mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 04:43:53 +00:00
ssh: Update to OpenSSH 9.3p1
This release fixes a number of security bugs and has minor new features and bug fixes. Security fixes, from the release notes (https://www.openssh.com/txt/release-9.3): This release contains fixes for a security problem and a memory safety problem. The memory safety problem is not believed to be exploitable, but we report most network-reachable memory faults as security bugs. * ssh-add(1): when adding smartcard keys to ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...) added in OpenSSH 8.9, a logic error prevented the constraints from being communicated to the agent. This resulted in the keys being added without constraints. The common cases of non-smartcard keys and keys without destination constraints are unaffected. This problem was reported by Luci Stanescu. * ssh(1): Portable OpenSSH provides an implementation of the getrrsetbyname(3) function if the standard library does not provide it, for use by the VerifyHostKeyDNS feature. A specifically crafted DNS response could cause this function to perform an out-of-bounds read of adjacent stack data, but this condition does not appear to be exploitable beyond denial-of- service to the ssh(1) client. The getrrsetbyname(3) replacement is only included if the system's standard library lacks this function and portable OpenSSH was not compiled with the ldns library (--with-ldns). getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This problem was found by the Coverity static analyzer. Sponsored by: The FreeBSD Foundation
This commit is contained in:
commit
4d3fc8b057
|
@ -16,21 +16,20 @@ auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-c
|
||||||
auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h ssherr.h misc.h xmalloc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h ssherr.h misc.h xmalloc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||||
auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
auth.o: authfile.h monitor_wrap.h compat.h channels.h
|
auth.o: authfile.h monitor_wrap.h channels.h
|
||||||
auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h ssherr.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h
|
auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h ssherr.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h
|
||||||
auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h
|
auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h
|
||||||
auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
auth2-hostbased.o: canohost.h monitor_wrap.h pathnames.h match.h
|
auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h
|
||||||
auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
auth2-hostbased.o: monitor_wrap.h pathnames.h match.h
|
||||||
auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h
|
auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h
|
||||||
auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h compat.h ssh2.h monitor_wrap.h
|
auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h ssh2.h monitor_wrap.h
|
||||||
auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
|
auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
|
||||||
auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||||
auth2-pubkey.o: pathnames.h uidswap.h auth-options.h canohost.h monitor_wrap.h authfile.h match.h channels.h session.h sk-api.h
|
auth2-pubkey.o: pathnames.h uidswap.h auth-options.h canohost.h monitor_wrap.h authfile.h match.h channels.h session.h sk-api.h
|
||||||
auth2-pubkeyfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h log.h ssherr.h misc.h compat.h sshkey.h digest.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfile.h match.h
|
auth2-pubkeyfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h log.h ssherr.h misc.h sshkey.h digest.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfile.h match.h
|
||||||
auth2.o: digest.h
|
auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h digest.h
|
||||||
auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h
|
authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h log.h ssherr.h atomicio.h misc.h
|
||||||
authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h ssherr.h atomicio.h misc.h
|
|
||||||
authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h ssherr.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h krl.h
|
authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h ssherr.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h krl.h
|
||||||
bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
|
bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
|
||||||
canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h canohost.h misc.h
|
canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h canohost.h misc.h
|
||||||
|
@ -44,11 +43,11 @@ cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat
|
||||||
cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
|
cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
|
||||||
clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h
|
clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h
|
||||||
clientloop.o: myproposal.h log.h ssherr.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h hostfile.h
|
clientloop.o: myproposal.h log.h ssherr.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h hostfile.h
|
||||||
compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ssherr.h match.h kex.h mac.h crypto_api.h
|
compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ssherr.h match.h
|
||||||
dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
|
digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
|
||||||
digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h
|
dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h
|
||||||
dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
|
dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
|
||||||
ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
|
ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
|
||||||
entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
|
@ -61,7 +60,7 @@ hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h
|
||||||
hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
|
hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
|
||||||
hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h
|
hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h
|
||||||
kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h
|
kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h
|
||||||
kex.o: match.h misc.h monitor.h sshbuf.h digest.h
|
kex.o: match.h misc.h monitor.h myproposal.h sshbuf.h digest.h xmalloc.h
|
||||||
kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h
|
kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h
|
||||||
kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
|
kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
|
||||||
|
@ -94,8 +93,8 @@ platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/open
|
||||||
platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||||
poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
|
poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
|
||||||
progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h
|
progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h
|
||||||
readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h
|
readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h uidswap.h
|
||||||
readconf.o: uidswap.h myproposal.h digest.h
|
readconf.o: myproposal.h digest.h
|
||||||
readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssherr.h ssh.h uidswap.h
|
readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssherr.h ssh.h uidswap.h
|
||||||
rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
|
rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
|
||||||
sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
|
@ -107,12 +106,12 @@ sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compa
|
||||||
sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ssherr.h misc.h progressmeter.h utf8.h sftp.h sftp-common.h sftp-client.h
|
scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ssherr.h misc.h progressmeter.h utf8.h sftp.h sftp-common.h sftp-client.h
|
||||||
servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h
|
servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h
|
||||||
servconf.o: kex.h mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
|
servconf.o: mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
|
||||||
serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h
|
serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
|
||||||
serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
|
serverloop.o: rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h
|
||||||
session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
|
session.o: hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h
|
||||||
session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h
|
session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h
|
||||||
sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||||
sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
|
sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
|
||||||
sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||||
|
@ -125,7 +124,7 @@ sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-com
|
||||||
sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h
|
srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h
|
||||||
ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h hostfile.h
|
ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h hostfile.h
|
||||||
ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h compat.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h
|
ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h
|
||||||
ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ssherr.h digest.h sshkey.h
|
ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ssherr.h digest.h sshkey.h
|
||||||
ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
|
@ -133,8 +132,8 @@ ssh-ed25519-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbs
|
||||||
ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ssherr.h sshbuf.h sshkey.h ssh.h
|
ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ssherr.h sshbuf.h sshkey.h ssh.h
|
||||||
ssh-keygen.o: cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h
|
ssh-keygen.o: cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h
|
||||||
ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h ssherr.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h cipher.h
|
ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h ssherr.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h cipher.h
|
||||||
ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h
|
ssh-keyscan.o: dispatch.h log.h ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h addr.h
|
||||||
ssh-keyscan.o: ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h addr.h
|
ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h
|
||||||
ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h
|
ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h
|
||||||
ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h ssherr.h misc.h sshkey.h authfd.h ssh-pkcs11.h
|
ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h ssherr.h misc.h sshkey.h authfd.h ssh-pkcs11.h
|
||||||
|
@ -153,12 +152,12 @@ sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/
|
||||||
sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h
|
sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h
|
||||||
sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
|
sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
|
||||||
sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
|
sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
|
||||||
sshconnect.o: authfd.h kex.h mac.h crypto_api.h
|
sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h authfd.h
|
||||||
sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h
|
sshconnect.o: kex.h mac.h crypto_api.h
|
||||||
sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
|
sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
|
||||||
sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h
|
sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h
|
||||||
sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h
|
sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h
|
||||||
sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h
|
sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h
|
||||||
ssherr.o: ssherr.h
|
ssherr.o: ssherr.h
|
||||||
sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||||
sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h
|
sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h
|
||||||
|
|
7
crypto/openssh/.github/ci-status.md
vendored
7
crypto/openssh/.github/ci-status.md
vendored
|
@ -4,7 +4,8 @@ master :
|
||||||
[![Upstream self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml?query=branch:master)
|
[![Upstream self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml?query=branch:master)
|
||||||
[![CIFuzz](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml)
|
[![CIFuzz](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml)
|
||||||
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
|
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
|
||||||
|
[![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable)
|
||||||
|
|
||||||
9.1 :
|
9.2 :
|
||||||
[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_1)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_1)
|
[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_2)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_2)
|
||||||
[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_1)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_1)
|
[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_2)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_2)
|
||||||
|
|
2
crypto/openssh/.github/configs
vendored
2
crypto/openssh/.github/configs
vendored
|
@ -221,7 +221,7 @@ case "${TARGET_HOST}" in
|
||||||
# test run does not time out.
|
# test run does not time out.
|
||||||
# The agent-restrict test fails due to some quoting issue when run
|
# The agent-restrict test fails due to some quoting issue when run
|
||||||
# with sh or ksh so specify bash for now.
|
# with sh or ksh so specify bash for now.
|
||||||
TEST_TARGET="t-exec TEST_SHELL=bash"
|
TEST_TARGET="t-exec unit TEST_SHELL=bash"
|
||||||
SKIP_LTESTS="rekey sftp"
|
SKIP_LTESTS="rekey sftp"
|
||||||
;;
|
;;
|
||||||
debian-riscv64)
|
debian-riscv64)
|
||||||
|
|
2
crypto/openssh/.github/run_test.sh
vendored
2
crypto/openssh/.github/run_test.sh
vendored
|
@ -21,7 +21,7 @@ if [ ! -z "$SUDO" ] && [ ! -z "$TEST_SSH_HOSTBASED_AUTH" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
output_failed_logs() {
|
output_failed_logs() {
|
||||||
for i in regress/failed*; do
|
for i in regress/failed*.log; do
|
||||||
if [ -f "$i" ]; then
|
if [ -f "$i" ]; then
|
||||||
echo -------------------------------------------------------------------------
|
echo -------------------------------------------------------------------------
|
||||||
echo LOGFILE $i
|
echo LOGFILE $i
|
||||||
|
|
6
crypto/openssh/.github/setup_ci.sh
vendored
6
crypto/openssh/.github/setup_ci.sh
vendored
|
@ -7,10 +7,10 @@ PACKAGES=""
|
||||||
case "`./config.guess`" in
|
case "`./config.guess`" in
|
||||||
*cygwin)
|
*cygwin)
|
||||||
PACKAGER=setup
|
PACKAGER=setup
|
||||||
echo Setting CYGWIN sustem environment variable.
|
echo Setting CYGWIN system environment variable.
|
||||||
setx CYGWIN "binmode"
|
setx CYGWIN "binmode"
|
||||||
chmod -R go-rw /cygdrive/d/a
|
echo Removing extended ACLs so umask works as expected.
|
||||||
umask 077
|
setfacl -b . regress
|
||||||
PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core"
|
PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core"
|
||||||
PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel"
|
PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel"
|
||||||
;;
|
;;
|
||||||
|
|
1
crypto/openssh/.github/workflows/c-cpp.yml
vendored
1
crypto/openssh/.github/workflows/c-cpp.yml
vendored
|
@ -123,3 +123,4 @@ jobs:
|
||||||
regress/valgrind-out/
|
regress/valgrind-out/
|
||||||
regress/asan.log.*
|
regress/asan.log.*
|
||||||
regress/msan.log.*
|
regress/msan.log.*
|
||||||
|
regress/log/*
|
||||||
|
|
|
@ -21,6 +21,7 @@ jobs:
|
||||||
matrix:
|
matrix:
|
||||||
target:
|
target:
|
||||||
- alpine
|
- alpine
|
||||||
|
- centos7
|
||||||
- debian-i386
|
- debian-i386
|
||||||
- dfly30
|
- dfly30
|
||||||
- dfly48
|
- dfly48
|
||||||
|
@ -51,6 +52,7 @@ jobs:
|
||||||
include:
|
include:
|
||||||
# Then we include extra libvirt test configs.
|
# Then we include extra libvirt test configs.
|
||||||
- { target: aix51, config: default, host: libvirt }
|
- { target: aix51, config: default, host: libvirt }
|
||||||
|
- { target: centos7, config: pam, host: libvirt }
|
||||||
- { target: debian-i386, config: pam, host: libvirt }
|
- { target: debian-i386, config: pam, host: libvirt }
|
||||||
- { target: dfly30, config: without-openssl, host: libvirt}
|
- { target: dfly30, config: without-openssl, host: libvirt}
|
||||||
- { target: dfly48, config: pam ,host: libvirt }
|
- { target: dfly48, config: pam ,host: libvirt }
|
||||||
|
@ -109,6 +111,7 @@ jobs:
|
||||||
config.h
|
config.h
|
||||||
config.log
|
config.log
|
||||||
regress/*.log
|
regress/*.log
|
||||||
|
regress/log/*
|
||||||
regress/valgrind-out/
|
regress/valgrind-out/
|
||||||
- name: shutdown VM
|
- name: shutdown VM
|
||||||
if: always()
|
if: always()
|
||||||
|
|
|
@ -46,6 +46,7 @@ jobs:
|
||||||
name: ${{ matrix.target }}-${{ matrix.config }}-logs
|
name: ${{ matrix.target }}-${{ matrix.config }}-logs
|
||||||
path: |
|
path: |
|
||||||
/usr/obj/regress/usr.bin/ssh/obj/*.log
|
/usr/obj/regress/usr.bin/ssh/obj/*.log
|
||||||
|
/usr/obj/regress/usr.bin/ssh/obj/log/*
|
||||||
- name: shutdown VM
|
- name: shutdown VM
|
||||||
if: always()
|
if: always()
|
||||||
run: vmshutdown
|
run: vmshutdown
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -517,6 +517,10 @@ regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c $(REGRESSLIBS)
|
||||||
$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \
|
$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \
|
||||||
$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
|
$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
|
||||||
|
|
||||||
|
regress/timestamp$(EXEEXT): $(srcdir)/regress/timestamp.c $(REGRESSLIBS)
|
||||||
|
$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/timestamp.c \
|
||||||
|
$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
|
||||||
|
|
||||||
regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c $(REGRESSLIBS)
|
regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c $(REGRESSLIBS)
|
||||||
$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/setuid-allowed.c \
|
$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/setuid-allowed.c \
|
||||||
$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
|
$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
|
||||||
|
@ -691,6 +695,7 @@ regress/misc/sk-dummy/sk-dummy.so: $(SK_DUMMY_OBJS)
|
||||||
|
|
||||||
regress-binaries: regress-prep $(LIBCOMPAT) \
|
regress-binaries: regress-prep $(LIBCOMPAT) \
|
||||||
regress/modpipe$(EXEEXT) \
|
regress/modpipe$(EXEEXT) \
|
||||||
|
regress/timestamp$(EXEEXT) \
|
||||||
regress/setuid-allowed$(EXEEXT) \
|
regress/setuid-allowed$(EXEEXT) \
|
||||||
regress/netcat$(EXEEXT) \
|
regress/netcat$(EXEEXT) \
|
||||||
regress/check-perm$(EXEEXT) \
|
regress/check-perm$(EXEEXT) \
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
See https://www.openssh.com/releasenotes.html#9.2p1 for the release notes.
|
See https://www.openssh.com/releasenotes.html#9.3p1 for the release
|
||||||
|
notes.
|
||||||
|
|
||||||
Please read https://www.openssh.com/report.html for bug reporting
|
Please read https://www.openssh.com/report.html for bug reporting
|
||||||
instructions and note that we do not use Github for bug reporting or
|
instructions and note that we do not use Github for bug reporting or
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml)
|
[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml)
|
||||||
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
|
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
|
||||||
|
[![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable)
|
||||||
|
|
||||||
OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.
|
OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.
|
||||||
|
|
||||||
|
|
|
@ -352,11 +352,12 @@ import_environments(struct sshbuf *b)
|
||||||
/* Import environment from subprocess */
|
/* Import environment from subprocess */
|
||||||
if ((r = sshbuf_get_u32(b, &num_env)) != 0)
|
if ((r = sshbuf_get_u32(b, &num_env)) != 0)
|
||||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||||
if (num_env > 1024)
|
if (num_env > 1024) {
|
||||||
fatal("%s: received %u environment variables, expected <= 1024",
|
fatal_f("received %u environment variables, expected <= 1024",
|
||||||
__func__, num_env);
|
num_env);
|
||||||
|
}
|
||||||
sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env));
|
sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env));
|
||||||
debug3("PAM: num env strings %d", num_env);
|
debug3("PAM: num env strings %u", num_env);
|
||||||
for(i = 0; i < num_env; i++) {
|
for(i = 0; i < num_env; i++) {
|
||||||
if ((r = sshbuf_get_cstring(b, &(sshpam_env[i]), NULL)) != 0)
|
if ((r = sshbuf_get_cstring(b, &(sshpam_env[i]), NULL)) != 0)
|
||||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||||
|
@ -366,7 +367,11 @@ import_environments(struct sshbuf *b)
|
||||||
/* Import PAM environment from subprocess */
|
/* Import PAM environment from subprocess */
|
||||||
if ((r = sshbuf_get_u32(b, &num_env)) != 0)
|
if ((r = sshbuf_get_u32(b, &num_env)) != 0)
|
||||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||||
debug("PAM: num PAM env strings %d", num_env);
|
if (num_env > 1024) {
|
||||||
|
fatal_f("received %u PAM env variables, expected <= 1024",
|
||||||
|
num_env);
|
||||||
|
}
|
||||||
|
debug("PAM: num PAM env strings %u", num_env);
|
||||||
for (i = 0; i < num_env; i++) {
|
for (i = 0; i < num_env; i++) {
|
||||||
if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0)
|
if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0)
|
||||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||||
|
|
|
@ -56,13 +56,13 @@ int
|
||||||
auth_shadow_acctexpired(struct spwd *spw)
|
auth_shadow_acctexpired(struct spwd *spw)
|
||||||
{
|
{
|
||||||
time_t today;
|
time_t today;
|
||||||
int daysleft;
|
long long daysleft;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
today = time(NULL) / DAY;
|
today = time(NULL) / DAY;
|
||||||
daysleft = spw->sp_expire - today;
|
daysleft = spw->sp_expire - today;
|
||||||
debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today,
|
debug3("%s: today %lld sp_expire %lld days left %lld", __func__,
|
||||||
(int)spw->sp_expire, daysleft);
|
(long long)today, (long long)spw->sp_expire, daysleft);
|
||||||
|
|
||||||
if (spw->sp_expire == -1) {
|
if (spw->sp_expire == -1) {
|
||||||
debug3("account expiration disabled");
|
debug3("account expiration disabled");
|
||||||
|
@ -70,9 +70,9 @@ auth_shadow_acctexpired(struct spwd *spw)
|
||||||
logit("Account %.100s has expired", spw->sp_namp);
|
logit("Account %.100s has expired", spw->sp_namp);
|
||||||
return 1;
|
return 1;
|
||||||
} else if (daysleft <= spw->sp_warn) {
|
} else if (daysleft <= spw->sp_warn) {
|
||||||
debug3("account will expire in %d days", daysleft);
|
debug3("account will expire in %lld days", daysleft);
|
||||||
if ((r = sshbuf_putf(loginmsg,
|
if ((r = sshbuf_putf(loginmsg,
|
||||||
"Your account will expire in %d day%s.\n", daysleft,
|
"Your account will expire in %lld day%s.\n", daysleft,
|
||||||
daysleft == 1 ? "" : "s")) != 0)
|
daysleft == 1 ? "" : "s")) != 0)
|
||||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||||
}
|
}
|
||||||
|
@ -98,8 +98,8 @@ auth_shadow_pwexpired(Authctxt *ctxt)
|
||||||
}
|
}
|
||||||
|
|
||||||
today = time(NULL) / DAY;
|
today = time(NULL) / DAY;
|
||||||
debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today,
|
debug3_f("today %lld sp_lstchg %lld sp_max %lld", (long long)today,
|
||||||
(int)spw->sp_lstchg, (int)spw->sp_max);
|
(long long)spw->sp_lstchg, (long long)spw->sp_max);
|
||||||
|
|
||||||
#if defined(__hpux) && !defined(HAVE_SECUREWARE)
|
#if defined(__hpux) && !defined(HAVE_SECUREWARE)
|
||||||
if (iscomsec()) {
|
if (iscomsec()) {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: auth.c,v 1.159 2022/12/09 00:17:40 dtucker Exp $ */
|
/* $OpenBSD: auth.c,v 1.160 2023/03/05 05:34:09 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -74,7 +74,6 @@
|
||||||
#include "authfile.h"
|
#include "authfile.h"
|
||||||
#include "monitor_wrap.h"
|
#include "monitor_wrap.h"
|
||||||
#include "ssherr.h"
|
#include "ssherr.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
#include "blacklist_client.h"
|
#include "blacklist_client.h"
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: auth2-hostbased.c,v 1.50 2022/09/17 10:34:29 djm Exp $ */
|
/* $OpenBSD: auth2-hostbased.c,v 1.52 2023/03/05 05:34:09 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -40,7 +40,6 @@
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "misc.h"
|
#include "misc.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
#include "hostfile.h"
|
#include "hostfile.h"
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
|
@ -101,12 +100,6 @@ userauth_hostbased(struct ssh *ssh, const char *method)
|
||||||
"(received %d, expected %d)", key->type, pktype);
|
"(received %d, expected %d)", key->type, pktype);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if (sshkey_type_plain(key->type) == KEY_RSA &&
|
|
||||||
(ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
|
|
||||||
error("Refusing RSA key because peer uses unsafe "
|
|
||||||
"signature format");
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) {
|
if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) {
|
||||||
logit_f("signature algorithm %s not in "
|
logit_f("signature algorithm %s not in "
|
||||||
"HostbasedAcceptedAlgorithms", pkalg);
|
"HostbasedAcceptedAlgorithms", pkalg);
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: auth2-none.c,v 1.24 2021/12/19 22:12:07 djm Exp $ */
|
/* $OpenBSD: auth2-none.c,v 1.25 2023/03/05 05:34:09 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -44,7 +44,6 @@
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "misc.h"
|
#include "misc.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "ssh2.h"
|
#include "ssh2.h"
|
||||||
#include "ssherr.h"
|
#include "ssherr.h"
|
||||||
#ifdef GSSAPI
|
#ifdef GSSAPI
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: auth2-pubkey.c,v 1.117 2022/09/17 10:34:29 djm Exp $ */
|
/* $OpenBSD: auth2-pubkey.c,v 1.118 2023/02/17 04:22:50 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
||||||
|
@ -153,12 +153,6 @@ userauth_pubkey(struct ssh *ssh, const char *method)
|
||||||
"(received %d, expected %d)", key->type, pktype);
|
"(received %d, expected %d)", key->type, pktype);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if (sshkey_type_plain(key->type) == KEY_RSA &&
|
|
||||||
(ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
|
|
||||||
logit("Refusing RSA key because client uses unsafe "
|
|
||||||
"signature scheme");
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
if (auth2_key_already_used(authctxt, key)) {
|
if (auth2_key_already_used(authctxt, key)) {
|
||||||
logit("refusing previously-used %s key", sshkey_type(key));
|
logit("refusing previously-used %s key", sshkey_type(key));
|
||||||
goto done;
|
goto done;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: auth2-pubkeyfile.c,v 1.3 2022/07/01 03:52:57 djm Exp $ */
|
/* $OpenBSD: auth2-pubkeyfile.c,v 1.4 2023/03/05 05:34:09 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
||||||
|
@ -42,7 +42,6 @@
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "misc.h"
|
#include "misc.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
#include "digest.h"
|
#include "digest.h"
|
||||||
#include "hostfile.h"
|
#include "hostfile.h"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: auth2.c,v 1.164 2022/02/23 11:18:13 djm Exp $ */
|
/* $OpenBSD: auth2.c,v 1.166 2023/03/08 04:43:12 guenther Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -46,7 +46,6 @@
|
||||||
#include "sshbuf.h"
|
#include "sshbuf.h"
|
||||||
#include "misc.h"
|
#include "misc.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
#include "hostfile.h"
|
#include "hostfile.h"
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
|
@ -179,7 +178,6 @@ do_authentication2(struct ssh *ssh)
|
||||||
ssh->authctxt = NULL;
|
ssh->authctxt = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*ARGSUSED*/
|
|
||||||
static int
|
static int
|
||||||
input_service_request(int type, u_int32_t seq, struct ssh *ssh)
|
input_service_request(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -257,7 +255,6 @@ ensure_minimum_time_since(double start, double seconds)
|
||||||
nanosleep(&ts, NULL);
|
nanosleep(&ts, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*ARGSUSED*/
|
|
||||||
static int
|
static int
|
||||||
input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
|
input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: authfd.c,v 1.130 2022/04/27 11:08:55 dtucker Exp $ */
|
/* $OpenBSD: authfd.c,v 1.133 2023/03/09 21:06:24 jcs Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -55,7 +55,6 @@
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
#include "authfd.h"
|
#include "authfd.h"
|
||||||
#include "cipher.h"
|
#include "cipher.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "atomicio.h"
|
#include "atomicio.h"
|
||||||
#include "misc.h"
|
#include "misc.h"
|
||||||
|
@ -491,8 +490,8 @@ encode_dest_constraint(struct sshbuf *m, const struct dest_constraint *dc)
|
||||||
|
|
||||||
if ((b = sshbuf_new()) == NULL)
|
if ((b = sshbuf_new()) == NULL)
|
||||||
return SSH_ERR_ALLOC_FAIL;
|
return SSH_ERR_ALLOC_FAIL;
|
||||||
if ((r = encode_dest_constraint_hop(b, &dc->from) != 0) ||
|
if ((r = encode_dest_constraint_hop(b, &dc->from)) != 0 ||
|
||||||
(r = encode_dest_constraint_hop(b, &dc->to) != 0) ||
|
(r = encode_dest_constraint_hop(b, &dc->to)) != 0 ||
|
||||||
(r = sshbuf_put_string(b, NULL, 0)) != 0) /* reserved */
|
(r = sshbuf_put_string(b, NULL, 0)) != 0) /* reserved */
|
||||||
goto out;
|
goto out;
|
||||||
if ((r = sshbuf_put_stringb(m, b)) != 0)
|
if ((r = sshbuf_put_stringb(m, b)) != 0)
|
||||||
|
@ -666,7 +665,7 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
|
||||||
struct dest_constraint **dest_constraints, size_t ndest_constraints)
|
struct dest_constraint **dest_constraints, size_t ndest_constraints)
|
||||||
{
|
{
|
||||||
struct sshbuf *msg;
|
struct sshbuf *msg;
|
||||||
int r, constrained = (life || confirm);
|
int r, constrained = (life || confirm || dest_constraints);
|
||||||
u_char type;
|
u_char type;
|
||||||
|
|
||||||
if (add) {
|
if (add) {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: authfile.c,v 1.143 2022/06/21 14:52:13 tobhe Exp $ */
|
/* $OpenBSD: authfile.c,v 1.144 2023/03/14 07:26:25 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -211,6 +211,8 @@ sshkey_try_load_public(struct sshkey **kp, const char *filename,
|
||||||
int r;
|
int r;
|
||||||
struct sshkey *k = NULL;
|
struct sshkey *k = NULL;
|
||||||
|
|
||||||
|
if (kp == NULL)
|
||||||
|
return SSH_ERR_INVALID_ARGUMENT;
|
||||||
*kp = NULL;
|
*kp = NULL;
|
||||||
if (commentp != NULL)
|
if (commentp != NULL)
|
||||||
*commentp = NULL;
|
*commentp = NULL;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: canohost.c,v 1.75 2020/10/18 11:32:01 djm Exp $ */
|
/* $OpenBSD: canohost.c,v 1.76 2023/03/03 05:00:34 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -72,6 +72,9 @@ get_socket_address(int sock, int remote, int flags)
|
||||||
char ntop[NI_MAXHOST];
|
char ntop[NI_MAXHOST];
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
|
if (sock < 0)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
/* Get IP address of client. */
|
/* Get IP address of client. */
|
||||||
addrlen = sizeof(addr);
|
addrlen = sizeof(addr);
|
||||||
memset(&addr, 0, sizeof(addr));
|
memset(&addr, 0, sizeof(addr));
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: channels.c,v 1.427 2023/01/18 02:00:10 djm Exp $ */
|
/* $OpenBSD: channels.c,v 1.430 2023/03/10 03:01:51 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -198,7 +198,7 @@ struct ssh_channels {
|
||||||
u_int x11_saved_data_len;
|
u_int x11_saved_data_len;
|
||||||
|
|
||||||
/* Deadline after which all X11 connections are refused */
|
/* Deadline after which all X11 connections are refused */
|
||||||
u_int x11_refuse_time;
|
time_t x11_refuse_time;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Fake X11 authentication data. This is what the server will be
|
* Fake X11 authentication data. This is what the server will be
|
||||||
|
@ -387,11 +387,11 @@ channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd,
|
||||||
int val;
|
int val;
|
||||||
|
|
||||||
if (rfd != -1)
|
if (rfd != -1)
|
||||||
fcntl(rfd, F_SETFD, FD_CLOEXEC);
|
(void)fcntl(rfd, F_SETFD, FD_CLOEXEC);
|
||||||
if (wfd != -1 && wfd != rfd)
|
if (wfd != -1 && wfd != rfd)
|
||||||
fcntl(wfd, F_SETFD, FD_CLOEXEC);
|
(void)fcntl(wfd, F_SETFD, FD_CLOEXEC);
|
||||||
if (efd != -1 && efd != rfd && efd != wfd)
|
if (efd != -1 && efd != rfd && efd != wfd)
|
||||||
fcntl(efd, F_SETFD, FD_CLOEXEC);
|
(void)fcntl(efd, F_SETFD, FD_CLOEXEC);
|
||||||
|
|
||||||
c->rfd = rfd;
|
c->rfd = rfd;
|
||||||
c->wfd = wfd;
|
c->wfd = wfd;
|
||||||
|
@ -1258,7 +1258,7 @@ x11_open_helper(struct ssh *ssh, struct sshbuf *b)
|
||||||
|
|
||||||
/* Is this being called after the refusal deadline? */
|
/* Is this being called after the refusal deadline? */
|
||||||
if (sc->x11_refuse_time != 0 &&
|
if (sc->x11_refuse_time != 0 &&
|
||||||
(u_int)monotime() >= sc->x11_refuse_time) {
|
monotime() >= sc->x11_refuse_time) {
|
||||||
verbose("Rejected X11 connection after ForwardX11Timeout "
|
verbose("Rejected X11 connection after ForwardX11Timeout "
|
||||||
"expired");
|
"expired");
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -1879,7 +1879,7 @@ port_open_helper(struct ssh *ssh, Channel *c, char *rtype)
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
channel_set_x11_refuse_time(struct ssh *ssh, u_int refuse_time)
|
channel_set_x11_refuse_time(struct ssh *ssh, time_t refuse_time)
|
||||||
{
|
{
|
||||||
ssh->chanctxt->x11_refuse_time = refuse_time;
|
ssh->chanctxt->x11_refuse_time = refuse_time;
|
||||||
}
|
}
|
||||||
|
@ -1986,11 +1986,14 @@ channel_post_connecting(struct ssh *ssh, Channel *c)
|
||||||
fatal_f("channel %d: no remote id", c->self);
|
fatal_f("channel %d: no remote id", c->self);
|
||||||
/* for rdynamic the OPEN_CONFIRMATION has been sent already */
|
/* for rdynamic the OPEN_CONFIRMATION has been sent already */
|
||||||
isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH);
|
isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH);
|
||||||
|
|
||||||
if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) {
|
if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) {
|
||||||
err = errno;
|
err = errno;
|
||||||
error("getsockopt SO_ERROR failed");
|
error("getsockopt SO_ERROR failed");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (err == 0) {
|
if (err == 0) {
|
||||||
|
/* Non-blocking connection completed */
|
||||||
debug("channel %d: connected to %s port %d",
|
debug("channel %d: connected to %s port %d",
|
||||||
c->self, c->connect_ctx.host, c->connect_ctx.port);
|
c->self, c->connect_ctx.host, c->connect_ctx.port);
|
||||||
channel_connect_ctx_free(&c->connect_ctx);
|
channel_connect_ctx_free(&c->connect_ctx);
|
||||||
|
@ -2008,16 +2011,17 @@ channel_post_connecting(struct ssh *ssh, Channel *c)
|
||||||
(r = sshpkt_send(ssh)) != 0)
|
(r = sshpkt_send(ssh)) != 0)
|
||||||
fatal_fr(r, "channel %i open confirm", c->self);
|
fatal_fr(r, "channel %i open confirm", c->self);
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
debug("channel %d: connection failed: %s",
|
|
||||||
c->self, strerror(err));
|
|
||||||
/* Try next address, if any */
|
|
||||||
if ((sock = connect_next(&c->connect_ctx)) > 0) {
|
|
||||||
close(c->sock);
|
|
||||||
c->sock = c->rfd = c->wfd = sock;
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
/* Exhausted all addresses */
|
if (err == EINTR || err == EAGAIN || err == EINPROGRESS)
|
||||||
|
return;
|
||||||
|
|
||||||
|
/* Non-blocking connection failed */
|
||||||
|
debug("channel %d: connection failed: %s", c->self, strerror(err));
|
||||||
|
|
||||||
|
/* Try next address, if any */
|
||||||
|
if ((sock = connect_next(&c->connect_ctx)) == -1) {
|
||||||
|
/* Exhausted all addresses for this destination */
|
||||||
error("connect_to %.100s port %d: failed.",
|
error("connect_to %.100s port %d: failed.",
|
||||||
c->connect_ctx.host, c->connect_ctx.port);
|
c->connect_ctx.host, c->connect_ctx.port);
|
||||||
channel_connect_ctx_free(&c->connect_ctx);
|
channel_connect_ctx_free(&c->connect_ctx);
|
||||||
|
@ -2036,6 +2040,10 @@ channel_post_connecting(struct ssh *ssh, Channel *c)
|
||||||
chan_mark_dead(ssh, c);
|
chan_mark_dead(ssh, c);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* New non-blocking connection in progress */
|
||||||
|
close(c->sock);
|
||||||
|
c->sock = c->rfd = c->wfd = sock;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: channels.h,v 1.148 2023/01/18 02:00:10 djm Exp $ */
|
/* $OpenBSD: channels.h,v 1.149 2023/03/04 03:22:59 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
@ -375,7 +375,7 @@ int permitopen_port(const char *);
|
||||||
|
|
||||||
/* x11 forwarding */
|
/* x11 forwarding */
|
||||||
|
|
||||||
void channel_set_x11_refuse_time(struct ssh *, u_int);
|
void channel_set_x11_refuse_time(struct ssh *, time_t);
|
||||||
int x11_connect_display(struct ssh *);
|
int x11_connect_display(struct ssh *);
|
||||||
int x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **);
|
int x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **);
|
||||||
void x11_request_forwarding_with_spoofing(struct ssh *, int,
|
void x11_request_forwarding_with_spoofing(struct ssh *, int,
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: clientloop.c,v 1.387 2023/01/06 02:39:59 djm Exp $ */
|
/* $OpenBSD: clientloop.c,v 1.390 2023/03/08 04:43:12 guenther Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -158,7 +158,7 @@ static int connection_in; /* Connection to server (input). */
|
||||||
static int connection_out; /* Connection to server (output). */
|
static int connection_out; /* Connection to server (output). */
|
||||||
static int need_rekeying; /* Set to non-zero if rekeying is requested. */
|
static int need_rekeying; /* Set to non-zero if rekeying is requested. */
|
||||||
static int session_closed; /* In SSH2: login session closed. */
|
static int session_closed; /* In SSH2: login session closed. */
|
||||||
static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */
|
static time_t x11_refuse_time; /* If >0, refuse x11 opens after this time. */
|
||||||
static time_t server_alive_time; /* Time to do server_alive_check */
|
static time_t server_alive_time; /* Time to do server_alive_check */
|
||||||
static int hostkeys_update_complete;
|
static int hostkeys_update_complete;
|
||||||
static int session_setup_complete;
|
static int session_setup_complete;
|
||||||
|
@ -215,7 +215,6 @@ quit_message(const char *fmt, ...)
|
||||||
* Signal handler for the window change signal (SIGWINCH). This just sets a
|
* Signal handler for the window change signal (SIGWINCH). This just sets a
|
||||||
* flag indicating that the window has changed.
|
* flag indicating that the window has changed.
|
||||||
*/
|
*/
|
||||||
/*ARGSUSED */
|
|
||||||
static void
|
static void
|
||||||
window_change_handler(int sig)
|
window_change_handler(int sig)
|
||||||
{
|
{
|
||||||
|
@ -226,7 +225,6 @@ window_change_handler(int sig)
|
||||||
* Signal handler for signals that cause the program to terminate. These
|
* Signal handler for signals that cause the program to terminate. These
|
||||||
* signals must be trapped to restore terminal modes.
|
* signals must be trapped to restore terminal modes.
|
||||||
*/
|
*/
|
||||||
/*ARGSUSED */
|
|
||||||
static void
|
static void
|
||||||
signal_handler(int sig)
|
signal_handler(int sig)
|
||||||
{
|
{
|
||||||
|
@ -376,8 +374,8 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
|
||||||
|
|
||||||
if (timeout != 0 && x11_refuse_time == 0) {
|
if (timeout != 0 && x11_refuse_time == 0) {
|
||||||
now = monotime() + 1;
|
now = monotime() + 1;
|
||||||
if (UINT_MAX - timeout < now)
|
if (SSH_TIME_T_MAX - timeout < now)
|
||||||
x11_refuse_time = UINT_MAX;
|
x11_refuse_time = SSH_TIME_T_MAX;
|
||||||
else
|
else
|
||||||
x11_refuse_time = now + timeout;
|
x11_refuse_time = now + timeout;
|
||||||
channel_set_x11_refuse_time(ssh,
|
channel_set_x11_refuse_time(ssh,
|
||||||
|
@ -1617,7 +1615,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
|
||||||
"malicious server.");
|
"malicious server.");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) {
|
if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) {
|
||||||
verbose("Rejected X11 connection after ForwardX11Timeout "
|
verbose("Rejected X11 connection after ForwardX11Timeout "
|
||||||
"expired");
|
"expired");
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -2112,7 +2110,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
|
||||||
free(response);
|
free(response);
|
||||||
response = read_passphrase("Accept updated hostkeys? "
|
response = read_passphrase("Accept updated hostkeys? "
|
||||||
"(yes/no): ", RP_ECHO);
|
"(yes/no): ", RP_ECHO);
|
||||||
if (strcasecmp(response, "yes") == 0)
|
if (response != NULL && strcasecmp(response, "yes") == 0)
|
||||||
break;
|
break;
|
||||||
else if (quit_pending || response == NULL ||
|
else if (quit_pending || response == NULL ||
|
||||||
strcasecmp(response, "no") == 0) {
|
strcasecmp(response, "no") == 0) {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: compat.c,v 1.121 2023/02/02 12:10:05 djm Exp $ */
|
/* $OpenBSD: compat.c,v 1.126 2023/03/06 12:14:48 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -36,7 +36,6 @@
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "match.h"
|
#include "match.h"
|
||||||
#include "kex.h"
|
|
||||||
|
|
||||||
/* determine bug flags from SSH protocol banner */
|
/* determine bug flags from SSH protocol banner */
|
||||||
void
|
void
|
||||||
|
@ -77,26 +76,8 @@ compat_banner(struct ssh *ssh, const char *version)
|
||||||
{ "3.0.*", SSH_BUG_DEBUG },
|
{ "3.0.*", SSH_BUG_DEBUG },
|
||||||
{ "3.0 SecureCRT*", SSH_OLD_SESSIONID },
|
{ "3.0 SecureCRT*", SSH_OLD_SESSIONID },
|
||||||
{ "1.7 SecureFX*", SSH_OLD_SESSIONID },
|
{ "1.7 SecureFX*", SSH_OLD_SESSIONID },
|
||||||
{ "1.2.18*,"
|
|
||||||
"1.2.19*,"
|
|
||||||
"1.2.20*,"
|
|
||||||
"1.2.21*,"
|
|
||||||
"1.2.22*", SSH_BUG_IGNOREMSG },
|
|
||||||
{ "1.3.2*", /* F-Secure */
|
|
||||||
SSH_BUG_IGNOREMSG },
|
|
||||||
{ "Cisco-1.*", SSH_BUG_DHGEX_LARGE|
|
{ "Cisco-1.*", SSH_BUG_DHGEX_LARGE|
|
||||||
SSH_BUG_HOSTKEYS },
|
SSH_BUG_HOSTKEYS },
|
||||||
{ "*SSH Compatible Server*", /* Netscreen */
|
|
||||||
SSH_BUG_PASSWORDPAD },
|
|
||||||
{ "*OSU_0*,"
|
|
||||||
"OSU_1.0*,"
|
|
||||||
"OSU_1.1*,"
|
|
||||||
"OSU_1.2*,"
|
|
||||||
"OSU_1.3*,"
|
|
||||||
"OSU_1.4*,"
|
|
||||||
"OSU_1.5alpha1*,"
|
|
||||||
"OSU_1.5alpha2*,"
|
|
||||||
"OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD },
|
|
||||||
{ "*SSH_Version_Mapper*",
|
{ "*SSH_Version_Mapper*",
|
||||||
SSH_BUG_SCANNER },
|
SSH_BUG_SCANNER },
|
||||||
{ "PuTTY_Local:*," /* dev versions < Sep 2014 */
|
{ "PuTTY_Local:*," /* dev versions < Sep 2014 */
|
||||||
|
@ -158,37 +139,7 @@ compat_banner(struct ssh *ssh, const char *version)
|
||||||
|
|
||||||
/* Always returns pointer to allocated memory, caller must free. */
|
/* Always returns pointer to allocated memory, caller must free. */
|
||||||
char *
|
char *
|
||||||
compat_cipher_proposal(struct ssh *ssh, char *cipher_prop)
|
compat_kex_proposal(struct ssh *ssh, const char *p)
|
||||||
{
|
|
||||||
if (!(ssh->compat & SSH_BUG_BIGENDIANAES))
|
|
||||||
return xstrdup(cipher_prop);
|
|
||||||
debug2_f("original cipher proposal: %s", cipher_prop);
|
|
||||||
if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL)
|
|
||||||
fatal("match_filter_denylist failed");
|
|
||||||
debug2_f("compat cipher proposal: %s", cipher_prop);
|
|
||||||
if (*cipher_prop == '\0')
|
|
||||||
fatal("No supported ciphers found");
|
|
||||||
return cipher_prop;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Always returns pointer to allocated memory, caller must free. */
|
|
||||||
char *
|
|
||||||
compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop)
|
|
||||||
{
|
|
||||||
if (!(ssh->compat & SSH_BUG_RSASIGMD5))
|
|
||||||
return xstrdup(pkalg_prop);
|
|
||||||
debug2_f("original public key proposal: %s", pkalg_prop);
|
|
||||||
if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL)
|
|
||||||
fatal("match_filter_denylist failed");
|
|
||||||
debug2_f("compat public key proposal: %s", pkalg_prop);
|
|
||||||
if (*pkalg_prop == '\0')
|
|
||||||
fatal("No supported PK algorithms found");
|
|
||||||
return pkalg_prop;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Always returns pointer to allocated memory, caller must free. */
|
|
||||||
char *
|
|
||||||
compat_kex_proposal(struct ssh *ssh, char *p)
|
|
||||||
{
|
{
|
||||||
char *cp = NULL, *cp2 = NULL;
|
char *cp = NULL, *cp2 = NULL;
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: compat.h,v 1.57 2021/06/06 03:40:39 djm Exp $ */
|
/* $OpenBSD: compat.h,v 1.62 2023/03/06 12:14:48 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
|
||||||
|
@ -35,12 +35,12 @@
|
||||||
/* #define unused 0x00000020 */
|
/* #define unused 0x00000020 */
|
||||||
#define SSH_BUG_DEBUG 0x00000040
|
#define SSH_BUG_DEBUG 0x00000040
|
||||||
/* #define unused 0x00000080 */
|
/* #define unused 0x00000080 */
|
||||||
#define SSH_BUG_IGNOREMSG 0x00000100
|
/* #define unused 0x00000100 */
|
||||||
/* #define unused 0x00000200 */
|
/* #define unused 0x00000200 */
|
||||||
#define SSH_BUG_PASSWORDPAD 0x00000400
|
/* #define unused 0x00000400 */
|
||||||
#define SSH_BUG_SCANNER 0x00000800
|
#define SSH_BUG_SCANNER 0x00000800
|
||||||
#define SSH_BUG_BIGENDIANAES 0x00001000
|
/* #define unused 0x00001000 */
|
||||||
#define SSH_BUG_RSASIGMD5 0x00002000
|
/* #define unused 0x00002000 */
|
||||||
#define SSH_OLD_DHGEX 0x00004000
|
#define SSH_OLD_DHGEX 0x00004000
|
||||||
#define SSH_BUG_NOREKEY 0x00008000
|
#define SSH_BUG_NOREKEY 0x00008000
|
||||||
/* #define unused 0x00010000 */
|
/* #define unused 0x00010000 */
|
||||||
|
@ -61,7 +61,5 @@
|
||||||
struct ssh;
|
struct ssh;
|
||||||
|
|
||||||
void compat_banner(struct ssh *, const char *);
|
void compat_banner(struct ssh *, const char *);
|
||||||
char *compat_cipher_proposal(struct ssh *, char *);
|
char *compat_kex_proposal(struct ssh *, const char *);
|
||||||
char *compat_pkalg_proposal(struct ssh *, char *);
|
|
||||||
char *compat_kex_proposal(struct ssh *, char *);
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
%global ver 9.2p1
|
%global ver 9.3p1
|
||||||
%global rel 1%{?dist}
|
%global rel 1%{?dist}
|
||||||
|
|
||||||
# OpenSSH privilege separation requires a user & group ID
|
# OpenSSH privilege separation requires a user & group ID
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
|
|
||||||
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
|
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
|
||||||
Name: openssh
|
Name: openssh
|
||||||
Version: 9.2p1
|
Version: 9.3p1
|
||||||
URL: https://www.openssh.com/
|
URL: https://www.openssh.com/
|
||||||
Release: 1
|
Release: 1
|
||||||
Source0: openssh-%{version}.tar.gz
|
Source0: openssh-%{version}.tar.gz
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: dispatch.c,v 1.32 2019/01/19 21:33:13 djm Exp $ */
|
/* $OpenBSD: dispatch.c,v 1.33 2023/03/05 05:34:09 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -34,7 +34,6 @@
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "ssherr.h"
|
#include "ssherr.h"
|
||||||
|
|
||||||
int
|
int
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: dns.c,v 1.42 2022/02/01 23:32:51 djm Exp $ */
|
/* $OpenBSD: dns.c,v 1.44 2023/03/10 04:06:21 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||||
|
@ -258,6 +258,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
|
||||||
if (!dns_read_key(&hostkey_algorithm, &dnskey_digest_type,
|
if (!dns_read_key(&hostkey_algorithm, &dnskey_digest_type,
|
||||||
&hostkey_digest, &hostkey_digest_len, hostkey)) {
|
&hostkey_digest, &hostkey_digest_len, hostkey)) {
|
||||||
error("Error calculating key fingerprint.");
|
error("Error calculating key fingerprint.");
|
||||||
|
free(dnskey_digest);
|
||||||
freerrset(fingerprints);
|
freerrset(fingerprints);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -301,7 +302,8 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
|
||||||
* Export the fingerprint of a key as a DNS resource record
|
* Export the fingerprint of a key as a DNS resource record
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
|
export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic,
|
||||||
|
int alg)
|
||||||
{
|
{
|
||||||
u_int8_t rdata_pubkey_algorithm = 0;
|
u_int8_t rdata_pubkey_algorithm = 0;
|
||||||
u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED;
|
u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED;
|
||||||
|
@ -311,6 +313,8 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
|
||||||
int success = 0;
|
int success = 0;
|
||||||
|
|
||||||
for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) {
|
for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) {
|
||||||
|
if (alg != -1 && dtype != alg)
|
||||||
|
continue;
|
||||||
rdata_digest_type = dtype;
|
rdata_digest_type = dtype;
|
||||||
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
|
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
|
||||||
&rdata_digest, &rdata_digest_len, key)) {
|
&rdata_digest, &rdata_digest_len, key)) {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: dns.h,v 1.19 2021/07/19 03:13:28 dtucker Exp $ */
|
/* $OpenBSD: dns.h,v 1.20 2023/02/10 04:56:30 djm Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||||
|
@ -54,6 +54,6 @@ enum sshfp_hashes {
|
||||||
|
|
||||||
int verify_host_key_dns(const char *, struct sockaddr *,
|
int verify_host_key_dns(const char *, struct sockaddr *,
|
||||||
struct sshkey *, int *);
|
struct sshkey *, int *);
|
||||||
int export_dns_rr(const char *, struct sshkey *, FILE *, int);
|
int export_dns_rr(const char *, struct sshkey *, FILE *, int, int);
|
||||||
|
|
||||||
#endif /* DNS_H */
|
#endif /* DNS_H */
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: hostfile.c,v 1.93 2022/01/06 22:02:52 djm Exp $ */
|
/* $OpenBSD: hostfile.c,v 1.95 2023/02/21 06:48:18 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -515,14 +515,23 @@ add_host_to_hostfile(const char *filename, const char *host,
|
||||||
const struct sshkey *key, int store_hash)
|
const struct sshkey *key, int store_hash)
|
||||||
{
|
{
|
||||||
FILE *f;
|
FILE *f;
|
||||||
int success;
|
int success, addnl = 0;
|
||||||
|
|
||||||
if (key == NULL)
|
if (key == NULL)
|
||||||
return 1; /* XXX ? */
|
return 1; /* XXX ? */
|
||||||
hostfile_create_user_ssh_dir(filename, 0);
|
hostfile_create_user_ssh_dir(filename, 0);
|
||||||
f = fopen(filename, "a");
|
f = fopen(filename, "a+");
|
||||||
if (!f)
|
if (!f)
|
||||||
return 0;
|
return 0;
|
||||||
|
/* Make sure we have a terminating newline. */
|
||||||
|
if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
|
||||||
|
addnl = 1;
|
||||||
|
if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {
|
||||||
|
error("Failed to add terminating newline to %s: %s",
|
||||||
|
filename, strerror(errno));
|
||||||
|
fclose(f);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
success = write_host_entry(f, host, NULL, key, store_hash);
|
success = write_host_entry(f, host, NULL, key, store_hash);
|
||||||
fclose(f);
|
fclose(f);
|
||||||
return success;
|
return success;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: kex.c,v 1.173 2022/11/07 10:05:38 dtucker Exp $ */
|
/* $OpenBSD: kex.c,v 1.178 2023/03/12 10:40:39 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -57,10 +57,12 @@
|
||||||
#include "misc.h"
|
#include "misc.h"
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
#include "monitor.h"
|
#include "monitor.h"
|
||||||
|
#include "myproposal.h"
|
||||||
|
|
||||||
#include "ssherr.h"
|
#include "ssherr.h"
|
||||||
#include "sshbuf.h"
|
#include "sshbuf.h"
|
||||||
#include "digest.h"
|
#include "digest.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
|
|
||||||
/* prototype */
|
/* prototype */
|
||||||
static int kex_choose_conf(struct ssh *);
|
static int kex_choose_conf(struct ssh *);
|
||||||
|
@ -317,6 +319,61 @@ kex_assemble_names(char **listp, const char *def, const char *all)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Fill out a proposal array with dynamically allocated values, which may
|
||||||
|
* be modified as required for compatibility reasons.
|
||||||
|
* Any of the options may be NULL, in which case the default is used.
|
||||||
|
* Array contents must be freed by calling kex_proposal_free_entries.
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
kex_proposal_populate_entries(struct ssh *ssh, char *prop[PROPOSAL_MAX],
|
||||||
|
const char *kexalgos, const char *ciphers, const char *macs,
|
||||||
|
const char *comp, const char *hkalgs)
|
||||||
|
{
|
||||||
|
const char *defpropserver[PROPOSAL_MAX] = { KEX_SERVER };
|
||||||
|
const char *defpropclient[PROPOSAL_MAX] = { KEX_CLIENT };
|
||||||
|
const char **defprop = ssh->kex->server ? defpropserver : defpropclient;
|
||||||
|
u_int i;
|
||||||
|
|
||||||
|
if (prop == NULL)
|
||||||
|
fatal_f("proposal missing");
|
||||||
|
|
||||||
|
for (i = 0; i < PROPOSAL_MAX; i++) {
|
||||||
|
switch(i) {
|
||||||
|
case PROPOSAL_KEX_ALGS:
|
||||||
|
prop[i] = compat_kex_proposal(ssh,
|
||||||
|
kexalgos ? kexalgos : defprop[i]);
|
||||||
|
break;
|
||||||
|
case PROPOSAL_ENC_ALGS_CTOS:
|
||||||
|
case PROPOSAL_ENC_ALGS_STOC:
|
||||||
|
prop[i] = xstrdup(ciphers ? ciphers : defprop[i]);
|
||||||
|
break;
|
||||||
|
case PROPOSAL_MAC_ALGS_CTOS:
|
||||||
|
case PROPOSAL_MAC_ALGS_STOC:
|
||||||
|
prop[i] = xstrdup(macs ? macs : defprop[i]);
|
||||||
|
break;
|
||||||
|
case PROPOSAL_COMP_ALGS_CTOS:
|
||||||
|
case PROPOSAL_COMP_ALGS_STOC:
|
||||||
|
prop[i] = xstrdup(comp ? comp : defprop[i]);
|
||||||
|
break;
|
||||||
|
case PROPOSAL_SERVER_HOST_KEY_ALGS:
|
||||||
|
prop[i] = xstrdup(hkalgs ? hkalgs : defprop[i]);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
prop[i] = xstrdup(defprop[i]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
kex_proposal_free_entries(char *prop[PROPOSAL_MAX])
|
||||||
|
{
|
||||||
|
u_int i;
|
||||||
|
|
||||||
|
for (i = 0; i < PROPOSAL_MAX; i++)
|
||||||
|
free(prop[i]);
|
||||||
|
}
|
||||||
|
|
||||||
/* put algorithm proposal into buffer */
|
/* put algorithm proposal into buffer */
|
||||||
int
|
int
|
||||||
kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX])
|
kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX])
|
||||||
|
@ -404,7 +461,6 @@ kex_prop_free(char **proposal)
|
||||||
free(proposal);
|
free(proposal);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
int
|
int
|
||||||
kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh)
|
kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -485,6 +541,11 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
|
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
|
||||||
if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0)
|
if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0)
|
||||||
return r;
|
return r;
|
||||||
|
if (ninfo >= 1024) {
|
||||||
|
error("SSH2_MSG_EXT_INFO with too many entries, expected "
|
||||||
|
"<=1024, received %u", ninfo);
|
||||||
|
return SSH_ERR_INVALID_FORMAT;
|
||||||
|
}
|
||||||
for (i = 0; i < ninfo; i++) {
|
for (i = 0; i < ninfo; i++) {
|
||||||
if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
|
if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
|
||||||
return r;
|
return r;
|
||||||
|
@ -585,7 +646,6 @@ kex_send_kexinit(struct ssh *ssh)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
int
|
int
|
||||||
kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
|
kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -1345,7 +1405,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
||||||
}
|
}
|
||||||
peer_version_string = sshbuf_dup_string(peer_version);
|
peer_version_string = sshbuf_dup_string(peer_version);
|
||||||
if (peer_version_string == NULL)
|
if (peer_version_string == NULL)
|
||||||
error_f("sshbuf_dup_string failed");
|
fatal_f("sshbuf_dup_string failed");
|
||||||
/* XXX must be same size for sscanf */
|
/* XXX must be same size for sscanf */
|
||||||
if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) {
|
if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) {
|
||||||
error_f("calloc failed");
|
error_f("calloc failed");
|
||||||
|
@ -1404,10 +1464,6 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
||||||
r = SSH_ERR_CONN_CLOSED; /* XXX */
|
r = SSH_ERR_CONN_CLOSED; /* XXX */
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
|
|
||||||
logit("Remote version \"%.100s\" uses unsafe RSA signature "
|
|
||||||
"scheme; disabling use of RSA keys", remote_version);
|
|
||||||
}
|
|
||||||
/* success */
|
/* success */
|
||||||
r = 0;
|
r = 0;
|
||||||
out:
|
out:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: kex.h,v 1.117 2022/01/06 21:55:23 djm Exp $ */
|
/* $OpenBSD: kex.h,v 1.118 2023/03/06 12:14:48 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||||
|
@ -182,6 +182,9 @@ int kex_names_valid(const char *);
|
||||||
char *kex_alg_list(char);
|
char *kex_alg_list(char);
|
||||||
char *kex_names_cat(const char *, const char *);
|
char *kex_names_cat(const char *, const char *);
|
||||||
int kex_assemble_names(char **, const char *, const char *);
|
int kex_assemble_names(char **, const char *, const char *);
|
||||||
|
void kex_proposal_populate_entries(struct ssh *, char *prop[PROPOSAL_MAX],
|
||||||
|
const char *, const char *, const char *, const char *, const char *);
|
||||||
|
void kex_proposal_free_entries(char *prop[PROPOSAL_MAX]);
|
||||||
|
|
||||||
int kex_exchange_identification(struct ssh *, int, const char *);
|
int kex_exchange_identification(struct ssh *, int, const char *);
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: kexgexs.c,v 1.44 2021/12/19 22:08:06 djm Exp $ */
|
/* $OpenBSD: kexgexs.c,v 1.45 2023/03/05 05:34:09 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||||
|
@ -46,7 +46,6 @@
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "dh.h"
|
#include "dh.h"
|
||||||
#include "ssh2.h"
|
#include "ssh2.h"
|
||||||
#include "compat.h"
|
|
||||||
#ifdef GSSAPI
|
#ifdef GSSAPI
|
||||||
#include "ssh-gss.h"
|
#include "ssh-gss.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* $OpenBSD: krl.c,v 1.54 2022/04/28 02:53:31 djm Exp $ */
|
/* $OpenBSD: krl.c,v 1.55 2023/03/14 07:28:47 dtucker Exp $ */
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
|
@ -191,6 +191,7 @@ ssh_krl_free(struct ssh_krl *krl)
|
||||||
TAILQ_REMOVE(&krl->revoked_certs, rc, entry);
|
TAILQ_REMOVE(&krl->revoked_certs, rc, entry);
|
||||||
revoked_certs_free(rc);
|
revoked_certs_free(rc);
|
||||||
}
|
}
|
||||||
|
free(krl);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: misc.c,v 1.180 2023/01/06 02:37:04 djm Exp $ */
|
/* $OpenBSD: misc.c,v 1.181 2023/03/03 02:37:58 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2005-2020 Damien Miller. All rights reserved.
|
* Copyright (c) 2005-2020 Damien Miller. All rights reserved.
|
||||||
|
@ -2452,9 +2452,6 @@ parse_absolute_time(const char *s, uint64_t *tp)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* On OpenBSD time_t is int64_t which is long long. */
|
|
||||||
/* #define SSH_TIME_T_MAX LLONG_MAX */
|
|
||||||
|
|
||||||
void
|
void
|
||||||
format_absolute_time(uint64_t t, char *buf, size_t len)
|
format_absolute_time(uint64_t t, char *buf, size_t len)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: misc.h,v 1.101 2023/01/06 02:37:04 djm Exp $ */
|
/* $OpenBSD: misc.h,v 1.102 2023/03/03 02:37:58 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
@ -240,4 +240,7 @@ void notify_complete(struct notifier_ctx *, const char *, ...)
|
||||||
typedef void (*sshsig_t)(int);
|
typedef void (*sshsig_t)(int);
|
||||||
sshsig_t ssh_signal(int, sshsig_t);
|
sshsig_t ssh_signal(int, sshsig_t);
|
||||||
|
|
||||||
|
/* On OpenBSD time_t is int64_t which is long long. */
|
||||||
|
/* #define SSH_TIME_T_MAX LLONG_MAX */
|
||||||
|
|
||||||
#endif /* _MISC_H */
|
#endif /* _MISC_H */
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: moduli.c,v 1.38 2022/05/01 23:20:30 djm Exp $ */
|
/* $OpenBSD: moduli.c,v 1.39 2023/03/02 06:41:56 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright 1994 Phil Karn <karn@qualcomm.com>
|
* Copyright 1994 Phil Karn <karn@qualcomm.com>
|
||||||
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
|
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
|
||||||
|
@ -452,7 +452,7 @@ write_checkpoint(char *cpfile, u_int32_t lineno)
|
||||||
{
|
{
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
char tmp[PATH_MAX];
|
char tmp[PATH_MAX];
|
||||||
int r;
|
int r, writeok, closeok;
|
||||||
|
|
||||||
r = snprintf(tmp, sizeof(tmp), "%s.XXXXXXXXXX", cpfile);
|
r = snprintf(tmp, sizeof(tmp), "%s.XXXXXXXXXX", cpfile);
|
||||||
if (r < 0 || r >= PATH_MAX) {
|
if (r < 0 || r >= PATH_MAX) {
|
||||||
|
@ -469,13 +469,16 @@ write_checkpoint(char *cpfile, u_int32_t lineno)
|
||||||
close(r);
|
close(r);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (fprintf(fp, "%lu\n", (unsigned long)lineno) > 0 && fclose(fp) == 0
|
writeok = (fprintf(fp, "%lu\n", (unsigned long)lineno) > 0);
|
||||||
&& rename(tmp, cpfile) == 0)
|
closeok = (fclose(fp) == 0);
|
||||||
|
if (writeok && closeok && rename(tmp, cpfile) == 0) {
|
||||||
debug3("wrote checkpoint line %lu to '%s'",
|
debug3("wrote checkpoint line %lu to '%s'",
|
||||||
(unsigned long)lineno, cpfile);
|
(unsigned long)lineno, cpfile);
|
||||||
else
|
} else {
|
||||||
logit("failed to write to checkpoint file '%s': %s", cpfile,
|
logit("failed to write to checkpoint file '%s': %s", cpfile,
|
||||||
strerror(errno));
|
strerror(errno));
|
||||||
|
(void)unlink(tmp);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned long
|
static unsigned long
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: monitor.c,v 1.234 2022/06/15 16:08:25 djm Exp $ */
|
/* $OpenBSD: monitor.c,v 1.235 2023/02/17 04:22:50 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||||
|
@ -1097,6 +1097,10 @@ mm_answer_pam_respond(struct ssh *ssh, int sock, struct sshbuf *m)
|
||||||
sshpam_authok = NULL;
|
sshpam_authok = NULL;
|
||||||
if ((r = sshbuf_get_u32(m, &num)) != 0)
|
if ((r = sshbuf_get_u32(m, &num)) != 0)
|
||||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||||
|
if (num > PAM_MAX_NUM_MSG) {
|
||||||
|
fatal_f("Too many PAM messages, got %u, expected <= %u",
|
||||||
|
num, (unsigned)PAM_MAX_NUM_MSG);
|
||||||
|
}
|
||||||
if (num > 0) {
|
if (num > 0) {
|
||||||
resp = xcalloc(num, sizeof(char *));
|
resp = xcalloc(num, sizeof(char *));
|
||||||
for (i = 0; i < num; ++i) {
|
for (i = 0; i < num; ++i) {
|
||||||
|
@ -1161,11 +1165,6 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
|
||||||
fatal_fr(r, "parse");
|
fatal_fr(r, "parse");
|
||||||
|
|
||||||
if (key != NULL && authctxt->valid) {
|
if (key != NULL && authctxt->valid) {
|
||||||
/* These should not make it past the privsep child */
|
|
||||||
if (sshkey_type_plain(key->type) == KEY_RSA &&
|
|
||||||
(ssh->compat & SSH_BUG_RSASIGMD5) != 0)
|
|
||||||
fatal_f("passed a SSH_BUG_RSASIGMD5 key");
|
|
||||||
|
|
||||||
switch (type) {
|
switch (type) {
|
||||||
case MM_USERKEY:
|
case MM_USERKEY:
|
||||||
auth_method = "publickey";
|
auth_method = "publickey";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: mux.c,v 1.95 2023/01/06 02:39:59 djm Exp $ */
|
/* $OpenBSD: mux.c,v 1.96 2023/03/08 04:43:12 guenther Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
|
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
|
||||||
*
|
*
|
||||||
|
@ -186,7 +186,6 @@ static const struct {
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Cleanup callback fired on closure of mux client _session_ channel */
|
/* Cleanup callback fired on closure of mux client _session_ channel */
|
||||||
/* ARGSUSED */
|
|
||||||
static void
|
static void
|
||||||
mux_master_session_cleanup_cb(struct ssh *ssh, int cid, int force, void *unused)
|
mux_master_session_cleanup_cb(struct ssh *ssh, int cid, int force, void *unused)
|
||||||
{
|
{
|
||||||
|
@ -208,7 +207,6 @@ mux_master_session_cleanup_cb(struct ssh *ssh, int cid, int force, void *unused)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Cleanup callback fired on closure of mux client _control_ channel */
|
/* Cleanup callback fired on closure of mux client _control_ channel */
|
||||||
/* ARGSUSED */
|
|
||||||
static void
|
static void
|
||||||
mux_master_control_cleanup_cb(struct ssh *ssh, int cid, int force, void *unused)
|
mux_master_control_cleanup_cb(struct ssh *ssh, int cid, int force, void *unused)
|
||||||
{
|
{
|
||||||
|
|
|
@ -51,7 +51,7 @@ _ssh_compat_getentropy(void *s, size_t len)
|
||||||
size_t o = 0;
|
size_t o = 0;
|
||||||
|
|
||||||
#ifdef HAVE_GETENTROPY
|
#ifdef HAVE_GETENTROPY
|
||||||
if (r = getentropy(s, len) == 0)
|
if ((r = getentropy(s, len)) == 0)
|
||||||
return 0;
|
return 0;
|
||||||
#endif /* HAVE_GETENTROPY */
|
#endif /* HAVE_GETENTROPY */
|
||||||
#ifdef HAVE_GETRANDOM
|
#ifdef HAVE_GETRANDOM
|
||||||
|
|
|
@ -40,6 +40,7 @@
|
||||||
#define required_argument 1
|
#define required_argument 1
|
||||||
#define optional_argument 2
|
#define optional_argument 2
|
||||||
|
|
||||||
|
#if 0
|
||||||
struct option {
|
struct option {
|
||||||
/* name of long option */
|
/* name of long option */
|
||||||
const char *name;
|
const char *name;
|
||||||
|
@ -58,6 +59,8 @@ int getopt_long(int, char * const *, const char *,
|
||||||
const struct option *, int *);
|
const struct option *, int *);
|
||||||
int getopt_long_only(int, char * const *, const char *,
|
int getopt_long_only(int, char * const *, const char *,
|
||||||
const struct option *, int *);
|
const struct option *, int *);
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef _GETOPT_DEFINED_
|
#ifndef _GETOPT_DEFINED_
|
||||||
#define _GETOPT_DEFINED_
|
#define _GETOPT_DEFINED_
|
||||||
int getopt(int, char * const *, const char *);
|
int getopt(int, char * const *, const char *);
|
||||||
|
|
|
@ -72,6 +72,20 @@
|
||||||
|
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
|
|
||||||
|
struct option {
|
||||||
|
/* name of long option */
|
||||||
|
const char *name;
|
||||||
|
/*
|
||||||
|
* one of no_argument, required_argument, and optional_argument:
|
||||||
|
* whether option takes an argument
|
||||||
|
*/
|
||||||
|
int has_arg;
|
||||||
|
/* if not NULL, set *flag to val when option found */
|
||||||
|
int *flag;
|
||||||
|
/* if flag not NULL, value to set *flag to; else return value */
|
||||||
|
int val;
|
||||||
|
};
|
||||||
|
|
||||||
int opterr = 1; /* if error message should be printed */
|
int opterr = 1; /* if error message should be printed */
|
||||||
int optind = 1; /* index into parent argv vector */
|
int optind = 1; /* index into parent argv vector */
|
||||||
int optopt = '?'; /* character checked for validity */
|
int optopt = '?'; /* character checked for validity */
|
||||||
|
|
|
@ -390,6 +390,9 @@ parse_dns_response(const u_char *answer, int size)
|
||||||
struct dns_response *resp;
|
struct dns_response *resp;
|
||||||
const u_char *cp;
|
const u_char *cp;
|
||||||
|
|
||||||
|
if (size < HFIXEDSZ)
|
||||||
|
return (NULL);
|
||||||
|
|
||||||
/* allocate memory for the response */
|
/* allocate memory for the response */
|
||||||
resp = calloc(1, sizeof(*resp));
|
resp = calloc(1, sizeof(*resp));
|
||||||
if (resp == NULL)
|
if (resp == NULL)
|
||||||
|
@ -456,14 +459,22 @@ parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count)
|
||||||
int i, length;
|
int i, length;
|
||||||
char name[MAXDNAME];
|
char name[MAXDNAME];
|
||||||
|
|
||||||
for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
|
#define NEED(need) \
|
||||||
|
do { \
|
||||||
|
if (*cp + need > answer + size) \
|
||||||
|
goto fail; \
|
||||||
|
} while (0)
|
||||||
|
|
||||||
/* allocate and initialize struct */
|
for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
|
||||||
curr = calloc(1, sizeof(struct dns_query));
|
if (*cp >= answer + size) {
|
||||||
if (curr == NULL) {
|
fail:
|
||||||
free_dns_query(head);
|
free_dns_query(head);
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
/* allocate and initialize struct */
|
||||||
|
curr = calloc(1, sizeof(struct dns_query));
|
||||||
|
if (curr == NULL)
|
||||||
|
goto fail;
|
||||||
if (head == NULL)
|
if (head == NULL)
|
||||||
head = curr;
|
head = curr;
|
||||||
if (prev != NULL)
|
if (prev != NULL)
|
||||||
|
@ -481,16 +492,20 @@ parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count)
|
||||||
free_dns_query(head);
|
free_dns_query(head);
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
NEED(length);
|
||||||
*cp += length;
|
*cp += length;
|
||||||
|
|
||||||
/* type */
|
/* type */
|
||||||
|
NEED(INT16SZ);
|
||||||
curr->type = _getshort(*cp);
|
curr->type = _getshort(*cp);
|
||||||
*cp += INT16SZ;
|
*cp += INT16SZ;
|
||||||
|
|
||||||
/* class */
|
/* class */
|
||||||
|
NEED(INT16SZ);
|
||||||
curr->class = _getshort(*cp);
|
curr->class = _getshort(*cp);
|
||||||
*cp += INT16SZ;
|
*cp += INT16SZ;
|
||||||
}
|
}
|
||||||
|
#undef NEED
|
||||||
|
|
||||||
return (head);
|
return (head);
|
||||||
}
|
}
|
||||||
|
@ -503,14 +518,23 @@ parse_dns_rrsection(const u_char *answer, int size, const u_char **cp,
|
||||||
int i, length;
|
int i, length;
|
||||||
char name[MAXDNAME];
|
char name[MAXDNAME];
|
||||||
|
|
||||||
for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
|
#define NEED(need) \
|
||||||
|
do { \
|
||||||
|
if (*cp + need > answer + size) \
|
||||||
|
goto fail; \
|
||||||
|
} while (0)
|
||||||
|
|
||||||
/* allocate and initialize struct */
|
for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
|
||||||
curr = calloc(1, sizeof(struct dns_rr));
|
if (*cp >= answer + size) {
|
||||||
if (curr == NULL) {
|
fail:
|
||||||
free_dns_rr(head);
|
free_dns_rr(head);
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* allocate and initialize struct */
|
||||||
|
curr = calloc(1, sizeof(struct dns_rr));
|
||||||
|
if (curr == NULL)
|
||||||
|
goto fail;
|
||||||
if (head == NULL)
|
if (head == NULL)
|
||||||
head = curr;
|
head = curr;
|
||||||
if (prev != NULL)
|
if (prev != NULL)
|
||||||
|
@ -528,25 +552,31 @@ parse_dns_rrsection(const u_char *answer, int size, const u_char **cp,
|
||||||
free_dns_rr(head);
|
free_dns_rr(head);
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
NEED(length);
|
||||||
*cp += length;
|
*cp += length;
|
||||||
|
|
||||||
/* type */
|
/* type */
|
||||||
|
NEED(INT16SZ);
|
||||||
curr->type = _getshort(*cp);
|
curr->type = _getshort(*cp);
|
||||||
*cp += INT16SZ;
|
*cp += INT16SZ;
|
||||||
|
|
||||||
/* class */
|
/* class */
|
||||||
|
NEED(INT16SZ);
|
||||||
curr->class = _getshort(*cp);
|
curr->class = _getshort(*cp);
|
||||||
*cp += INT16SZ;
|
*cp += INT16SZ;
|
||||||
|
|
||||||
/* ttl */
|
/* ttl */
|
||||||
|
NEED(INT32SZ);
|
||||||
curr->ttl = _getlong(*cp);
|
curr->ttl = _getlong(*cp);
|
||||||
*cp += INT32SZ;
|
*cp += INT32SZ;
|
||||||
|
|
||||||
/* rdata size */
|
/* rdata size */
|
||||||
|
NEED(INT16SZ);
|
||||||
curr->size = _getshort(*cp);
|
curr->size = _getshort(*cp);
|
||||||
*cp += INT16SZ;
|
*cp += INT16SZ;
|
||||||
|
|
||||||
/* rdata itself */
|
/* rdata itself */
|
||||||
|
NEED(curr->size);
|
||||||
curr->rdata = malloc(curr->size);
|
curr->rdata = malloc(curr->size);
|
||||||
if (curr->rdata == NULL) {
|
if (curr->rdata == NULL) {
|
||||||
free_dns_rr(head);
|
free_dns_rr(head);
|
||||||
|
@ -555,6 +585,7 @@ parse_dns_rrsection(const u_char *answer, int size, const u_char **cp,
|
||||||
memcpy(curr->rdata, *cp, curr->size);
|
memcpy(curr->rdata, *cp, curr->size);
|
||||||
*cp += curr->size;
|
*cp += curr->size;
|
||||||
}
|
}
|
||||||
|
#undef NEED
|
||||||
|
|
||||||
return (head);
|
return (head);
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,6 +34,29 @@
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#ifdef mkstemp
|
||||||
|
#undef mkstemp
|
||||||
|
#endif
|
||||||
|
int mkstemp(char *);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* From glibc man page: 'In glibc versions 2.06 and earlier, the file is
|
||||||
|
* created with permissions 0666, that is, read and write for all users.'
|
||||||
|
* Provide a wrapper to make sure the mask is reasonable (POSIX requires
|
||||||
|
* mode 0600, so mask off any other bits).
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
_ssh_mkstemp(char *template)
|
||||||
|
{
|
||||||
|
mode_t mask;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
mask = umask(0177);
|
||||||
|
ret = mkstemp(template);
|
||||||
|
(void)umask(mask);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
#if !defined(HAVE_MKDTEMP)
|
#if !defined(HAVE_MKDTEMP)
|
||||||
|
|
||||||
#define MKTEMP_NAME 0
|
#define MKTEMP_NAME 0
|
||||||
|
|
|
@ -141,6 +141,9 @@ int mkstemp(char *path);
|
||||||
char *mkdtemp(char *path);
|
char *mkdtemp(char *path);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#define mkstemp(x) _ssh_mkstemp(x)
|
||||||
|
int _ssh_mkstemp(char *);
|
||||||
|
|
||||||
#ifndef HAVE_DAEMON
|
#ifndef HAVE_DAEMON
|
||||||
int daemon(int nochdir, int noclose);
|
int daemon(int nochdir, int noclose);
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: packet.c,v 1.308 2022/08/31 02:56:40 djm Exp $ */
|
/* $OpenBSD: packet.c,v 1.309 2023/03/03 10:23:42 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -1325,7 +1325,7 @@ int
|
||||||
ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
|
ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
|
||||||
{
|
{
|
||||||
struct session_state *state = ssh->state;
|
struct session_state *state = ssh->state;
|
||||||
int len, r, ms_remain;
|
int len, r, ms_remain = 0;
|
||||||
struct pollfd pfd;
|
struct pollfd pfd;
|
||||||
char buf[8192];
|
char buf[8192];
|
||||||
struct timeval start;
|
struct timeval start;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: progressmeter.c,v 1.50 2020/01/23 07:10:22 dtucker Exp $ */
|
/* $OpenBSD: progressmeter.c,v 1.52 2023/03/08 04:43:12 guenther Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2003 Nils Nordman. All rights reserved.
|
* Copyright (c) 2003 Nils Nordman. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -30,8 +30,11 @@
|
||||||
#include <sys/uio.h>
|
#include <sys/uio.h>
|
||||||
|
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
|
#include <limits.h>
|
||||||
|
#include <signal.h>
|
||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
|
#include <stdlib.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
|
@ -51,10 +54,6 @@
|
||||||
/* determines whether we can output to the terminal */
|
/* determines whether we can output to the terminal */
|
||||||
static int can_output(void);
|
static int can_output(void);
|
||||||
|
|
||||||
/* formats and inserts the specified size into the given buffer */
|
|
||||||
static void format_size(char *, int, off_t);
|
|
||||||
static void format_rate(char *, int, off_t);
|
|
||||||
|
|
||||||
/* window resizing */
|
/* window resizing */
|
||||||
static void sig_winch(int);
|
static void sig_winch(int);
|
||||||
static void setscreensize(void);
|
static void setscreensize(void);
|
||||||
|
@ -84,10 +83,14 @@ can_output(void)
|
||||||
return (getpgrp() == tcgetpgrp(STDOUT_FILENO));
|
return (getpgrp() == tcgetpgrp(STDOUT_FILENO));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
/* size needed to format integer type v, using (nbits(v) * log2(10) / 10) */
|
||||||
format_rate(char *buf, int size, off_t bytes)
|
#define STRING_SIZE(v) (((sizeof(v) * 8 * 4) / 10) + 1)
|
||||||
|
|
||||||
|
static const char *
|
||||||
|
format_rate(off_t bytes)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
static char buf[STRING_SIZE(bytes) * 2 + 16];
|
||||||
|
|
||||||
bytes *= 100;
|
bytes *= 100;
|
||||||
for (i = 0; bytes >= 100*1000 && unit[i] != 'T'; i++)
|
for (i = 0; bytes >= 100*1000 && unit[i] != 'T'; i++)
|
||||||
|
@ -96,37 +99,40 @@ format_rate(char *buf, int size, off_t bytes)
|
||||||
i++;
|
i++;
|
||||||
bytes = (bytes + 512) / 1024;
|
bytes = (bytes + 512) / 1024;
|
||||||
}
|
}
|
||||||
snprintf(buf, size, "%3lld.%1lld%c%s",
|
snprintf(buf, sizeof(buf), "%3lld.%1lld%c%s",
|
||||||
(long long) (bytes + 5) / 100,
|
(long long) (bytes + 5) / 100,
|
||||||
(long long) (bytes + 5) / 10 % 10,
|
(long long) (bytes + 5) / 10 % 10,
|
||||||
unit[i],
|
unit[i],
|
||||||
i ? "B" : " ");
|
i ? "B" : " ");
|
||||||
|
return buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static const char *
|
||||||
format_size(char *buf, int size, off_t bytes)
|
format_size(off_t bytes)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
static char buf[STRING_SIZE(bytes) + 16];
|
||||||
|
|
||||||
for (i = 0; bytes >= 10000 && unit[i] != 'T'; i++)
|
for (i = 0; bytes >= 10000 && unit[i] != 'T'; i++)
|
||||||
bytes = (bytes + 512) / 1024;
|
bytes = (bytes + 512) / 1024;
|
||||||
snprintf(buf, size, "%4lld%c%s",
|
snprintf(buf, sizeof(buf), "%4lld%c%s",
|
||||||
(long long) bytes,
|
(long long) bytes,
|
||||||
unit[i],
|
unit[i],
|
||||||
i ? "B" : " ");
|
i ? "B" : " ");
|
||||||
|
return buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
refresh_progress_meter(int force_update)
|
refresh_progress_meter(int force_update)
|
||||||
{
|
{
|
||||||
char buf[MAX_WINSIZE + 1];
|
char *buf = NULL, *obuf = NULL;
|
||||||
off_t transferred;
|
off_t transferred;
|
||||||
double elapsed, now;
|
double elapsed, now;
|
||||||
int percent;
|
int percent;
|
||||||
off_t bytes_left;
|
off_t bytes_left;
|
||||||
int cur_speed;
|
int cur_speed;
|
||||||
int hours, minutes, seconds;
|
int hours, minutes, seconds;
|
||||||
int file_len;
|
int file_len, cols;
|
||||||
|
|
||||||
if ((!force_update && !alarm_fired && !win_resized) || !can_output())
|
if ((!force_update && !alarm_fired && !win_resized) || !can_output())
|
||||||
return;
|
return;
|
||||||
|
@ -164,32 +170,29 @@ refresh_progress_meter(int force_update)
|
||||||
} else
|
} else
|
||||||
bytes_per_second = cur_speed;
|
bytes_per_second = cur_speed;
|
||||||
|
|
||||||
/* filename */
|
last_update = now;
|
||||||
buf[0] = '\0';
|
|
||||||
file_len = win_size - 36;
|
|
||||||
if (file_len > 0) {
|
|
||||||
buf[0] = '\r';
|
|
||||||
snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
|
|
||||||
file_len, file);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
/* Don't bother if we can't even display the completion percentage */
|
||||||
|
if (win_size < 4)
|
||||||
|
return;
|
||||||
|
|
||||||
|
/* filename */
|
||||||
|
file_len = cols = win_size - 36;
|
||||||
|
if (file_len > 0) {
|
||||||
|
asmprintf(&buf, INT_MAX, &cols, "%-*s", file_len, file);
|
||||||
|
/* If we used fewer columns than expected then pad */
|
||||||
|
if (cols < file_len)
|
||||||
|
xextendf(&buf, NULL, "%*s", file_len - cols, "");
|
||||||
|
}
|
||||||
/* percent of transfer done */
|
/* percent of transfer done */
|
||||||
if (end_pos == 0 || cur_pos == end_pos)
|
if (end_pos == 0 || cur_pos == end_pos)
|
||||||
percent = 100;
|
percent = 100;
|
||||||
else
|
else
|
||||||
percent = ((float)cur_pos / end_pos) * 100;
|
percent = ((float)cur_pos / end_pos) * 100;
|
||||||
snprintf(buf + strlen(buf), win_size - strlen(buf),
|
|
||||||
" %3d%% ", percent);
|
|
||||||
|
|
||||||
/* amount transferred */
|
/* percent / amount transferred / bandwidth usage */
|
||||||
format_size(buf + strlen(buf), win_size - strlen(buf),
|
xextendf(&buf, NULL, " %3d%% %s %s/s ", percent, format_size(cur_pos),
|
||||||
cur_pos);
|
format_rate((off_t)bytes_per_second));
|
||||||
strlcat(buf, " ", win_size);
|
|
||||||
|
|
||||||
/* bandwidth usage */
|
|
||||||
format_rate(buf + strlen(buf), win_size - strlen(buf),
|
|
||||||
(off_t)bytes_per_second);
|
|
||||||
strlcat(buf, "/s ", win_size);
|
|
||||||
|
|
||||||
/* ETA */
|
/* ETA */
|
||||||
if (!transferred)
|
if (!transferred)
|
||||||
|
@ -198,9 +201,9 @@ refresh_progress_meter(int force_update)
|
||||||
stalled = 0;
|
stalled = 0;
|
||||||
|
|
||||||
if (stalled >= STALL_TIME)
|
if (stalled >= STALL_TIME)
|
||||||
strlcat(buf, "- stalled -", win_size);
|
xextendf(&buf, NULL, "- stalled -");
|
||||||
else if (bytes_per_second == 0 && bytes_left)
|
else if (bytes_per_second == 0 && bytes_left)
|
||||||
strlcat(buf, " --:-- ETA", win_size);
|
xextendf(&buf, NULL, " --:-- ETA");
|
||||||
else {
|
else {
|
||||||
if (bytes_left > 0)
|
if (bytes_left > 0)
|
||||||
seconds = bytes_left / bytes_per_second;
|
seconds = bytes_left / bytes_per_second;
|
||||||
|
@ -212,24 +215,29 @@ refresh_progress_meter(int force_update)
|
||||||
minutes = seconds / 60;
|
minutes = seconds / 60;
|
||||||
seconds -= minutes * 60;
|
seconds -= minutes * 60;
|
||||||
|
|
||||||
if (hours != 0)
|
if (hours != 0) {
|
||||||
snprintf(buf + strlen(buf), win_size - strlen(buf),
|
xextendf(&buf, NULL, "%d:%02d:%02d",
|
||||||
"%d:%02d:%02d", hours, minutes, seconds);
|
hours, minutes, seconds);
|
||||||
else
|
} else
|
||||||
snprintf(buf + strlen(buf), win_size - strlen(buf),
|
xextendf(&buf, NULL, " %02d:%02d", minutes, seconds);
|
||||||
" %02d:%02d", minutes, seconds);
|
|
||||||
|
|
||||||
if (bytes_left > 0)
|
if (bytes_left > 0)
|
||||||
strlcat(buf, " ETA", win_size);
|
xextendf(&buf, NULL, " ETA");
|
||||||
else
|
else
|
||||||
strlcat(buf, " ", win_size);
|
xextendf(&buf, NULL, " ");
|
||||||
}
|
}
|
||||||
|
|
||||||
atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1);
|
/* Finally, truncate string at window width */
|
||||||
last_update = now;
|
cols = win_size - 1;
|
||||||
|
asmprintf(&obuf, INT_MAX, &cols, " %s", buf);
|
||||||
|
if (obuf != NULL) {
|
||||||
|
*obuf = '\r'; /* must insert as asmprintf() would escape it */
|
||||||
|
atomicio(vwrite, STDOUT_FILENO, obuf, strlen(obuf));
|
||||||
|
}
|
||||||
|
free(buf);
|
||||||
|
free(obuf);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*ARGSUSED*/
|
|
||||||
static void
|
static void
|
||||||
sig_alarm(int ignore)
|
sig_alarm(int ignore)
|
||||||
{
|
{
|
||||||
|
@ -272,7 +280,6 @@ stop_progress_meter(void)
|
||||||
atomicio(vwrite, STDOUT_FILENO, "\n", 1);
|
atomicio(vwrite, STDOUT_FILENO, "\n", 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*ARGSUSED*/
|
|
||||||
static void
|
static void
|
||||||
sig_winch(int sig)
|
sig_winch(int sig)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: readconf.c,v 1.372 2023/01/13 02:58:20 dtucker Exp $ */
|
/* $OpenBSD: readconf.c,v 1.375 2023/03/10 02:24:56 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -54,7 +54,6 @@
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "ssherr.h"
|
#include "ssherr.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "cipher.h"
|
#include "cipher.h"
|
||||||
#include "pathnames.h"
|
#include "pathnames.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
|
@ -625,7 +624,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
|
||||||
}
|
}
|
||||||
arg = criteria = NULL;
|
arg = criteria = NULL;
|
||||||
this_result = 1;
|
this_result = 1;
|
||||||
if ((negate = attrib[0] == '!'))
|
if ((negate = (attrib[0] == '!')))
|
||||||
attrib++;
|
attrib++;
|
||||||
/* Criterion "all" has no argument and must appear alone */
|
/* Criterion "all" has no argument and must appear alone */
|
||||||
if (strcasecmp(attrib, "all") == 0) {
|
if (strcasecmp(attrib, "all") == 0) {
|
||||||
|
@ -2139,15 +2138,13 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
|
||||||
value2 = 0; /* unlimited lifespan by default */
|
value2 = 0; /* unlimited lifespan by default */
|
||||||
if (value == 3 && arg2 != NULL) {
|
if (value == 3 && arg2 != NULL) {
|
||||||
/* allow "AddKeysToAgent confirm 5m" */
|
/* allow "AddKeysToAgent confirm 5m" */
|
||||||
if ((value2 = convtime(arg2)) == -1 ||
|
if ((value2 = convtime(arg2)) == -1) {
|
||||||
value2 > INT_MAX) {
|
|
||||||
error("%s line %d: invalid time value.",
|
error("%s line %d: invalid time value.",
|
||||||
filename, linenum);
|
filename, linenum);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
} else if (value == -1 && arg2 == NULL) {
|
} else if (value == -1 && arg2 == NULL) {
|
||||||
if ((value2 = convtime(arg)) == -1 ||
|
if ((value2 = convtime(arg)) == -1) {
|
||||||
value2 > INT_MAX) {
|
|
||||||
error("%s line %d: unsupported option",
|
error("%s line %d: unsupported option",
|
||||||
filename, linenum);
|
filename, linenum);
|
||||||
goto out;
|
goto out;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: Makefile,v 1.122 2023/01/06 08:07:39 djm Exp $
|
# $OpenBSD: Makefile,v 1.124 2023/03/01 09:29:32 dtucker Exp $
|
||||||
|
|
||||||
tests: prep file-tests t-exec unit
|
tests: prep file-tests t-exec unit
|
||||||
|
|
||||||
|
@ -138,8 +138,8 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
|
||||||
sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
|
sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
|
||||||
sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
|
sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
|
||||||
t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \
|
t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \
|
||||||
t8.out t8.out.pub t9.out t9.out.pub testdata \
|
t8.out t8.out.pub t9.out t9.out.pub \
|
||||||
user_*key* user_ca* user_key*
|
timestamp testdata user_*key* user_ca* user_key*
|
||||||
|
|
||||||
# Enable all malloc(3) randomisations and checks
|
# Enable all malloc(3) randomisations and checks
|
||||||
TEST_ENV= "MALLOC_OPTIONS=CFGJRSUX"
|
TEST_ENV= "MALLOC_OPTIONS=CFGJRSUX"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# $OpenBSD: agent-getpeereid.sh,v 1.15 2023/02/08 08:06:03 dtucker Exp $
|
||||||
# $OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $
|
# $OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
|
@ -53,7 +54,7 @@ else
|
||||||
fi
|
fi
|
||||||
|
|
||||||
trace "kill agent"
|
trace "kill agent"
|
||||||
${SSHAGENT} -vvv -k >>$OBJ/ssh-agent.log 2>&1
|
${SSHAGENT} -k >>$OBJ/ssh-agent.log 2>&1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
rm -f ${OBJ}/agent
|
rm -f ${OBJ}/agent
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: agent-restrict.sh,v 1.5 2022/01/13 04:53:16 dtucker Exp $
|
# $OpenBSD: agent-restrict.sh,v 1.6 2023/03/01 09:29:32 dtucker Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="agent restrictions"
|
tid="agent restrictions"
|
||||||
|
@ -39,14 +39,14 @@ Host host_$h
|
||||||
Hostname host_$h
|
Hostname host_$h
|
||||||
HostkeyAlias host_$h
|
HostkeyAlias host_$h
|
||||||
IdentityFile $OBJ/user_$h
|
IdentityFile $OBJ/user_$h
|
||||||
ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy_host_$h
|
ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy_host_$h
|
||||||
_EOF
|
_EOF
|
||||||
# Variant with no specified keys.
|
# Variant with no specified keys.
|
||||||
cat << _EOF >> $OBJ/ssh_proxy_noid
|
cat << _EOF >> $OBJ/ssh_proxy_noid
|
||||||
Host host_$h
|
Host host_$h
|
||||||
Hostname host_$h
|
Hostname host_$h
|
||||||
HostkeyAlias host_$h
|
HostkeyAlias host_$h
|
||||||
ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy_host_$h
|
ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy_host_$h
|
||||||
_EOF
|
_EOF
|
||||||
done
|
done
|
||||||
cat $OBJ/ssh_proxy.bak >> $OBJ/ssh_proxy
|
cat $OBJ/ssh_proxy.bak >> $OBJ/ssh_proxy
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: agent.sh,v 1.20 2021/02/25 03:27:34 djm Exp $
|
# $OpenBSD: agent.sh,v 1.21 2023/03/01 09:29:32 dtucker Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="simple agent test"
|
tid="simple agent test"
|
||||||
|
@ -9,7 +9,7 @@ if [ $? -ne 2 ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
trace "start agent, args ${EXTRA_AGENT_ARGS} -s"
|
trace "start agent, args ${EXTRA_AGENT_ARGS} -s"
|
||||||
eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
|
eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` >`ssh_logfile ssh-agent`
|
||||||
r=$?
|
r=$?
|
||||||
if [ $r -ne 0 ]; then
|
if [ $r -ne 0 ]; then
|
||||||
fatal "could not start ssh-agent: exit code $r"
|
fatal "could not start ssh-agent: exit code $r"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: dhgex.sh,v 1.7 2020/12/21 22:48:41 dtucker Exp $
|
# $OpenBSD: dhgex.sh,v 1.8 2023/03/02 08:14:52 dtucker Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="dhgex"
|
tid="dhgex"
|
||||||
|
@ -31,8 +31,8 @@ ssh_test_dhgex()
|
||||||
# check what we request
|
# check what we request
|
||||||
grep "SSH2_MSG_KEX_DH_GEX_REQUEST($groupsz) sent" ${LOG} >/dev/null
|
grep "SSH2_MSG_KEX_DH_GEX_REQUEST($groupsz) sent" ${LOG} >/dev/null
|
||||||
if [ $? != 0 ]; then
|
if [ $? != 0 ]; then
|
||||||
got=`egrep "SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent" ${LOG}`
|
got="`egrep 'SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent' ${LOG}`"
|
||||||
fail "$tid unexpected GEX sizes, expected $groupsz, got $got"
|
fail "$tid unexpected GEX sizes, expected $groupsz, got '$got'"
|
||||||
fi
|
fi
|
||||||
# check what we got.
|
# check what we got.
|
||||||
gotbits="`awk 'BEGIN{FS="/"}/bits set:/{print $2}' ${LOG} |
|
gotbits="`awk 'BEGIN{FS="/"}/bits set:/{print $2}' ${LOG} |
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: integrity.sh,v 1.24 2020/01/21 08:06:27 djm Exp $
|
# $OpenBSD: integrity.sh,v 1.25 2023/03/01 09:29:32 dtucker Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="integrity"
|
tid="integrity"
|
||||||
|
@ -18,7 +18,7 @@ macs="$macs `${SSH} -Q cipher-auth`"
|
||||||
# >> $OBJ/ssh_proxy
|
# >> $OBJ/ssh_proxy
|
||||||
|
|
||||||
# sshd-command for proxy (see test-exec.sh)
|
# sshd-command for proxy (see test-exec.sh)
|
||||||
cmd="$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy"
|
cmd="$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" sh ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy"
|
||||||
|
|
||||||
for m in $macs; do
|
for m in $macs; do
|
||||||
trace "test $tid: mac $m"
|
trace "test $tid: mac $m"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: keygen-sshfp.sh,v 1.2 2021/07/19 02:29:28 dtucker Exp $
|
# $OpenBSD: keygen-sshfp.sh,v 1.3 2023/02/10 05:06:03 djm Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="keygen-sshfp"
|
tid="keygen-sshfp"
|
||||||
|
@ -16,6 +16,25 @@ if [ "$fp" != \
|
||||||
fail "keygen fingerprint sha256"
|
fail "keygen fingerprint sha256"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Expect two lines of output without an explicit algorithm
|
||||||
|
fp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | wc -l`
|
||||||
|
if [ $(($fp + 0)) -ne 2 ] ; then
|
||||||
|
fail "incorrect number of SSHFP records $fp (expected 2)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Test explicit algorithm selection
|
||||||
|
exp="test IN SSHFP 4 1 8a8647a7567e202ce317e62606c799c53d4c121f"
|
||||||
|
fp=`${SSHKEYGEN} -Ohashalg=sha1 -r test -f ${SRC}/ed25519_openssh.pub`
|
||||||
|
if [ "x$exp" != "x$fp" ] ; then
|
||||||
|
fail "incorrect SHA1 SSHFP output"
|
||||||
|
fi
|
||||||
|
|
||||||
|
exp="test IN SSHFP 4 2 54a506fb849aafb9f229cf78a94436c281efcb4ae67c8a430e8c06afcb5ee18f"
|
||||||
|
fp=`${SSHKEYGEN} -Ohashalg=sha256 -r test -f ${SRC}/ed25519_openssh.pub`
|
||||||
|
if [ "x$exp" != "x$fp" ] ; then
|
||||||
|
fail "incorrect SHA256 SSHFP output"
|
||||||
|
fi
|
||||||
|
|
||||||
if ${SSH} -Q key-plain | grep ssh-rsa >/dev/null; then
|
if ${SSH} -Q key-plain | grep ssh-rsa >/dev/null; then
|
||||||
fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="1"{print $6}'`
|
fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="1"{print $6}'`
|
||||||
if [ "$fp" != "99c79cc09f5f81069cc017cdf9552cfc94b3b929" ]; then
|
if [ "$fp" != "99c79cc09f5f81069cc017cdf9552cfc94b3b929" ]; then
|
||||||
|
@ -27,3 +46,4 @@ if ${SSH} -Q key-plain | grep ssh-rsa >/dev/null; then
|
||||||
fail "keygen fingerprint sha256"
|
fail "keygen fingerprint sha256"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: knownhosts.sh,v 1.1 2021/10/01 05:20:20 dtucker Exp $
|
# $OpenBSD: knownhosts.sh,v 1.2 2023/02/09 09:55:33 dtucker Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="known hosts"
|
tid="known hosts"
|
||||||
|
@ -15,3 +15,21 @@ ${SSH} -ohashknownhosts=yes -o stricthostkeychecking=no $opts somehost true \
|
||||||
|
|
||||||
trace "test hashed known hosts"
|
trace "test hashed known hosts"
|
||||||
${SSH} $opts somehost true || fail "reconnect with hashed known hosts"
|
${SSH} $opts somehost true || fail "reconnect with hashed known hosts"
|
||||||
|
|
||||||
|
trace "no newline at end of known_hosts"
|
||||||
|
printf "something" >$OBJ/known_hosts
|
||||||
|
${SSH} $opts -ostricthostkeychecking=no somehost true \
|
||||||
|
|| fail "hostkey update, missing newline, no strict"
|
||||||
|
${SSH} $opts -ostricthostkeychecking=yes somehost true \
|
||||||
|
|| fail "reconnect after adding with missing newline"
|
||||||
|
|
||||||
|
trace "newline at end of known_hosts"
|
||||||
|
printf "something\n" >$OBJ/known_hosts
|
||||||
|
${SSH} $opts -ostricthostkeychecking=no somehost true \
|
||||||
|
|| fail "hostkey update, newline, no strict"
|
||||||
|
${SSH} $opts -ostricthostkeychecking=yes somehost true \
|
||||||
|
|| fail "reconnect after adding without missing newline"
|
||||||
|
lines=`wc -l <$OBJ/known_hosts`
|
||||||
|
if [ $lines -ne 2 ]; then
|
||||||
|
fail "expected 2 lines in known_hosts, found $lines"
|
||||||
|
fi
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: multiplex.sh,v 1.35 2023/01/13 04:47:34 dtucker Exp $
|
# $OpenBSD: multiplex.sh,v 1.36 2023/03/01 09:29:32 dtucker Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
make_tmpdir
|
make_tmpdir
|
||||||
|
@ -87,7 +87,7 @@ cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}"
|
||||||
rm -f ${COPY}
|
rm -f ${COPY}
|
||||||
verbose "test $tid: forward"
|
verbose "test $tid: forward"
|
||||||
trace "forward over TCP/IP and check result"
|
trace "forward over TCP/IP and check result"
|
||||||
$NC -N -l 127.0.0.1 $((${PORT} + 1)) < ${DATA} > /dev/null &
|
$NC -N -l 127.0.0.1 $((${PORT} + 1)) < ${DATA} >`ssh_logfile nc` &
|
||||||
netcat_pid=$!
|
netcat_pid=$!
|
||||||
${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L127.0.0.1:$((${PORT} + 2)):127.0.0.1:$((${PORT} + 1)) otherhost >>$TEST_SSH_LOGFILE 2>&1
|
${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L127.0.0.1:$((${PORT} + 2)):127.0.0.1:$((${PORT} + 1)) otherhost >>$TEST_SSH_LOGFILE 2>&1
|
||||||
sleep 1 # XXX remove once race fixed
|
sleep 1 # XXX remove once race fixed
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
# $OpenBSD: sshd-log-wrapper.sh,v 1.5 2022/01/04 08:38:53 dtucker Exp $
|
|
||||||
# Placed in the Public Domain.
|
|
||||||
#
|
|
||||||
# simple wrapper for sshd proxy mode to catch stderr output
|
|
||||||
# sh sshd-log-wrapper.sh /path/to/logfile /path/to/sshd [args...]
|
|
||||||
|
|
||||||
log=$1
|
|
||||||
shift
|
|
||||||
|
|
||||||
echo "Executing: $@" >>$log
|
|
||||||
exec "$@" -E$log
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: test-exec.sh,v 1.94 2023/01/13 04:47:34 dtucker Exp $
|
# $OpenBSD: test-exec.sh,v 1.98 2023/03/02 11:10:27 dtucker Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
#SUDO=sudo
|
#SUDO=sudo
|
||||||
|
@ -102,7 +102,8 @@ CONCH=conch
|
||||||
|
|
||||||
# Tools used by multiple tests
|
# Tools used by multiple tests
|
||||||
NC=$OBJ/netcat
|
NC=$OBJ/netcat
|
||||||
OPENSSL_BIN="${OPENSSL_BIN:-openssl}"
|
# Always use the one configure tells us to, even if that's empty.
|
||||||
|
#OPENSSL_BIN="${OPENSSL_BIN:-openssl}"
|
||||||
|
|
||||||
if [ "x$TEST_SSH_SSH" != "x" ]; then
|
if [ "x$TEST_SSH_SSH" != "x" ]; then
|
||||||
SSH="${TEST_SSH_SSH}"
|
SSH="${TEST_SSH_SSH}"
|
||||||
|
@ -239,7 +240,13 @@ fi
|
||||||
# Logfiles.
|
# Logfiles.
|
||||||
# SSH_LOGFILE should be the debug output of ssh(1) only
|
# SSH_LOGFILE should be the debug output of ssh(1) only
|
||||||
# SSHD_LOGFILE should be the debug output of sshd(8) only
|
# SSHD_LOGFILE should be the debug output of sshd(8) only
|
||||||
# REGRESS_LOGFILE is the output of the test itself stdout and stderr
|
# REGRESS_LOGFILE is the log of progress of the regress test itself.
|
||||||
|
# TEST_SSH_LOGDIR will contain datestamped logs of all binaries run in
|
||||||
|
# chronological order.
|
||||||
|
if [ "x$TEST_SSH_LOGDIR" = "x" ]; then
|
||||||
|
TEST_SSH_LOGDIR=$OBJ/log
|
||||||
|
mkdir -p $TEST_SSH_LOGDIR
|
||||||
|
fi
|
||||||
if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
|
if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
|
||||||
TEST_SSH_LOGFILE=$OBJ/ssh.log
|
TEST_SSH_LOGFILE=$OBJ/ssh.log
|
||||||
fi
|
fi
|
||||||
|
@ -275,20 +282,28 @@ if [ "x$TEST_REGRESS_CACHE_DIR" != "x" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# truncate logfiles
|
# truncate logfiles
|
||||||
>$TEST_SSH_LOGFILE
|
|
||||||
>$TEST_SSHD_LOGFILE
|
|
||||||
>$TEST_REGRESS_LOGFILE
|
>$TEST_REGRESS_LOGFILE
|
||||||
|
|
||||||
# Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..."
|
# Create ssh and sshd wrappers with logging. These create a datestamped
|
||||||
# because sftp and scp don't handle spaces in arguments. scp and sftp like
|
# unique file for every invocation so that we can retain all logs from a
|
||||||
# to use -q so we remove those to preserve our debug logging. In the rare
|
# given test no matter how many times it's invoked. It also leaves a
|
||||||
# instance where -q is desirable -qq is equivalent and is not removed.
|
# symlink with the original name for tests (and people) who look for that.
|
||||||
|
|
||||||
|
# For ssh, e can't just specify "SSH=ssh -E..." because sftp and scp don't
|
||||||
|
# handle spaces in arguments. scp and sftp like to use -q so we remove those
|
||||||
|
# to preserve our debug logging. In the rare instance where -q is desirable
|
||||||
|
# -qq is equivalent and is not removed.
|
||||||
SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
|
SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
|
||||||
cat >$SSHLOGWRAP <<EOD
|
cat >$SSHLOGWRAP <<EOD
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
echo "Executing: ${SSH} \$@" >>${TEST_SSH_LOGFILE}
|
timestamp="\`$OBJ/timestamp\`"
|
||||||
|
logfile="${TEST_SSH_LOGDIR}/\${timestamp}.ssh.\$\$.log"
|
||||||
|
echo "Executing: ${SSH} \$@" log \${logfile} >>$TEST_REGRESS_LOGFILE
|
||||||
|
echo "Executing: ${SSH} \$@" >>\${logfile}
|
||||||
for i in "\$@";do shift;case "\$i" in -q):;; *) set -- "\$@" "\$i";;esac;done
|
for i in "\$@";do shift;case "\$i" in -q):;; *) set -- "\$@" "\$i";;esac;done
|
||||||
exec ${SSH} -E${TEST_SSH_LOGFILE} "\$@"
|
rm -f $TEST_SSH_LOGFILE
|
||||||
|
ln -f -s \${logfile} $TEST_SSH_LOGFILE
|
||||||
|
exec ${SSH} -E\${logfile} "\$@"
|
||||||
EOD
|
EOD
|
||||||
|
|
||||||
chmod a+rx $OBJ/ssh-log-wrapper.sh
|
chmod a+rx $OBJ/ssh-log-wrapper.sh
|
||||||
|
@ -296,6 +311,28 @@ REAL_SSH="$SSH"
|
||||||
REAL_SSHD="$SSHD"
|
REAL_SSHD="$SSHD"
|
||||||
SSH="$SSHLOGWRAP"
|
SSH="$SSHLOGWRAP"
|
||||||
|
|
||||||
|
SSHDLOGWRAP=$OBJ/sshd-log-wrapper.sh
|
||||||
|
cat >$SSHDLOGWRAP <<EOD
|
||||||
|
#!/bin/sh
|
||||||
|
timestamp="\`$OBJ/timestamp\`"
|
||||||
|
logfile="${TEST_SSH_LOGDIR}/\${timestamp}.sshd.\$\$.log"
|
||||||
|
rm -f $TEST_SSHD_LOGFILE
|
||||||
|
ln -f -s \${logfile} $TEST_SSHD_LOGFILE
|
||||||
|
echo "Executing: ${SSHD} \$@" log \${logfile} >>$TEST_REGRESS_LOGFILE
|
||||||
|
echo "Executing: ${SSHD} \$@" >>\${logfile}
|
||||||
|
exec ${SSHD} -E\${logfile} "\$@"
|
||||||
|
EOD
|
||||||
|
chmod a+rx $OBJ/sshd-log-wrapper.sh
|
||||||
|
|
||||||
|
ssh_logfile ()
|
||||||
|
{
|
||||||
|
tool="$1"
|
||||||
|
timestamp="`$OBJ/timestamp`"
|
||||||
|
logfile="${TEST_SSH_LOGDIR}/${timestamp}.$tool.$$.log"
|
||||||
|
echo "Logging $tool to log \${logfile}" >>$TEST_REGRESS_LOGFILE
|
||||||
|
echo $logfile
|
||||||
|
}
|
||||||
|
|
||||||
# Some test data. We make a copy because some tests will overwrite it.
|
# Some test data. We make a copy because some tests will overwrite it.
|
||||||
# The tests may assume that $DATA exists and is writable and $COPY does
|
# The tests may assume that $DATA exists and is writable and $COPY does
|
||||||
# not exist. Tests requiring larger data files can call increase_datafile_size
|
# not exist. Tests requiring larger data files can call increase_datafile_size
|
||||||
|
@ -450,19 +487,37 @@ cleanup ()
|
||||||
|
|
||||||
start_debug_log ()
|
start_debug_log ()
|
||||||
{
|
{
|
||||||
echo "trace: $@" >$TEST_REGRESS_LOGFILE
|
echo "trace: $@" >>$TEST_REGRESS_LOGFILE
|
||||||
echo "trace: $@" >$TEST_SSH_LOGFILE
|
if [ -d "$TEST_SSH_LOGDIR" ]; then
|
||||||
echo "trace: $@" >$TEST_SSHD_LOGFILE
|
rm -f $TEST_SSH_LOGDIR/*
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
save_debug_log ()
|
save_debug_log ()
|
||||||
{
|
{
|
||||||
|
testname=`echo $tid | tr ' ' _`
|
||||||
|
tarname="$OBJ/failed-$testname-logs.tar"
|
||||||
|
|
||||||
echo $@ >>$TEST_REGRESS_LOGFILE
|
echo $@ >>$TEST_REGRESS_LOGFILE
|
||||||
echo $@ >>$TEST_SSH_LOGFILE
|
echo $@ >>$TEST_SSH_LOGFILE
|
||||||
echo $@ >>$TEST_SSHD_LOGFILE
|
echo $@ >>$TEST_SSHD_LOGFILE
|
||||||
|
echo "Saving debug logs to $tarname" >>$TEST_REGRESS_LOGFILE
|
||||||
(cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log
|
(cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log
|
||||||
(cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log
|
(cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log
|
||||||
(cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log
|
(cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log
|
||||||
|
|
||||||
|
# Save all logfiles in a tarball.
|
||||||
|
(cd $OBJ &&
|
||||||
|
logfiles=""
|
||||||
|
for i in $TEST_REGRESS_LOGFILE $TEST_SSH_LOGFILE $TEST_SSHD_LOGFILE \
|
||||||
|
$TEST_SSH_LOGDIR; do
|
||||||
|
if [ -e "`basename $i`" ]; then
|
||||||
|
logfiles="$logfiles `basename $i`"
|
||||||
|
else
|
||||||
|
logfiles="$logfiles $i"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
tar cf "$tarname" $logfiles)
|
||||||
}
|
}
|
||||||
|
|
||||||
trace ()
|
trace ()
|
||||||
|
@ -724,7 +779,7 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
|
||||||
echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
|
echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
|
||||||
echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
|
echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
|
||||||
echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
|
echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
|
||||||
echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
|
echo "ProxyTelnetCommand=${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
|
||||||
echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy
|
echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy
|
||||||
|
|
||||||
PUTTYDIR=${OBJ}/.putty
|
PUTTYDIR=${OBJ}/.putty
|
||||||
|
@ -734,7 +789,7 @@ fi
|
||||||
# create a proxy version of the client config
|
# create a proxy version of the client config
|
||||||
(
|
(
|
||||||
cat $OBJ/ssh_config
|
cat $OBJ/ssh_config
|
||||||
echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy
|
echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy
|
||||||
) > $OBJ/ssh_proxy
|
) > $OBJ/ssh_proxy
|
||||||
|
|
||||||
# check proxy config
|
# check proxy config
|
||||||
|
@ -743,6 +798,7 @@ ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken"
|
||||||
start_sshd ()
|
start_sshd ()
|
||||||
{
|
{
|
||||||
# start sshd
|
# start sshd
|
||||||
|
logfile="${TEST_SSH_LOGDIR}/sshd.`$OBJ/timestamp`.$$.log"
|
||||||
$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
|
$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
|
||||||
$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" \
|
$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" \
|
||||||
${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
|
${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
|
||||||
|
|
46
crypto/openssh/regress/timestamp.c
Normal file
46
crypto/openssh/regress/timestamp.c
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2023 Darren Tucker <dtucker@openssh.com>
|
||||||
|
*
|
||||||
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
|
* copyright notice and this permission notice appear in all copies.
|
||||||
|
*
|
||||||
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||||
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||||
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||||
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||||
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||||
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* $OpenBSD: timestamp.c,v 1.1 2023/03/01 09:29:32 dtucker Exp $ */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Print a microsecond-granularity timestamp to stdout in an ISO8601-ish
|
||||||
|
* format, which we can then use as the first component of the log file
|
||||||
|
* so that they'll sort into chronological order.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <sys/time.h>
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <time.h>
|
||||||
|
|
||||||
|
int
|
||||||
|
main(void)
|
||||||
|
{
|
||||||
|
struct timeval tv;
|
||||||
|
struct tm *tm;
|
||||||
|
char buf[1024];
|
||||||
|
|
||||||
|
if (gettimeofday(&tv, NULL) != 0)
|
||||||
|
exit(1);
|
||||||
|
if ((tm = localtime(&tv.tv_sec)) == NULL)
|
||||||
|
exit(2);
|
||||||
|
if (strftime(buf, sizeof buf, "%Y%m%dT%H%M%S", tm) <= 0)
|
||||||
|
exit(3);
|
||||||
|
printf("%s.%06d\n", buf, (int)tv.tv_usec);
|
||||||
|
exit(0);
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: test_proposal.c,v 1.1 2023/02/02 12:12:52 djm Exp $ */
|
/* $OpenBSD: test_proposal.c,v 1.2 2023/03/06 12:15:47 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Regress test KEX
|
* Regress test KEX
|
||||||
*
|
*
|
||||||
|
@ -18,21 +18,24 @@
|
||||||
|
|
||||||
#include "../test_helper/test_helper.h"
|
#include "../test_helper/test_helper.h"
|
||||||
|
|
||||||
|
#include "cipher.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "ssherr.h"
|
#include "ssherr.h"
|
||||||
#include "sshbuf.h"
|
#include "sshbuf.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
|
#include "myproposal.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
|
||||||
void kex_proposal(void);
|
void kex_proposal_tests(void);
|
||||||
|
void kex_proposal_populate_tests(void);
|
||||||
|
|
||||||
#define CURVE25519 "curve25519-sha256@libssh.org"
|
#define CURVE25519 "curve25519-sha256@libssh.org"
|
||||||
#define DHGEX1 "diffie-hellman-group-exchange-sha1"
|
#define DHGEX1 "diffie-hellman-group-exchange-sha1"
|
||||||
#define DHGEX256 "diffie-hellman-group-exchange-sha256"
|
#define DHGEX256 "diffie-hellman-group-exchange-sha256"
|
||||||
#define KEXALGOS CURVE25519","DHGEX256","DHGEX1
|
#define KEXALGOS CURVE25519","DHGEX256","DHGEX1
|
||||||
void
|
void
|
||||||
kex_proposal(void)
|
kex_proposal_tests(void)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
struct ssh ssh;
|
struct ssh ssh;
|
||||||
|
@ -81,3 +84,41 @@ kex_proposal(void)
|
||||||
}
|
}
|
||||||
TEST_DONE();
|
TEST_DONE();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
kex_proposal_populate_tests(void)
|
||||||
|
{
|
||||||
|
char *prop[PROPOSAL_MAX], *kexalgs, *ciphers, *macs, *hkalgs;
|
||||||
|
const char *comp = compression_alg_list(0);
|
||||||
|
int i;
|
||||||
|
struct ssh ssh;
|
||||||
|
struct kex kex;
|
||||||
|
|
||||||
|
kexalgs = kex_alg_list(',');
|
||||||
|
ciphers = cipher_alg_list(',', 0);
|
||||||
|
macs = mac_alg_list(',');
|
||||||
|
hkalgs = kex_alg_list(',');
|
||||||
|
|
||||||
|
ssh.kex = &kex;
|
||||||
|
TEST_START("compat_kex_proposal_populate");
|
||||||
|
for (i = 0; i <= 1; i++) {
|
||||||
|
kex.server = i;
|
||||||
|
for (ssh.compat = 0; ssh.compat < 0x40000000; ) {
|
||||||
|
kex_proposal_populate_entries(&ssh, prop, NULL, NULL,
|
||||||
|
NULL, NULL, NULL);
|
||||||
|
kex_proposal_free_entries(prop);
|
||||||
|
kex_proposal_populate_entries(&ssh, prop, kexalgs,
|
||||||
|
ciphers, macs, hkalgs, comp);
|
||||||
|
kex_proposal_free_entries(prop);
|
||||||
|
if (ssh.compat == 0)
|
||||||
|
ssh.compat = 1;
|
||||||
|
else
|
||||||
|
ssh.compat <<= 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
free(kexalgs);
|
||||||
|
free(ciphers);
|
||||||
|
free(macs);
|
||||||
|
free(hkalgs);
|
||||||
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: tests.c,v 1.2 2023/02/02 12:12:52 djm Exp $ */
|
/* $OpenBSD: tests.c,v 1.3 2023/03/06 12:15:47 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Placed in the public domain
|
* Placed in the public domain
|
||||||
*/
|
*/
|
||||||
|
@ -6,11 +6,13 @@
|
||||||
#include "../test_helper/test_helper.h"
|
#include "../test_helper/test_helper.h"
|
||||||
|
|
||||||
void kex_tests(void);
|
void kex_tests(void);
|
||||||
void kex_proposal(void);
|
void kex_proposal_tests(void);
|
||||||
|
void kex_proposal_populate_tests(void);
|
||||||
|
|
||||||
void
|
void
|
||||||
tests(void)
|
tests(void)
|
||||||
{
|
{
|
||||||
kex_tests();
|
kex_tests();
|
||||||
kex_proposal();
|
kex_proposal_tests();
|
||||||
|
kex_proposal_populate_tests();
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,9 +5,13 @@
|
||||||
* Placed in the public domain.
|
* Placed in the public domain.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
#ifdef HAVE_STDINT_H
|
||||||
# include <stdint.h>
|
# include <stdint.h>
|
||||||
|
#endif
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <poll.h>
|
#include <poll.h>
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2012 Will Drewry <wad@dataspill.org>
|
* Copyright (c) 2012 Will Drewry <wad@dataspill.org>
|
||||||
|
* Copyright (c) 2015,2017,2019,2020,2023 Damien Miller <djm@mindrot.org>
|
||||||
*
|
*
|
||||||
* Permission to use, copy, modify, and distribute this software for any
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
* purpose with or without fee is hereby granted, provided that the above
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
|
@ -48,6 +49,7 @@
|
||||||
#include <sys/mman.h>
|
#include <sys/mman.h>
|
||||||
#include <sys/syscall.h>
|
#include <sys/syscall.h>
|
||||||
|
|
||||||
|
#include <linux/futex.h>
|
||||||
#include <linux/net.h>
|
#include <linux/net.h>
|
||||||
#include <linux/audit.h>
|
#include <linux/audit.h>
|
||||||
#include <linux/filter.h>
|
#include <linux/filter.h>
|
||||||
|
@ -132,6 +134,71 @@
|
||||||
/* reload syscall number; all rules expect it in accumulator */ \
|
/* reload syscall number; all rules expect it in accumulator */ \
|
||||||
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
|
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
|
||||||
offsetof(struct seccomp_data, nr))
|
offsetof(struct seccomp_data, nr))
|
||||||
|
/* Deny unless syscall argument contains only values in mask */
|
||||||
|
#define SC_DENY_UNLESS_ARG_MASK(_nr, _arg_nr, _arg_mask, _errno) \
|
||||||
|
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 8), \
|
||||||
|
/* load, mask and test syscall argument, low word */ \
|
||||||
|
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
|
||||||
|
offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_LO_OFFSET), \
|
||||||
|
BPF_STMT(BPF_ALU+BPF_AND+BPF_K, ~((_arg_mask) & 0xFFFFFFFF)), \
|
||||||
|
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 3), \
|
||||||
|
/* load, mask and test syscall argument, high word */ \
|
||||||
|
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
|
||||||
|
offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_HI_OFFSET), \
|
||||||
|
BPF_STMT(BPF_ALU+BPF_AND+BPF_K, \
|
||||||
|
~(((uint32_t)((uint64_t)(_arg_mask) >> 32)) & 0xFFFFFFFF)), \
|
||||||
|
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 1, 0), \
|
||||||
|
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)), \
|
||||||
|
/* reload syscall number; all rules expect it in accumulator */ \
|
||||||
|
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
|
||||||
|
offsetof(struct seccomp_data, nr))
|
||||||
|
#define SC_DENY_UNLESS_MASK(_nr, _arg_nr, _arg_val, _errno) \
|
||||||
|
/* Special handling for futex(2) that combines a bitmap and operation number */
|
||||||
|
#if defined(__NR_futex) || defined(__NR_futex_time64)
|
||||||
|
#define SC_FUTEX_MASK (FUTEX_PRIVATE_FLAG|FUTEX_CLOCK_REALTIME)
|
||||||
|
#define SC_ALLOW_FUTEX_OP(_nr, _op) \
|
||||||
|
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 8), \
|
||||||
|
/* load syscall argument, low word */ \
|
||||||
|
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
|
||||||
|
offsetof(struct seccomp_data, args[1]) + ARG_LO_OFFSET), \
|
||||||
|
/* mask off allowed bitmap values, low word */ \
|
||||||
|
BPF_STMT(BPF_ALU+BPF_AND+BPF_K, ~(SC_FUTEX_MASK & 0xFFFFFFFF)), \
|
||||||
|
/* test operation number, low word */ \
|
||||||
|
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ((_op) & 0xFFFFFFFF), 0, 4), \
|
||||||
|
/* load syscall argument, high word */ \
|
||||||
|
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
|
||||||
|
offsetof(struct seccomp_data, args[1]) + ARG_HI_OFFSET), \
|
||||||
|
/* mask off allowed bitmap values, high word */ \
|
||||||
|
BPF_STMT(BPF_ALU+BPF_AND+BPF_K, \
|
||||||
|
~(((uint32_t)((uint64_t)SC_FUTEX_MASK >> 32)) & 0xFFFFFFFF)), \
|
||||||
|
/* test operation number, high word */ \
|
||||||
|
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \
|
||||||
|
(((uint32_t)((uint64_t)(_op) >> 32)) & 0xFFFFFFFF), 0, 1), \
|
||||||
|
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), \
|
||||||
|
/* reload syscall number; all rules expect it in accumulator */ \
|
||||||
|
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr))
|
||||||
|
|
||||||
|
/* Use this for both __NR_futex and __NR_futex_time64 */
|
||||||
|
# define SC_FUTEX(_nr) \
|
||||||
|
SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAIT), \
|
||||||
|
SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAIT_BITSET), \
|
||||||
|
SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAKE), \
|
||||||
|
SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAKE_BITSET), \
|
||||||
|
SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_REQUEUE), \
|
||||||
|
SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_CMP_REQUEUE)
|
||||||
|
#endif /* __NR_futex || __NR_futex_time64 */
|
||||||
|
|
||||||
|
#if defined(__NR_mmap) || defined(__NR_mmap2)
|
||||||
|
# ifdef MAP_FIXED_NOREPLACE
|
||||||
|
# define SC_MMAP_FLAGS MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED|MAP_FIXED_NOREPLACE
|
||||||
|
# else
|
||||||
|
# define SC_MMAP_FLAGS MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED
|
||||||
|
# endif /* MAP_FIXED_NOREPLACE */
|
||||||
|
/* Use this for both __NR_mmap and __NR_mmap2 variants */
|
||||||
|
# define SC_MMAP(_nr) \
|
||||||
|
SC_DENY_UNLESS_ARG_MASK(_nr, 3, SC_MMAP_FLAGS, EINVAL), \
|
||||||
|
SC_ALLOW_ARG_MASK(_nr, 2, PROT_READ|PROT_WRITE|PROT_NONE)
|
||||||
|
#endif /* __NR_mmap || __NR_mmap2 */
|
||||||
|
|
||||||
/* Syscall filtering set for preauth. */
|
/* Syscall filtering set for preauth. */
|
||||||
static const struct sock_filter preauth_insns[] = {
|
static const struct sock_filter preauth_insns[] = {
|
||||||
|
@ -211,10 +278,10 @@ static const struct sock_filter preauth_insns[] = {
|
||||||
SC_ALLOW(__NR_exit_group),
|
SC_ALLOW(__NR_exit_group),
|
||||||
#endif
|
#endif
|
||||||
#ifdef __NR_futex
|
#ifdef __NR_futex
|
||||||
SC_ALLOW(__NR_futex),
|
SC_FUTEX(__NR_futex),
|
||||||
#endif
|
#endif
|
||||||
#ifdef __NR_futex_time64
|
#ifdef __NR_futex_time64
|
||||||
SC_ALLOW(__NR_futex_time64),
|
SC_FUTEX(__NR_futex_time64),
|
||||||
#endif
|
#endif
|
||||||
#ifdef __NR_geteuid
|
#ifdef __NR_geteuid
|
||||||
SC_ALLOW(__NR_geteuid),
|
SC_ALLOW(__NR_geteuid),
|
||||||
|
@ -244,13 +311,29 @@ static const struct sock_filter preauth_insns[] = {
|
||||||
SC_ALLOW(__NR_getuid32),
|
SC_ALLOW(__NR_getuid32),
|
||||||
#endif
|
#endif
|
||||||
#ifdef __NR_madvise
|
#ifdef __NR_madvise
|
||||||
SC_ALLOW(__NR_madvise),
|
SC_ALLOW_ARG(__NR_madvise, 2, MADV_NORMAL),
|
||||||
|
# ifdef MADV_FREE
|
||||||
|
SC_ALLOW_ARG(__NR_madvise, 2, MADV_FREE),
|
||||||
|
# endif
|
||||||
|
# ifdef MADV_DONTNEED
|
||||||
|
SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTNEED),
|
||||||
|
# endif
|
||||||
|
# ifdef MADV_DONTFORK
|
||||||
|
SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTFORK),
|
||||||
|
# endif
|
||||||
|
# ifdef MADV_DONTDUMP
|
||||||
|
SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTDUMP),
|
||||||
|
# endif
|
||||||
|
# ifdef MADV_WIPEONFORK
|
||||||
|
SC_ALLOW_ARG(__NR_madvise, 2, MADV_WIPEONFORK),
|
||||||
|
# endif
|
||||||
|
SC_DENY(__NR_madvise, EINVAL),
|
||||||
#endif
|
#endif
|
||||||
#ifdef __NR_mmap
|
#ifdef __NR_mmap
|
||||||
SC_ALLOW_ARG_MASK(__NR_mmap, 2, PROT_READ|PROT_WRITE|PROT_NONE),
|
SC_MMAP(__NR_mmap),
|
||||||
#endif
|
#endif
|
||||||
#ifdef __NR_mmap2
|
#ifdef __NR_mmap2
|
||||||
SC_ALLOW_ARG_MASK(__NR_mmap2, 2, PROT_READ|PROT_WRITE|PROT_NONE),
|
SC_MMAP(__NR_mmap2),
|
||||||
#endif
|
#endif
|
||||||
#ifdef __NR_mprotect
|
#ifdef __NR_mprotect
|
||||||
SC_ALLOW_ARG_MASK(__NR_mprotect, 2, PROT_READ|PROT_WRITE|PROT_NONE),
|
SC_ALLOW_ARG_MASK(__NR_mprotect, 2, PROT_READ|PROT_WRITE|PROT_NONE),
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: scp.c,v 1.252 2023/01/10 23:22:15 millert Exp $ */
|
/* $OpenBSD: scp.c,v 1.253 2023/03/03 03:12:24 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* scp - secure remote copy. This is basically patched BSD rcp which
|
* scp - secure remote copy. This is basically patched BSD rcp which
|
||||||
* uses ssh to do the data transfer (instead of using rcmd).
|
* uses ssh to do the data transfer (instead of using rcmd).
|
||||||
|
@ -394,8 +394,10 @@ do_cmd2(char *host, char *remuser, int port, char *cmd,
|
||||||
/* Fork a child to execute the command on the remote host using ssh. */
|
/* Fork a child to execute the command on the remote host using ssh. */
|
||||||
pid = fork();
|
pid = fork();
|
||||||
if (pid == 0) {
|
if (pid == 0) {
|
||||||
dup2(fdin, 0);
|
if (dup2(fdin, 0) == -1)
|
||||||
dup2(fdout, 1);
|
perror("dup2");
|
||||||
|
if (dup2(fdout, 1) == -1)
|
||||||
|
perror("dup2");
|
||||||
|
|
||||||
replacearg(&args, 0, "%s", ssh_program);
|
replacearg(&args, 0, "%s", ssh_program);
|
||||||
if (port != -1) {
|
if (port != -1) {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
/* $OpenBSD: servconf.c,v 1.390 2023/01/17 09:44:48 djm Exp $ */
|
/* $OpenBSD: servconf.c,v 1.392 2023/03/05 05:34:09 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
* All rights reserved
|
* All rights reserved
|
||||||
|
@ -54,7 +54,6 @@
|
||||||
#include "sshbuf.h"
|
#include "sshbuf.h"
|
||||||
#include "misc.h"
|
#include "misc.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "pathnames.h"
|
#include "pathnames.h"
|
||||||
#include "cipher.h"
|
#include "cipher.h"
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
|
@ -2938,8 +2937,16 @@ dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
|
||||||
{
|
{
|
||||||
u_int i;
|
u_int i;
|
||||||
|
|
||||||
if (count <= 0 && code != sAuthenticationMethods)
|
switch (code) {
|
||||||
|
case sAuthenticationMethods:
|
||||||
|
case sChannelTimeout:
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
if (count <= 0)
|
||||||
return;
|
return;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
printf("%s", lookup_opcode_name(code));
|
printf("%s", lookup_opcode_name(code));
|
||||||
for (i = 0; i < count; i++)
|
for (i = 0; i < count; i++)
|
||||||
printf(" %s", vals[i]);
|
printf(" %s", vals[i]);
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: serverloop.c,v 1.234 2023/01/17 09:44:48 djm Exp $ */
|
/* $OpenBSD: serverloop.c,v 1.236 2023/03/08 04:43:12 guenther Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -69,7 +69,6 @@
|
||||||
#include "canohost.h"
|
#include "canohost.h"
|
||||||
#include "sshpty.h"
|
#include "sshpty.h"
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "ssh2.h"
|
#include "ssh2.h"
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
#include "cipher.h"
|
#include "cipher.h"
|
||||||
|
@ -113,14 +112,12 @@ bind_permitted(int port, uid_t uid)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*ARGSUSED*/
|
|
||||||
static void
|
static void
|
||||||
sigchld_handler(int sig)
|
sigchld_handler(int sig)
|
||||||
{
|
{
|
||||||
child_terminated = 1;
|
child_terminated = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*ARGSUSED*/
|
|
||||||
static void
|
static void
|
||||||
sigterm_handler(int sig)
|
sigterm_handler(int sig)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: session.c,v 1.333 2023/01/06 02:42:34 djm Exp $ */
|
/* $OpenBSD: session.c,v 1.335 2023/03/07 06:09:14 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
* All rights reserved
|
* All rights reserved
|
||||||
|
@ -72,7 +72,6 @@
|
||||||
#include "ssherr.h"
|
#include "ssherr.h"
|
||||||
#include "match.h"
|
#include "match.h"
|
||||||
#include "uidswap.h"
|
#include "uidswap.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
#include "cipher.h"
|
#include "cipher.h"
|
||||||
|
@ -1176,6 +1175,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
|
||||||
}
|
}
|
||||||
*value++ = '\0';
|
*value++ = '\0';
|
||||||
child_set_env(&env, &envsize, cp, value);
|
child_set_env(&env, &envsize, cp, value);
|
||||||
|
free(cp);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* SSH_CLIENT deprecated */
|
/* SSH_CLIENT deprecated */
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sftp-client.c,v 1.168 2023/01/11 05:39:38 djm Exp $ */
|
/* $OpenBSD: sftp-client.c,v 1.169 2023/03/08 04:43:12 guenther Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||||
*
|
*
|
||||||
|
@ -149,7 +149,6 @@ request_find(struct requests *requests, u_int id)
|
||||||
return req;
|
return req;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
sftpio(void *_bwlimit, size_t amount)
|
sftpio(void *_bwlimit, size_t amount)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sftp-server.c,v 1.145 2022/11/09 09:04:12 dtucker Exp $ */
|
/* $OpenBSD: sftp-server.c,v 1.146 2023/03/07 05:37:26 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -819,7 +819,7 @@ process_read(u_int32_t id)
|
||||||
}
|
}
|
||||||
if (len > buflen) {
|
if (len > buflen) {
|
||||||
debug3_f("allocate %zu => %u", buflen, len);
|
debug3_f("allocate %zu => %u", buflen, len);
|
||||||
if ((buf = realloc(NULL, len)) == NULL)
|
if ((buf = realloc(buf, len)) == NULL)
|
||||||
fatal_f("realloc failed");
|
fatal_f("realloc failed");
|
||||||
buflen = len;
|
buflen = len;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sftp.c,v 1.225 2023/01/05 05:49:13 djm Exp $ */
|
/* $OpenBSD: sftp.c,v 1.229 2023/03/12 09:41:18 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||||
*
|
*
|
||||||
|
@ -217,7 +217,6 @@ static const struct CMD cmds[] = {
|
||||||
{ NULL, -1, -1, -1 }
|
{ NULL, -1, -1, -1 }
|
||||||
};
|
};
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static void
|
static void
|
||||||
killchild(int signo)
|
killchild(int signo)
|
||||||
{
|
{
|
||||||
|
@ -232,7 +231,6 @@ killchild(int signo)
|
||||||
_exit(1);
|
_exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static void
|
static void
|
||||||
suspchild(int signo)
|
suspchild(int signo)
|
||||||
{
|
{
|
||||||
|
@ -244,7 +242,6 @@ suspchild(int signo)
|
||||||
kill(getpid(), SIGSTOP);
|
kill(getpid(), SIGSTOP);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static void
|
static void
|
||||||
cmd_interrupt(int signo)
|
cmd_interrupt(int signo)
|
||||||
{
|
{
|
||||||
|
@ -256,14 +253,12 @@ cmd_interrupt(int signo)
|
||||||
errno = olderrno;
|
errno = olderrno;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static void
|
static void
|
||||||
read_interrupt(int signo)
|
read_interrupt(int signo)
|
||||||
{
|
{
|
||||||
interrupted = 1;
|
interrupted = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*ARGSUSED*/
|
|
||||||
static void
|
static void
|
||||||
sigchld_handler(int sig)
|
sigchld_handler(int sig)
|
||||||
{
|
{
|
||||||
|
@ -1012,7 +1007,7 @@ do_globbed_ls(struct sftp_conn *conn, const char *path,
|
||||||
*/
|
*/
|
||||||
for (nentries = 0; g.gl_pathv[nentries] != NULL; nentries++)
|
for (nentries = 0; g.gl_pathv[nentries] != NULL; nentries++)
|
||||||
; /* count entries */
|
; /* count entries */
|
||||||
indices = calloc(nentries, sizeof(*indices));
|
indices = xcalloc(nentries, sizeof(*indices));
|
||||||
for (i = 0; i < nentries; i++)
|
for (i = 0; i < nentries; i++)
|
||||||
indices[i] = i;
|
indices[i] = i;
|
||||||
|
|
||||||
|
@ -1030,6 +1025,7 @@ do_globbed_ls(struct sftp_conn *conn, const char *path,
|
||||||
if (lflag & LS_LONG_VIEW) {
|
if (lflag & LS_LONG_VIEW) {
|
||||||
if (g.gl_statv[i] == NULL) {
|
if (g.gl_statv[i] == NULL) {
|
||||||
error("no stat information for %s", fname);
|
error("no stat information for %s", fname);
|
||||||
|
free(fname);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
lname = ls_file(fname, g.gl_statv[i], 1,
|
lname = ls_file(fname, g.gl_statv[i], 1,
|
||||||
|
@ -2001,7 +1997,9 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
|
||||||
|
|
||||||
memset(&g, 0, sizeof(g));
|
memset(&g, 0, sizeof(g));
|
||||||
if (remote != LOCAL) {
|
if (remote != LOCAL) {
|
||||||
tmp = make_absolute_pwd_glob(tmp, remote_path);
|
tmp2 = make_absolute_pwd_glob(tmp, remote_path);
|
||||||
|
free(tmp);
|
||||||
|
tmp = tmp2;
|
||||||
remote_glob(conn, tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g);
|
remote_glob(conn, tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g);
|
||||||
} else
|
} else
|
||||||
glob(tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g);
|
glob(tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g);
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-add.c,v 1.166 2022/06/18 02:17:16 dtucker Exp $ */
|
/* $OpenBSD: ssh-add.c,v 1.167 2023/03/08 00:05:58 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -477,6 +477,7 @@ test_key(int agent_fd, const char *filename)
|
||||||
{
|
{
|
||||||
struct sshkey *key = NULL;
|
struct sshkey *key = NULL;
|
||||||
u_char *sig = NULL;
|
u_char *sig = NULL;
|
||||||
|
const char *alg = NULL;
|
||||||
size_t slen = 0;
|
size_t slen = 0;
|
||||||
int r, ret = -1;
|
int r, ret = -1;
|
||||||
char data[1024];
|
char data[1024];
|
||||||
|
@ -485,14 +486,16 @@ test_key(int agent_fd, const char *filename)
|
||||||
error_r(r, "Couldn't read public key %s", filename);
|
error_r(r, "Couldn't read public key %s", filename);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
if (sshkey_type_plain(key->type) == KEY_RSA)
|
||||||
|
alg = "rsa-sha2-256";
|
||||||
arc4random_buf(data, sizeof(data));
|
arc4random_buf(data, sizeof(data));
|
||||||
if ((r = ssh_agent_sign(agent_fd, key, &sig, &slen, data, sizeof(data),
|
if ((r = ssh_agent_sign(agent_fd, key, &sig, &slen, data, sizeof(data),
|
||||||
NULL, 0)) != 0) {
|
alg, 0)) != 0) {
|
||||||
error_r(r, "Agent signature failed for %s", filename);
|
error_r(r, "Agent signature failed for %s", filename);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
|
if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
|
||||||
NULL, 0, NULL)) != 0) {
|
alg, 0, NULL)) != 0) {
|
||||||
error_r(r, "Signature verification failed for %s", filename);
|
error_r(r, "Signature verification failed for %s", filename);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-agent.c,v 1.294 2022/12/04 11:03:11 dtucker Exp $ */
|
/* $OpenBSD: ssh-agent.c,v 1.297 2023/03/09 21:06:24 jcs Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -80,7 +80,6 @@
|
||||||
#include "sshbuf.h"
|
#include "sshbuf.h"
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
#include "authfd.h"
|
#include "authfd.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "misc.h"
|
#include "misc.h"
|
||||||
#include "digest.h"
|
#include "digest.h"
|
||||||
|
@ -1042,8 +1041,8 @@ parse_dest_constraint(struct sshbuf *m, struct dest_constraint *dc)
|
||||||
error_fr(r, "parse");
|
error_fr(r, "parse");
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
if ((r = parse_dest_constraint_hop(frombuf, &dc->from) != 0) ||
|
if ((r = parse_dest_constraint_hop(frombuf, &dc->from)) != 0 ||
|
||||||
(r = parse_dest_constraint_hop(tobuf, &dc->to) != 0))
|
(r = parse_dest_constraint_hop(tobuf, &dc->to)) != 0)
|
||||||
goto out; /* already logged */
|
goto out; /* already logged */
|
||||||
if (elen != 0) {
|
if (elen != 0) {
|
||||||
error_f("unsupported extensions (len %zu)", elen);
|
error_f("unsupported extensions (len %zu)", elen);
|
||||||
|
@ -1983,7 +1982,6 @@ cleanup_exit(int i)
|
||||||
_exit(i);
|
_exit(i);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*ARGSUSED*/
|
|
||||||
static void
|
static void
|
||||||
cleanup_handler(int sig)
|
cleanup_handler(int sig)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-dss.c,v 1.48 2022/10/28 00:44:44 djm Exp $ */
|
/* $OpenBSD: ssh-dss.c,v 1.49 2023/03/05 05:34:09 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -37,7 +37,6 @@
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#include "sshbuf.h"
|
#include "sshbuf.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "ssherr.h"
|
#include "ssherr.h"
|
||||||
#include "digest.h"
|
#include "digest.h"
|
||||||
#define SSHKEY_INTERNAL
|
#define SSHKEY_INTERNAL
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-ecdsa-sk.c,v 1.17 2022/10/28 00:44:44 djm Exp $ */
|
/* $OpenBSD: ssh-ecdsa-sk.c,v 1.18 2023/03/08 04:43:12 guenther Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
||||||
|
@ -230,7 +230,6 @@ webauthn_check_prepare_hash(const u_char *data, size_t datalen,
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
ssh_ecdsa_sk_verify(const struct sshkey *key,
|
ssh_ecdsa_sk_verify(const struct sshkey *key,
|
||||||
const u_char *sig, size_t siglen,
|
const u_char *sig, size_t siglen,
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-ecdsa.c,v 1.25 2022/10/28 00:44:44 djm Exp $ */
|
/* $OpenBSD: ssh-ecdsa.c,v 1.26 2023/03/08 04:43:12 guenther Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
||||||
|
@ -222,7 +222,6 @@ ssh_ecdsa_deserialize_private(const char *ktype, struct sshbuf *b,
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
ssh_ecdsa_sign(struct sshkey *key,
|
ssh_ecdsa_sign(struct sshkey *key,
|
||||||
u_char **sigp, size_t *lenp,
|
u_char **sigp, size_t *lenp,
|
||||||
|
@ -288,7 +287,6 @@ ssh_ecdsa_sign(struct sshkey *key,
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
ssh_ecdsa_verify(const struct sshkey *key,
|
ssh_ecdsa_verify(const struct sshkey *key,
|
||||||
const u_char *sig, size_t siglen,
|
const u_char *sig, size_t siglen,
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.\" $OpenBSD: ssh-keygen.1,v 1.226 2022/09/10 08:50:53 jsg Exp $
|
.\" $OpenBSD: ssh-keygen.1,v 1.228 2023/02/10 06:40:48 jmc Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: September 10 2022 $
|
.Dd $Mdocdate: February 10 2023 $
|
||||||
.Dt SSH-KEYGEN 1
|
.Dt SSH-KEYGEN 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -518,6 +518,21 @@ suffixed with a Z character, which causes them to be interpreted in the
|
||||||
UTC time zone.
|
UTC time zone.
|
||||||
.El
|
.El
|
||||||
.Pp
|
.Pp
|
||||||
|
When generating SSHFP DNS records from public keys using the
|
||||||
|
.Fl r
|
||||||
|
flag, the following options are accepted:
|
||||||
|
.Bl -tag -width Ds
|
||||||
|
.It Cm hashalg Ns = Ns Ar algorithm
|
||||||
|
Selects a hash algorithm to use when printing SSHFP records using the
|
||||||
|
.Fl D
|
||||||
|
flag.
|
||||||
|
Valid algorithms are
|
||||||
|
.Dq sha1
|
||||||
|
and
|
||||||
|
.Dq sha256 .
|
||||||
|
The default is to print both.
|
||||||
|
.El
|
||||||
|
.Pp
|
||||||
The
|
The
|
||||||
.Fl O
|
.Fl O
|
||||||
option may be specified multiple times.
|
option may be specified multiple times.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-keygen.c,v 1.461 2022/12/04 23:50:49 cheloha Exp $ */
|
/* $OpenBSD: ssh-keygen.c,v 1.466 2023/03/08 00:05:37 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -476,6 +476,7 @@ do_convert_private_ssh2(struct sshbuf *b)
|
||||||
{
|
{
|
||||||
struct sshkey *key = NULL;
|
struct sshkey *key = NULL;
|
||||||
char *type, *cipher;
|
char *type, *cipher;
|
||||||
|
const char *alg = NULL;
|
||||||
u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345";
|
u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345";
|
||||||
int r, rlen, ktype;
|
int r, rlen, ktype;
|
||||||
u_int magic, i1, i2, i3, i4;
|
u_int magic, i1, i2, i3, i4;
|
||||||
|
@ -584,6 +585,7 @@ do_convert_private_ssh2(struct sshbuf *b)
|
||||||
if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)
|
if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)
|
||||||
fatal_fr(r, "generate RSA parameters");
|
fatal_fr(r, "generate RSA parameters");
|
||||||
BN_clear_free(rsa_iqmp);
|
BN_clear_free(rsa_iqmp);
|
||||||
|
alg = "rsa-sha2-256";
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
rlen = sshbuf_len(b);
|
rlen = sshbuf_len(b);
|
||||||
|
@ -592,10 +594,10 @@ do_convert_private_ssh2(struct sshbuf *b)
|
||||||
|
|
||||||
/* try the key */
|
/* try the key */
|
||||||
if ((r = sshkey_sign(key, &sig, &slen, data, sizeof(data),
|
if ((r = sshkey_sign(key, &sig, &slen, data, sizeof(data),
|
||||||
NULL, NULL, NULL, 0)) != 0)
|
alg, NULL, NULL, 0)) != 0)
|
||||||
error_fr(r, "signing with converted key failed");
|
error_fr(r, "signing with converted key failed");
|
||||||
else if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
|
else if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
|
||||||
NULL, 0, NULL)) != 0)
|
alg, 0, NULL)) != 0)
|
||||||
error_fr(r, "verification with converted key failed");
|
error_fr(r, "verification with converted key failed");
|
||||||
if (r != 0) {
|
if (r != 0) {
|
||||||
sshkey_free(key);
|
sshkey_free(key);
|
||||||
|
@ -1337,7 +1339,7 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
|
||||||
unlink(tmp);
|
unlink(tmp);
|
||||||
fatal("fdopen: %s", strerror(oerrno));
|
fatal("fdopen: %s", strerror(oerrno));
|
||||||
}
|
}
|
||||||
fchmod(fd, sb.st_mode & 0644);
|
(void)fchmod(fd, sb.st_mode & 0644);
|
||||||
inplace = 1;
|
inplace = 1;
|
||||||
}
|
}
|
||||||
/* XXX support identity_file == "-" for stdin */
|
/* XXX support identity_file == "-" for stdin */
|
||||||
|
@ -1479,13 +1481,23 @@ do_change_passphrase(struct passwd *pw)
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
do_print_resource_record(struct passwd *pw, char *fname, char *hname,
|
do_print_resource_record(struct passwd *pw, char *fname, char *hname,
|
||||||
int print_generic)
|
int print_generic, char * const *opts, size_t nopts)
|
||||||
{
|
{
|
||||||
struct sshkey *public;
|
struct sshkey *public;
|
||||||
char *comment = NULL;
|
char *comment = NULL;
|
||||||
struct stat st;
|
struct stat st;
|
||||||
int r;
|
int r, hash = -1;
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
for (i = 0; i < nopts; i++) {
|
||||||
|
if (strncasecmp(opts[i], "hashalg=", 8) == 0) {
|
||||||
|
if ((hash = ssh_digest_alg_by_name(opts[i] + 8)) == -1)
|
||||||
|
fatal("Unsupported hash algorithm");
|
||||||
|
} else {
|
||||||
|
error("Invalid option \"%s\"", opts[i]);
|
||||||
|
return SSH_ERR_INVALID_ARGUMENT;
|
||||||
|
}
|
||||||
|
}
|
||||||
if (fname == NULL)
|
if (fname == NULL)
|
||||||
fatal_f("no filename");
|
fatal_f("no filename");
|
||||||
if (stat(fname, &st) == -1) {
|
if (stat(fname, &st) == -1) {
|
||||||
|
@ -1495,7 +1507,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname,
|
||||||
}
|
}
|
||||||
if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
|
if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
|
||||||
fatal_r(r, "Failed to read v2 public key from \"%s\"", fname);
|
fatal_r(r, "Failed to read v2 public key from \"%s\"", fname);
|
||||||
export_dns_rr(hname, public, stdout, print_generic);
|
export_dns_rr(hname, public, stdout, print_generic, hash);
|
||||||
sshkey_free(public);
|
sshkey_free(public);
|
||||||
free(comment);
|
free(comment);
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -3005,6 +3017,7 @@ do_moduli_screen(const char *out_file, char **opts, size_t nopts)
|
||||||
} else if (strncmp(opts[i], "start-line=", 11) == 0) {
|
} else if (strncmp(opts[i], "start-line=", 11) == 0) {
|
||||||
start_lineno = strtoul(opts[i]+11, NULL, 10);
|
start_lineno = strtoul(opts[i]+11, NULL, 10);
|
||||||
} else if (strncmp(opts[i], "checkpoint=", 11) == 0) {
|
} else if (strncmp(opts[i], "checkpoint=", 11) == 0) {
|
||||||
|
free(checkpoint);
|
||||||
checkpoint = xstrdup(opts[i]+11);
|
checkpoint = xstrdup(opts[i]+11);
|
||||||
} else if (strncmp(opts[i], "generator=", 10) == 0) {
|
} else if (strncmp(opts[i], "generator=", 10) == 0) {
|
||||||
generator_wanted = (u_int32_t)strtonum(
|
generator_wanted = (u_int32_t)strtonum(
|
||||||
|
@ -3043,6 +3056,9 @@ do_moduli_screen(const char *out_file, char **opts, size_t nopts)
|
||||||
generator_wanted, checkpoint,
|
generator_wanted, checkpoint,
|
||||||
start_lineno, lines_to_process) != 0)
|
start_lineno, lines_to_process) != 0)
|
||||||
fatal("modulus screening failed");
|
fatal("modulus screening failed");
|
||||||
|
if (in != stdin)
|
||||||
|
(void)fclose(in);
|
||||||
|
free(checkpoint);
|
||||||
#else /* WITH_OPENSSL */
|
#else /* WITH_OPENSSL */
|
||||||
fatal("Moduli screening is not supported");
|
fatal("Moduli screening is not supported");
|
||||||
#endif /* WITH_OPENSSL */
|
#endif /* WITH_OPENSSL */
|
||||||
|
@ -3725,7 +3741,7 @@ main(int argc, char **argv)
|
||||||
|
|
||||||
if (have_identity) {
|
if (have_identity) {
|
||||||
n = do_print_resource_record(pw, identity_file,
|
n = do_print_resource_record(pw, identity_file,
|
||||||
rr_hostname, print_generic);
|
rr_hostname, print_generic, opts, nopts);
|
||||||
if (n == 0)
|
if (n == 0)
|
||||||
fatal("%s: %s", identity_file, strerror(errno));
|
fatal("%s: %s", identity_file, strerror(errno));
|
||||||
exit(0);
|
exit(0);
|
||||||
|
@ -3733,19 +3749,19 @@ main(int argc, char **argv)
|
||||||
|
|
||||||
n += do_print_resource_record(pw,
|
n += do_print_resource_record(pw,
|
||||||
_PATH_HOST_RSA_KEY_FILE, rr_hostname,
|
_PATH_HOST_RSA_KEY_FILE, rr_hostname,
|
||||||
print_generic);
|
print_generic, opts, nopts);
|
||||||
n += do_print_resource_record(pw,
|
n += do_print_resource_record(pw,
|
||||||
_PATH_HOST_DSA_KEY_FILE, rr_hostname,
|
_PATH_HOST_DSA_KEY_FILE, rr_hostname,
|
||||||
print_generic);
|
print_generic, opts, nopts);
|
||||||
n += do_print_resource_record(pw,
|
n += do_print_resource_record(pw,
|
||||||
_PATH_HOST_ECDSA_KEY_FILE, rr_hostname,
|
_PATH_HOST_ECDSA_KEY_FILE, rr_hostname,
|
||||||
print_generic);
|
print_generic, opts, nopts);
|
||||||
n += do_print_resource_record(pw,
|
n += do_print_resource_record(pw,
|
||||||
_PATH_HOST_ED25519_KEY_FILE, rr_hostname,
|
_PATH_HOST_ED25519_KEY_FILE, rr_hostname,
|
||||||
print_generic);
|
print_generic, opts, nopts);
|
||||||
n += do_print_resource_record(pw,
|
n += do_print_resource_record(pw,
|
||||||
_PATH_HOST_XMSS_KEY_FILE, rr_hostname,
|
_PATH_HOST_XMSS_KEY_FILE, rr_hostname,
|
||||||
print_generic);
|
print_generic, opts, nopts);
|
||||||
if (n == 0)
|
if (n == 0)
|
||||||
fatal("no keys found.");
|
fatal("no keys found.");
|
||||||
exit(0);
|
exit(0);
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.\" $OpenBSD: ssh-keyscan.1,v 1.47 2022/10/28 02:29:34 djm Exp $
|
.\" $OpenBSD: ssh-keyscan.1,v 1.49 2023/02/10 06:41:53 jmc Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
|
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
|
||||||
.\"
|
.\"
|
||||||
|
@ -6,7 +6,7 @@
|
||||||
.\" permitted provided that due credit is given to the author and the
|
.\" permitted provided that due credit is given to the author and the
|
||||||
.\" OpenBSD project by leaving this copyright notice intact.
|
.\" OpenBSD project by leaving this copyright notice intact.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: October 28 2022 $
|
.Dd $Mdocdate: February 10 2023 $
|
||||||
.Dt SSH-KEYSCAN 1
|
.Dt SSH-KEYSCAN 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -16,6 +16,7 @@
|
||||||
.Nm ssh-keyscan
|
.Nm ssh-keyscan
|
||||||
.Op Fl 46cDHv
|
.Op Fl 46cDHv
|
||||||
.Op Fl f Ar file
|
.Op Fl f Ar file
|
||||||
|
.Op Fl O Ar option
|
||||||
.Op Fl p Ar port
|
.Op Fl p Ar port
|
||||||
.Op Fl T Ar timeout
|
.Op Fl T Ar timeout
|
||||||
.Op Fl t Ar type
|
.Op Fl t Ar type
|
||||||
|
@ -97,6 +98,20 @@ and
|
||||||
.Xr sshd 8 ,
|
.Xr sshd 8 ,
|
||||||
but they do not reveal identifying information should the file's contents
|
but they do not reveal identifying information should the file's contents
|
||||||
be disclosed.
|
be disclosed.
|
||||||
|
.It Fl O Ar option
|
||||||
|
Specify a key/value option.
|
||||||
|
At present, only a single option is supported:
|
||||||
|
.Bl -tag -width Ds
|
||||||
|
.It Cm hashalg Ns = Ns Ar algorithm
|
||||||
|
Selects a hash algorithm to use when printing SSHFP records using the
|
||||||
|
.Fl D
|
||||||
|
flag.
|
||||||
|
Valid algorithms are
|
||||||
|
.Dq sha1
|
||||||
|
and
|
||||||
|
.Dq sha256 .
|
||||||
|
The default is to print both.
|
||||||
|
.El
|
||||||
.It Fl p Ar port
|
.It Fl p Ar port
|
||||||
Connect to
|
Connect to
|
||||||
.Ar port
|
.Ar port
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-keyscan.c,v 1.149 2022/12/26 19:16:03 jmc Exp $ */
|
/* $OpenBSD: ssh-keyscan.c,v 1.151 2023/02/10 06:41:53 jmc Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
|
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
|
||||||
*
|
*
|
||||||
|
@ -40,6 +40,7 @@
|
||||||
#include "sshbuf.h"
|
#include "sshbuf.h"
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
#include "cipher.h"
|
#include "cipher.h"
|
||||||
|
#include "digest.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "myproposal.h"
|
#include "myproposal.h"
|
||||||
|
@ -80,6 +81,8 @@ int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */
|
||||||
|
|
||||||
int found_one = 0; /* Successfully found a key */
|
int found_one = 0; /* Successfully found a key */
|
||||||
|
|
||||||
|
int hashalg = -1; /* Hash for SSHFP records or -1 for all */
|
||||||
|
|
||||||
#define MAXMAXFD 256
|
#define MAXMAXFD 256
|
||||||
|
|
||||||
/* The number of seconds after which to give up on a TCP connection */
|
/* The number of seconds after which to give up on a TCP connection */
|
||||||
|
@ -314,7 +317,7 @@ keyprint_one(const char *host, struct sshkey *key)
|
||||||
found_one = 1;
|
found_one = 1;
|
||||||
|
|
||||||
if (print_sshfp) {
|
if (print_sshfp) {
|
||||||
export_dns_rr(host, key, stdout, 0);
|
export_dns_rr(host, key, stdout, 0, hashalg);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -698,9 +701,8 @@ static void
|
||||||
usage(void)
|
usage(void)
|
||||||
{
|
{
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"usage: %s [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n"
|
"usage: ssh-keyscan [-46cDHv] [-f file] [-O option] [-p port] [-T timeout]\n"
|
||||||
"\t\t [host | addrlist namelist]\n",
|
" [-t type] [host | addrlist namelist]\n");
|
||||||
__progname);
|
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -726,7 +728,7 @@ main(int argc, char **argv)
|
||||||
if (argc <= 1)
|
if (argc <= 1)
|
||||||
usage();
|
usage();
|
||||||
|
|
||||||
while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) {
|
while ((opt = getopt(argc, argv, "cDHv46O:p:T:t:f:")) != -1) {
|
||||||
switch (opt) {
|
switch (opt) {
|
||||||
case 'H':
|
case 'H':
|
||||||
hash_hosts = 1;
|
hash_hosts = 1;
|
||||||
|
@ -766,6 +768,14 @@ main(int argc, char **argv)
|
||||||
optarg = NULL;
|
optarg = NULL;
|
||||||
argv[fopt_count++] = optarg;
|
argv[fopt_count++] = optarg;
|
||||||
break;
|
break;
|
||||||
|
case 'O':
|
||||||
|
/* Maybe other misc options in the future too */
|
||||||
|
if (strncmp(optarg, "hashalg=", 8) != 0)
|
||||||
|
fatal("Unsupported -O option");
|
||||||
|
if ((hashalg = ssh_digest_alg_by_name(
|
||||||
|
optarg + 8)) == -1)
|
||||||
|
fatal("Unsupported hash algorithm");
|
||||||
|
break;
|
||||||
case 't':
|
case 't':
|
||||||
get_keytypes = 0;
|
get_keytypes = 0;
|
||||||
tname = strtok(optarg, ",");
|
tname = strtok(optarg, ",");
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-pkcs11.c,v 1.55 2021/11/18 21:11:01 djm Exp $ */
|
/* $OpenBSD: ssh-pkcs11.c,v 1.56 2023/03/08 05:33:53 tb Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2010 Markus Friedl. All rights reserved.
|
* Copyright (c) 2010 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2014 Pedro Martelletto. All rights reserved.
|
* Copyright (c) 2014 Pedro Martelletto. All rights reserved.
|
||||||
|
@ -523,7 +523,7 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
|
||||||
BIGNUM *r = NULL, *s = NULL;
|
BIGNUM *r = NULL, *s = NULL;
|
||||||
|
|
||||||
if ((k11 = EC_KEY_get_ex_data(ec, ec_key_idx)) == NULL) {
|
if ((k11 = EC_KEY_get_ex_data(ec, ec_key_idx)) == NULL) {
|
||||||
ossl_error("EC_KEY_get_key_method_data failed for ec");
|
ossl_error("EC_KEY_get_ex_data failed for ec");
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -545,7 +545,7 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if (siglen < 64 || siglen > 132 || siglen % 2) {
|
if (siglen < 64 || siglen > 132 || siglen % 2) {
|
||||||
ossl_error("d2i_ECDSA_SIG failed");
|
error_f("bad signature length: %lu", (u_long)siglen);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
bnlen = siglen/2;
|
bnlen = siglen/2;
|
||||||
|
@ -555,7 +555,7 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
|
||||||
}
|
}
|
||||||
if ((r = BN_bin2bn(sig, bnlen, NULL)) == NULL ||
|
if ((r = BN_bin2bn(sig, bnlen, NULL)) == NULL ||
|
||||||
(s = BN_bin2bn(sig+bnlen, bnlen, NULL)) == NULL) {
|
(s = BN_bin2bn(sig+bnlen, bnlen, NULL)) == NULL) {
|
||||||
ossl_error("d2i_ECDSA_SIG failed");
|
ossl_error("BN_bin2bn failed");
|
||||||
ECDSA_SIG_free(ret);
|
ECDSA_SIG_free(ret);
|
||||||
ret = NULL;
|
ret = NULL;
|
||||||
goto done;
|
goto done;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-rsa.c,v 1.78 2022/10/28 02:47:04 djm Exp $ */
|
/* $OpenBSD: ssh-rsa.c,v 1.79 2023/03/05 05:34:09 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
|
* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
|
||||||
*
|
*
|
||||||
|
@ -28,7 +28,6 @@
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#include "sshbuf.h"
|
#include "sshbuf.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "ssherr.h"
|
#include "ssherr.h"
|
||||||
#define SSHKEY_INTERNAL
|
#define SSHKEY_INTERNAL
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh.c,v 1.584 2023/01/17 18:52:44 millert Exp $ */
|
/* $OpenBSD: ssh.c,v 1.585 2023/02/10 04:40:28 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -794,6 +794,7 @@ main(int ac, char **av)
|
||||||
else if (strcmp(optarg, "key-plain") == 0)
|
else if (strcmp(optarg, "key-plain") == 0)
|
||||||
cp = sshkey_alg_list(0, 1, 0, '\n');
|
cp = sshkey_alg_list(0, 1, 0, '\n');
|
||||||
else if (strcmp(optarg, "key-sig") == 0 ||
|
else if (strcmp(optarg, "key-sig") == 0 ||
|
||||||
|
strcasecmp(optarg, "CASignatureAlgorithms") == 0 ||
|
||||||
strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || /* deprecated name */
|
strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || /* deprecated name */
|
||||||
strcasecmp(optarg, "PubkeyAcceptedAlgorithms") == 0 ||
|
strcasecmp(optarg, "PubkeyAcceptedAlgorithms") == 0 ||
|
||||||
strcasecmp(optarg, "HostKeyAlgorithms") == 0 ||
|
strcasecmp(optarg, "HostKeyAlgorithms") == 0 ||
|
||||||
|
|
|
@ -33,8 +33,8 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: ssh_config.5,v 1.378 2023/01/13 07:13:40 jmc Exp $
|
.\" $OpenBSD: ssh_config.5,v 1.379 2023/03/10 02:32:04 djm Exp $
|
||||||
.Dd $Mdocdate: January 13 2023 $
|
.Dd $Mdocdate: March 10 2023 $
|
||||||
.Dt SSH_CONFIG 5
|
.Dt SSH_CONFIG 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -56,7 +56,7 @@ system-wide configuration file
|
||||||
.Pq Pa /etc/ssh/ssh_config
|
.Pq Pa /etc/ssh/ssh_config
|
||||||
.El
|
.El
|
||||||
.Pp
|
.Pp
|
||||||
For each parameter, the first obtained value
|
Unless noted otherwise, for each parameter, the first obtained value
|
||||||
will be used.
|
will be used.
|
||||||
The configuration files contain sections separated by
|
The configuration files contain sections separated by
|
||||||
.Cm Host
|
.Cm Host
|
||||||
|
|
|
@ -220,9 +220,7 @@
|
||||||
#define compare Fssh_compare
|
#define compare Fssh_compare
|
||||||
#define compare_gps Fssh_compare_gps
|
#define compare_gps Fssh_compare_gps
|
||||||
#define compat_banner Fssh_compat_banner
|
#define compat_banner Fssh_compat_banner
|
||||||
#define compat_cipher_proposal Fssh_compat_cipher_proposal
|
|
||||||
#define compat_kex_proposal Fssh_compat_kex_proposal
|
#define compat_kex_proposal Fssh_compat_kex_proposal
|
||||||
#define compat_pkalg_proposal Fssh_compat_pkalg_proposal
|
|
||||||
#define compression_alg_list Fssh_compression_alg_list
|
#define compression_alg_list Fssh_compression_alg_list
|
||||||
#define connect_next Fssh_connect_next
|
#define connect_next Fssh_connect_next
|
||||||
#define connect_to Fssh_connect_to
|
#define connect_to Fssh_connect_to
|
||||||
|
@ -361,6 +359,8 @@
|
||||||
#define kex_new Fssh_kex_new
|
#define kex_new Fssh_kex_new
|
||||||
#define kex_prop2buf Fssh_kex_prop2buf
|
#define kex_prop2buf Fssh_kex_prop2buf
|
||||||
#define kex_prop_free Fssh_kex_prop_free
|
#define kex_prop_free Fssh_kex_prop_free
|
||||||
|
#define kex_proposal_free_entries Fssh_kex_proposal_free_entries
|
||||||
|
#define kex_proposal_populate_entries Fssh_kex_proposal_populate_entries
|
||||||
#define kex_protocol_error Fssh_kex_protocol_error
|
#define kex_protocol_error Fssh_kex_protocol_error
|
||||||
#define kex_ready Fssh_kex_ready
|
#define kex_ready Fssh_kex_ready
|
||||||
#define kex_send_kexinit Fssh_kex_send_kexinit
|
#define kex_send_kexinit Fssh_kex_send_kexinit
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshconnect.c,v 1.361 2023/01/13 02:44:02 djm Exp $ */
|
/* $OpenBSD: sshconnect.c,v 1.363 2023/03/10 07:17:08 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -54,7 +54,6 @@
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "sshbuf.h"
|
#include "sshbuf.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "compat.h"
|
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
#include "sshconnect.h"
|
#include "sshconnect.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
|
@ -364,7 +363,7 @@ ssh_create_socket(struct addrinfo *ai)
|
||||||
error("socket: %s", strerror(errno));
|
error("socket: %s", strerror(errno));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
fcntl(sock, F_SETFD, FD_CLOEXEC);
|
(void)fcntl(sock, F_SETFD, FD_CLOEXEC);
|
||||||
|
|
||||||
/* Use interactive QOS (if specified) until authentication completed */
|
/* Use interactive QOS (if specified) until authentication completed */
|
||||||
if (options.ip_qos_interactive != INT_MAX)
|
if (options.ip_qos_interactive != INT_MAX)
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshconnect2.c,v 1.361 2022/09/17 10:33:18 djm Exp $ */
|
/* $OpenBSD: sshconnect2.c,v 1.366 2023/03/09 07:11:05 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
||||||
|
@ -56,7 +56,6 @@
|
||||||
#include "cipher.h"
|
#include "cipher.h"
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
#include "myproposal.h"
|
|
||||||
#include "sshconnect.h"
|
#include "sshconnect.h"
|
||||||
#include "authfile.h"
|
#include "authfile.h"
|
||||||
#include "dh.h"
|
#include "dh.h"
|
||||||
|
@ -221,15 +220,18 @@ void
|
||||||
ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
|
ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
|
||||||
const struct ssh_conn_info *cinfo)
|
const struct ssh_conn_info *cinfo)
|
||||||
{
|
{
|
||||||
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
|
char *myproposal[PROPOSAL_MAX];
|
||||||
char *s, *all_key;
|
char *s, *all_key, *hkalgs = NULL;
|
||||||
char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL;
|
|
||||||
int r, use_known_hosts_order = 0;
|
int r, use_known_hosts_order = 0;
|
||||||
|
|
||||||
xxx_host = host;
|
xxx_host = host;
|
||||||
xxx_hostaddr = hostaddr;
|
xxx_hostaddr = hostaddr;
|
||||||
xxx_conn_info = cinfo;
|
xxx_conn_info = cinfo;
|
||||||
|
|
||||||
|
if (options.rekey_limit || options.rekey_interval)
|
||||||
|
ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
|
||||||
|
options.rekey_interval);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If the user has not specified HostkeyAlgorithms, or has only
|
* If the user has not specified HostkeyAlgorithms, or has only
|
||||||
* appended or removed algorithms from that list then prefer algorithms
|
* appended or removed algorithms from that list then prefer algorithms
|
||||||
|
@ -249,29 +251,15 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
|
||||||
|
|
||||||
if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
|
if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
|
||||||
fatal_f("kex_names_cat");
|
fatal_f("kex_names_cat");
|
||||||
myproposal[PROPOSAL_KEX_ALGS] = prop_kex = compat_kex_proposal(ssh, s);
|
|
||||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
|
||||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc =
|
|
||||||
compat_cipher_proposal(ssh, options.ciphers);
|
|
||||||
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
|
|
||||||
myproposal[PROPOSAL_COMP_ALGS_STOC] =
|
|
||||||
(char *)compression_alg_list(options.compression);
|
|
||||||
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
|
||||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
|
||||||
if (use_known_hosts_order) {
|
|
||||||
/* Query known_hosts and prefer algorithms that appear there */
|
|
||||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey =
|
|
||||||
compat_pkalg_proposal(ssh,
|
|
||||||
order_hostkeyalgs(host, hostaddr, port, cinfo));
|
|
||||||
} else {
|
|
||||||
/* Use specified HostkeyAlgorithms exactly */
|
|
||||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey =
|
|
||||||
compat_pkalg_proposal(ssh, options.hostkeyalgorithms);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (options.rekey_limit || options.rekey_interval)
|
if (use_known_hosts_order)
|
||||||
ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
|
hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo);
|
||||||
options.rekey_interval);
|
|
||||||
|
kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers,
|
||||||
|
options.macs, compression_alg_list(options.compression),
|
||||||
|
hkalgs ? hkalgs : options.hostkeyalgorithms);
|
||||||
|
|
||||||
|
free(hkalgs);
|
||||||
|
|
||||||
/* start key exchange */
|
/* start key exchange */
|
||||||
if ((r = kex_setup(ssh, myproposal)) != 0)
|
if ((r = kex_setup(ssh, myproposal)) != 0)
|
||||||
|
@ -295,6 +283,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
|
||||||
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
|
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
|
||||||
|
|
||||||
/* remove ext-info from the KEX proposals for rekeying */
|
/* remove ext-info from the KEX proposals for rekeying */
|
||||||
|
free(myproposal[PROPOSAL_KEX_ALGS]);
|
||||||
myproposal[PROPOSAL_KEX_ALGS] =
|
myproposal[PROPOSAL_KEX_ALGS] =
|
||||||
compat_kex_proposal(ssh, options.kex_algorithms);
|
compat_kex_proposal(ssh, options.kex_algorithms);
|
||||||
if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
|
if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
|
||||||
|
@ -308,10 +297,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
|
||||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||||
fatal_fr(r, "send packet");
|
fatal_fr(r, "send packet");
|
||||||
#endif
|
#endif
|
||||||
/* Free only parts of proposal that were dynamically allocated here. */
|
kex_proposal_free_entries(myproposal);
|
||||||
free(prop_kex);
|
|
||||||
free(prop_enc);
|
|
||||||
free(prop_hostkey);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -506,7 +492,6 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
|
input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -538,7 +523,6 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
|
input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -583,7 +567,6 @@ userauth(struct ssh *ssh, char *authlist)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)
|
input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -591,7 +574,6 @@ input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)
|
input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -611,7 +593,6 @@ input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
|
input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -644,7 +625,6 @@ input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
|
input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -705,7 +685,6 @@ format_identity(Identity *id)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
|
input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -913,7 +892,6 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
|
input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -958,7 +936,6 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
|
input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -991,7 +968,6 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
|
input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -1026,7 +1002,6 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
|
input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -1104,7 +1079,6 @@ userauth_passwd(struct ssh *ssh)
|
||||||
/*
|
/*
|
||||||
* parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
|
* parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
|
||||||
*/
|
*/
|
||||||
/* ARGSUSED */
|
|
||||||
static int
|
static int
|
||||||
input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
|
input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -1874,20 +1848,6 @@ pubkey_reset(Authctxt *authctxt)
|
||||||
id->tried = 0;
|
id->tried = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
|
||||||
try_identity(struct ssh *ssh, Identity *id)
|
|
||||||
{
|
|
||||||
if (!id->key)
|
|
||||||
return (0);
|
|
||||||
if (sshkey_type_plain(id->key->type) == KEY_RSA &&
|
|
||||||
(ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
|
|
||||||
debug("Skipped %s key %s for RSA/MD5 server",
|
|
||||||
sshkey_type(id->key), id->filename);
|
|
||||||
return (0);
|
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
userauth_pubkey(struct ssh *ssh)
|
userauth_pubkey(struct ssh *ssh)
|
||||||
{
|
{
|
||||||
|
@ -1908,7 +1868,7 @@ userauth_pubkey(struct ssh *ssh)
|
||||||
* private key instead
|
* private key instead
|
||||||
*/
|
*/
|
||||||
if (id->key != NULL) {
|
if (id->key != NULL) {
|
||||||
if (try_identity(ssh, id)) {
|
if (id->key != NULL) {
|
||||||
ident = format_identity(id);
|
ident = format_identity(id);
|
||||||
debug("Offering public key: %s", ident);
|
debug("Offering public key: %s", ident);
|
||||||
free(ident);
|
free(ident);
|
||||||
|
@ -1918,7 +1878,7 @@ userauth_pubkey(struct ssh *ssh)
|
||||||
debug("Trying private key: %s", id->filename);
|
debug("Trying private key: %s", id->filename);
|
||||||
id->key = load_identity_file(id);
|
id->key = load_identity_file(id);
|
||||||
if (id->key != NULL) {
|
if (id->key != NULL) {
|
||||||
if (try_identity(ssh, id)) {
|
if (id->key != NULL) {
|
||||||
id->isprivate = 1;
|
id->isprivate = 1;
|
||||||
sent = sign_and_send_pubkey(ssh, id);
|
sent = sign_and_send_pubkey(ssh, id);
|
||||||
}
|
}
|
||||||
|
@ -2089,7 +2049,8 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
|
||||||
if (dup2(sock, STDERR_FILENO + 1) == -1)
|
if (dup2(sock, STDERR_FILENO + 1) == -1)
|
||||||
fatal_f("dup2: %s", strerror(errno));
|
fatal_f("dup2: %s", strerror(errno));
|
||||||
sock = STDERR_FILENO + 1;
|
sock = STDERR_FILENO + 1;
|
||||||
fcntl(sock, F_SETFD, 0); /* keep the socket on exec */
|
if (fcntl(sock, F_SETFD, 0) == -1) /* keep the socket on exec */
|
||||||
|
debug3_f("fcntl F_SETFD: %s", strerror(errno));
|
||||||
closefrom(sock + 1);
|
closefrom(sock + 1);
|
||||||
|
|
||||||
debug3_f("[child] pid=%ld, exec %s",
|
debug3_f("[child] pid=%ld, exec %s",
|
||||||
|
|
|
@ -33,8 +33,8 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: sshd.8,v 1.322 2023/01/18 01:50:21 millert Exp $
|
.\" $OpenBSD: sshd.8,v 1.324 2023/02/10 06:39:27 jmc Exp $
|
||||||
.Dd $Mdocdate: January 18 2023 $
|
.Dd $Mdocdate: February 10 2023 $
|
||||||
.Dt SSHD 8
|
.Dt SSHD 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -43,7 +43,7 @@
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.Nm sshd
|
.Nm sshd
|
||||||
.Bk -words
|
.Bk -words
|
||||||
.Op Fl 46DdeiqTtV
|
.Op Fl 46DdeGiqTtV
|
||||||
.Op Fl C Ar connection_spec
|
.Op Fl C Ar connection_spec
|
||||||
.Op Fl c Ar host_certificate_file
|
.Op Fl c Ar host_certificate_file
|
||||||
.Op Fl E Ar log_file
|
.Op Fl E Ar log_file
|
||||||
|
@ -154,6 +154,15 @@ The default is
|
||||||
.Pa /etc/ssh/sshd_config .
|
.Pa /etc/ssh/sshd_config .
|
||||||
.Nm
|
.Nm
|
||||||
refuses to start if there is no configuration file.
|
refuses to start if there is no configuration file.
|
||||||
|
.It Fl G
|
||||||
|
Parse and print configuration file.
|
||||||
|
Check the validity of the configuration file, output the effective configuration
|
||||||
|
to stdout and then exit.
|
||||||
|
Optionally,
|
||||||
|
.Cm Match
|
||||||
|
rules may be applied by specifying the connection parameters using one or more
|
||||||
|
.Fl C
|
||||||
|
options.
|
||||||
.It Fl g Ar login_grace_time
|
.It Fl g Ar login_grace_time
|
||||||
Gives the grace time for clients to authenticate themselves (default
|
Gives the grace time for clients to authenticate themselves (default
|
||||||
120 seconds).
|
120 seconds).
|
||||||
|
@ -208,6 +217,11 @@ Optionally,
|
||||||
rules may be applied by specifying the connection parameters using one or more
|
rules may be applied by specifying the connection parameters using one or more
|
||||||
.Fl C
|
.Fl C
|
||||||
options.
|
options.
|
||||||
|
This is similar to the
|
||||||
|
.Fl G
|
||||||
|
flag, but it includes the additional testing performed by the
|
||||||
|
.Fl t
|
||||||
|
flag.
|
||||||
.It Fl t
|
.It Fl t
|
||||||
Test mode.
|
Test mode.
|
||||||
Only check the validity of the configuration file and sanity of the keys.
|
Only check the validity of the configuration file and sanity of the keys.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshd.c,v 1.596 2023/01/18 01:50:21 millert Exp $ */
|
/* $OpenBSD: sshd.c,v 1.600 2023/03/08 04:43:12 guenther Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -114,7 +114,6 @@
|
||||||
#include "digest.h"
|
#include "digest.h"
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
#include "myproposal.h"
|
|
||||||
#include "authfile.h"
|
#include "authfile.h"
|
||||||
#include "pathnames.h"
|
#include "pathnames.h"
|
||||||
#include "atomicio.h"
|
#include "atomicio.h"
|
||||||
|
@ -313,7 +312,6 @@ close_startup_pipes(void)
|
||||||
* the server key).
|
* the server key).
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*ARGSUSED*/
|
|
||||||
static void
|
static void
|
||||||
sighup_handler(int sig)
|
sighup_handler(int sig)
|
||||||
{
|
{
|
||||||
|
@ -343,7 +341,6 @@ sighup_restart(void)
|
||||||
/*
|
/*
|
||||||
* Generic signal handler for terminating signals in the master daemon.
|
* Generic signal handler for terminating signals in the master daemon.
|
||||||
*/
|
*/
|
||||||
/*ARGSUSED*/
|
|
||||||
static void
|
static void
|
||||||
sigterm_handler(int sig)
|
sigterm_handler(int sig)
|
||||||
{
|
{
|
||||||
|
@ -354,7 +351,6 @@ sigterm_handler(int sig)
|
||||||
* SIGCHLD handler. This is called whenever a child dies. This will then
|
* SIGCHLD handler. This is called whenever a child dies. This will then
|
||||||
* reap any zombies left by exited children.
|
* reap any zombies left by exited children.
|
||||||
*/
|
*/
|
||||||
/*ARGSUSED*/
|
|
||||||
static void
|
static void
|
||||||
main_sigchld_handler(int sig)
|
main_sigchld_handler(int sig)
|
||||||
{
|
{
|
||||||
|
@ -371,7 +367,6 @@ main_sigchld_handler(int sig)
|
||||||
/*
|
/*
|
||||||
* Signal handler for the alarm after the login grace period has expired.
|
* Signal handler for the alarm after the login grace period has expired.
|
||||||
*/
|
*/
|
||||||
/*ARGSUSED*/
|
|
||||||
static void
|
static void
|
||||||
grace_alarm_handler(int sig)
|
grace_alarm_handler(int sig)
|
||||||
{
|
{
|
||||||
|
@ -928,7 +923,7 @@ usage(void)
|
||||||
fprintf(stderr, "%s, %s\n",
|
fprintf(stderr, "%s, %s\n",
|
||||||
SSH_RELEASE, SSH_OPENSSL_VERSION);
|
SSH_RELEASE, SSH_OPENSSL_VERSION);
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"usage: sshd [-46DdeiqTtV] [-C connection_spec] [-c host_cert_file]\n"
|
"usage: sshd [-46DdeGiqTtV] [-C connection_spec] [-c host_cert_file]\n"
|
||||||
" [-E log_file] [-f config_file] [-g login_grace_time]\n"
|
" [-E log_file] [-f config_file] [-g login_grace_time]\n"
|
||||||
" [-h host_key_file] [-o option] [-p port] [-u len]\n"
|
" [-h host_key_file] [-o option] [-p port] [-u len]\n"
|
||||||
);
|
);
|
||||||
|
@ -1581,6 +1576,21 @@ prepare_proctitle(int ac, char **av)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
print_config(struct ssh *ssh, struct connection_info *connection_info)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* If no connection info was provided by -C then use
|
||||||
|
* use a blank one that will cause no predicate to match.
|
||||||
|
*/
|
||||||
|
if (connection_info == NULL)
|
||||||
|
connection_info = get_connection_info(ssh, 0, 0);
|
||||||
|
connection_info->test = 1;
|
||||||
|
parse_server_match_config(&options, &includes, connection_info);
|
||||||
|
dump_config(&options);
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Main program for the daemon.
|
* Main program for the daemon.
|
||||||
*/
|
*/
|
||||||
|
@ -1590,7 +1600,7 @@ main(int ac, char **av)
|
||||||
struct ssh *ssh = NULL;
|
struct ssh *ssh = NULL;
|
||||||
extern char *optarg;
|
extern char *optarg;
|
||||||
extern int optind;
|
extern int optind;
|
||||||
int r, opt, on = 1, already_daemon, remote_port;
|
int r, opt, on = 1, do_dump_cfg = 0, already_daemon, remote_port;
|
||||||
int sock_in = -1, sock_out = -1, newsock = -1;
|
int sock_in = -1, sock_out = -1, newsock = -1;
|
||||||
const char *remote_ip, *rdomain;
|
const char *remote_ip, *rdomain;
|
||||||
char *fp, *line, *laddr, *logfile = NULL;
|
char *fp, *line, *laddr, *logfile = NULL;
|
||||||
|
@ -1638,7 +1648,7 @@ main(int ac, char **av)
|
||||||
|
|
||||||
/* Parse command-line arguments. */
|
/* Parse command-line arguments. */
|
||||||
while ((opt = getopt(ac, av,
|
while ((opt = getopt(ac, av,
|
||||||
"C:E:b:c:f:g:h:k:o:p:u:46DQRTdeiqrtV")) != -1) {
|
"C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) {
|
||||||
switch (opt) {
|
switch (opt) {
|
||||||
case '4':
|
case '4':
|
||||||
options.address_family = AF_INET;
|
options.address_family = AF_INET;
|
||||||
|
@ -1663,6 +1673,9 @@ main(int ac, char **av)
|
||||||
case 'D':
|
case 'D':
|
||||||
no_daemon_flag = 1;
|
no_daemon_flag = 1;
|
||||||
break;
|
break;
|
||||||
|
case 'G':
|
||||||
|
do_dump_cfg = 1;
|
||||||
|
break;
|
||||||
case 'E':
|
case 'E':
|
||||||
logfile = optarg;
|
logfile = optarg;
|
||||||
/* FALLTHROUGH */
|
/* FALLTHROUGH */
|
||||||
|
@ -1750,7 +1763,7 @@ main(int ac, char **av)
|
||||||
}
|
}
|
||||||
if (rexeced_flag || inetd_flag)
|
if (rexeced_flag || inetd_flag)
|
||||||
rexec_flag = 0;
|
rexec_flag = 0;
|
||||||
if (!test_flag && rexec_flag && !path_absolute(av[0]))
|
if (!test_flag && !do_dump_cfg && rexec_flag && !path_absolute(av[0]))
|
||||||
fatal("sshd re-exec requires execution with an absolute path");
|
fatal("sshd re-exec requires execution with an absolute path");
|
||||||
if (rexeced_flag)
|
if (rexeced_flag)
|
||||||
closefrom(REEXEC_MIN_FREE_FD);
|
closefrom(REEXEC_MIN_FREE_FD);
|
||||||
|
@ -1856,6 +1869,9 @@ main(int ac, char **av)
|
||||||
|
|
||||||
debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);
|
debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);
|
||||||
|
|
||||||
|
if (do_dump_cfg)
|
||||||
|
print_config(ssh, connection_info);
|
||||||
|
|
||||||
/* Store privilege separation user for later use if required. */
|
/* Store privilege separation user for later use if required. */
|
||||||
privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
|
privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
|
||||||
if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
|
if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
|
||||||
|
@ -2038,17 +2054,8 @@ main(int ac, char **av)
|
||||||
"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
|
"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (test_flag > 1) {
|
if (test_flag > 1)
|
||||||
/*
|
print_config(ssh, connection_info);
|
||||||
* If no connection info was provided by -C then use
|
|
||||||
* use a blank one that will cause no predicate to match.
|
|
||||||
*/
|
|
||||||
if (connection_info == NULL)
|
|
||||||
connection_info = get_connection_info(ssh, 0, 0);
|
|
||||||
connection_info->test = 1;
|
|
||||||
parse_server_match_config(&options, &includes, connection_info);
|
|
||||||
dump_config(&options);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Configuration looks good, so exit if in test mode. */
|
/* Configuration looks good, so exit if in test mode. */
|
||||||
if (test_flag)
|
if (test_flag)
|
||||||
|
@ -2174,17 +2181,21 @@ main(int ac, char **av)
|
||||||
if (rexec_flag) {
|
if (rexec_flag) {
|
||||||
debug("rexec start in %d out %d newsock %d pipe %d sock %d",
|
debug("rexec start in %d out %d newsock %d pipe %d sock %d",
|
||||||
sock_in, sock_out, newsock, startup_pipe, config_s[0]);
|
sock_in, sock_out, newsock, startup_pipe, config_s[0]);
|
||||||
dup2(newsock, STDIN_FILENO);
|
if (dup2(newsock, STDIN_FILENO) == -1)
|
||||||
dup2(STDIN_FILENO, STDOUT_FILENO);
|
debug3_f("dup2 stdin: %s", strerror(errno));
|
||||||
|
if (dup2(STDIN_FILENO, STDOUT_FILENO) == -1)
|
||||||
|
debug3_f("dup2 stdout: %s", strerror(errno));
|
||||||
if (startup_pipe == -1)
|
if (startup_pipe == -1)
|
||||||
close(REEXEC_STARTUP_PIPE_FD);
|
close(REEXEC_STARTUP_PIPE_FD);
|
||||||
else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) {
|
else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) {
|
||||||
dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD);
|
if (dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD) == -1)
|
||||||
|
debug3_f("dup2 startup_p: %s", strerror(errno));
|
||||||
close(startup_pipe);
|
close(startup_pipe);
|
||||||
startup_pipe = REEXEC_STARTUP_PIPE_FD;
|
startup_pipe = REEXEC_STARTUP_PIPE_FD;
|
||||||
}
|
}
|
||||||
|
|
||||||
dup2(config_s[1], REEXEC_CONFIG_PASS_FD);
|
if (dup2(config_s[1], REEXEC_CONFIG_PASS_FD) == -1)
|
||||||
|
debug3_f("dup2 config_s: %s", strerror(errno));
|
||||||
close(config_s[1]);
|
close(config_s[1]);
|
||||||
|
|
||||||
ssh_signal(SIGHUP, SIG_IGN); /* avoid reset to SIG_DFL */
|
ssh_signal(SIGHUP, SIG_IGN); /* avoid reset to SIG_DFL */
|
||||||
|
@ -2472,30 +2483,23 @@ sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,
|
||||||
static void
|
static void
|
||||||
do_ssh2_kex(struct ssh *ssh)
|
do_ssh2_kex(struct ssh *ssh)
|
||||||
{
|
{
|
||||||
char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
|
char *hkalgs = NULL, *myproposal[PROPOSAL_MAX];
|
||||||
|
const char *compression = NULL;
|
||||||
struct kex *kex;
|
struct kex *kex;
|
||||||
char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL;
|
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
myproposal[PROPOSAL_KEX_ALGS] = prop_kex = compat_kex_proposal(ssh,
|
|
||||||
options.kex_algorithms);
|
|
||||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
|
||||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc =
|
|
||||||
compat_cipher_proposal(ssh, options.ciphers);
|
|
||||||
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
|
||||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
|
||||||
|
|
||||||
if (options.compression == COMP_NONE) {
|
|
||||||
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
|
|
||||||
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
|
|
||||||
}
|
|
||||||
|
|
||||||
if (options.rekey_limit || options.rekey_interval)
|
if (options.rekey_limit || options.rekey_interval)
|
||||||
ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
|
ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
|
||||||
options.rekey_interval);
|
options.rekey_interval);
|
||||||
|
|
||||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey =
|
if (options.compression == COMP_NONE)
|
||||||
compat_pkalg_proposal(ssh, list_hostkey_types());
|
compression = "none";
|
||||||
|
hkalgs = list_hostkey_types();
|
||||||
|
|
||||||
|
kex_proposal_populate_entries(ssh, myproposal, options.kex_algorithms,
|
||||||
|
options.ciphers, options.macs, compression, hkalgs);
|
||||||
|
|
||||||
|
free(hkalgs);
|
||||||
|
|
||||||
/* start key exchange */
|
/* start key exchange */
|
||||||
if ((r = kex_setup(ssh, myproposal)) != 0)
|
if ((r = kex_setup(ssh, myproposal)) != 0)
|
||||||
|
@ -2530,9 +2534,7 @@ do_ssh2_kex(struct ssh *ssh)
|
||||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||||
fatal_fr(r, "send test");
|
fatal_fr(r, "send test");
|
||||||
#endif
|
#endif
|
||||||
free(prop_kex);
|
kex_proposal_free_entries(myproposal);
|
||||||
free(prop_enc);
|
|
||||||
free(prop_hostkey);
|
|
||||||
debug("KEX done");
|
debug("KEX done");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys
|
||||||
#PermitTunnel no
|
#PermitTunnel no
|
||||||
#ChrootDirectory none
|
#ChrootDirectory none
|
||||||
#UseBlacklist no
|
#UseBlacklist no
|
||||||
#VersionAddendum FreeBSD-20230205
|
#VersionAddendum FreeBSD-20230316
|
||||||
|
|
||||||
# no default banner path
|
# no default banner path
|
||||||
#Banner none
|
#Banner none
|
||||||
|
|
|
@ -33,8 +33,8 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: sshd_config.5,v 1.347 2023/01/18 06:55:32 jmc Exp $
|
.\" $OpenBSD: sshd_config.5,v 1.348 2023/03/03 04:36:20 djm Exp $
|
||||||
.Dd $Mdocdate: January 18 2023 $
|
.Dd $Mdocdate: March 3 2023 $
|
||||||
.Dt SSHD_CONFIG 5
|
.Dt SSHD_CONFIG 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -48,7 +48,7 @@ reads configuration data from
|
||||||
.Fl f
|
.Fl f
|
||||||
on the command line).
|
on the command line).
|
||||||
The file contains keyword-argument pairs, one per line.
|
The file contains keyword-argument pairs, one per line.
|
||||||
For each keyword, the first obtained value will be used.
|
Unless noted otherwise, for each keyword, the first obtained value will be used.
|
||||||
Lines starting with
|
Lines starting with
|
||||||
.Ql #
|
.Ql #
|
||||||
and empty lines are interpreted as comments.
|
and empty lines are interpreted as comments.
|
||||||
|
@ -120,6 +120,9 @@ The allow/deny groups directives are processed in the following order:
|
||||||
See PATTERNS in
|
See PATTERNS in
|
||||||
.Xr ssh_config 5
|
.Xr ssh_config 5
|
||||||
for more information on patterns.
|
for more information on patterns.
|
||||||
|
This keyword may appear multiple times in
|
||||||
|
.Nm
|
||||||
|
with each instance appending to the list.
|
||||||
.It Cm AllowStreamLocalForwarding
|
.It Cm AllowStreamLocalForwarding
|
||||||
Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
|
Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
|
||||||
The available options are
|
The available options are
|
||||||
|
@ -177,6 +180,9 @@ The allow/deny users directives are processed in the following order:
|
||||||
See PATTERNS in
|
See PATTERNS in
|
||||||
.Xr ssh_config 5
|
.Xr ssh_config 5
|
||||||
for more information on patterns.
|
for more information on patterns.
|
||||||
|
This keyword may appear multiple times in
|
||||||
|
.Nm
|
||||||
|
with each instance appending to the list.
|
||||||
.It Cm AuthenticationMethods
|
.It Cm AuthenticationMethods
|
||||||
Specifies the authentication methods that must be successfully completed
|
Specifies the authentication methods that must be successfully completed
|
||||||
for a user to be granted access.
|
for a user to be granted access.
|
||||||
|
@ -629,6 +635,9 @@ The allow/deny groups directives are processed in the following order:
|
||||||
See PATTERNS in
|
See PATTERNS in
|
||||||
.Xr ssh_config 5
|
.Xr ssh_config 5
|
||||||
for more information on patterns.
|
for more information on patterns.
|
||||||
|
This keyword may appear multiple times in
|
||||||
|
.Nm
|
||||||
|
with each instance appending to the list.
|
||||||
.It Cm DenyUsers
|
.It Cm DenyUsers
|
||||||
This keyword can be followed by a list of user name patterns, separated
|
This keyword can be followed by a list of user name patterns, separated
|
||||||
by spaces.
|
by spaces.
|
||||||
|
@ -647,6 +656,9 @@ The allow/deny users directives are processed in the following order:
|
||||||
See PATTERNS in
|
See PATTERNS in
|
||||||
.Xr ssh_config 5
|
.Xr ssh_config 5
|
||||||
for more information on patterns.
|
for more information on patterns.
|
||||||
|
This keyword may appear multiple times in
|
||||||
|
.Nm
|
||||||
|
with each instance appending to the list.
|
||||||
.It Cm DisableForwarding
|
.It Cm DisableForwarding
|
||||||
Disables all forwarding features, including X11,
|
Disables all forwarding features, including X11,
|
||||||
.Xr ssh-agent 1 ,
|
.Xr ssh-agent 1 ,
|
||||||
|
@ -1915,7 +1927,7 @@ The default is
|
||||||
Optionally specifies additional text to append to the SSH protocol banner
|
Optionally specifies additional text to append to the SSH protocol banner
|
||||||
sent by the server upon connection.
|
sent by the server upon connection.
|
||||||
The default is
|
The default is
|
||||||
.Qq FreeBSD-20230205 .
|
.Qq FreeBSD-20230316 .
|
||||||
The value
|
The value
|
||||||
.Cm none
|
.Cm none
|
||||||
may be used to disable this.
|
may be used to disable this.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: umac.c,v 1.22 2022/01/01 05:55:06 jsg Exp $ */
|
/* $OpenBSD: umac.c,v 1.23 2023/03/07 01:30:52 djm Exp $ */
|
||||||
/* -----------------------------------------------------------------------
|
/* -----------------------------------------------------------------------
|
||||||
*
|
*
|
||||||
* umac.c -- C Implementation UMAC Message Authentication
|
* umac.c -- C Implementation UMAC Message Authentication
|
||||||
|
@ -233,7 +233,8 @@ static void pdf_init(pdf_ctx *pc, aes_int_key prf_key)
|
||||||
explicit_bzero(buf, sizeof(buf));
|
explicit_bzero(buf, sizeof(buf));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8])
|
static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8],
|
||||||
|
UINT8 buf[UMAC_OUTPUT_LEN])
|
||||||
{
|
{
|
||||||
/* 'ndx' indicates that we'll be using the 0th or 1st eight bytes
|
/* 'ndx' indicates that we'll be using the 0th or 1st eight bytes
|
||||||
* of the AES output. If last time around we returned the ndx-1st
|
* of the AES output. If last time around we returned the ndx-1st
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/* $OpenBSD: version.h,v 1.96 2023/02/02 12:10:22 djm Exp $ */
|
/* $OpenBSD: version.h,v 1.97 2023/03/15 21:19:57 djm Exp $ */
|
||||||
|
|
||||||
#define SSH_VERSION "OpenSSH_9.2"
|
#define SSH_VERSION "OpenSSH_9.3"
|
||||||
|
|
||||||
#define SSH_PORTABLE "p1"
|
#define SSH_PORTABLE "p1"
|
||||||
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
||||||
|
|
||||||
#define SSH_VERSION_FREEBSD "FreeBSD-20230205"
|
#define SSH_VERSION_FREEBSD "FreeBSD-20230316"
|
||||||
|
|
|
@ -39,6 +39,7 @@ PACKAGE= ssh
|
||||||
SRCS+= bcrypt_pbkdf.c blowfish.c bsd-misc.c bsd-signal.c explicit_bzero.c \
|
SRCS+= bcrypt_pbkdf.c blowfish.c bsd-misc.c bsd-signal.c explicit_bzero.c \
|
||||||
fmt_scaled.c freezero.c glob.c \
|
fmt_scaled.c freezero.c glob.c \
|
||||||
libressl-api-compat.c \
|
libressl-api-compat.c \
|
||||||
|
mktemp.c \
|
||||||
openssl-compat.c port-net.c \
|
openssl-compat.c port-net.c \
|
||||||
recallocarray.c strtonum.c timingsafe_bcmp.c vis.c xcrypt.c
|
recallocarray.c strtonum.c timingsafe_bcmp.c vis.c xcrypt.c
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue