| 66dd9ddb | 27-Jan-2021 |
Darren Tucker |
Add test against openssl head and libressl head. |
| 237dbb34 | 27-Jan-2021 |
Darren Tucker |
Remove whitespace. |
| d983e173 | 27-Jan-2021 |
djm@openbsd.org |
upstream: fix leak: was double allocating kex->session_id buffer
OpenBSD-Commit-ID: 3765f4cc3ae1df874dba9102a3588ba7b48b8183 |
| 1134a48c | 27-Jan-2021 |
Damien Miller |
correct kex name in disabled code |
| 67f47f19 | 27-Jan-2021 |
djm@openbsd.org |
upstream: this needs kex.h now
OpenBSD-Commit-ID: c5a42166c5aa002197217421a971e48be7cb5d41 |
| 39be3dc2 | 27-Jan-2021 |
djm@openbsd.org |
upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t
and use that instead of global variables containing copies of it. feedback/ok
markus@
OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f6
upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t
and use that instead of global variables containing copies of it. feedback/ok
markus@
OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
show more ...
|
| 4ca6a1fa | 27-Jan-2021 |
djm@openbsd.org |
upstream: remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@
OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06 |
| bba229b6 | 26-Jan-2021 |
Darren Tucker |
Install moduli file before tests.
Reduces warnings during test runs. |
| 1b831855 | 26-Jan-2021 |
Darren Tucker |
Run one test with -Werror to catch warnings. |
| d1532d90 | 26-Jan-2021 |
dtucker@openbsd.org |
upstream: Logical not bitwise or. ok djm@
OpenBSD-Commit-ID: d4dc855cf04951b93c45caa383e1ac9af0a3b0e5 |
| 507b448a | 26-Jan-2021 |
naddy@openbsd.org |
upstream: move HostbasedAcceptedAlgorithms to the right place in
alphabetical order
OpenBSD-Commit-ID: d766820d33dd874d944c14b0638239adb522c7ec |
| e26c9807 | 26-Jan-2021 |
dtucker@openbsd.org |
upstream: Remove unused variables leftover from refactoring. ok
djm@
OpenBSD-Commit-ID: 8b3ad58bff828fcf874e54b2fc27a4cf1d9505e8 |
| e9f78d6b | 26-Jan-2021 |
dtucker@openbsd.org |
upstream: Rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAccep
upstream: Rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok
djm@
OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
show more ...
|
| 48d0d7a4 | 25-Jan-2021 |
Darren Tucker |
Disable sntrup761 if compiler doesn't support VLAs.
The sntrup761 code sourced from supercop uses variable length
arrays. Although widely supported, they are not part of the ANSI
C89 spec so if the
Disable sntrup761 if compiler doesn't support VLAs.
The sntrup761 code sourced from supercop uses variable length
arrays. Although widely supported, they are not part of the ANSI
C89 spec so if the compiler does not support VLAs, disable the
sntrup761x25519-sha512@openssh.com KEX method by replacing the kex
functions with no-op ones similar to what we do in kexecdh.c.
This should allow OpenSSH to build with a plain C89 compiler again.
Spotted by tim@, ok djm@.
show more ...
|
| 37c70ea8 | 25-Jan-2021 |
djm@openbsd.org |
upstream: refactor key constraint parsing in ssh-agent
Key constraints parsing code previously existed in both the "add regular
key" and "add smartcard key" path. This unifies them but also introduc
upstream: refactor key constraint parsing in ssh-agent
Key constraints parsing code previously existed in both the "add regular
key" and "add smartcard key" path. This unifies them but also introduces
more consistency checking: duplicated constraints and constraints that
are nonsensical for a particular situation (e.g. FIDO provider for a
smartcard key) are now banned.
ok markus@
OpenBSD-Commit-ID: 511cb1b1c021ee1d51a4c2d649b937445de7983c
show more ...
|
| e0e8bee8 | 25-Jan-2021 |
djm@openbsd.org |
upstream: more ssh-agent refactoring
Allow confirm_key() to accept an additional reason suffix
Factor publickey userauth parsing out into its own function and allow
it to optionally return things i
upstream: more ssh-agent refactoring
Allow confirm_key() to accept an additional reason suffix
Factor publickey userauth parsing out into its own function and allow
it to optionally return things it parsed out of the message to its
caller.
feedback/ok markus@
OpenBSD-Commit-ID: 29006515617d1aa2d8b85cd2bf667e849146477e
show more ...
|
| dfe18a29 | 25-Jan-2021 |
djm@openbsd.org |
upstream: make struct hostkeys public; I have no idea why I made it
opaque originally.
ok markus@
OpenBSD-Commit-ID: e50780b34d4bbe628d69b2405b024dd749d982f3 |
| 3b44f251 | 25-Jan-2021 |
djm@openbsd.org |
upstream: move check_host_cert() from sshconnect,c to sshkey.c and
refactor it to make it more generally usable and testable.
ok markus@
OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4 |
| 1fe16fd6 | 25-Jan-2021 |
djm@openbsd.org |
upstream: use recallocarray to allocate the agent sockets table;
also clear socket entries that are being marked as unused.
spinkle in some debug2() spam to make it easier to watch an agent
do its
upstream: use recallocarray to allocate the agent sockets table;
also clear socket entries that are being marked as unused.
spinkle in some debug2() spam to make it easier to watch an agent
do its thing.
ok markus
OpenBSD-Commit-ID: 74582c8e82e96afea46f6c7b6813a429cbc75922
show more ...
|
| cb7b22ea | 25-Jan-2021 |
djm@openbsd.org |
upstream: factor out common code in the agent client
Add a ssh_request_reply_decode() function that sends a message to
the agent, reads and parses a success/failure reply.
Use it for all requests th
upstream: factor out common code in the agent client
Add a ssh_request_reply_decode() function that sends a message to
the agent, reads and parses a success/failure reply.
Use it for all requests that only expect success/failure
ok markus@
OpenBSD-Commit-ID: e0c1f4d5e6cfa525d62581e2b8de93be0cb85adb
show more ...
|
| d1e578af | 25-Jan-2021 |
djm@openbsd.org |
upstream: make ssh hostbased authentication send the signature
algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is suppose
upstream: make ssh hostbased authentication send the signature
algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on
signature algorithm and not key type.
spotted with dtucker@ ok markus@
OpenBSD-Commit-ID: 25bffe19f0326972f5728170f7da81d5f45c78c6
show more ...
|
| 95eca1e1 | 23-Jan-2021 |
Darren Tucker |
ifdef new instance of sin6_scope_id
Put inside HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID similar to
existing instance. Should fix error on UnixWare 7. |
| 6ffdcdda | 18-Jan-2021 |
dtucker@openbsd.org |
upstream: Fix long->int for convtime tests here too. Spotted by
tobhe@.
OpenBSD-Regress-ID: a87094f5863312d00938afba771d25f788c849d0 |
| b55b7565 | 21-Jan-2021 |
dtucker@openbsd.org |
upstream: PubkeyAcceptedKeyTypes->PubkeyAcceptedAlgorithms
here too.
OpenBSD-Commit-ID: 3b64a640f8ce8c21d9314da9df7ce2420eefde3a |
| ee9c0da8 | 21-Jan-2021 |
dtucker@openbsd.org |
upstream: Rename PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. While the two were originally equivalent, this
actually specifies the signature algorithms that are accepted. Some key
t
upstream: Rename PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. While the two were originally equivalent, this
actually specifies the signature algorithms that are accepted. Some key
types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512)
so the old name is becoming increasingly misleading. The old name is
retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
show more ...
|