DSA remains unconverted as it will be removed within six months.
Based on patches originally from Dmitry Belyavskiy, but significantly
reworked based on feedback from Bob Beck, Joel Sing and especially
Theo Buehler (apologies to anyone I've missed).
ok tb@
OpenBSD-Commit-ID: d098744e89f1dc7e5952a6817bef234eced648b5
The first argument should be the amount, the second argument should be the
element size. Fixing this also silences some gcc compiler warnings for
portable.
Spotted with Benny Baumann (BenBE at geshi dot org).
ok djm@
OpenBSD-Commit-ID: 711ad6f7bd7fb48bf52208f2cf9f108cddb6d41a
Multiple sshbuf structs can be linked through a parent/child relationship.
Make sure that a single sshbuf cannot be its own parent. If this would ever
happen, it would result in reference counting issues.
This is a cheap way of testing this with very little overhead. It does not
detect A->B->A linkages though for performance reason and the fact that it
takes a programming error for this to occur anyway.
Authored with Benny Baumann (BenBE at geshi dot org).
ok djm@
OpenBSD-Commit-ID: fb3fa9ee2cad3c7e842ebadfd7f5db220c4aaf16
It has the same meaning as the current pair of calling explicit_bzero
and free. Spotted with Benny Baumann (BenBE at geshi dot org).
ok djm@
OpenBSD-Commit-ID: 939fbe9ccf52d0d48c5fa53694d6f3bb9927970c
A single forgotton login that times out should be below the penalty
threshold.
ok deraadt/claudio
OpenBSD-Commit-ID: cee1f7d17597c97bff8e5092af5d136fdb08f81d
If a mux started with ControlPersist then later has a forwarding added using
mux proxy connection and the forwarding was used, then when the mux proxy
session terminates, the mux master process will send a channel close to the
server with a bad channel ID and crash the connection.
This was caused by my stupidly reusing c->remote_id for mux channel
associations when I should have just added another member to struct channel.
ok markus@
OpenBSD-Commit-ID: c9f474e0124e3fe456c5e43749b97d75e65b82b2
If the following functions are available,
add an additional check if users are allowed to login imposed by login class.
* auth_hostok(3)
* auth_timeok(3)
These functions are implemented on FreeBSD.
Like Linux, proper _SOURCE macros need to be set to get declarations of
various standard functions, notably setres*id. Now that Debian is using
-Werror=implicit-function-declaration this is really required. While at
it, define other _SOURCE macros like on GNU/Linux, since GNU/Hurd uses
the same glibc.
can't rely on channel_did_enqueue to tell that there is data to send. This
flag indicates that the channels code enqueued a packet on _this_ ppoll()
iteration, not that data was enqueued in _any_ ppoll() iteration in the
timeslice. ok markus@
OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136
the parts of the grace_alarm_handler() using the exact things allowed by the
signal-safe rules. This is a good rule of thumb: Handlers should be written
to either set a global volatile sig_atomic_t inspected from outside, and/or
directly perform only safe operations listed in our sigaction(2) manual page.
ok djm markus
OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd
Unlike earlier versions, recent Dropbear (at least v2024.85) requires
a host arg when querying supported ciphers and macs via "-c/-m
help". Earlier versions accept but do not require it, so always
provide it. If these queries fail, skip the test with a warning.
OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4
by current OpenSSH. Allows subsequent test runs to work if OpenSSH is
rebuilt w/out OpenSSL.
OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770
if querying for them fails since on some versions of Dropbear (at least
v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey
algorithms in the server.
OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca
since that's supported by OpenSSH even when built without OpenSSL.
Only test diffie-hellman kex if OpenSSH is compiled with support for it.
OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97
to always generate ed25519 keys, other types only if OpenSSH has support
for the corresponding key type.
OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d
When installing an sshd built without OpenSSL the mismatch between
the running sshd and newly installed sshd-session will cause the
remainder of the test to fail.
