Mailing List Archive

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit e7fd952f4ea01f09ceb068721a5431ac2fd416ed
Author: djm@openbsd.org <djm@openbsd.org>
Date: Tue Jan 13 19:04:35 2015 +0000

upstream commit

sync changes from libopenssh; prepared by markus@ mostly
debug output tweaks, a couple of error return value changes and some other
minor stuff
---
krl.c | 98 +++++++++++++++++++++++++++++++++----------------------------------
krl.h | 4 +--
2 files changed, 50 insertions(+), 52 deletions(-)

diff --git a/krl.c b/krl.c
index 47d6d2c..d6bd109 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

-/* $OpenBSD: krl.c,v 1.24 2015/01/12 19:22:46 markus Exp $ */
+/* $OpenBSD: krl.c,v 1.25 2015/01/13 19:04:35 djm Exp $ */

#include "includes.h"

@@ -31,11 +31,11 @@
#include <unistd.h>

#include "sshbuf.h"
+#include "ssherr.h"
#include "sshkey.h"
#include "authfile.h"
#include "misc.h"
#include "log.h"
-#include "ssherr.h"
#include "digest.h"

#include "krl.h"
@@ -230,7 +230,7 @@ revoked_certs_for_ca_key(struct ssh_krl *krl, const struct sshkey *ca_key,
RB_INIT(&rc->revoked_serials);
RB_INIT(&rc->revoked_key_ids);
TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry);
- debug3("%s: new CA %s", __func__, sshkey_type(ca_key));
+ KRL_DBG(("%s: new CA %s", __func__, sshkey_type(ca_key)));
*rcp = rc;
return 0;
}
@@ -255,7 +255,7 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi)
KRL_DBG(("%s: bad: ers != NULL", __func__));
/* Shouldn't happen */
free(irs);
- return SSH_ERR_ALLOC_FAIL;
+ return SSH_ERR_INTERNAL_ERROR;
}
ers = irs;
} else {
@@ -270,6 +270,7 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi)
if (ers->hi < hi)
ers->hi = hi;
}
+
/*
* The inserted or revised range might overlap or abut adjacent ones;
* coalesce as necessary.
@@ -315,14 +316,14 @@ ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, const struct sshkey *ca_key,
}

int
-ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, const struct sshkey *ca_key,
- u_int64_t lo, u_int64_t hi)
+ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl,
+ const struct sshkey *ca_key, u_int64_t lo, u_int64_t hi)
{
struct revoked_certs *rc;
int r;

if (lo > hi || lo == 0)
- return -1;
+ return SSH_ERR_INVALID_ARGUMENT;
if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0)
return r;
return insert_serial_range(&rc->revoked_serials, lo, hi);
@@ -339,7 +340,7 @@ ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const struct sshkey *ca_key,
if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0)
return r;

- debug3("%s: revoke %s", __func__, key_id);
+ KRL_DBG(("%s: revoke %s", __func__, key_id));
if ((rki = calloc(1, sizeof(*rki))) == NULL ||
(rki->key_id = strdup(key_id)) == NULL) {
free(rki);
@@ -375,7 +376,7 @@ plain_key_blob(const struct sshkey *key, u_char **blob, size_t *blen)

/* Revoke a key blob. Ownership of blob is transferred to the tree */
static int
-revoke_blob(struct revoked_blob_tree *rbt, u_char *blob, u_int len)
+revoke_blob(struct revoked_blob_tree *rbt, u_char *blob, size_t len)
{
struct revoked_blob *rb, *erb;

@@ -507,14 +508,14 @@ choose_next_state(int current_state, u_int64_t contig, int final,
*force_new_section = 1;
cost = cost_bitmap_restart;
}
- debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:"
+ KRL_DBG(("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:"
"list %llu range %llu bitmap %llu new bitmap %llu, "
"selected 0x%02x%s", __func__, (long long unsigned)contig,
(long long unsigned)last_gap, (long long unsigned)next_gap, final,
(long long unsigned)cost_list, (long long unsigned)cost_range,
(long long unsigned)cost_bitmap,
(long long unsigned)cost_bitmap_restart, new_state,
- *force_new_section ? " restart" : "");
+ *force_new_section ? " restart" : ""));
return new_state;
}

@@ -522,7 +523,7 @@ choose_next_state(int current_state, u_int64_t contig, int final,
static int
revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
{
- int final, force_new_sect, r = -1;
+ int final, force_new_sect, r = SSH_ERR_INTERNAL_ERROR;
u_int64_t i, contig, gap, last = 0, bitmap_start = 0;
struct revoked_serial *rs, *nrs;
struct revoked_key_id *rki;
@@ -545,9 +546,9 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials);
rs != NULL;
rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) {
- debug3("%s: serial %llu:%llu state 0x%02x", __func__,
+ KRL_DBG(("%s: serial %llu:%llu state 0x%02x", __func__,
(long long unsigned)rs->lo, (long long unsigned)rs->hi,
- state);
+ state));

/* Check contiguous length and gap to next section (if any) */
nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs);
@@ -565,7 +566,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
*/
if (state != 0 && (force_new_sect || next_state != state ||
state == KRL_SECTION_CERT_SERIAL_RANGE)) {
- debug3("%s: finish state 0x%02x", __func__, state);
+ KRL_DBG(("%s: finish state 0x%02x", __func__, state));
switch (state) {
case KRL_SECTION_CERT_SERIAL_LIST:
case KRL_SECTION_CERT_SERIAL_RANGE:
@@ -585,7 +586,8 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)

/* If we are starting a new section then prepare it now */
if (next_state != state || force_new_sect) {
- debug3("%s: start state 0x%02x", __func__, next_state);
+ KRL_DBG(("%s: start state 0x%02x", __func__,
+ next_state));
state = next_state;
sshbuf_reset(sect);
switch (state) {
@@ -636,8 +638,8 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
}
/* Flush the remaining section, if any */
if (state != 0) {
- debug3("%s: serial final flush for state 0x%02x",
- __func__, state);
+ KRL_DBG(("%s: serial final flush for state 0x%02x",
+ __func__, state));
switch (state) {
case KRL_SECTION_CERT_SERIAL_LIST:
case KRL_SECTION_CERT_SERIAL_RANGE:
@@ -653,12 +655,12 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
(r = sshbuf_put_stringb(buf, sect)) != 0)
goto out;
}
- debug3("%s: serial done ", __func__);
+ KRL_DBG(("%s: serial done ", __func__));

/* Now output a section for any revocations by key ID */
sshbuf_reset(sect);
RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) {
- debug3("%s: key ID %s", __func__, rki->key_id);
+ KRL_DBG(("%s: key ID %s", __func__, rki->key_id));
if ((r = sshbuf_put_cstring(sect, rki->key_id)) != 0)
goto out;
}
@@ -679,7 +681,7 @@ int
ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
const struct sshkey **sign_keys, u_int nsign_keys)
{
- int r = -1;
+ int r = SSH_ERR_INTERNAL_ERROR;
struct revoked_certs *rc;
struct revoked_blob *rb;
struct sshbuf *sect;
@@ -715,7 +717,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
/* Finally, output sections for revocations by public key/hash */
sshbuf_reset(sect);
RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) {
- debug3("%s: key len %zu ", __func__, rb->len);
+ KRL_DBG(("%s: key len %u ", __func__, rb->len));
if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
goto out;
}
@@ -726,7 +728,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
}
sshbuf_reset(sect);
RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) {
- debug3("%s: hash len %zu ", __func__, rb->len);
+ KRL_DBG(("%s: hash len %u ", __func__, rb->len));
if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
goto out;
}
@@ -742,7 +744,8 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
if ((r = sshkey_to_blob_buf(sign_keys[i], sect)) != 0)
goto out;

- debug3("%s: signature key len %zu", __func__, sshbuf_len(sect));
+ KRL_DBG(("%s: signature key len %zu", __func__,
+ sshbuf_len(sect)));
if ((r = sshbuf_put_u8(buf, KRL_SECTION_SIGNATURE)) != 0 ||
(r = sshbuf_put_stringb(buf, sect)) != 0)
goto out;
@@ -750,7 +753,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
if ((r = sshkey_sign(sign_keys[i], &sblob, &slen,
sshbuf_ptr(buf), sshbuf_len(buf), 0)) == -1)
goto out;
- debug3("%s: signature sig len %zu", __func__, slen);
+ KRL_DBG(("%s: signature sig len %u", __func__, slen));
if ((r = sshbuf_put_string(buf, sblob, slen)) != 0)
goto out;
}
@@ -781,7 +784,7 @@ format_timestamp(u_int64_t timestamp, char *ts, size_t nts)
static int
parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
{
- int r = -1, nbits;
+ int r = SSH_ERR_INTERNAL_ERROR, nbits;
u_char type;
const u_char *blob;
size_t blen;
@@ -809,7 +812,8 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
if ((r = sshbuf_get_u8(buf, &type)) != 0 ||
(r = sshbuf_froms(buf, &subsect)) != 0)
goto out;
- debug3("%s: subsection type 0x%02x", __func__, type);
+ KRL_DBG(("%s: subsection type 0x%02x", __func__, type));
+ /* sshbuf_dump(subsect, stderr); */

switch (type) {
case KRL_SECTION_CERT_SERIAL_LIST:
@@ -842,7 +846,7 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
- for (serial = 0; serial < (u_int)nbits; serial++) {
+ for (serial = 0; serial < (u_int64_t)nbits; serial++) {
if (serial > 0 && serial_lo + serial == 0) {
error("%s: bitmap wraps u64", __func__);
r = SSH_ERR_INVALID_FORMAT;
@@ -895,12 +899,12 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
/* Attempt to parse a KRL, checking its signature (if any) with sign_ca_keys. */
int
ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
- const struct sshkey **sign_ca_keys, u_int nsign_ca_keys)
+ const struct sshkey **sign_ca_keys, size_t nsign_ca_keys)
{
struct sshbuf *copy = NULL, *sect = NULL;
struct ssh_krl *krl = NULL;
char timestamp[64];
- int r = -1, sig_seen;
+ int r = SSH_ERR_INTERNAL_ERROR, sig_seen;
struct sshkey *key = NULL, **ca_used = NULL, **tmp_ca_used;
u_char type, *rdata = NULL;
const u_char *blob;
@@ -961,12 +965,12 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
(r = sshbuf_get_string_direct(copy, &blob, &blen)) != 0)
goto out;
- debug3("%s: first pass, section 0x%02x", __func__, type);
+ KRL_DBG(("%s: first pass, section 0x%02x", __func__, type));
if (type != KRL_SECTION_SIGNATURE) {
if (sig_seen) {
- r = SSH_ERR_INVALID_FORMAT;
error("KRL contains non-signature section "
"after signature");
+ r = SSH_ERR_INVALID_FORMAT;
goto out;
}
/* Not interested for now. */
@@ -976,7 +980,6 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
/* First string component is the signing key */
if ((r = sshkey_from_blob(blob, blen, &key)) != 0) {
r = SSH_ERR_INVALID_FORMAT;
- error("%s: invalid signature key", __func__);
goto out;
}
if (sshbuf_len(buf) < sshbuf_len(copy)) {
@@ -992,16 +995,14 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
}
/* Check signature over entire KRL up to this point */
if ((r = sshkey_verify(key, blob, blen,
- sshbuf_ptr(buf), sshbuf_len(buf) - sig_off, 0)) != 0) {
- error("bad signaure on KRL");
+ sshbuf_ptr(buf), sshbuf_len(buf) - sig_off, 0)) != 0)
goto out;
- }
/* Check if this key has already signed this KRL */
for (i = 0; i < nca_used; i++) {
if (sshkey_equal(ca_used[i], key)) {
error("KRL signed more than once with "
"the same key");
- r = SSH_ERR_SIGNATURE_INVALID;
+ r = SSH_ERR_INVALID_FORMAT;
goto out;
}
}
@@ -1041,10 +1042,9 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
sect = NULL;
}
if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
- (r = sshbuf_froms(copy, &sect)) != 0) {
+ (r = sshbuf_froms(copy, &sect)) != 0)
goto out;
- }
- debug3("%s: second pass, section 0x%02x", __func__, type);
+ KRL_DBG(("%s: second pass, section 0x%02x", __func__, type));

switch (type) {
case KRL_SECTION_CERTIFICATES:
@@ -1068,7 +1068,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
&krl->revoked_keys : &krl->revoked_sha1s,
rdata, rlen)) != 0)
goto out;
- rdata = NULL; /* revoke_blob frees blob */
+ rdata = NULL; /* revoke_blob frees rdata */
}
break;
case KRL_SECTION_SIGNATURE:
@@ -1101,8 +1101,8 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
}
}
if (nca_used && !sig_seen) {
- r = SSH_ERR_SIGNATURE_INVALID;
error("All keys used to sign KRL were revoked");
+ r = SSH_ERR_KEY_REVOKED;
goto out;
}

@@ -1159,7 +1159,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
free(rb.blob);
if (erb != NULL) {
- debug("%s: revoked by key SHA1", __func__);
+ KRL_DBG(("%s: revoked by key SHA1", __func__));
return SSH_ERR_KEY_REVOKED;
}

@@ -1170,7 +1170,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
free(rb.blob);
if (erb != NULL) {
- debug("%s: revoked by explicit key", __func__);
+ KRL_DBG(("%s: revoked by explicit key", __func__));
return SSH_ERR_KEY_REVOKED;
}

@@ -1189,7 +1189,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
rki.key_id = key->cert->key_id;
erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki);
if (erki != NULL) {
- debug("%s: revoked by key ID", __func__);
+ KRL_DBG(("%s: revoked by key ID", __func__));
return SSH_ERR_KEY_REVOKED;
}

@@ -1204,13 +1204,11 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
rs.lo = rs.hi = key->cert->serial;
ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs);
if (ers != NULL) {
- KRL_DBG(("%s: %llu matched %llu:%llu", __func__,
+ KRL_DBG(("%s: revoked serial %llu matched %llu:%llu", __func__,
key->cert->serial, ers->lo, ers->hi));
- debug("%s: revoked by serial", __func__);
return SSH_ERR_KEY_REVOKED;
}
KRL_DBG(("%s: %llu no match", __func__, key->cert->serial));
-
return 0;
}

@@ -1219,7 +1217,7 @@ ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key)
{
int r;

- debug2("%s: checking key", __func__);
+ KRL_DBG(("%s: checking key", __func__));
if ((r = is_key_revoked(krl, key)) != 0)
return r;
if (sshkey_is_cert(key)) {
@@ -1227,7 +1225,7 @@ ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key)
if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0)
return r;
}
- debug3("%s: key okay", __func__);
+ KRL_DBG(("%s: key okay", __func__));
return 0;
}

diff --git a/krl.h b/krl.h
index c98cc13..4e12bef 100644
--- a/krl.h
+++ b/krl.h
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

-/* $OpenBSD: krl.h,v 1.3 2014/12/04 01:49:59 djm Exp $ */
+/* $OpenBSD: krl.h,v 1.4 2015/01/13 19:06:49 djm Exp $ */

#ifndef _KRL_H
#define _KRL_H
@@ -57,7 +57,7 @@ int ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key);
int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
const struct sshkey **sign_keys, u_int nsign_keys);
int ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
- const struct sshkey **sign_ca_keys, u_int nsign_ca_keys);
+ const struct sshkey **sign_ca_keys, size_t nsign_ca_keys);
int ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key);
int ssh_krl_file_contains_key(const char *path, const struct sshkey *key);


--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit e2cc6bef08941256817d44d146115b3478586ad4
Author: djm@openbsd.org <djm@openbsd.org>
Date: Tue Jan 20 07:55:33 2015 +0000

upstream commit

fix hostkeys in agent; ok markus@
---
kexc25519s.c | 9 ++++-----
kexdhs.c | 9 ++++-----
kexecdhs.c | 9 ++++-----
kexgexs.c | 9 ++++-----
4 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/kexc25519s.c b/kexc25519s.c
index 912b0af..d840856 100644
--- a/kexc25519s.c
+++ b/kexc25519s.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexc25519s.c,v 1.6 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kexc25519s.c,v 1.7 2015/01/20 07:55:33 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -75,10 +75,9 @@ input_kex_c25519_init(int type, u_int32_t seq, void *ctxt)
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
- if ((server_host_public = kex->load_host_public_key(kex->hostkey_type,
- ssh)) == NULL ||
- (server_host_private = kex->load_host_private_key(kex->hostkey_type,
- ssh)) == NULL) {
+ server_host_public = kex->load_host_public_key(kex->hostkey_type, ssh);
+ server_host_private = kex->load_host_private_key(kex->hostkey_type, ssh);
+ if (server_host_public == NULL) {
r = SSH_ERR_NO_HOSTKEY_LOADED;
goto out;
}
diff --git a/kexdhs.c b/kexdhs.c
index 182657a..0bfa08b 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.20 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.21 2015/01/20 07:55:33 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -101,10 +101,9 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt)
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
- if ((server_host_public = kex->load_host_public_key(kex->hostkey_type,
- ssh)) == NULL ||
- (server_host_private = kex->load_host_private_key(kex->hostkey_type,
- ssh)) == NULL) {
+ server_host_public = kex->load_host_public_key(kex->hostkey_type, ssh);
+ server_host_private = kex->load_host_private_key(kex->hostkey_type, ssh);
+ if (server_host_public == NULL) {
r = SSH_ERR_NO_HOSTKEY_LOADED;
goto out;
}
diff --git a/kexecdhs.c b/kexecdhs.c
index 6b8d95d..f47a7b2 100644
--- a/kexecdhs.c
+++ b/kexecdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhs.c,v 1.12 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kexecdhs.c,v 1.13 2015/01/20 07:55:33 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -95,10 +95,9 @@ input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt)
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
- if ((server_host_public = kex->load_host_public_key(kex->hostkey_type,
- ssh)) == NULL ||
- (server_host_private = kex->load_host_private_key(kex->hostkey_type,
- ssh)) == NULL) {
+ server_host_public = kex->load_host_public_key(kex->hostkey_type, ssh);
+ server_host_private = kex->load_host_private_key(kex->hostkey_type, ssh);
+ if (server_host_public == NULL) {
r = SSH_ERR_NO_HOSTKEY_LOADED;
goto out;
}
diff --git a/kexgexs.c b/kexgexs.c
index 6e2b009..d456820 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.21 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.22 2015/01/20 07:55:33 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -160,10 +160,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, void *ctxt)
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
- if ((server_host_public = kex->load_host_public_key(kex->hostkey_type,
- ssh)) == NULL ||
- (server_host_private = kex->load_host_private_key(kex->hostkey_type,
- ssh)) == NULL) {
+ server_host_public = kex->load_host_public_key(kex->hostkey_type, ssh);
+ server_host_private = kex->load_host_private_key(kex->hostkey_type, ssh);
+ if (server_host_public == NULL) {
r = SSH_ERR_NO_HOSTKEY_LOADED;
goto out;
}

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 9f7637f56eddfaf62ce3c0af89c25480f2cf1068
Author: jmc@openbsd.org <jmc@openbsd.org>
Date: Mon Jan 26 13:55:29 2015 +0000

upstream commit

sort previous;
---
scp.1 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scp.1 b/scp.1
index dbf14fd..b80ad8b 100644
--- a/scp.1
+++ b/scp.1
@@ -8,7 +8,7 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.64 2015/01/26 12:16:36 djm Exp $
+.\" $OpenBSD: scp.1,v 1.65 2015/01/26 13:55:29 jmc Exp $
.\"
.Dd $Mdocdate: January 26 2015 $
.Dt SCP 1
@@ -178,8 +178,8 @@ For full details of the options listed below, and their possible values, see
.It ServerAliveCountMax
.It StrictHostKeyChecking
.It TCPKeepAlive
-.It UsePrivilegedPort
.It UpdateHostKeys
+.It UsePrivilegedPort
.It User
.It UserKnownHostsFile
.It VerifyHostKeyDNS

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 802660cb70453fa4d230cb0233bc1bbdf8328de1
Author: djm@openbsd.org <djm@openbsd.org>
Date: Fri Jan 30 10:44:49 2015 +0000

upstream commit

set a timeout to prevent hangs when talking to busted
servers; ok markus@
---
ssh-keyscan.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 989f7ec..2b13030 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.98 2015/01/30 01:13:33 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.99 2015/01/30 10:44:49 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@@ -468,6 +468,7 @@ congreet(int s)
*cp = '\0';
if ((c->c_ssh = ssh_packet_set_connection(NULL, s, s)) == NULL)
fatal("ssh_packet_set_connection failed");
+ ssh_packet_set_timeout(c->c_ssh, timeout, 1);
ssh_set_app_data(c->c_ssh, c); /* back link */
if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
&remote_major, &remote_minor, remote_version) == 3)

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 5d34aa94938abb12b877a25be51862757f25d54b
Author: halex@openbsd.org <halex@openbsd.org>
Date: Tue Feb 3 00:34:14 2015 +0000

upstream commit

slightly extend the passphrase prompt if running with -c
in order to give the user a chance to notice if unintentionally running
without it

wording tweak and ok djm@
---
ssh-add.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ssh-add.c b/ssh-add.c
index 676e65d..d160713 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.118 2015/01/28 22:36:00 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.119 2015/02/03 00:34:14 halex Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -232,8 +232,8 @@ add_file(int agent_fd, const char *filename, int key_only)
if (private == NULL) {
/* clear passphrase since it did not work */
clear_pass();
- snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ",
- comment);
+ snprintf(msg, sizeof msg, "Enter passphrase for %.200s%s: ",
+ comment, confirm ? " (will confirm each use)" : "");
for (;;) {
pass = read_passphrase(msg, RP_ALLOW_STDIN);
if (strcmp(pass, "") == 0)
@@ -253,7 +253,8 @@ add_file(int agent_fd, const char *filename, int key_only)
}
clear_pass();
snprintf(msg, sizeof msg,
- "Bad passphrase, try again for %.200s: ", comment);
+ "Bad passphrase, try again for %.200s%s: ", comment,
+ confirm ? " (will confirm each use)" : "");
}
}
sshbuf_free(keyblob);

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 4af1709cf774475ce5d1bc3ddcc165f6c222897d
Author: jsg@openbsd.org <jsg@openbsd.org>
Date: Mon Feb 9 23:22:37 2015 +0000

upstream commit

fix some leaks in error paths ok markus@
---
packet.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/packet.c b/packet.c
index f9ce084..8b8ab0c 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.205 2015/01/30 01:13:33 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.206 2015/02/09 23:22:37 jsg Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -290,6 +290,7 @@ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
(r = cipher_init(&state->receive_context, none,
(const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) {
error("%s: cipher_init failed: %s", __func__, ssh_err(r));
+ free(ssh);
return NULL;
}
state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL;
@@ -1273,8 +1274,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
* Since we are blocking, ensure that all written packets have
* been sent.
*/
- if ((r = ssh_packet_write_wait(ssh)) != 0)
+ if ((r = ssh_packet_write_wait(ssh)) != 0) {
+ free(setp);
return r;
+ }

/* Stay in the loop until we have received a complete packet. */
for (;;) {

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 13a39414d25646f93e6d355521d832a03aaaffe2
Author: djm@openbsd.org <djm@openbsd.org>
Date: Tue Feb 17 00:14:05 2015 +0000

upstream commit

Regression: I broke logging of public key fingerprints in
1.46. Pointed out by Pontus Lundkvist
---
auth2-pubkey.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d8f0aa3..d943efa 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.46 2015/01/28 22:36:00 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.47 2015/02/17 00:14:05 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -234,14 +234,14 @@ pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
key_type(key), key->cert->key_id,
(unsigned long long)key->cert->serial,
key_type(key->cert->signature_key),
- fp == NULL ? "(null)" : "",
+ fp == NULL ? "(null)" : fp,
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp);
} else {
fp = sshkey_fingerprint(key, options.fingerprint_hash,
SSH_FP_DEFAULT);
auth_info(authctxt, "%s %s%s%s", key_type(key),
- fp == NULL ? "(null)" : "",
+ fp == NULL ? "(null)" : fp,
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp);
}

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit e94e4b07ef2eaead38b085a60535df9981cdbcdb
Author: djm@openbsd.org <djm@openbsd.org>
Date: Mon Feb 23 16:55:31 2015 +0000

upstream commit

silence a spurious error message when listing
fingerprints for known_hosts; bz#2342
---
ssh-keygen.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 9238748..1ae865a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.262 2015/02/16 22:08:57 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.263 2015/02/23 16:55:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -843,7 +843,7 @@ do_fingerprint(struct passwd *pw)
exit(1);
}
if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0)
- error("Error loading public key \"%s\": %s",
+ debug("Error loading public key \"%s\": %s",
identity_file, ssh_err(r));
else {
fp = sshkey_fingerprint(public, fptype, rep);

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 6288e3a935494df12519164f52ca5c8c65fc3ca5
Author: naddy@openbsd.org <naddy@openbsd.org>
Date: Tue Feb 24 15:24:05 2015 +0000

upstream commit

add -v (show ASCII art) to -l's synopsis; ok djm@
---
ssh-keygen.1 | 5 +++--
ssh-keygen.c | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/ssh-keygen.1 b/ssh-keygen.1
index b73c460..9b93666 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.124 2014/12/21 22:27:56 djm Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.125 2015/02/24 15:24:05 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: December 21 2014 $
+.Dd $Mdocdate: February 24 2015 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -73,6 +73,7 @@
.Op Fl f Ar keyfile
.Nm ssh-keygen
.Fl l
+.Op Fl v
.Op Fl E Ar fingerprint_hash
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
diff --git a/ssh-keygen.c b/ssh-keygen.c
index b85fa49..4a5c402 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.264 2015/02/23 22:21:21 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.265 2015/02/24 15:24:05 naddy Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2204,7 +2204,7 @@ usage(void)
" ssh-keygen -e [-m key_format] [-f input_keyfile]\n"
" ssh-keygen -y [-f input_keyfile]\n"
" ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
- " ssh-keygen -l [-E fingerprint_hash] [-f input_keyfile]\n"
+ " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
" ssh-keygen -B [-f input_keyfile]\n");
#ifdef ENABLE_PKCS11
fprintf(stderr,

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit a63cfa26864b93ab6afefad0b630e5358ed8edfa
Author: djm@openbsd.org <djm@openbsd.org>
Date: Wed Feb 25 19:54:02 2015 +0000

upstream commit

fix small memory leak when UpdateHostkeys=no
---
clientloop.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/clientloop.c b/clientloop.c
index 8969869..a9c8a90 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.271 2015/02/23 16:33:25 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2321,9 +2321,7 @@ client_input_hostkeys(void)
char *fp;
static int hostkeys_seen = 0; /* XXX use struct ssh */
extern struct sockaddr_storage hostaddr; /* XXX from ssh.c */
- struct hostkeys_update_ctx *ctx;
-
- ctx = xcalloc(1, sizeof(*ctx));
+ struct hostkeys_update_ctx *ctx = NULL;

if (hostkeys_seen)
fatal("%s: server already sent hostkeys", __func__);
@@ -2332,6 +2330,8 @@ client_input_hostkeys(void)
return 1; /* won't ask in batchmode, so don't even try */
if (!options.update_hostkeys || options.num_user_hostfiles <= 0)
return 1;
+
+ ctx = xcalloc(1, sizeof(*ctx));
while (ssh_packet_remaining(ssh) > 0) {
sshkey_free(key);
key = NULL;

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 68d2dfc464fbcdf8d6387884260f9801f4352393
Author: djm@openbsd.org <djm@openbsd.org>
Date: Tue Mar 3 06:48:58 2015 +0000

upstream commit

Allow "ssh -Q protocol-version" to list supported SSH
protocol versions. Useful for detecting builds without SSH v.1 support; idea
and ok markus@
---
ssh.1 | 12 +++++++-----
ssh.c | 9 ++++++++-
2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/ssh.1 b/ssh.1
index 5649212..da64b71 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.355 2015/01/30 11:43:14 djm Exp $
-.Dd $Mdocdate: January 30 2015 $
+.\" $OpenBSD: ssh.1,v 1.356 2015/03/03 06:48:58 djm Exp $
+.Dd $Mdocdate: March 3 2015 $
.Dt SSH 1
.Os
.Sh NAME
@@ -58,7 +58,7 @@
.Op Fl O Ar ctl_cmd
.Op Fl o Ar option
.Op Fl p Ar port
-.Op Fl Q Cm cipher | cipher-auth | mac | kex | key
+.Op Fl Q Cm cipher | cipher-auth | mac | kex | key | protocol-version
.Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport
.Op Fl S Ar ctl_path
.Op Fl W Ar host : Ns Ar port
@@ -497,7 +497,7 @@ For full details of the options listed below, and their possible values, see
Port to connect to on the remote host.
This can be specified on a
per-host basis in the configuration file.
-.It Fl Q Cm cipher | cipher-auth | mac | kex | key
+.It Fl Q Cm cipher | cipher-auth | mac | kex | key | protocol-version
Queries
.Nm
for the algorithms supported for the specified version 2.
@@ -511,7 +511,9 @@ The available features are:
.Ar kex
(key exchange algorithms),
.Ar key
-(key types).
+(key types) and
+.Ar protocol-version
+(supported SSH protocol versions).
.It Fl q
Quiet mode.
Causes most warning and diagnostic messages to be suppressed.
diff --git a/ssh.c b/ssh.c
index 57b53fb..0ad82f0 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.415 2015/02/20 22:17:21 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.416 2015/03/03 06:48:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -678,6 +678,13 @@ main(int ac, char **av)
cp = key_alg_list(1, 0);
else if (strcmp(optarg, "key-plain") == 0)
cp = key_alg_list(0, 1);
+ else if (strcmp(optarg, "protocol-version") == 0) {
+#ifdef WITH_SSH1
+ cp = xstrdup("1\n2");
+#else
+ cp = xstrdup("2");
+#endif
+ }
if (cp == NULL)
fatal("Unsupported query \"%s\"", optarg);
printf("%s\n", cp);

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit d48a22601bdd3eec054794c535f4ae8d8ae4c6e2
Author: djm@openbsd.org <djm@openbsd.org>
Date: Wed Mar 4 18:53:53 2015 +0000

upstream commit

crank; ok markus, deraadt
---
version.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/version.h b/version.h
index cc8a079..dfe3ee9 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.71 2014/04/18 23:52:25 djm Exp $ */
+/* $OpenBSD: version.h,v 1.72 2015/03/04 18:53:53 djm Exp $ */

-#define SSH_VERSION "OpenSSH_6.7"
+#define SSH_VERSION "OpenSSH_6.8"

#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 2f04af92f036b0c87a23efb259c37da98cd81fe6
Author: djm@openbsd.org <djm@openbsd.org>
Date: Wed Mar 4 21:12:59 2015 +0000

upstream commit

make ssh-add -D work with !SSH1 agent
---
ssh-agent.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssh-agent.c b/ssh-agent.c
index 4924105..aeda656 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.198 2015/03/03 21:21:13 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.199 2015/03/04 21:12:59 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -866,10 +866,10 @@ process_message(SocketEntry *e)
case SSH_AGENTC_REMOVE_RSA_IDENTITY:
process_remove_identity(e, 1);
break;
+#endif
case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
- process_remove_all_identities(e, 1);
+ process_remove_all_identities(e, 1); /* safe for !WITH_SSH1 */
break;
-#endif
/* ssh2 */
case SSH2_AGENTC_SIGN_REQUEST:
process_sign_request2(e);

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits