summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Document that libfido2 >= 1.4.0 is needed.Darren Tucker2020-05-271-1/+1
|
* upstream: fix memleak of signature; from Pedro Martellettodjm@openbsd.org2020-05-271-5/+8
| | | | OpenBSD-Commit-ID: d0a6eb07e77c001427d738b220dd024ddc64b2bb
* upstream: Restrict ssh-agent from signing web challenges for FIDOdjm@openbsd.org2020-05-271-10/+100
| | | | | | | | | | | | | | | | | | | | | keys. When signing messages in ssh-agent using a FIDO key that has an application string that does not start with "ssh:", ensure that the message being signed is one of the forms expected for the SSH protocol (currently pubkey authentication and sshsig signatures). This prevents ssh-agent forwarding on a host that has FIDO keys attached granting the ability for the remote side to sign challenges for web authentication using those keys too. Note that the converse case of web browsers signing SSH challenges is already precluded because no web RP can have the "ssh:" prefix in the application string that we require. ok markus@ OpenBSD-Commit-ID: 9ab6012574ed0352d2f097d307f4a988222d1b19
* upstream: improve logging for MaxStartups connection throttling:djm@openbsd.org2020-05-271-24/+64
| | | | | | | have sshd log when it starts and stops throttling and periodically while in this state. bz#3055 ok markus@ OpenBSD-Commit-ID: 2e07a09a62ab45d790d3d2d714f8cc09a9ac7ab9
* upstream: add fmt_timeframe() (from bgpd) to format a timedjm@openbsd.org2020-05-272-21/+53
| | | | | | | | interval in a human- friendly format. Switch copyright for this file from BSD to MIT to make it easier to add Henning's copyright for this function. ok markus@ OpenBSD-Commit-ID: 414a831c662df7e68893e5233e86f2cac081ccf9
* upstream: avoid possible NULL deref; from Pedro Martellettodjm@openbsd.org2020-05-271-3/+5
| | | | OpenBSD-Commit-ID: e6099c3fbb70aa67eb106e84d8b43f1fa919b721
* upstream: sshd listener must not block if reexecd sshd exitsmarkus@openbsd.org2020-05-271-2/+3
| | | | | | | | | in write(2) on config_s[0] if the forked child exits early before finishing recv_rexec_state (e.g. with fatal()) because config_s[1] stays open in the parent. this prevents the parent from accepting new connections. ok djm, deraadt OpenBSD-Commit-ID: 92ccfeb939ccd55bda914dc3fe84582158c4a9ef
* upstream: fix off-by-one error that caused sftp downloads to makedjm@openbsd.org2020-05-271-2/+2
| | | | | | | | one more concurrent request that desired. This prevented using sftp(1) in unpipelined request/response mode, which is useful when debugging. Patch from Stephen Goetze in bz#3054 OpenBSD-Commit-ID: 41b394ebe57037dbc43bdd0eef21ff0511191f28
* upstream: we are still aiming for pre-C99 ...deraadt@openbsd.org2020-05-271-2/+2
| | | | OpenBSD-Commit-ID: a240fc9cbe60bc4e6c3d24d022eb4ab01fe1cb38
* upstream: Enable credProtect extension when generating a residentdjm@openbsd.org2020-05-271-0/+57
| | | | | | | | | | | | | key. The FIDO 2.1 Client to Authenticator Protocol introduced a "credProtect" feature to better protect resident keys. This option allows (amone other possibilities) requiring a PIN prior to all operations that may retrieve the key handle. Patch by Pedro Martelletto; ok djm and markus OpenBSD-Commit-ID: 013bc06a577dcaa66be3913b7f183eb8cad87e73
* upstream: always call fido_init(); previous behaviour only calleddjm@openbsd.org2020-05-271-6/+11
| | | | | | | fido_init() when SK_DEBUG was defined. Harmless with current libfido2, but this isn't guaranteed in the future. OpenBSD-Commit-ID: c7ea20ff2bcd98dd12015d748d3672d4f01f0864
* upstream: preserve group/world read permission on known_hostsdjm@openbsd.org2020-05-271-1/+5
| | | | | | | file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove all rights for group/other. bz#3146 ok dtucker@ OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a
* upstream: when ordering the hostkey algorithms to request from adjm@openbsd.org2020-05-273-6/+31
| | | | | | | server, prefer certificate types if the known_hosts files contain a key marked as a @cert-authority; bz#3157 ok markus@ OpenBSD-Commit-ID: 8f194573e5bb7c01b69bbfaabc68f27c9fa5e0db
* upstream: fix non-ASCII quote that snuck in; spotted by Gabrieldjm@openbsd.org2020-05-271-1/+1
| | | | | | Kihlman OpenBSD-Commit-ID: 04bcde311de2325d9e45730c744c8de079b49800
* upstream: clarify role of FIDO tokens in multi-factordjm@openbsd.org2020-05-271-0/+7
| | | | | | authentictation; mostly from Pedro Martelletto OpenBSD-Commit-ID: fbe05685a1f99c74b1baca7130c5a03c2df7c0ac
* upstream: fix compilation with DEBUG_KEXDH; bz#3160 ok dtucker@djm@openbsd.org2020-05-272-6/+8
| | | | OpenBSD-Commit-ID: 832e771948fb45f2270e8b8895aac36d176ba17a
* prefer ln to cp for temporary copy of sshdDamien Miller2020-05-141-1/+4
| | | | | | I saw failures on the reexec fallback test on Darwin 19.4 where fork()ed children of a process that had it's executable removed would instantly fail. Using ln to preserve the inode avoids this.
* Actually skip pty tests when needed.Darren Tucker2020-05-131-2/+8
|
* Skip building sk-dummy library if no SK support.Darren Tucker2020-05-132-1/+7
|
* explicitly manage .depend and .depend.bakDamien Miller2020-05-131-1/+4
| | | | | | | Bring back removal of .depend to give the file a known state before running makedepend, but manually move aside the current .depend file and restore it as .depend.bak afterwards so the stale .depend check works as expected.
* make dependDamien Miller2020-05-131-45/+48
|
* revert removal of .depend before makedependDamien Miller2020-05-131-1/+1
| | | | | | | | | Commit 83657eac4 started removing .depend before running makedepend to reset the contents of .depend to a known state. Unfortunately this broke the depend-check step as now .depend.bak would only ever be created as an empty file. ok dtucker
* prepare for 8.3 releaseDamien Miller2020-05-123-3/+3
|
* Ensure SA_SIGNAL test only signals itself.Darren Tucker2020-05-081-2/+4
| | | | | | | When the test's child signals its parent and it exits the result of getppid changes. On Ubuntu 20.04 this results in the ppid being that of the GDM session, causing it to exit. Analysis and testing from pedro at ambientworks.net
* sync config.guess/config.sub with latest versionsDamien Miller2020-05-082-1611/+1799
| | | | ok dtucker@
* upstream: openssh-8.3; ok deraadt@djm@openbsd.org2020-05-071-2/+2
| | | | OpenBSD-Commit-ID: c8831ec88b9c750f5816aed9051031fb535d22c1
* upstream: another case where a utimes() failure could make scp senddjm@openbsd.org2020-05-071-4/+2
| | | | | | a desynchronising error; reminded by Aymeric Vincent ok deraadt markus OpenBSD-Commit-ID: 2ea611d34d8ff6d703a7a8bf858aa5dbfbfa7381
* Check if -D_REENTRANT is needed for localtime_r.Darren Tucker2020-05-071-0/+13
| | | | | On at least HP-UX 11.11, the localtime_r declararation is behind ifdef _REENTRANT. Check for and add if needed.
* Skip security key tests if ENABLE_SK not set.Darren Tucker2020-05-051-1/+3
|
* upstream: sure enough, some of the test data that we though were indjm@openbsd.org2020-05-044-33/+50
| | | | | | new format were actually in the old format; fix from Michael Forney OpenBSD-Regress-ID: a41a5c43a61b0f0b1691994dbf16dfb88e8af933
* upstream: make mktestdata.sh generate old/new format keys that wedjm@openbsd.org2020-05-041-13/+13
| | | | | | | | expect. This script was written before OpenSSH switched to new-format private keys by default and was never updated to the change (until now) From Michael Forney OpenBSD-Regress-ID: 38cf354715c96852e5b71c2393fb6e7ad28b7ca7
* upstream: portability fix for sed that always emil a newline evendjm@openbsd.org2020-05-041-3/+3
| | | | | | if the input does not contain one; from Michael Forney OpenBSD-Regress-ID: 9190c3ddf0d2562ccc02c4a95fce0e392196bfc7
* upstream: remove obsolete RSA1 test keys; spotted by Michael Forneydjm@openbsd.org2020-05-0411-8/+0
| | | | OpenBSD-Regress-ID: 6384ba889594e217d166908ed8253718ab0866da
* Update .depend.Darren Tucker2020-05-021-2/+4
|
* Remove use of tail for 'make depend'.Darren Tucker2020-05-021-3/+4
| | | | | Not every tail supports +N and we can do with out it so just remove it. Prompted by mforney at mforney.org.
* upstream: we have a sshkey_save_public() function to save public keys;djm@openbsd.org2020-05-021-49/+18
| | | | | | | | use it and save a bunch of redundant code. Patch from loic AT venez.fr; ok markus@ djm@ OpenBSD-Commit-ID: f93e030a0ebcd0fd9054ab30db501ec63454ea5f
* Use LONG_LONG_MAX and friends if available.Darren Tucker2020-05-012-1/+9
| | | | | | | | | | | If we don't have LLONG_{MIN,MAX} but do have LONG_LONG_{MIN,MAX} then use those instead. We do calculate these values in configure, but it turns out that at least one compiler (old HP ANSI C) can't parse "-9223372036854775808LL" without mangling it. (It can parse "-9223372036854775807LL" which is presumably why its limits.h defines LONG_LONG_MIN as the latter minus 1.) Fixes rekey test when compiled with the aforementioned compiler.
* upstream: when receving a file in sink(), be careful to send atdjm@openbsd.org2020-05-011-37/+59
| | | | | | | | | | most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache. ok deraadt@ markus@ OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035
* upstream: expose vasnmprintf(); ok (as part of other commit) markusdjm@openbsd.org2020-05-012-4/+4
| | | | | | deraadt OpenBSD-Commit-ID: 2e80cea441c599631a870fd40307d2ade5a7f9b5
* upstream: avoid NULL dereference when attempting to convert invaliddjm@openbsd.org2020-05-011-4/+5
| | | | | | ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298
* See if SA_RESTART signals will interrupt select().Darren Tucker2020-05-012-0/+39
| | | | | | | | | | | On some platforms (at least older HP-UXes such as 11.11, possibly others) setting SA_RESTART on signal handers will cause it to not interrupt select(), at least for calls that do not specify a timeout. Try to detect this and if found, don't use SA_RESTART. POSIX says "If SA_RESTART has been set for the interrupting signal, it is implementation-dependent whether select() restarts or returns with [EINTR]" so this behaviour is within spec.
* fix reversed testDamien Miller2020-05-011-1/+1
|
* wrap sha2.h inclusion in #ifdef HAVE_SHA2_HDamien Miller2020-05-011-0/+2
|
* upstream: adapt dummy FIDO middleware to API change; ok markus@djm@openbsd.org2020-05-011-4/+10
| | | | OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
* upstream: tweak previous; ok markusjmc@openbsd.org2020-05-011-3/+3
| | | | OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd
* upstream: bring back debug() removed in rev 1.74; noted by pradeepmarkus@openbsd.org2020-05-011-1/+2
| | | | | | kumar OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65
* upstream: run the 2nd ssh with BatchMode for scp -3markus@openbsd.org2020-05-012-4/+8
| | | | OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748
* upstream: when signing a challenge using a FIDO toke, perform thedjm@openbsd.org2020-05-014-18/+37
| | | | | | | | hashing in the middleware layer rather than in ssh code. This allows middlewares that call APIs that perform the hashing implicitly (including Microsoft's AFAIK). ok markus@ OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d
* upstream: Fix comment typo. Patch from mforney at mforney.org.dtucker@openbsd.org2020-05-011-2/+2
| | | | OpenBSD-Commit-ID: 3565f056003707a5e678e60e03f7a3efd0464a2b
* upstream: We've standardized on memset over bzero, replace a coupledtucker@openbsd.org2020-05-012-4/+4
| | | | | | that had slipped in. ok deraadt markus djm. OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6
View Lorry Controller Status