Commit Graph

10569 Commits

Author SHA1 Message Date
markus@openbsd.org
07f5f369a2 upstream: fix kex mem-leak in ssh_packet_close; ok djm
OpenBSD-Commit-ID: e2e9533f393620383afd0b68ef435de8d5e8abe4
2020-06-26 15:18:44 +10:00
markus@openbsd.org
e35995088c upstream: fix ssh -O proxy w/mux which got broken by no longer
making ssh->kex optional in packet.c revision 1.278 ok djm@

OpenBSD-Commit-ID: 2b65df04a064c2c6277359921d2320c90ab7d917
2020-06-26 15:18:44 +10:00
markus@openbsd.org
250246fef2 upstream: support loading big sshd_config files w/o realloc; ok
djm

OpenBSD-Commit-ID: ba9238e810074ac907f0cf8cee1737ac04983171
2020-06-26 15:18:44 +10:00
markus@openbsd.org
89b54900ac upstream: allow sshd_config longer than 256k; ok djm
OpenBSD-Commit-ID: 83f40dd5457a64c1d3928eb4364461b22766beb3
2020-06-26 15:18:07 +10:00
markus@openbsd.org
e3fa6249e6 upstream: only call sshkey_xmss_init() once for KEY_XMSS_CERT; ok
djm

OpenBSD-Commit-ID: d0002ffb7f20f538b014d1d0735facd5a81ff096
2020-06-26 15:18:07 +10:00
djm@openbsd.org
37f2da069c upstream: some clarifying comments
OpenBSD-Commit-ID: 5268479000fd97bfa30ab819f3517139daa054a2
2020-06-26 15:18:07 +10:00
jmc@openbsd.org
b659319a5b upstream: updated argument name for -P in first synopsis was
missed in previous;

OpenBSD-Commit-ID: 8d84dc3050469884ea91e29ee06a371713f2d0b7
2020-06-26 15:18:07 +10:00
jmc@openbsd.org
02a9222cbc upstream: supply word missing in previous;
OpenBSD-Commit-ID: 16a38b049f216108f66c8b699aa046063381bd23
2020-06-26 15:18:07 +10:00
Damien Miller
5098b3b623 missing files for webauthn/sshsig unit test 2020-06-22 16:54:02 +10:00
djm@openbsd.org
354535ff79 upstream: add support for verification of webauthn sshsig signature,
and example HTML/JS to generate webauthn signatures in SSH formats (also used
to generate the testdata/* for the test).

OpenBSD-Regress-ID: dc575be5bb1796fdf4b8aaee0ef52a6671a0f6fb
2020-06-22 16:33:33 +10:00
djm@openbsd.org
bb52e70fa5 upstream: Add support for FIDO webauthn (verification only).
webauthn is a standard for using FIDO keys in web browsers. webauthn
signatures are a slightly different format to plain FIDO signatures - this
support allows verification of these. Feedback and ok markus@

OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
2020-06-22 16:27:27 +10:00
djm@openbsd.org
64bc121097 upstream: refactor ECDSA-SK verification a little ahead of adding
support for FIDO webauthn signature verification support; ok markus@

OpenBSD-Commit-ID: c9f478fd8e0c1bd17e511ce8694f010d8e32043e
2020-06-22 16:11:14 +10:00
djm@openbsd.org
12848191f8 upstream: support for RFC4648 base64url encoding; ok markus
OpenBSD-Commit-ID: 0ef22c55e772dda05c112c88412c0797fec66eb4
2020-06-22 16:11:14 +10:00
djm@openbsd.org
473b4af43d upstream: better terminology for permissions; feedback & ok markus@
OpenBSD-Commit-ID: ff2a71803b5ea57b83cc3fa9b3be42b70e462fb9
2020-06-22 16:11:14 +10:00
djm@openbsd.org
fc270baf26 upstream: better terminology for permissions; feedback & ok markus@
OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c
2020-06-22 16:11:14 +10:00
dtucker@openbsd.org
00531bb42f upstream: Correct synopsis and usage for the options accepted when
passing a command to ssh-agent.  ok jmc@

OpenBSD-Commit-ID: b36f0679cb0cac0e33b361051b3406ade82ea846
2020-06-22 16:11:14 +10:00
Darren Tucker
b4556c8ad7 Add OPENBSD ORIGINAL marker to bcrypt_pbkdf. 2020-06-19 19:22:00 +10:00
Darren Tucker
1babb8bb14 Extra brackets around sizeof() in bcrypt.
Prevents following warning from clang 10:
bcrypt_pbkdf.c:94:40: error: expression does not compute the number of
  elements in this array; element type is ´uint32_tÂ[...]
  place parentheses around the ´sizeof(uint64_t)´ expression to
  silence this warning
2020-06-19 19:10:47 +10:00
Darren Tucker
9e06572959 Add includes.h to new test.
Fixes warnings eg "´bounded´ attribute directive ignor" from gcc.
2020-06-19 18:47:56 +10:00
Darren Tucker
e684b1ea36 Skip OpenSSL specific tests w/out OpenSSL.
Allows unit tests to pass when configure'ed --without-openssl.
2020-06-19 18:38:39 +10:00
Darren Tucker
80610e97a7 Hook sshsig tests up to Portable Makefiles. 2020-06-19 17:15:27 +10:00
dtucker@openbsd.org
5dba1fcaba upstream: Test that ssh-agent exits when running as as subprocess
of a specified command (ie "ssh-agent command").  Would have caught bz#3181.

OpenBSD-Regress-ID: 895b4765ba5153eefaea3160a7fe08ac0b6db8b3
2020-06-19 16:06:53 +10:00
djm@openbsd.org
68e8294f6b upstream: run sshsig unit tests
OpenBSD-Regress-ID: 706ef17e2b545b64873626e0e35553da7c06052a
2020-06-19 16:06:06 +10:00
djm@openbsd.org
5edfa1690e upstream: basic unit test for sshsig.[ch], including FIDO keys
verification only so far

OpenBSD-Regress-ID: fb1f946c8fc59206bc6a6666e577b5d5d7e45896
2020-06-19 16:06:06 +10:00
djm@openbsd.org
e95c0a0e96 upstream: basic unit test for FIDO kep parsing
OpenBSD-Regress-ID: 8089b88393dd916d7c95422b442a6fd4cfe00c82
2020-06-19 15:58:10 +10:00
djm@openbsd.org
7775819c6d upstream: check public host key matches private; ok markus@ (as
part of previous diff)

OpenBSD-Commit-ID: 65a4f66436028748b59fb88b264cb8c94ce2ba63
2020-06-19 15:51:04 +10:00
djm@openbsd.org
c514f3c052 upstream: avoid spurious "Unable to load host key" message when
sshd can load a private key but no public counterpart; with & ok markus@

OpenBSD-Commit-ID: 0713cbdf9aa1ff8ac7b1f78b09ac911af510f81b
2020-06-19 15:51:04 +10:00
djm@openbsd.org
7fafaeb5da upstream: correct RFC number; from HARUYAMA Seigo via GH PR191
OpenBSD-Commit-ID: 8d03b6c96ca98bfbc23d3754c3c33e1fe0852e10
2020-06-12 15:28:01 +10:00
djm@openbsd.org
3a7f654d5b upstream: unbreak "sshd -ddd" - close of config passing fd happened too
early. ok markus@

OpenBSD-Commit-ID: 49346e945c6447aca3e904e65fc400128d2f8ed0
2020-06-05 16:20:09 +10:00
Andreas Schwab
3de02be39e Add support for AUDIT_ARCH_RISCV64 2020-06-05 13:31:17 +10:00
djm@openbsd.org
ea547eb032 upstream: make sshbuf_putb(b, NULL) a no-op
OpenBSD-Commit-ID: 976fdc99b500e347023d430df372f31c1dd128f7
2020-06-05 13:28:29 +10:00
djm@openbsd.org
69796297c8 upstream: make sshbuf_dump() args const
OpenBSD-Commit-ID: b4a5accae750875d665b862504169769bcf663bd
2020-06-05 13:28:29 +10:00
djm@openbsd.org
6704288957 upstream: wrap long line
OpenBSD-Commit-ID: ed405a12bd27bdc9c52e169bc5ff3529b4ebbbb2
2020-06-05 13:28:29 +10:00
dtucker@openbsd.org
2f648cf222 upstream: Correct historical comment: provos@ modified OpenSSH to
work with SSLeay (very quickly replaced by OpenSSL) not SSL in general.  ok
deraadt, historical context markus@

OpenBSD-Commit-ID: 7209e07a2984b50411ed8ca5a4932da5030d2b90
2020-06-05 13:28:29 +10:00
dtucker@openbsd.org
56548e4efc upstream: Import regenerated moduli file.
OpenBSD-Commit-ID: 52ff0e3205036147b2499889353ac082e505ea54
2020-06-05 13:28:29 +10:00
Darren Tucker
8da801f585 Test fallthrough in OSSH_CHECK_CFLAG_COMPILE.
clang 10's -Wimplicit-fallthrough does not understand /* FALLTHROUGH */
comments and we don't use the __attribute__((fallthrough)) that it's
looking for.  This has the effect of turning off -Wimplicit-fallthrough
where it does not currently help (particularly with -Werror).  ok djm@
2020-06-05 13:20:10 +10:00
dtucker@openbsd.org
049297de97 upstream: Import regenerated moduli file.
OpenBSD-Commit-ID: 52ff0e3205036147b2499889353ac082e505ea54
2020-06-04 11:04:22 +10:00
dtucker@openbsd.org
b458423a38 upstream: Remove now-unused proto_spec and associated definitions.
ok djm@

OpenBSD-Commit-ID: 2e2b18e3aa6ee22a7b69c39f2d3bd679ec35c362
2020-06-04 11:03:39 +10:00
millert@openbsd.org
5ad3c3a33e upstream: Fix error message on close(2) and add printf format
attributes. From Christos Zoulas, OK markus@

OpenBSD-Commit-ID: 41523c999a9e3561fcc7082fd38ea2e0629ee07e
2020-05-30 10:48:06 +10:00
dtucker@openbsd.org
712ac1efb6 upstream: Make dollar_expand variadic and pass a real va_list to
vdollar_percent_expand. Fixes build error on arm64 spotted by otto@.

OpenBSD-Commit-ID: 181910d7ae489f40ad609b4cf4a20f3d068a7279
2020-05-29 21:53:37 +10:00
Darren Tucker
837ffa9699 Omit ToS setting if we don't have IPV6_TCLASS too.
Fixes tests on old BSDs.
2020-05-29 20:39:00 +10:00
dtucker@openbsd.org
f85b118d21 upstream: Pass a NULL instead of zeroed out va_list from
dollar_expand.  The original intent was in case there's some platform where
va_list is not a pointer equivalent, but on i386 this chokes on the memset.
This unbreaks that build, but will require further consideration.

OpenBSD-Commit-ID: 7b90afcd8e1137a1d863204060052aef415baaf7
2020-05-29 20:10:21 +10:00
jmc@openbsd.org
ec1d50b01c upstream: remove a stray .El;
OpenBSD-Commit-ID: 58ddfe6f8a15fe10209db6664ecbe7896f1d167c
2020-05-29 20:10:21 +10:00
dtucker@openbsd.org
058674a62f upstream: Add regression and unit tests for ${ENV} style
environment variable expansion in various keywords (bz#3140).  ok djm@

OpenBSD-Regress-ID: 4d9ceb95d89365b7b674bc26cf064c15a5bbb197
2020-05-29 15:48:15 +10:00
dtucker@openbsd.org
0b15892fc4 upstream: Unit test for convtime. ok djm@
OpenBSD-Regress-ID: cec4239efa2fc4c7062064f07a847e1cbdbcd5dd
2020-05-29 15:48:10 +10:00
djm@openbsd.org
188e332d1c upstream: mention that wildcards are processed in lexical order;
bz#3165

OpenBSD-Commit-ID: 8856f3d1612bd42e9ee606d89386cae456dd165c
2020-05-29 15:46:47 +10:00
dtucker@openbsd.org
4a1b46e6d0 upstream: Allow some keywords to expand shell-style ${ENV}
environment variables on the client side.  The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket paths.  This
would for example allow forwarding of Unix domain socket paths that change at
runtime.  bz#3140, ok djm@

OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa
2020-05-29 15:46:47 +10:00
Damien Miller
c9bab1d3a9 depend 2020-05-29 14:49:16 +10:00
sobrado
0b0d219313 partial sync of regress/netcat.c with upstream
synchronize synopsis and usage.
2020-05-29 14:48:02 +10:00
chl
0f04c8467f partial sync of regress/netcat.c with upstream
remove unused variable

ok tedu@
2020-05-29 14:47:56 +10:00