RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-02 15:52:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,517 Commits 69 Branches 157 Tags 27 MiB
e18435fec1
Commit Graph

10517 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Damien Miller
c0dfd18dd1 wrap sha2.h inclusion in #ifdef HAVE_SHA2_H 2020-05-01 13:29:16 +10:00
djm@openbsd.org
a01817a9f6 upstream: adapt dummy FIDO middleware to API change; ok markus@ 
OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
 2020-05-01 13:13:36 +10:00
jmc@openbsd.org
261571ddf0 upstream: tweak previous; ok markus 
OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd
 2020-05-01 13:13:29 +10:00
markus@openbsd.org
5de21c82e1 upstream: bring back debug() removed in rev 1.74; noted by pradeep 
kumar

OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65
 2020-05-01 13:13:29 +10:00
markus@openbsd.org
ea14103ce9 upstream: run the 2nd ssh with BatchMode for scp -3 
OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748
 2020-05-01 13:13:29 +10:00
djm@openbsd.org
59d2de956e upstream: when signing a challenge using a FIDO toke, perform the 
hashing in the middleware layer rather than in ssh code. This allows
middlewares that call APIs that perform the hashing implicitly (including
Microsoft's AFAIK). ok markus@

OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d
 2020-05-01 13:13:29 +10:00
dtucker@openbsd.org
c9d10dbc0c upstream: Fix comment typo. Patch from mforney at mforney.org. 
OpenBSD-Commit-ID: 3565f056003707a5e678e60e03f7a3efd0464a2b
 2020-05-01 13:13:28 +10:00
dtucker@openbsd.org
4d2c87b4d1 upstream: We've standardized on memset over bzero, replace a couple 
that had slipped in.  ok deraadt markus djm.

OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6
 2020-05-01 13:13:28 +10:00
Darren Tucker
7f23f42123 Include sys/byteorder.h for htons and friends. 
These are usually in netinet/in.h but on HP-UX they are not defined if
_XOPEN_SOURCE_EXTENDED is set.  Only needed for netcat in the regression
tests.
 2020-05-01 12:51:36 +10:00
Darren Tucker
d27cba58c9 Fix conditional for openssl-based chacha20. 
Fixes warnings or link errors when building against older OpenSSLs.
ok djm
 2020-05-01 09:21:52 +10:00
Darren Tucker
20819b962d Error out if given RDomain if unsupported. 
If the config contained 'RDomain %D' on a platform that did not support
it, the error would not be detected until runtime resulting in a broken
sshd.  Detect this earlier and error out if found.  bz#3126, based on a
patch from jjelen at redhat.com, tweaks and ok djm@
 2020-04-24 15:11:14 +10:00
dtucker@openbsd.org
2c1690115a upstream: Fix incorrect error message for "too many known hosts files." 
bz#3149, patch from jjelen at redhat.com.

OpenBSD-Commit-ID: e0fcb07ed5cf7fd54ce340471a747c24454235e5
 2020-04-24 14:57:52 +10:00
dtucker@openbsd.org
3beb7276e7 upstream: Remove leave_non_blocking() which is now dead code 
because nothing sets in_non_blocking_mode any more. Patch from
michaael.meeks at collabora.com, ok djm@

OpenBSD-Commit-ID: c403cefe97a5a99eca816e19cc849cdf926bd09c
 2020-04-24 12:58:13 +10:00
jmc@openbsd.org
8654e35617 upstream: ce examples of "Ar arg Ar arg" with "Ar arg arg" and 
stop the spread;

OpenBSD-Commit-ID: af0e952ea0f5e2019c2ce953ed1796eca47f0705
 2020-04-24 12:57:50 +10:00
Darren Tucker
67697e4a82 Update .depend. 2020-04-24 11:10:18 +10:00
Darren Tucker
d6cc761762 Mailing list is now closed to non-subscribers. 
While there, add a reference to the bugzilla.  ok djm@
 2020-04-22 14:07:00 +10:00
Darren Tucker
cecde6a416 Put the values from env vars back. 
This merges the values from the recently removed environment into make's
command line arguments since we actually need those.
 2020-04-22 12:09:40 +10:00
Darren Tucker
300c4322b9 Pass configure's egrep through to test-exec.sh. 
Use it to create a wrapper function to call it from tests.  Fixes the
keygen-comment test on platforms with impoverished default egrep (eg
Solaris).
 2020-04-22 11:35:49 +10:00
Darren Tucker
c8d9796cfe Remove unneeded env vars from t-exec invocation. 2020-04-22 11:35:49 +10:00
dtucker@openbsd.org
01d4cdcd45 upstream: Backslash '$' at then end of string. Prevents warning on 
some shells.

OpenBSD-Regress-ID: 5dc27ab624c09d34078fd326b10e38c1ce9c741f
 2020-04-22 11:35:49 +10:00
Darren Tucker
8854724cce Sync rev 1.49. 
Prevent infinite for loop since i went from ssize_t to size_t.  Patch from
eagleoflqj via OpenSSH github PR#178, ok djm@, feedback & ok millert@
 2020-04-21 18:28:19 +10:00
djm@openbsd.org
d00d07b674 upstream: regression test for printing of private key fingerprints and 
key comments, mostly by loic AT venez.fr (slightly tweaked for portability)
ok dtucker@

OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004
 2020-04-20 14:47:26 +10:00
djm@openbsd.org
a98d5ba31e upstream: fix a bug I introduced in r1.406: when printing private key 
fingerprint of old-format key, key comments were not being displayed. Spotted
by loic AT venez.fr, ok dtucker

OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533
 2020-04-20 14:46:40 +10:00
djm@openbsd.org
32f2d0aad4 upstream: repair private key fingerprint printing to also print 
comment after regression caused by my recent pubkey loading refactor.
Reported by loic AT venez.fr, ok dtucker@

OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e
 2020-04-17 17:17:48 +10:00
djm@openbsd.org
094dd513f4 upstream: refactor out some duplicate private key loading code; 
based on patch from loic AT venez.fr, ok dtucker@

OpenBSD-Commit-ID: 5eff2476b0d8d0614924c55e350fb7bb9c84f45e
 2020-04-17 17:17:47 +10:00
jmc@openbsd.org
4e04f46f24 upstream: add space beteen macro arg and punctuation; 
OpenBSD-Commit-ID: c93a6cbb4bf9468fc4c13e64bc1fd4efee201a44
 2020-04-17 17:17:47 +10:00
djm@openbsd.org
44ae009a01 upstream: auth2-pubkey r1.89 changed the order of operations to 
checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand
if no key was found in a file. Document this order here; bz3134

OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
 2020-04-17 17:17:47 +10:00
Damien Miller
f96f17f920 sys/sysctl.h is only used on OpenBSD 
so change the preprocessor test used to include it to check
__OpenBSD__, matching the code that uses the symbols it declares.
 2020-04-17 14:07:15 +10:00
djm@openbsd.org
54688e937a upstream: fix reversed test that caused IdentitiesOnly=yes to not 
apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@

OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677
 2020-04-17 14:03:36 +10:00
djm@openbsd.org
267cbc87b5 upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv are 
not considered for HostbasedAuthentication when the target user is root;
bz3148

OpenBSD-Commit-ID: fe4c1256929e53f23af17068fbef47852f4bd752
 2020-04-17 14:03:36 +10:00
djm@openbsd.org
c90f72d29e upstream: make IgnoreRhosts a tri-state option: "yes" ignore 
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow
.shosts files but not .rhosts. ok dtucker@

OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9
 2020-04-17 14:03:36 +10:00
djm@openbsd.org
321c714707 upstream: allow the IgnoreRhosts directive to appear anywhere in a 
sshd_config, not just before any Match blocks; bz3148, ok dtucker@

OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a62bf3825736e8
 2020-04-17 14:03:36 +10:00
jmc@openbsd.org
ca5403b085 upstream: add space between macro arg and punctuation; 
OpenBSD-Commit-ID: e579e4d95eef13059c30931ea1f09ed8296b819c
 2020-04-17 14:03:16 +10:00
Darren Tucker
8af0244d7b Add sys/syscall.h for syscall numbers. 
In some architecture/libc configurations we need to explicitly include
sys/syscall.h for the syscall number (__NR_xxx) definitions.  bz#3085,
patch from blowfist at xroutine.net.
 2020-04-15 10:58:02 +10:00
djm@openbsd.org
3779b50ee9 upstream: Refactor private key parsing. Eliminates a fair bit of 
duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key
type check in the ECDSA_CERT parsing path.

feedback and ok markus@

OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9
 2020-04-11 20:20:58 +10:00
dtucker@openbsd.org
b6a4013647 upstream: Add tests for TOKEN expansion of LocalForward and 
RemoteForward.

OpenBSD-Regress-ID: 90fcbc60d510eb114a2b6eaf4a06ff87ecd80a89
 2020-04-10 11:47:40 +10:00
dtucker@openbsd.org
abc3e0a517 upstream: Add utf8.c for asmprintf used by krl.c 
OpenBSD-Regress-ID: 433708d11165afdb189fe635151d21659dd37a37
 2020-04-10 11:47:40 +10:00
dtucker@openbsd.org
990687a033 upstream: Add TOKEN percent expansion to LocalFoward and RemoteForward 
when used for Unix domain socket forwarding.  Factor out the code for the
config keywords that use the most common subset of TOKENS into its own
function. bz#3014, ok jmc@ (man page bits) djm@

OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
 2020-04-10 11:47:19 +10:00
djm@openbsd.org
2b13d3934d upstream: let sshkey_try_load_public() load public keys from the 
unencrypted envelope of private key files if not sidecar public key file is
present.

ok markus@

OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040
 2020-04-08 10:14:21 +10:00
djm@openbsd.org
d01f39304e upstream: simplify sshkey_try_load_public() 
ok markus@

OpenBSD-Commit-ID: 05a5d46562aafcd70736c792208b1856064f40ad
 2020-04-08 10:14:21 +10:00
djm@openbsd.org
f290ab0833 upstream: add sshkey_parse_pubkey_from_private_fileblob_type() 
Extracts a public key from the unencrypted envelope of a new-style
OpenSSH private key.

ok markus@

OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
 2020-04-08 10:14:21 +10:00
djm@openbsd.org
8d514eea4a upstream: simplify sshkey_parse_private_fileblob_type() 
Try new format parser for all key types first, fall back to PEM
parser only for invalid format errors.

ok markus@

OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77
 2020-04-08 10:14:21 +10:00
djm@openbsd.org
421169d0e7 upstream: check private key type against requested key type in 
new-style private decoding; ok markus@

OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662
 2020-04-08 10:14:21 +10:00
djm@openbsd.org
6aabfb6d22 upstream: check that pubkey in private key envelope matches actual 
private key

(this public key is currently unusued)

ok markus@

OpenBSD-Commit-ID: 634a60b5e135d75f48249ccdf042f3555112049c
 2020-04-08 10:14:21 +10:00
djm@openbsd.org
c0f5b22947 upstream: refactor private key parsing a little 
Split out the base64 decoding and private section decryption steps in
to separate functions. This will make the decryption step easier to fuzz
as well as making it easier to write a "load public key from new-format
private key" function.

ok markus@

OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e
 2020-04-08 10:14:21 +10:00
Darren Tucker
8461a5b3db Include openssl-compat.h before checking ifdefs. 
Fixes problem where unsuitable chacha20 code in libressl would be used
unintentionally.
 2020-04-06 20:54:34 +10:00
Damien Miller
931c50c588 fix inverted test for LibreSSL version 2020-04-06 10:04:56 +10:00
dtucker@openbsd.org
d1d5f72851 upstream: Indicate if we're using a cached key in trace output. 
OpenBSD-Regress-ID: 409a7b0e59d1272890fda507651c0c3d2d3c0d89
 2020-04-05 10:58:53 +10:00
Darren Tucker
a398251a46 Use /usr/bin/xp4g/id if necessary. 
Solaris' native "id" doesn't support the options we use but the one
in /usr/bin/xp4g does, so use that instead.
 2020-04-05 08:43:57 +10:00
dtucker@openbsd.org
db0fdd4833 upstream: Some platforms don't have "hostname -s", so use cut to trim 
short hostname instead.

OpenBSD-Regress-ID: ebcf36a6fdf287c9336b0d4f6fc9f793c05307a7
 2020-04-05 08:40:46 +10:00