECDSA certificate names; bz#2787 reported by Mike Gerow OpenBSD-Commit-ID: 824938b6aba1b31321324ba1f56c05f84834b163
2017-11-03upstream commitdjm@openbsd.org@openbsd.org
Private keys in PEM format have been encrypted by AES-128 for a while (not 3DES). bz#2788 reported by Calum Mackay OpenBSD-Commit-ID: bd33da7acbbb3c882f0a0ee56007a35ce0d8a11a