RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-30 22:22:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,623 Commits 69 Branches 157 Tags 27 MiB
32c63e75a7
Commit Graph

10623 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
djm@openbsd.org
c0f5b22947 upstream: refactor private key parsing a little 
Split out the base64 decoding and private section decryption steps in
to separate functions. This will make the decryption step easier to fuzz
as well as making it easier to write a "load public key from new-format
private key" function.

ok markus@

OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e
 2020-04-08 10:14:21 +10:00
Darren Tucker
8461a5b3db Include openssl-compat.h before checking ifdefs. 
Fixes problem where unsuitable chacha20 code in libressl would be used
unintentionally.
 2020-04-06 20:54:34 +10:00
Damien Miller
931c50c588 fix inverted test for LibreSSL version 2020-04-06 10:04:56 +10:00
dtucker@openbsd.org
d1d5f72851 upstream: Indicate if we're using a cached key in trace output. 
OpenBSD-Regress-ID: 409a7b0e59d1272890fda507651c0c3d2d3c0d89
 2020-04-05 10:58:53 +10:00
Darren Tucker
a398251a46 Use /usr/bin/xp4g/id if necessary. 
Solaris' native "id" doesn't support the options we use but the one
in /usr/bin/xp4g does, so use that instead.
 2020-04-05 08:43:57 +10:00
dtucker@openbsd.org
db0fdd4833 upstream: Some platforms don't have "hostname -s", so use cut to trim 
short hostname instead.

OpenBSD-Regress-ID: ebcf36a6fdf287c9336b0d4f6fc9f793c05307a7
 2020-04-05 08:40:46 +10:00
dtucker@openbsd.org
e7e59a9cc8 upstream: Compute hash locally and re-enable %C tests. 
OpenBSD-Regress-ID: 94d1366e8105274858b88a1f9ad2e62801e49770
 2020-04-05 08:15:46 +10:00
Damien Miller
abe2b245b3 prefer libcrypto chacha20-poly1305 where possible 2020-04-03 17:26:29 +11:00
dtucker@openbsd.org
bc5c5d01ad upstream: Temporarily remove tests for '%C' since the hash contains the 
local hostname and it doesn't work on any machine except mine... spotted by
djm@

OpenBSD-Regress-ID: 2d4c3585b9fcbbff14f4a5a5fde51dbd0d690401
 2020-04-03 17:24:42 +11:00
djm@openbsd.org
8162402698 upstream: r1.522 deleted one too many lines; repair 
OpenBSD-Commit-ID: 1af8851fd7a99e4a887b19aa8f4c41a6b3d25477
 2020-04-03 17:09:42 +11:00
jmc@openbsd.org
668cb3585c upstream: sort -N and add it to usage(); 
OpenBSD-Commit-ID: 5b00e8db37c2b0a54c7831fed9e5f4db53ada332
 2020-04-03 17:09:42 +11:00
djm@openbsd.org
338ccee1e7 upstream: avoid another compiler warning spotted in -portable 
OpenBSD-Commit-ID: 1d29c51ac844b287c4c8bcaf04c63c7d9ba3b8c7
 2020-04-03 16:53:50 +11:00
djm@openbsd.org
9f8a42340b upstream: this needs utf8.c too 
OpenBSD-Regress-ID: 445040036cec714d28069a20da25553a04a28451
 2020-04-03 15:46:13 +11:00
dtucker@openbsd.org
92115ea7c3 upstream: Add percent_expand test for 'Match Exec'. 
OpenBSD-Regress-ID: a41c14fd6a0b54d66aa1e9eebfb9ec962b41232f
 2020-04-03 15:46:13 +11:00
djm@openbsd.org
de34a44027 upstream: fix format string (use %llu for uint64, not %lld). spotted by 
Darren and his tinderbox tests

OpenBSD-Commit-ID: 3b4587c3d9d46a7be9bdf028704201943fba96c2
 2020-04-03 15:45:12 +11:00
djm@openbsd.org
9cd40b829a upstream: Add a flag to re-enable verbose output when in batch 
mode; requested in bz3135; ok dtucker

OpenBSD-Commit-ID: 5ad2ed0e6440562ba9c84b666a5bbddc1afe2e2b
 2020-04-03 15:41:28 +11:00
djm@openbsd.org
6ce51a5da5 upstream: chacha20-poly1305 AEAD using libcrypto EVP_chacha20 
Based on patch from Yuriy M. Kaminskiy. ok + lots of assistance along the
way at a2k20 tb@

OpenBSD-Commit-ID: 5e08754c13d31258bae6c5e318cc96219d6b10f0
 2020-04-03 15:41:27 +11:00
djm@openbsd.org
eba523f0a1 upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as 
part of a larger diff at a2k20

OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd
 2020-04-03 15:36:57 +11:00
djm@openbsd.org
ebd29e9012 upstream: fix debug statement 
OpenBSD-Commit-ID: 42c6edeeda5ce88b51a20d88c93be3729ce6b916
 2020-04-03 15:35:28 +11:00
djm@openbsd.org
7b4d8999f2 upstream: the tunnel-forwarding vs ExitOnForwardFailure fix that I 
committed earlier had an off-by-one. Fix this and add some debugging that
would have made it apparent sooner.

OpenBSD-Commit-ID: 082f8f72b1423bd81bbdad750925b906e5ac6910
 2020-04-03 15:35:28 +11:00
dtucker@openbsd.org
eece243666 upstream: %C expansion just added to Match Exec should include 
remote user not local user.

OpenBSD-Commit-ID: 80f1d976938f2a55ee350c11d8b796836c8397e2
 2020-04-03 15:35:28 +11:00
dtucker@openbsd.org
d5318a784d upstream: Add regression test for percent expansions where possible. 
OpenBSD-Regress-ID: 7283be8b2733ac1cbefea3048a23d02594485288
 2020-04-03 13:43:10 +11:00
djm@openbsd.org
663e84bb53 upstream: make failures when establishing "Tunnel" forwarding terminate 
the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker

OpenBSD-Commit-ID: ef4b4808de0a419c17579b1081da768625c1d735
 2020-04-03 13:42:33 +11:00
dtucker@openbsd.org
ed833da176 upstream: Make with config keywords support which 
percent_expansions more consistent.  - %C is moved into its own function and
added to Match Exec.  - move the common (global) options into a macro.  This
is ugly but it's    the least-ugly way I could come up with.  - move
IdentityAgent and ForwardAgent percent expansion to before the    config dump
to make it regression-testable.  - document all of the above

ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest.

OpenBSD-Commit-ID: 4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75
 2020-04-03 13:33:37 +11:00
djm@openbsd.org
6ec7457171 upstream: give ssh-keygen the ability to dump the contents of a 
binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker

OpenBSD-Commit-ID: b76afc4e3b74ab735dbde4e5f0cfa1f02356033b
 2020-04-03 13:33:25 +11:00
djm@openbsd.org
af628b8a6c upstream: add allocating variant of the safe utf8 printer; ok 
dtucker as part of a larger diff

OpenBSD-Commit-ID: 037e2965bd50eacc2ffb49889ecae41552744fa0
 2020-04-03 13:32:50 +11:00
dtucker@openbsd.org
d8ac9af645 upstream: Cast lifetime to u_long for comparison to prevent unsigned 
comparison warning on 32bit arches.  Spotted by deraadt, ok djm.

OpenBSD-Commit-ID: 7a75b2540bff5ab4fa00b4d595db1df13bb0515a
 2020-03-17 09:48:36 +11:00
Darren Tucker
0eaca933ae Include fido.h when checking for fido/credman.h. 
It's required for fido_dev_t, otherwise configure fails with
when given --with-security-key-builtin.
 2020-03-14 20:58:46 +11:00
djm@openbsd.org
c7c099060f upstream: some more speeling mistakes from 
OpenBSD-Regress-ID: 02471c079805471c546b7a69d9ab1d34e9a57443
 2020-03-14 19:40:16 +11:00
djm@openbsd.org
1d89232a4a upstream: improve error messages for some common PKCS#11 C_Login 
failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok
dtucker

OpenBSD-Commit-ID: b8b849621b4a98e468942efd0a1c519c12ce089e
 2020-03-14 19:39:30 +11:00
djm@openbsd.org
5becbec023 upstream: use sshpkt_fatal() for kex_exchange_identification() 
errors. This ensures that the logged errors are consistent with other
transport- layer errors and that the relevant IP addresses are logged. bz3129
ok dtucker@

OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab
 2020-03-14 19:39:30 +11:00
dtucker@openbsd.org
eef88418f9 upstream: Don't clear alarm timers in listening sshd. Previously 
these timers were used for regenerating the SSH1 ephemeral host keys but
those are now gone so there's no need to clear the timers either.  ok
deraadt@

OpenBSD-Commit-ID: 280d2b885e4a1ce404632e8cc38fcb17be7dafc0
 2020-03-14 19:39:30 +11:00
djm@openbsd.org
d081f017c2 upstream: spelling errors in comments; no code change from 
OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
 2020-03-14 19:39:09 +11:00
djm@openbsd.org
c084a2d040 upstream: when downloading FIDO2 resident keys from a token, don't 
prompt for a PIN until the token has told us that it needs one. Avoids
double-prompting on devices that implement on-device authentication (e.g. a
touchscreen PIN pad on the Trezor Model T). ok dtucker@

OpenBSD-Commit-ID: 38b78903dd4422d7d3204095a31692fb69130817
 2020-03-14 19:38:53 +11:00
Damien Miller
955c4cf4c6 sync fnmatch.c with upstream to fix another typo 2020-03-13 14:30:16 +11:00
Damien Miller
397f217e86 another spelling error in comment 2020-03-13 14:24:23 +11:00
Damien Miller
def31bc542 spelling mistakes 
from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
 2020-03-13 14:23:07 +11:00
markus@openbsd.org
8bdc3bb7cf upstream: fix relative includes in sshd_config; ok djm 
OpenBSD-Commit-ID: fa29b0da3c93cbc3a1d4c6bcd58af43c00ffeb5b
 2020-03-13 13:18:31 +11:00
markus@openbsd.org
e32ef97a56 upstream: fix use-after-free in do_download_sk; ok djm 
OpenBSD-Commit-ID: 96b49623d297797d4fc069f1f09e13c8811f8863
 2020-03-13 13:18:31 +11:00
markus@openbsd.org
5732d58020 upstream: do not leak oprincipals; ok djm 
OpenBSD-Commit-ID: 4691d9387eab36f8fda48f5d8009756ed13a7c4c
 2020-03-13 13:18:31 +11:00
markus@openbsd.org
8fae395f34 upstream: initialize seconds for debug message; ok djm 
OpenBSD-Commit-ID: 293fbefe6d00b4812a180ba02e26170e4c855b81
 2020-03-13 13:18:31 +11:00
markus@openbsd.org
46e5c4c8ff upstream: correct return code; ok djm 
OpenBSD-Commit-ID: 319d09e3b7f4b2bc920c67244d9ff6426b744810
 2020-03-13 13:18:31 +11:00
markus@openbsd.org
31c39e7840 upstream: principalsp is optional, pubkey required; ok djm 
OpenBSD-Commit-ID: 2cc3ea5018c28ed97edaccd7f17d2cc796f01024
 2020-03-13 13:18:31 +11:00
markus@openbsd.org
e26a31757c upstream: remove unused variables in ssh-pkcs11-helper; ok djm 
OpenBSD-Commit-ID: 13e572846d0d1b28f1251ddd2165e9cf18135ae1
 2020-03-13 13:18:31 +11:00
markus@openbsd.org
1b378c0d98 upstream: return correct error in sshsk_ed25519_sig; ok djm 
OpenBSD-Commit-ID: 52bf733df220303c260fee4f165ec64b4a977625
 2020-03-13 13:18:09 +11:00
markus@openbsd.org
fbff605e63 upstream: fix possible null-deref in check_key_not_revoked; ok 
djm

OpenBSD-Commit-ID: 80855e9d7af42bb6fcc16c074ba69876bfe5e3bf
 2020-03-13 13:18:09 +11:00
markus@openbsd.org
bc30b44684 upstream: ssh_fetch_identitylist() returns the return value from 
ssh_request_reply() so we should also check against != 0 ok djm

OpenBSD-Commit-ID: 28d0028769d03e665688c61bb5fd943e18614952
 2020-03-13 13:18:09 +11:00
markus@openbsd.org
7b4f70ddeb upstream: sshkey_cert_check_authority requires reason to be set; 
ok djm

OpenBSD-Commit-ID: 6f7a6f19540ed5749763c2f9530c0897c94aa552
 2020-03-13 13:18:09 +11:00
markus@openbsd.org
05efe270df upstream: passphrase depends on kdfname, not ciphername (possible 
null-deref); ok djm

OpenBSD-Commit-ID: 0d39668edf5e790b5837df4926ee1141cec5471c
 2020-03-13 13:18:09 +11:00
markus@openbsd.org
1ddf5682f3 upstream: consistently check packet_timeout_ms against 0; ok djm 
OpenBSD-Commit-ID: e8fb8cb2c96c980f075069302534eaf830929928
 2020-03-13 13:18:09 +11:00