upstream: consistently check packet_timeout_ms against 0; ok djm

OpenBSD-Commit-ID: e8fb8cb2c96c980f075069302534eaf830929928

upstream: have sshpkt_fatal() save/restore errno before we

potentially call strerror() (via ssh_err()); ok dtucker

OpenBSD-Commit-ID: 5590df31d21405498c848245b85c24acb84ad787

upstream: Fix typo in comment.

OpenBSD-Commit-ID: d1d7a6553208bf439378fd1cf686a828aceb353a

upstream: Make zlib optional. This adds a "ZLIB" build time option

that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@

Ope

upstream: Make zlib optional. This adds a "ZLIB" build time option

that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@

OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910

show more ...

upstream: strdup may return NULL if memory allocation fails. Use

the safer xstrdup which fatals on allocation failures.

ok markus@

OpenBSD-Commit-ID: 8b608d387120630753cbcb

upstream: strdup may return NULL if memory allocation fails. Use

the safer xstrdup which fatals on allocation failures.

ok markus@

OpenBSD-Commit-ID: 8b608d387120630753cbcb8110e0b019c0c9a0d0

show more ...

Wrap poll.h includes in HAVE_POLL_H.

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this be

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075

show more ...

upstream: Typo and spelling fixes in comments and error messages.

Patch from knweiss at gmail.com via -portable.

OpenBSD-Commit-ID: 2577465442f761a39703762c4f87a8dfcb918b4b

upstream: Remove crc32.{c,h} which were only used by the now-gone

SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.

OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3

upstream: Remove crc32.{c,h} which were only used by the now-gone

SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.

OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240

show more ...

upstream: in ssh_set_newkeys(), mention the direction that we're

keying in debug messages. Previously it would be difficult to tell which
direction it was talking about

OpenBSD-

upstream: in ssh_set_newkeys(), mention the direction that we're

keying in debug messages. Previously it would be difficult to tell which
direction it was talking about

OpenBSD-Commit-ID: c2b71bfcceb2a7389b9d0b497fb2122a406a522d

show more ...

upstream: pass values used in KEX hash computation as sshbuf

rather than pointer+len

suggested by me; implemented by markus@ ok me

OpenBSD-Commit-ID: 994f33c464f4a9e0f1d219

upstream: pass values used in KEX hash computation as sshbuf

rather than pointer+len

suggested by me; implemented by markus@ ok me

OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0

show more ...

upstream: Make sshpkt_get_bignum2() allocate the bignum it is

parsing rather than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

OpenBSD-Commi

upstream: Make sshpkt_get_bignum2() allocate the bignum it is

parsing rather than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9

show more ...

upstream: allow sshpkt_fatal() to take a varargs format; we'll

use this to give packet-related fatal error messages more context (esp. the
remote endpoint) ok markus@

OpenBSD-Co

upstream: allow sshpkt_fatal() to take a varargs format; we'll

use this to give packet-related fatal error messages more context (esp. the
remote endpoint) ok markus@

OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50

show more ...

upstream: fix memory leak of ciphercontext when rekeying; bz#2942

Patch from Markus Schmidt; ok markus@

OpenBSD-Commit-ID: 7877f1b82e249986f1ef98d0ae76ce987d332bdd

upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be mor

upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b

show more ...

Explicitly include openssl before zlib.

Some versions of OpenSSL have "free_func" in their headers, which zlib
typedefs. Including openssl after zlib (eg via sshkey.h) results in
"s

Explicitly include openssl before zlib.

Some versions of OpenSSL have "free_func" in their headers, which zlib
typedefs. Including openssl after zlib (eg via sshkey.h) results in
"syntax error before `free_func'", which this fixes.

show more ...

upstream: memleaks; found by valgrind

OpenBSD-Commit-ID: 6c3ba22be53e753c899545f771e8399fc93cd844

upstream: client: switch to sshbuf API; ok djm@

OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05

upstream: Revert previous two commits

It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:

date: 2018/07/06 09:06:14; au

upstream: Revert previous two commits

It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:

date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
Rename COMP_DELAYED to COMP_ZLIB

Only delayed compression is supported nowadays.

ok markus@

date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
Remove leftovers from pre-authentication compression

Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.

ok markus@

OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772

show more ...

upstream: Rename COMP_DELAYED to COMP_ZLIB

Only delayed compression is supported nowadays.

ok markus@

OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821

upstream: Remove leftovers from pre-authentication compression

Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.

ok markus@

Ope

upstream: Remove leftovers from pre-authentication compression

Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.

ok markus@

OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58

show more ...

upstream: Remove unused ssh_packet_start_compression()

ok markus@

OpenBSD-Commit-ID: 9d34cf2f59aca5422021ae2857190578187dc2b4

upstream: make ssh_remote_ipaddr() capable of being called after

the ssh->state has been torn down; bz#2773

OpenBSD-Commit-ID: 167f12523613ca3d16d7716a690e7afa307dc7eb

upstream: If select() fails in ssh_packet_read_seqnr go directly to

the error path instead of trying to read from the socket on the way out,
which resets errno and causes the true error

upstream: If select() fails in ssh_packet_read_seqnr go directly to

the error path instead of trying to read from the socket on the way out,
which resets errno and causes the true error to be misreported. ok djm@

OpenBSD-Commit-ID: 2614edaadbd05a957aa977728aa7a030af7c6f0a

show more ...

Many typo fixes from Karsten Weiss

Spotted using https://github.com/lucasdemarchi/codespell