upstream: Change types in convtime() unit test to int to match change

its new type. Add tests for boundary conditions and fix convtime to work up
to INT_MAX. ok djm@

OpenBSD-Reg

upstream: Change types in convtime() unit test to int to match change

its new type. Add tests for boundary conditions and fix convtime to work up
to INT_MAX. ok djm@

OpenBSD-Regress-ID: ba2b81e9a3257fff204b020affe85b604a44f97e

show more ...

upstream: Make output buffer larger to prevent potential truncation

warnings from compilers not smart enough to know the strftime calls won't
ever fully fill "to" and "from". ok djm@

upstream: Make output buffer larger to prevent potential truncation

warnings from compilers not smart enough to know the strftime calls won't
ever fully fill "to" and "from". ok djm@

OpenBSD-Commit-ID: 83733f1b01b82da88b9dd1769475952aff10bdd7

show more ...

upstream: Change types in convtime() unit test to int to match

change its new type. Add tests for boundary conditions and fix convtime to
work up to INT_MAX. ok djm@

OpenBSD-Com

upstream: Change types in convtime() unit test to int to match

change its new type. Add tests for boundary conditions and fix convtime to
work up to INT_MAX. ok djm@

OpenBSD-Commit-ID: 01dc0475f1484ac2f47facdfcf9221f9472145de

show more ...

upstream: In waitfd(), when poll returns early we are subtracting

the elapsed time from the timeout each loop, so we only want to measure the
elapsed time the poll() in that loop, not si

upstream: In waitfd(), when poll returns early we are subtracting

the elapsed time from the timeout each loop, so we only want to measure the
elapsed time the poll() in that loop, not since the start of the function.
Spotted by chris.xj.zhu at gmail.com, ok djm@

OpenBSD-Commit-ID: 199df060978ee9aa89b8041a3dfaf1bf7ae8dd7a

show more ...

upstream: Minor grammatical correction.

OK jmc@

OpenBSD-Commit-ID: de0fad0581e212b2750751e479b79c18ff8cac02

Merge Mac OS X targets into a single config.

Add Mac OS X test targets.

Remove duplicated declaration in fatal.c .

upstream: Correct spelling of persourcenetblocksize in config-dump

mode.

OpenBSD-Commit-ID: ecdc49e2b6bde6b6b0e52163d621831f6ac7b13d

upstream: Adjust kexfuzz to addr.c/addrmatch.c split.

OpenBSD-Regress-ID: 1d8d23bb548078020be2fb52c4c643efb190f0eb

upstream: Update unittests for addr.c/addrmatch.c split.

OpenBSD-Regress-ID: de2b415fb7af084a91c6ef147a90482d8f771eef

upstream: Change convtime() from returning long to returning int.

On platforms where sizeof(int) != sizeof(long), convtime could accept values
>MAX_INT which subsequently truncate when s

upstream: Change convtime() from returning long to returning int.

On platforms where sizeof(int) != sizeof(long), convtime could accept values
>MAX_INT which subsequently truncate when stored in an int during config
parsing. bz#3250, ok djm@

OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31

show more ...

upstream: add a comma to previous;

OpenBSD-Commit-ID: 9139433701c0aa86a0d3a6c7afe10d1c9c2e0869

upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize

options which provide more fine grained MaxStartups limits. Man page help
jmc@, feedback & ok djm@

OpenBSD-Commit-I

upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize

options which provide more fine grained MaxStartups limits. Man page help
jmc@, feedback & ok djm@

OpenBSD-Commit-ID: e2f68664e3d02c0895b35aa751c48a2af622047b

show more ...

upstream: Move address handling functions out into their own file

in order to reuse them for per-source maxstartups limiting. Supplement with
some additional functions from djm's flowto

upstream: Move address handling functions out into their own file

in order to reuse them for per-source maxstartups limiting. Supplement with
some additional functions from djm's flowtools that we'll also need. ok djm@
(as part of a larger diff).

OpenBSD-Commit-ID: e3e7d9ccc6c9b82e25cfef0ec83598e8e2327cbf

show more ...

Add test against Graphene hardened malloc.

upstream: make CheckHostIP default to 'no'. It doesn't provide any

perceptible value and makes it much harder for hosts to change host keys,
particularly ones that use IP-based load-bala

upstream: make CheckHostIP default to 'no'. It doesn't provide any

perceptible value and makes it much harder for hosts to change host keys,
particularly ones that use IP-based load-balancing.

ok dtucker@

OpenBSD-Commit-ID: 0db98413e82074f78c7d46784b1286d08aee78f0

show more ...

Run tests with sudo for better coverage.

Add Ubuntu 16.04 and 20.04 test targets.

upstream: If a signature operation on a FIDO key fails with a

"incorrect PIN" reason and no PIN was initially requested from the user, then
request a PIN and retry the operation.

upstream: If a signature operation on a FIDO key fails with a

"incorrect PIN" reason and no PIN was initially requested from the user, then
request a PIN and retry the operation.

This smoothes over a few corner cases including FIDO devices that
require PINs for all hosted credentials, biometric FIDO devices that
fall back to requiring PIN when reading the biometric failed, devices
that don't implement reading credProtect status for downloaded keys
and probably a few more cases that I haven't though of yet.

ok dtucker@

OpenBSD-Commit-ID: 176db8518933d6a5bbf81a2e3cf62447158dc878

show more ...

upstream: don't try to use timespeccmp(3) directly as a qsort(3)

comparison function - it returns 0/1 and not the -1/0/1 that qsort expectes.

fixes sftp "ls -ltr" under some circums

upstream: don't try to use timespeccmp(3) directly as a qsort(3)

comparison function - it returns 0/1 and not the -1/0/1 that qsort expectes.

fixes sftp "ls -ltr" under some circumstances.

Based on patch by Masahiro Matsuya via bz3248.

OpenBSD-Commit-ID: 65b5e9f18bb0d10573868c3516de6e5170adb163

show more ...

upstream: Update the sntrup761 creation script and generated code:

- remove unneeded header files and typedefs and rely on crypto_api.h - add
defines to map types used to the crypto_api

upstream: Update the sntrup761 creation script and generated code:

- remove unneeded header files and typedefs and rely on crypto_api.h - add
defines to map types used to the crypto_api ones instead of typedefs. This
prevents typedef name collisions in -portable. - remove CRYPTO_NAMESPACE
entirely instead of making it a no-op - delete unused functions and make the
remaining ones that aren't exported static.

ok djm@

OpenBSD-Commit-ID: 7b9d0cf3acd5a3c1091da8afe00c904d38cf5783

show more ...

upstream: mention that DisableForwarding is valid in a sshd_config

Match block reported by Fredrik Eriksson in bz3239

OpenBSD-Commit-ID: 3a71c3d84b597f5e43e4b40d5232797daf0993f6

upstream: estructure sntrup761.sh to process all files in a single

list, which will make it easier to reorder. Re-inline int32_MINMAX. ok
tobhe@

OpenBSD-Commit-ID: d145c6c19b0

upstream: estructure sntrup761.sh to process all files in a single

list, which will make it easier to reorder. Re-inline int32_MINMAX. ok
tobhe@

OpenBSD-Commit-ID: d145c6c19b08bb93c9e14bfaa7af589d90f144c0

show more ...

upstream: Prevent redefinition of `crypto_int32' error with gcc3.

Fixes compilation on luna88k.

Feedback millert@
Found by and ok aoyama@

OpenBSD-Commit-ID: f305ddfe575

upstream: Prevent redefinition of `crypto_int32' error with gcc3.

Fixes compilation on luna88k.

Feedback millert@
Found by and ok aoyama@

OpenBSD-Commit-ID: f305ddfe575a26cc53431af3fde3f4aeebed9ba6

show more ...