summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2020-04-20upstream: fix a bug I introduced in r1.406: when printing private keydjm@openbsd.org
fingerprint of old-format key, key comments were not being displayed. Spotted by loic AT venez.fr, ok dtucker OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533
2020-04-17upstream: repair private key fingerprint printing to also printdjm@openbsd.org
comment after regression caused by my recent pubkey loading refactor. Reported by loic AT venez.fr, ok dtucker@ OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e
2020-04-17upstream: refactor out some duplicate private key loading code;djm@openbsd.org
based on patch from loic AT venez.fr, ok dtucker@ OpenBSD-Commit-ID: 5eff2476b0d8d0614924c55e350fb7bb9c84f45e
2020-04-17upstream: add space beteen macro arg and punctuation;jmc@openbsd.org
OpenBSD-Commit-ID: c93a6cbb4bf9468fc4c13e64bc1fd4efee201a44
2020-04-17upstream: auth2-pubkey r1.89 changed the order of operations todjm@openbsd.org
checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand if no key was found in a file. Document this order here; bz3134 OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
2020-04-17sys/sysctl.h is only used on OpenBSDDamien Miller
so change the preprocessor test used to include it to check __OpenBSD__, matching the code that uses the symbols it declares.
2020-04-17upstream: fix reversed test that caused IdentitiesOnly=yes to notdjm@openbsd.org
apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@ OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677
2020-04-17upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv aredjm@openbsd.org
not considered for HostbasedAuthentication when the target user is root; bz3148 OpenBSD-Commit-ID: fe4c1256929e53f23af17068fbef47852f4bd752
2020-04-17upstream: make IgnoreRhosts a tri-state option: "yes" ignoredjm@openbsd.org
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@ OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9
2020-04-17upstream: allow the IgnoreRhosts directive to appear anywhere in adjm@openbsd.org
sshd_config, not just before any Match blocks; bz3148, ok dtucker@ OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a62bf3825736e8
2020-04-17upstream: add space between macro arg and punctuation;jmc@openbsd.org
OpenBSD-Commit-ID: e579e4d95eef13059c30931ea1f09ed8296b819c
2020-04-15Add sys/syscall.h for syscall numbers.Darren Tucker
In some architecture/libc configurations we need to explicitly include sys/syscall.h for the syscall number (__NR_xxx) definitions. bz#3085, patch from blowfist at xroutine.net.
2020-04-11upstream: Refactor private key parsing. Eliminates a fair bit ofdjm@openbsd.org
duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key type check in the ECDSA_CERT parsing path. feedback and ok markus@ OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9
2020-04-10upstream: Add tests for TOKEN expansion of LocalForward anddtucker@openbsd.org
RemoteForward. OpenBSD-Regress-ID: 90fcbc60d510eb114a2b6eaf4a06ff87ecd80a89
2020-04-10upstream: Add utf8.c for asmprintf used by krl.cdtucker@openbsd.org
OpenBSD-Regress-ID: 433708d11165afdb189fe635151d21659dd37a37
2020-04-10upstream: Add TOKEN percent expansion to LocalFoward and RemoteForwarddtucker@openbsd.org
when used for Unix domain socket forwarding. Factor out the code for the config keywords that use the most common subset of TOKENS into its own function. bz#3014, ok jmc@ (man page bits) djm@ OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
2020-04-08upstream: let sshkey_try_load_public() load public keys from thedjm@openbsd.org
unencrypted envelope of private key files if not sidecar public key file is present. ok markus@ OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040
2020-04-08upstream: simplify sshkey_try_load_public()djm@openbsd.org
ok markus@ OpenBSD-Commit-ID: 05a5d46562aafcd70736c792208b1856064f40ad
2020-04-08upstream: add sshkey_parse_pubkey_from_private_fileblob_type()djm@openbsd.org
Extracts a public key from the unencrypted envelope of a new-style OpenSSH private key. ok markus@ OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
2020-04-08upstream: simplify sshkey_parse_private_fileblob_type()djm@openbsd.org
Try new format parser for all key types first, fall back to PEM parser only for invalid format errors. ok markus@ OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77
2020-04-08upstream: check private key type against requested key type indjm@openbsd.org
new-style private decoding; ok markus@ OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662
2020-04-08upstream: check that pubkey in private key envelope matches actualdjm@openbsd.org
private key (this public key is currently unusued) ok markus@ OpenBSD-Commit-ID: 634a60b5e135d75f48249ccdf042f3555112049c
2020-04-08upstream: refactor private key parsing a littledjm@openbsd.org
Split out the base64 decoding and private section decryption steps in to separate functions. This will make the decryption step easier to fuzz as well as making it easier to write a "load public key from new-format private key" function. ok markus@ OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e
2020-04-06Include openssl-compat.h before checking ifdefs.Darren Tucker
Fixes problem where unsuitable chacha20 code in libressl would be used unintentionally.
2020-04-06fix inverted test for LibreSSL versionDamien Miller
2020-04-05upstream: Indicate if we're using a cached key in trace output.dtucker@openbsd.org
OpenBSD-Regress-ID: 409a7b0e59d1272890fda507651c0c3d2d3c0d89
2020-04-05Use /usr/bin/xp4g/id if necessary.Darren Tucker
Solaris' native "id" doesn't support the options we use but the one in /usr/bin/xp4g does, so use that instead.
2020-04-05upstream: Some platforms don't have "hostname -s", so use cut to trimdtucker@openbsd.org
short hostname instead. OpenBSD-Regress-ID: ebcf36a6fdf287c9336b0d4f6fc9f793c05307a7
2020-04-05upstream: Compute hash locally and re-enable %C tests.dtucker@openbsd.org
OpenBSD-Regress-ID: 94d1366e8105274858b88a1f9ad2e62801e49770
2020-04-03prefer libcrypto chacha20-poly1305 where possibleDamien Miller
2020-04-03upstream: Temporarily remove tests for '%C' since the hash contains thedtucker@openbsd.org
local hostname and it doesn't work on any machine except mine... spotted by djm@ OpenBSD-Regress-ID: 2d4c3585b9fcbbff14f4a5a5fde51dbd0d690401
2020-04-03upstream: r1.522 deleted one too many lines; repairdjm@openbsd.org
OpenBSD-Commit-ID: 1af8851fd7a99e4a887b19aa8f4c41a6b3d25477
2020-04-03upstream: sort -N and add it to usage();jmc@openbsd.org
OpenBSD-Commit-ID: 5b00e8db37c2b0a54c7831fed9e5f4db53ada332
2020-04-03upstream: avoid another compiler warning spotted in -portabledjm@openbsd.org
OpenBSD-Commit-ID: 1d29c51ac844b287c4c8bcaf04c63c7d9ba3b8c7
2020-04-03upstream: this needs utf8.c toodjm@openbsd.org
OpenBSD-Regress-ID: 445040036cec714d28069a20da25553a04a28451
2020-04-03upstream: Add percent_expand test for 'Match Exec'.dtucker@openbsd.org
OpenBSD-Regress-ID: a41c14fd6a0b54d66aa1e9eebfb9ec962b41232f
2020-04-03upstream: fix format string (use %llu for uint64, not %lld). spotted bydjm@openbsd.org
Darren and his tinderbox tests OpenBSD-Commit-ID: 3b4587c3d9d46a7be9bdf028704201943fba96c2
2020-04-03upstream: Add a flag to re-enable verbose output when in batchdjm@openbsd.org
mode; requested in bz3135; ok dtucker OpenBSD-Commit-ID: 5ad2ed0e6440562ba9c84b666a5bbddc1afe2e2b
2020-04-03upstream: chacha20-poly1305 AEAD using libcrypto EVP_chacha20djm@openbsd.org
Based on patch from Yuriy M. Kaminskiy. ok + lots of assistance along the way at a2k20 tb@ OpenBSD-Commit-ID: 5e08754c13d31258bae6c5e318cc96219d6b10f0
2020-04-03upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ asdjm@openbsd.org
part of a larger diff at a2k20 OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd
2020-04-03upstream: fix debug statementdjm@openbsd.org
OpenBSD-Commit-ID: 42c6edeeda5ce88b51a20d88c93be3729ce6b916
2020-04-03upstream: the tunnel-forwarding vs ExitOnForwardFailure fix that Idjm@openbsd.org
committed earlier had an off-by-one. Fix this and add some debugging that would have made it apparent sooner. OpenBSD-Commit-ID: 082f8f72b1423bd81bbdad750925b906e5ac6910
2020-04-03upstream: %C expansion just added to Match Exec should includedtucker@openbsd.org
remote user not local user. OpenBSD-Commit-ID: 80f1d976938f2a55ee350c11d8b796836c8397e2
2020-04-03upstream: Add regression test for percent expansions where possible.dtucker@openbsd.org
OpenBSD-Regress-ID: 7283be8b2733ac1cbefea3048a23d02594485288
2020-04-03upstream: make failures when establishing "Tunnel" forwarding terminatedjm@openbsd.org
the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker OpenBSD-Commit-ID: ef4b4808de0a419c17579b1081da768625c1d735
2020-04-03upstream: Make with config keywords support whichdtucker@openbsd.org
percent_expansions more consistent. - %C is moved into its own function and added to Match Exec. - move the common (global) options into a macro. This is ugly but it's the least-ugly way I could come up with. - move IdentityAgent and ForwardAgent percent expansion to before the config dump to make it regression-testable. - document all of the above ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest. OpenBSD-Commit-ID: 4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75
2020-04-03upstream: give ssh-keygen the ability to dump the contents of adjm@openbsd.org
binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker OpenBSD-Commit-ID: b76afc4e3b74ab735dbde4e5f0cfa1f02356033b
2020-04-03upstream: add allocating variant of the safe utf8 printer; okdjm@openbsd.org
dtucker as part of a larger diff OpenBSD-Commit-ID: 037e2965bd50eacc2ffb49889ecae41552744fa0
2020-03-17upstream: Cast lifetime to u_long for comparison to prevent unsigneddtucker@openbsd.org
comparison warning on 32bit arches. Spotted by deraadt, ok djm. OpenBSD-Commit-ID: 7a75b2540bff5ab4fa00b4d595db1df13bb0515a
2020-03-14Include fido.h when checking for fido/credman.h.Darren Tucker
It's required for fido_dev_t, otherwise configure fails with when given --with-security-key-builtin.
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-22 11:20:32 +0000