Fix error when DEBUG_SK is on and Unify variable names in sk part #225
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The error is introduced by 59d2de9 In this commit, variable `message` is removed from func sshsk_sign but its debug code is not removed. Also, variable name in func argument is renamed in definition but not in declaration
djmdjm
added a commit
to djmdjm/openbsd-openssh-src
that referenced
this pull request
Feb 18, 2021
from openssh/openssh-portable#225 by ZenithalHourlyRate
djmdjm
added a commit
to djmdjm/openbsd-openssh-src
that referenced
this pull request
Feb 18, 2021
from openssh/openssh-portable#225 by ZenithalHourlyRate
djmdjm
added a commit
that referenced
this pull request
Feb 18, 2021
from #225 by ZenithalHourlyRate OpenBSD-Commit-ID: 28d7259ce1b04d025411464decfa2f1a097b43eb
djmdjm
added a commit
that referenced
this pull request
Feb 18, 2021
definition from #225 by ZenithalHourlyRate OpenBSD-Commit-ID: 7c736307bf3f2c7cb24d6f82f244eee959485acd
|
Thanks - I committed a modified version of this upstream and synced it back as 34c5ef6 and 88e3d4d - it will be included in the OpenSSH 8.5 release (due shortly). The one I committed prints the original unhashed message rather than adding a DEBUG_SK to sk-usbhid.c, as there is no such debugging there at present. I figure this is a very niche feature to begin with :) |
bob-beck
pushed a commit
to openbsd/src
that referenced
this pull request
Feb 18, 2021
from openssh/openssh-portable#225 by ZenithalHourlyRate
bob-beck
pushed a commit
to openbsd/src
that referenced
this pull request
Feb 18, 2021
from openssh/openssh-portable#225 by ZenithalHourlyRate
baentsch
added a commit
to open-quantum-safe/openssh
that referenced
this pull request
Jun 21, 2021
* Restore correct flags during localtime_r check.
We were restoring the wrong thing CPPFLAGS (we used CFLAGS) for any
platform that doesn't have localtime_r.
* Use "=" not "==" in string test.
POSIX says "=" is string comparison and some shells (eg HP-UX) will
complain about "==".
* upstream: when mentioning that the host key has changed, don't
report the type because it is ambiguous as to whether it referred to the
known or new host key. bz3216; ok dtucker@
OpenBSD-Commit-ID: 2d5ce4a83dbcf44e340a572e361decad8aab7bad
* upstream: when loading PKCS#11 keys, include the key fingerprints
and provider/slot information in debug output.
OpenBSD-Commit-ID: 969a089575d0166a9a364a9901bb6a8d9b8a1431
* upstream: clean up passing of struct passwd from monitor to preauth
privsep process. No longer copy entire struct w/ pointer addresses, but pass
remaining scalar fields explicitly,
Prompted by Yuichiro NAITO, feedback Thorsten Glaser; ok dtucker@
OpenBSD-Commit-ID: 9925df75a56732c43f3663e70dd15ff413ab3e53
* upstream: Set the specified TOS/DSCP for interactive use prior to
TCP connect. The connection phase of the SSH session is time-sensitive (due
to server side login grace periods) and is frequently interactive (e.g.
entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after
authentication completes.
ok dtucker@
OpenBSD-Commit-ID: f31ab10d9233363a6d2c9996007083ba43a093f1
* upstream: Document ssh-keygen -Z, sanity check its argument earlier and
provide a better error message if it's not correct. Prompted by bz#2879, ok
djm@ jmc@
OpenBSD-Commit-ID: 484178a173e92230fb1803fb4f206d61f7b58005
* upstream: check result of strchr() against NULL rather than
searched-for characters; from zhongjubin@huawei.com
OpenBSD-Commit-ID: e6f57de1d4a4d25f8db2d44e8d58d847e247a4fe
* upstream: Include cipher.h for declaration of cipher_by_name.
OpenBSD-Commit-ID: ddfebbca03ca0e14e00bbad9d35f94b99655d032
* upstream: Ignore comments at the end of config lines in ssh_config,
similar to what we already do for sshd_config. bz#2320, with & ok djm@
OpenBSD-Commit-ID: bdbf9fc5bc72b1a14266f5f61723ed57307a6db4
* upstream: make program name be const
OpenBSD-Commit-ID: ece25680ec637fdf20502721ccb0276691df5384
* upstream: typos: s/hex/kex/ in error messages
OpenBSD-Commit-ID: 43a026c9571dd779ec148de1829cf5a6b6651905
* upstream: fix minor memleak of kex->hostkey_alg on rekex
OpenBSD-Commit-ID: 2c3969c74966d4ccdfeff5e5f0df0791919aef50
* upstream: memleak of DH public bignum; found with libfuzzer
OpenBSD-Commit-ID: 0e913b542c3764b100b1571fdb0d0e5cc086fe97
* upstream: make ssh_free(NULL) a no-op
OpenBSD-Commit-ID: 42cb285d94789cefe6608db89c63040ab0a80fa0
* upstream: shuffle a few utility functions into sftp-client.c; from
Jakub Jelen
OpenBSD-Commit-ID: fdeb1aae1f6149b193f12cd2af158f948c514a2a
* use options that work with recent clang
* basic KEX fuzzer; adapted from Markus' unittest
* upstream: use _PATH_SSH_USER_DIR instead of hardcoded .ssh in path
OpenBSD-Commit-ID: 5c1048468813107baa872f5ee33ba51623630e01
* upstream: prepare readconf.c for fuzzing; remove fatal calls and
fix some (one-off) memory leaks; ok markus@
OpenBSD-Commit-ID: 91c6aec57b0e7aae9190de188e9fe8933aad5ec5
* upstream: refactor client percent_expand() argument passing;
consolidate the common arguments into a single struct and pass that around
instead of using a bunch of globals. ok markus@
OpenBSD-Commit-ID: 035e6d7ca9145ad504f6af5a021943f1958cd19b
* upstream: fix possible error("%s", NULL) on error paths
OpenBSD-Commit-ID: 0b3833c2cb985453ecca1d76803ebb8f3b736a11
* upstream: Print client kem key with correct length.
ok markus@
OpenBSD-Commit-ID: 91689e14a4fc6c270e265a32d1c8faba63a45755
* upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*
Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
FILE* argument instead of opening the file directly.
Original load_hostkeys() and hostkeys_foreach() are implemented using
these new interfaces.
Add a u_int note field to the hostkey_entry and hostkey_foreach_line
structs that is passed directly from the load_hostkeys() and
hostkeys_foreach() call. This is a lightweight way to annotate results
between different invocations of load_hostkeys().
ok markus@
OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
* upstream: allow UserKnownHostsFile=none; feedback and ok markus@
OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48
* upstream: plumb ssh_conn_info through to sshconnect.c; feedback/ok
markus@
OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0
* Pull in missing rev 1.2.
* upstream: few more things needs match.c and addrmatch.c now that
log.c calls match_pattern_list()
OpenBSD-Regress-ID: f7c95c76b150d0aeb00a67858b9579b7d1b2db74
* upstream: adapt to API change in hostkeys_foreach()/load_hostkeys()
OpenBSD-Regress-ID: dcb468514f32da49a446372453497dc6eeafdbf3
* upstream: properly fix ProxyJump parsing; Thanks to tb@ for
pointing out my error (parse_ssh_uri() can return -1/0/1, that I missed).
Reported by Raf Czlonka via bugs@
ok tb@
OpenBSD-Commit-ID: a2991a3794bcaf1ca2b025212cce11cdb5f6b7d6
* upstream: Remove the pre-standardization cipher
rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was
standardized in RFC4253 (2006), has been deprecated and disabled by default
since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001.
This will reduce the amount of work the cipher/kex regression tests need
to do by a little bit. ok markus@ djm@
OpenBSD-Commit-ID: fb460acc18290a998fd70910b19c29b4e4f199ad
* upstream: Remove explicit rijndael-cbc@lysator.liu.se test since the
cipher was removed.
OpenBSD-Regress-ID: aa93cddb4ecd9bc21446a79008a1a53050e64f17
* upstream: move subprocess() from auth.c to misc.c
make privilege dropping optional but allow it via callbacks (to avoid
need to link uidswap.c everywhere)
add some other flags (keep environment, disable strict path safety check)
that make this more useful for client-side use.
feedback & ok markus@
OpenBSD-Commit-ID: a80ea9fdcc156f1a18e9c166122c759fae1637bf
* upstream: add a ssh_config KnownHostsCommand that allows the client
to obtain known_hosts data from a command in addition to the usual files.
The command accepts bunch of %-expansions, including details of the
connection and the offered server host key. Note that the command may
be invoked up to three times per connection (see the manpage for
details).
ok markus@
OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0
* upstream: Remove lines accidentally left behind in the ProxyJump
parsing fix r1.345.
ok djm
OpenBSD-Commit-ID: fe767c108c8117bea33767b080ff62eef2c55f5c
* upstream: regress test for KnownHostsCommand
OpenBSD-Regress-ID: ffc77464320b6dabdcfa0a72e0df02659233a38a
* upstream: more detail for failing tests
OpenBSD-Regress-ID: c68c0e5a521cad7e7f68e54c54ebf86d6c10ee1d
* ensure $LOGNAME is set in tests
* Include stdio.h for FILE in misc.h.
Fixes build on at least OpenBSD.
* Improve AIX text.
* whitespace at EOL
* whitespace at EOL
* upstream: tweak the description of KnownHostsCommand in ssh_conf.5,
and add entries for it to the -O list in scp.1 and sftp.1;
ok djm
OpenBSD-Commit-ID: aba31ebea03f38f8d218857f7ce16a500c3e4aff
* upstream: Update/replace the experimental post-quantim hybrid key
exchange method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.
The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).
Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself
(note this both the updated method and the one that it replaced are
disabled by default)
OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
* upstream: Adapt to replacement of
sntrup4591761x25519-sha512@tinyssh.org with
sntrup761x25519-sha512@openssh.com.
Also test sntrup761x25519-sha512@openssh.com in unittests/kex
OpenBSD-Regress-ID: cfa3506b2b077a9cac1877fb521efd2641b6030c
* adapt KEX fuzzer to PQ kex change
* upstream: Use int64_t for intermediate values in int32_MINMAX to
prevent signed 32-bit integer overflow.
Found by and ok djm@
ok markus@
OpenBSD-Commit-ID: 4f0704768e34cf45fdd792bac4011c6971881bb3
* fix: missing pieces of previous commit
* Undef int32 after sort routines.
This prevents typedef'ing crypto_int32 twice, in sntrup761.c and
crypto_api.h, which some compilers (at least some GCCs) don't accept.
* upstream: Prevent redefinition of `crypto_int32' error with gcc3.
Fixes compilation on luna88k.
Feedback millert@
Found by and ok aoyama@
OpenBSD-Commit-ID: f305ddfe575a26cc53431af3fde3f4aeebed9ba6
* upstream: estructure sntrup761.sh to process all files in a single
list, which will make it easier to reorder. Re-inline int32_MINMAX. ok
tobhe@
OpenBSD-Commit-ID: d145c6c19b08bb93c9e14bfaa7af589d90f144c0
* upstream: mention that DisableForwarding is valid in a sshd_config
Match block reported by Fredrik Eriksson in bz3239
OpenBSD-Commit-ID: 3a71c3d84b597f5e43e4b40d5232797daf0993f6
* upstream: Update the sntrup761 creation script and generated code:
- remove unneeded header files and typedefs and rely on crypto_api.h - add
defines to map types used to the crypto_api ones instead of typedefs. This
prevents typedef name collisions in -portable. - remove CRYPTO_NAMESPACE
entirely instead of making it a no-op - delete unused functions and make the
remaining ones that aren't exported static.
ok djm@
OpenBSD-Commit-ID: 7b9d0cf3acd5a3c1091da8afe00c904d38cf5783
* upstream: don't try to use timespeccmp(3) directly as a qsort(3)
comparison function - it returns 0/1 and not the -1/0/1 that qsort expectes.
fixes sftp "ls -ltr" under some circumstances.
Based on patch by Masahiro Matsuya via bz3248.
OpenBSD-Commit-ID: 65b5e9f18bb0d10573868c3516de6e5170adb163
* upstream: If a signature operation on a FIDO key fails with a
"incorrect PIN" reason and no PIN was initially requested from the user, then
request a PIN and retry the operation.
This smoothes over a few corner cases including FIDO devices that
require PINs for all hosted credentials, biometric FIDO devices that
fall back to requiring PIN when reading the biometric failed, devices
that don't implement reading credProtect status for downloaded keys
and probably a few more cases that I haven't though of yet.
ok dtucker@
OpenBSD-Commit-ID: 176db8518933d6a5bbf81a2e3cf62447158dc878
* Add Ubuntu 16.04 and 20.04 test targets.
* Run tests with sudo for better coverage.
* upstream: make CheckHostIP default to 'no'. It doesn't provide any
perceptible value and makes it much harder for hosts to change host keys,
particularly ones that use IP-based load-balancing.
ok dtucker@
OpenBSD-Commit-ID: 0db98413e82074f78c7d46784b1286d08aee78f0
* Add test against Graphene hardened malloc.
* upstream: Move address handling functions out into their own file
in order to reuse them for per-source maxstartups limiting. Supplement with
some additional functions from djm's flowtools that we'll also need. ok djm@
(as part of a larger diff).
OpenBSD-Commit-ID: e3e7d9ccc6c9b82e25cfef0ec83598e8e2327cbf
* upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize
options which provide more fine grained MaxStartups limits. Man page help
jmc@, feedback & ok djm@
OpenBSD-Commit-ID: e2f68664e3d02c0895b35aa751c48a2af622047b
* upstream: add a comma to previous;
OpenBSD-Commit-ID: 9139433701c0aa86a0d3a6c7afe10d1c9c2e0869
* upstream: Change convtime() from returning long to returning int.
On platforms where sizeof(int) != sizeof(long), convtime could accept values
>MAX_INT which subsequently truncate when stored in an int during config
parsing. bz#3250, ok djm@
OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31
* upstream: Update unittests for addr.c/addrmatch.c split.
OpenBSD-Regress-ID: de2b415fb7af084a91c6ef147a90482d8f771eef
* upstream: Adjust kexfuzz to addr.c/addrmatch.c split.
OpenBSD-Regress-ID: 1d8d23bb548078020be2fb52c4c643efb190f0eb
* upstream: Correct spelling of persourcenetblocksize in config-dump
mode.
OpenBSD-Commit-ID: ecdc49e2b6bde6b6b0e52163d621831f6ac7b13d
* Remove duplicated declaration in fatal.c .
* Add Mac OS X test targets.
* Merge Mac OS X targets into a single config.
* upstream: Minor grammatical correction.
OK jmc@
OpenBSD-Commit-ID: de0fad0581e212b2750751e479b79c18ff8cac02
* upstream: In waitfd(), when poll returns early we are subtracting
the elapsed time from the timeout each loop, so we only want to measure the
elapsed time the poll() in that loop, not since the start of the function.
Spotted by chris.xj.zhu at gmail.com, ok djm@
OpenBSD-Commit-ID: 199df060978ee9aa89b8041a3dfaf1bf7ae8dd7a
* upstream: Change types in convtime() unit test to int to match
change its new type. Add tests for boundary conditions and fix convtime to
work up to INT_MAX. ok djm@
OpenBSD-Commit-ID: 01dc0475f1484ac2f47facdfcf9221f9472145de
* upstream: Make output buffer larger to prevent potential truncation
warnings from compilers not smart enough to know the strftime calls won't
ever fully fill "to" and "from". ok djm@
OpenBSD-Commit-ID: 83733f1b01b82da88b9dd1769475952aff10bdd7
* upstream: Change types in convtime() unit test to int to match change
its new type. Add tests for boundary conditions and fix convtime to work up
to INT_MAX. ok djm@
OpenBSD-Regress-ID: ba2b81e9a3257fff204b020affe85b604a44f97e
* upstream: Rename PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. While the two were originally equivalent, this
actually specifies the signature algorithms that are accepted. Some key
types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512)
so the old name is becoming increasingly misleading. The old name is
retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
* upstream: PubkeyAcceptedKeyTypes->PubkeyAcceptedAlgorithms
here too.
OpenBSD-Commit-ID: 3b64a640f8ce8c21d9314da9df7ce2420eefde3a
* upstream: Fix long->int for convtime tests here too. Spotted by
tobhe@.
OpenBSD-Regress-ID: a87094f5863312d00938afba771d25f788c849d0
* ifdef new instance of sin6_scope_id
Put inside HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID similar to
existing instance. Should fix error on UnixWare 7.
* upstream: make ssh hostbased authentication send the signature
algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on
signature algorithm and not key type.
spotted with dtucker@ ok markus@
OpenBSD-Commit-ID: 25bffe19f0326972f5728170f7da81d5f45c78c6
* upstream: factor out common code in the agent client
Add a ssh_request_reply_decode() function that sends a message to
the agent, reads and parses a success/failure reply.
Use it for all requests that only expect success/failure
ok markus@
OpenBSD-Commit-ID: e0c1f4d5e6cfa525d62581e2b8de93be0cb85adb
* upstream: use recallocarray to allocate the agent sockets table;
also clear socket entries that are being marked as unused.
spinkle in some debug2() spam to make it easier to watch an agent
do its thing.
ok markus
OpenBSD-Commit-ID: 74582c8e82e96afea46f6c7b6813a429cbc75922
* upstream: move check_host_cert() from sshconnect,c to sshkey.c and
refactor it to make it more generally usable and testable.
ok markus@
OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4
* upstream: make struct hostkeys public; I have no idea why I made it
opaque originally.
ok markus@
OpenBSD-Commit-ID: e50780b34d4bbe628d69b2405b024dd749d982f3
* upstream: more ssh-agent refactoring
Allow confirm_key() to accept an additional reason suffix
Factor publickey userauth parsing out into its own function and allow
it to optionally return things it parsed out of the message to its
caller.
feedback/ok markus@
OpenBSD-Commit-ID: 29006515617d1aa2d8b85cd2bf667e849146477e
* upstream: refactor key constraint parsing in ssh-agent
Key constraints parsing code previously existed in both the "add regular
key" and "add smartcard key" path. This unifies them but also introduces
more consistency checking: duplicated constraints and constraints that
are nonsensical for a particular situation (e.g. FIDO provider for a
smartcard key) are now banned.
ok markus@
OpenBSD-Commit-ID: 511cb1b1c021ee1d51a4c2d649b937445de7983c
* Disable sntrup761 if compiler doesn't support VLAs.
The sntrup761 code sourced from supercop uses variable length
arrays. Although widely supported, they are not part of the ANSI
C89 spec so if the compiler does not support VLAs, disable the
sntrup761x25519-sha512@openssh.com KEX method by replacing the kex
functions with no-op ones similar to what we do in kexecdh.c.
This should allow OpenSSH to build with a plain C89 compiler again.
Spotted by tim@, ok djm@.
* upstream: Rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok
djm@
OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
* upstream: Remove unused variables leftover from refactoring. ok
djm@
OpenBSD-Commit-ID: 8b3ad58bff828fcf874e54b2fc27a4cf1d9505e8
* upstream: move HostbasedAcceptedAlgorithms to the right place in
alphabetical order
OpenBSD-Commit-ID: d766820d33dd874d944c14b0638239adb522c7ec
* upstream: Logical not bitwise or. ok djm@
OpenBSD-Commit-ID: d4dc855cf04951b93c45caa383e1ac9af0a3b0e5
* Run one test with -Werror to catch warnings.
* Install moduli file before tests.
Reduces warnings during test runs.
* upstream: remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@
OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
* upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t
and use that instead of global variables containing copies of it. feedback/ok
markus@
OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
* upstream: this needs kex.h now
OpenBSD-Commit-ID: c5a42166c5aa002197217421a971e48be7cb5d41
* correct kex name in disabled code
* upstream: fix leak: was double allocating kex->session_id buffer
OpenBSD-Commit-ID: 3765f4cc3ae1df874dba9102a3588ba7b48b8183
* Remove whitespace.
* Add test against openssl head and libressl head.
* make with -j2 to use available CPUs.
* support for running kex fuzzer with null cipher
* fuzz diffie-hellman-group-exchange-sha1 kex too
* upstream: give typedef'd struct a struct name; makes the fuzzer I'm
writing a bit easier
OpenBSD-Commit-ID: 1052ab521505a4d8384d67acb3974ef81b8896cb
* upstream: fix the values of enum sock_type
OpenBSD-Commit-ID: 18d048f4dbfbb159ff500cfc2700b8fb1407facd
* upstream: add a SK_DUMMY_INTEGRATE define that allows the dummy
security key middleware to be directly linked; useful for writing fuzzers,
etc.
OpenBSD-Regress-ID: 0ebd00159b58ebd85e61d8270fc02f1e45df1544
* some fixed test data (mostly keys) for fuzzing
* move keys out of kex_fuzz.cc into separate header
add certificates and missing key types
* ssh-agent fuzzer
* expect fuzz cases to have length prefix
might make life a little easier for the fuzzer, e.g. it can now
produce valid (multi-request) messages by smashing two cases together.
* allow a fuzz case to contain more than one request
loop until input buffer empty, no message consumed or 256 messages
processed
* upstream: Set linesize returned by getline to zero when freeing and
NULLing the returned string. OpenBSD's getline handles this just fine, but
some implementations used by -portable do not. ok djm@
OpenBSD-Commit-ID: 4d7bd5169d3397654247db9655cc69a9908d165c
* upstream: more strictly enforce KEX state-machine by banning packet
types once they are received. Fixes memleak caused by duplicate
SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via
oss-fuzz #30078).
ok markus@
OpenBSD-Commit-ID: 87331c715c095b587d5c88724694cdeb701c9def
* upstream: memleak on error path; ok markus@
OpenBSD-Commit-ID: 2091a36d6ca3980c81891a6c4bdc544e63cb13a8
* upstream: fix memleaks in private key deserialisation; enforce more
consistency between redundant fields in private key certificate and private
key body; ok markus@
OpenBSD-Commit-ID: dec344e414d47f0a7adc13aecf3760fe58101240
* upstream: whitespace
OpenBSD-Commit-ID: 544bb092e03fcbecb420196cd0f70af13ea868ad
* upstream: Remove debug message from sigchld handler. While this
works on OpenBSD it can cause problems on other platforms. From kircherlike
at outlook.com via bz#3259, ok djm@
OpenBSD-Commit-ID: 3e241d7ac1ee77e3de3651780b5dc47b283a7668
* Deny (non-fatal) statx in preauth privsep child.
* Using explicit_memset for the explicit_bzero compatibility layer.
Favoriting the native implementation in this case.
* upstream: hostname is not specified by POSIX but uname -n is, so use
the latter for portability. Patch from Geert Hendrickx via github PR#208.
OpenBSD-Regress-ID: d6a79c7c4d141a0d05ade4a042eb57dddbce89f3
* upstream: Roll back the hostname->uname change in rev 1.10. It turns
out uname -n doesn't do what we need for some platforms in portable, so we'll
fix the original problem (that some other platforms don't have hostname at
all) by providing wrapper function to implement it.
OpenBSD-Regress-ID: 827a707d6201d5a8e196a8c28aec1d2c76c52341
* Add a hostname function for systems that don't have it.
Some systems don't have a hostname command (it's not required by POSIX).
The do have uname -n (which is), but as found by tim@ some others (eg
UnixWare) do not report the FQDN from uname -n.
* Add __NR_futex_time64 to seccomp sandbox.
This is apparently needed for (some) 32 bit platforms with glibc 2.33.
Patch from nix at esperi.org.uk and jjelen at redhat.com via bz#3260.
* upstream: factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its own
function and remove an unused variable; ok dtucker@
OpenBSD-Commit-ID: e1a938657fbf7ef0ba5e73b30365734a0cc96559
* upstream: sftp: add missing lsetstat@openssh.com documentation
patch from Mike Frysinger
OpenBSD-Commit-ID: 9c114db88d505864075bfe7888b7c8745549715b
* upstream: ProxyJump takes "none" to disable processing like
ProxyCommand does
ok djm@ jmc@
OpenBSD-Commit-ID: 941a2399da2193356bdc30b879d6e1692f18b6d3
* upstream: factor out opt_array_append; ok djm@
OpenBSD-Commit-ID: 571bc5dd35f99c5cf9de6aaeac428b168218e74a
* upstream: ssh: add PermitRemoteOpen for remote dynamic forwarding
with SOCKS ok djm@, dtucker@
OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c
* upstream: Make sure puttygen is new enough to successfully run the
PuTTY interop tests, otherwise skip them.
OpenBSD-Regress-ID: 34565bb50b8aec58331ed02a5e9e0a9a929bef51
* Add self-hosted runners for VMs of other platforms.
Github only hosts a limited number of platforms, and the runner code
is only supported on slightly wider range of platforms. To increase
our test coverage beyond that, we run the runner natively on a VM host,
where it runs a jobs that boot VMs of other platforms, waits for them
to come up then runs the build and test by ssh'ing into the guest.
This means that the minimum dependencies for the guests are quite low
(basically just sshd, a compiler and make).
The interface to the VM host is fairly simple (basically 3 scripts:
vmstartup, vmrun and vmshutdown), but those are specific to the VM host
so are not in the public repo. We also mount the working directory on the
host via sshfs, so things like artifact upload by the runner also work.
As part of this we are moving the per-test-target configs into a single
place (.github/configs) where there will be referenced by a single short
"config" key. I plan to make the github-hosted runners use this too.
The self-hosted runners are run off a private repo on github since that
prevents third parties from accessing them[0], and since runner quota is
limited on private repos, we avoid running the tests we run on the public
repo.
[0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories
* Only run selfhosted tests from selfhosted repo.
* Convert most github hosted tests to new config structure.
* Merge macos and ubuntu tests.
* Skip unit tests on hosted VMs to speed things up.
* More compact representation of config matrix.
* Fix labels on targets (dots vs underscores).
* Quote SSHD_CONFOPTS in case it contains spaces.
* Always intall moduli.
Allows us to run tests without falling back to a fixed modulus. Ensure that
the directory exists.
* Remove SKIP_UNIT as it needs to be a make arg.
* Skip unit tests on sol11 to speed things up.
* don't free string returned by login_getcapstr(3)
OpenBSD and NetBSD require the caller to free strings returned
bu the login_* functions, but FreeBSD requires that callers don't.
Fortunately in this case, we can harmlessly leak as the process is
about to exec the shell/command.
From https://reviews.freebsd.org/D28617 via Ed Maste; ok dtucker@
* Install moduli on target not host.
* Fixing quoting for installing moduli on target guest.
* prefer login_getpwclass() to login_getclass()
FreeBSD has login_getpwclass() that does some special magic for
UID=0. Prefer this to login_getclass() as its easier to emulate
the former with the latter.
Based on FreeBSD PR 37416 via Ed Maste; ok dtucker@
* support OpenSSL 3.x cipher IV API change
OpenSSL renamed the "get current CIPHER_CTX" IV operation in 3.x.
This uses the new name if available.
openssl/openssl#13411
bz#3238 ok dtucker@
* upstream: sftp-server: implement limits@openssh.com extension
This is a simple extension that allows the server to clearly
communicate transfer limits it is imposing so the client doesn't
have to guess, or force the user to manually tune. This is
particularly useful when an attempt to use too large of a value
causes the server to abort the connection.
Patch from Mike Frysinger; ok dtucker@
OpenBSD-Commit-ID: f96293221e5aa24102d9bf30e4f4ef04d5f4fb51
* upstream: unbreak SK_DEBUG builds
from openssh#225 by
ZenithalHourlyRate
OpenBSD-Commit-ID: 28d7259ce1b04d025411464decfa2f1a097b43eb
* upstream: make names in function prototypes match those in
definition from openssh#225 by
ZenithalHourlyRate
OpenBSD-Commit-ID: 7c736307bf3f2c7cb24d6f82f244eee959485acd
* upstream: Fix the hostkeys rotation extension documentation
The documentation was lacking the needed want-reply field in the initial
global request.
openssh#218 by dbussink
OpenBSD-Commit-ID: 051824fd78edf6d647a0b9ac011bf88e28775054
* Add bbone test target (arm32).
* Add DEBUG_SK to kitchensink builds.
* Remove unused arg.
* Add fbsd12 test target.
* Add test against Valgrind.
* Actually run Valgrind tests.
* Comment out Solaris 64bit PAM build...
until I can figure out why it's failing.
* Upload regress failure logs in c-cpp too.
* Rename "vm" to "os" in selfhosted to match c-cpp.
Should make it easier to share code or maybe merge at some point.
* Upload valgrind logs on failure.
* Disable rlimit sandbox, doesn't work with valgrind
Only run regress tests, runing unit tests as well makes it run longer
than allowed y github.
* upstream: warn when the user specifies a ForwardAgent path that does
not exist and exit if ExitOnForwardFailure is set; bz3264
OpenBSD-Commit-ID: 72f7875865e723e464c71bf8692e83110699bf26
* Valgrind test: split and move up list.
Since the valgrind test takes so long it approaches the limit allowed by
github, move it to the head of the list so it's the first one started and
split the longest tests out into a second instance that runs concurrently
with the first.
* Add a couple more test VMs.
* upstream: Correct reference to signature algorithms as keys; from
Jakub Jelen
OpenBSD-Commit-ID: 36f7ecee86fc811aa0f8e21e7a872eee044b4be5
* upstream: lots more s/key types/signature algorithms/ mostly in
HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen
OpenBSD-Commit-ID: 3f719de4385b1a89e4323b2549c66aae050129cb
* upstream: Put obsolete aliases for hostbasedalgorithms and
pubkeyacceptedalgorithms after their current names so that the config-dump
mode finds and uses the current names. Spotted by Phil Pennock.
OpenBSD-Commit-ID: 5dd10e93cccfaff3aaaa09060c917adff04a9b15
* upstream: Rename pubkeyacceptedkeytypes to pubkeyacceptedalgorithms in
test to match change to config-dump output.
OpenBSD-Regress-ID: 74c9a4ad50306be873d032819d5e55c24eb74d5d
* upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/
OpenBSD-Regress-ID: 3dbc005fa29f69dc23d97e433b6dffed6fe7cb69
* restorecon the correct directory
if using different path for authorized_keys file
SSH-Copy-ID-Upstream: 791a3df47b48412c726bff6f7b1d190721e65d51
* use $AUTH_KEY_DIR, now that we have it
since that was a change made since jjelen's commit was written
also, quote the variables
SSH-Copy-ID-Upstream: 588cd8e5cbf95f3443d92b9ab27c5d73ceaf6616
* if unable to add a missing newline, fail
SSH-Copy-ID-Upstream: 76b25e18f55499ea9edb4c4d6dc4a80bebc36d95
* tidy the $INSTALLKEY_SH code layout a little
SSH-Copy-ID-Upstream: 78178aa5017222773e4c23d9001391eeaeca8983
* Remove macos-11.0 from the test target list.
It has been consistently failing for the past few days with a github
actions internal error.
* upstream: a bit more debugging behind #ifdef DEBUG_SK
OpenBSD-Commit-ID: d9fbce14945721061cb322f0084c2165d33d1993
* Remove macos-11.00 PAM test target too.
These are failing apparently due to some kind of infrastructure problem,
making it look like every commit is busted.
* upstream: remove this KEX fuzzer; it's awkward to use and doesn't play
nice with popular fuzzing drivers like libfuzzer. AFAIK nobody has used it
but me.
OpenBSD-Regress-ID: cad919522b3ce90c147c95abaf81b0492ac296c9
* ssh: optional bind interface if bind address specified.
Allows the -b and -B options to be used together.
For example, when the interface is in the VRF.
* detech BSD libc hash functions in libbsd / libmd
Some Linux distributions are shipping the BSD-style hashing functions
(e.g. SHA256Update) in libbsd and/or libmd. Detect this situation to
avoid header/replacement clashes later. ok dtucker@
* Revert "ssh: optional bind interface if bind address specified."
This reverts commit 5a878a7.
Apologies - I accidentally pushed this.
* Fix punctuatio and typo in README.md.
Some very minor fixes, missing 's' and punctuation.
* zlib is now optional.
* upstream: fix alphabetic ordering of options; spotted by Iain Morgan
OpenBSD-Commit-ID: f955fec617d74af0feb5b275831a9fee813d7ad5
* upstream: Do not try to reset signal handler for signal 0 in
subprocess. Prevents spurious debug message. ok djm@
OpenBSD-Commit-ID: 7f9785e292dcf304457566ad4637effd27ad1d46
* upstream: Add %k to list of keywords. From
=?UTF-8?q?=20Eero=20H=C3=A4kkinenvia=20bz#3267?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: 9c87f39a048cee2a7d1c8bab951b2f716256865e
* Only upload config logs if configure fails.
* upstream: openssh-8.5
OpenBSD-Commit-ID: 185e85d60fe042b8f8fa1ef29d4ef637bdf397d6
* update RPM spec version numbers
* update relnotes URL
* update depend
* upstream: needs FILE*; from Mike Frysinger
OpenBSD-Commit-ID: dddb3aa9cb5792eeeaa37a1af67b5a3f25ded41d
* upstream: typo in other_hostkeys_message() display output, ok djm
OpenBSD-Commit-ID: 276f58afc97b6f5826e0be58380b737603dbf5f5
* upstream: don't sshbuf_get_u32() into an enum; reported by goetze
AT dovetail.com via bz3269
OpenBSD-Commit-ID: 99a30a8f1df9bd72be54e21eee5c56a0f050921a
* upstream: Fix PRINT macro, the suffix param to sshlog() was missing.
Also remove redundant __func__ prefix from PRINT calls as the macro already
adds __FILE__, __func__ and __LINE__. From Christos Zoulas. OK dtucker@
OpenBSD-Commit-ID: 01fdfa9c5541151b5461d9d7d6ca186a3413d949
* Import regenerated moduli file.
* Move generic includes outside of ifdef.
This ensures that the macros in log.h are defined in the case where
either of --with-solaris-projects or --with-solaris-privs are used
without --with-solaris-contracts. bz#3278.
* Allow (but return EACCES) fstatat64 in sandbox.
This is apparently used in some configurations of OpenSSL when glibc
has getrandom(). bz#3276, patch from Kris Karas, ok djm@
* upstream: Add TEST_SSH_MODULI_FILE variable to allow overriding of the
moduli file used during the test run.
OpenBSD-Regress-ID: be10f785263120edb64fc87db0e0d6570a10220a
* upstream: no need to reset buffer after send_msg() as that is done
for us; patch from Mike Frysinger
OpenBSD-Commit-ID: 565516495ff8362a38231e0f1a087b8ae66da59c
* upstream: Import regenerated moduli file.
OpenBSD-Commit-ID: 7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b
* upstream: pwcopy() struct passwd that we're going to reuse across a
bunch of library calls; bz3273 ok dtucker@
OpenBSD-Commit-ID: b6eafa977b2e44607b1b121f5de855107809b762
* upstream: Add ModuliFile keyword to sshd_config to specify the
location of the "moduli" file containing the groups for DH-GEX. This will
allow us to run tests against arbitrary moduli files without having to
install them. ok djm@
OpenBSD-Commit-ID: 8df99d60b14ecaaa28f3469d01fc7f56bff49f66
* upstream: spelling
OpenBSD-Commit-ID: 478bc3db04f62f1048ed6e1765400f3ab325e60f
* Point TEST_SSH_MODULI_FILE at our own moduli.
This will allow the test to run without requiring a moduli file
installed at the configured default path.
* Don't install moduli during tests.
Now that we have TEST_SSH_MODULI_FILE pointing to the moduli in the
soure directory we don't need to install the file to prevent warnings
about it being missing.
* Only call dh_set_moduli_file if using OpenSSL.
Fixes link failure when configuring --without-openssl since dh.c is not
linked in.
* upstream: don't let logging clobber errno before use
OpenBSD-Commit-ID: ce6cca370005c270c277c51c111bb6911e1680ec
* upstream: increase maximum SSH2_FXP_READ to match the maximum
packet size. Also handle zero-length reads that are borderline nonsensical
but not explicitly banned by the spec. Based on patch from Mike Frysinger,
feedback deraadt@ ok dtucker@
OpenBSD-Commit-ID: 4e67d60d81bde7b84a742b4ee5a34001bdf80d9c
* upstream: return non-zero exit status when killed by signal; bz#3281 ok
dtucker@
OpenBSD-Commit-ID: 117b31cf3c807993077b596bd730c24da9e9b816
* gnome-ssh-askpass3 is a valid target here
* upstream: do not advertise protocol extensions that have been
disallowed by the command-line options (e.g. -p/-P/-R); ok dtucker@
OpenBSD-Commit-ID: 3a8a76b3f5131741aca4b41bfab8d101c9926205
* upstream: Use new limits@openssh.com protocol extension to let the
client select good limits based on what the server supports. Split the
download and upload buffer sizes to allow them to be chosen independently.
In practice (and assuming upgraded sftp/sftp-server at each end), this
increases the download buffer 32->64KiB and the upload buffer
32->255KiB.
Patches from Mike Frysinger; ok dtucker@
OpenBSD-Commit-ID: ebd61c80d85b951b794164acc4b2f2fd8e88606c
* upstream: split
OpenBSD-Regress-ID: f6c03c0e4c58b3b9e04b161757b8c10dc8378c34
* upstream: add a test for misc.c:argv_split(), currently fails
OpenBSD-Regress-ID: ad6b96d6ebeb9643b698b3575bdd6f78bb144200
* upstream: cannot effectively test posix-rename extension after
changes in feature advertisment.
OpenBSD-Regress-ID: 5e390bf88d379162aaa81b60ed86b34cb0c54d29
* missing bits from 259d648
* upstream: Fix two problems in string->argv conversion: 1) multiple
backslashes were not being dequoted correctly and 2) quoted space in the
middle of a string was being incorrectly split.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A unit test for these cases has already been committed
prompted by and based on GHPR#223 by Eero Häkkinen; ok markus@
OpenBSD-Commit-ID: d7ef27abb4eeeaf6e167e9312e4abe9e89faf1e4
* upstream: unused variable
OpenBSD-Commit-ID: 85f6a394c8e0f60d15ecddda75176f112007b205
* upstream: ensure that pkcs11_del_provider() is called before exit -
some PKCS#11 providers get upset if C_Initialize is not matched with
C_Finalize.
From Adithya Baglody via GHPR#234; ok markus
OpenBSD-Commit-ID: f8e770e03b416ee9a58f9762e162add900f832b6
* upstream: fix incorrect plural; from Ville Skyt
=?UTF-8?q?t=C3=A4=20via=20GHPR#181?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: 92f31754c6296d8f403d7c293e09dc27292d22c9
* Save config.h and config.log on failure too.
* upstream: whitespace (tab after space)
OpenBSD-Commit-ID: 0e2b3f7674e985d3f7c27ff5028e690ba1c2efd4
* upstream: highly polished whitespace, mostly fixing spaces-for-tab
and bad indentation on continuation lines. Prompted by GHPR#185
OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* polish whitespace for portable files
* upstream: sync CASignatureAlgorithms lists with reality. GHPR#174 from
Matt Hazinski
OpenBSD-Commit-ID: f05e4ca54d7e67b90fe58fe1bdb1d2a37e0e2696
* upstream: typos in comments; GHPR#180 from Vill
=?UTF-8?q?e=20Skytt=C3=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: 93c732381ae0e2b680c79e67c40c1814b7ceed2c
* enable authopt and misc unit tests
Neither were wired into the build, both required some build
adaptations for -portable
* Install libcbor with libfido2.
* upstream: missing comma; from kawashima james
OpenBSD-Commit-ID: 31cec6bf26c6db4ffefc8a070715ebef274e68ea
* upstream: remove stray inserts; from matthias schmidt
OpenBSD-Commit-ID: 2c36ebdc54e14bbf1daad70c6a05479a073d5c63
* upstream: Don't check return value of unsetenv(). It's part of the
environment setup and not part of the actual test, and some platforms
-portable runs on declare it as returning void, which prevents the test from
compiling.
OpenBSD-Regress-ID: 24f08543ee3cdebc404f2951f3e388cc82b844a1
* wrap getrlimit call in HAVE_GETRLIMIT; bz3291
* wrap struct rlimit in HAVE_GETRLIMIT too
* upstream: include "ssherr.h" not <ssherr.h>; from Balu Gajjala via
bz#3292
OpenBSD-Commit-ID: e9535cd9966eb2e69e73d1ede1f44905c30310bd
* Further split Valgrind tests.
Even split in two, the Valgrind tests take by far the longest to run,
so split them four ways to further increase parallelism.
* Move the TEST_SSH_PORT section down a bit.
This groups the portable-specific changes together and makes it a
little more likely that patches will apply cleanly.
* upstream: Add TEST_SSH_ELAPSED_TIMES environment variable to print the
elapsed time in seconds of each test. This depends on "date +%s" which is
not specified by POSIX but is commonly implemented.
OpenBSD-Regress-ID: ec3c8c19ff49b2192116a0a646ee7c9b944e8a9c
* Move make_tmpdir() into portable-specific area.
Reduces diff vs OpenBSD and makes it more likely diffs will apply
cleanly.
* Remove only use of warn().
The warn() function is only used in one place in portable and does not
exist upstream. Upgrade the only instance it's used to fail()
(the privsep/sandbox+proxyconnect, from back when that was new) and
remove the now-unused function.
* ifdef out MIN and MAX.
In -portable, defines.h ensures that these are defined, so redefining
potentially causes a warning. We don't just delete it to make any
future code syncs a little but easier. bz#3293.
* Run unit tests under valgrind.
Run a separate build for the unit tests under Valgrind. They take long
enough that running in parallel with the other Valgrind tests helps.
* Add pattern for valgrind-unit.
* Pass OBJ to unit test make invocation.
At least the Valgrind unit tests uses $OBJ.
* Ensure valgrind-out exists.
Normally the regress tests would create it, but running the unit tests
on their own would fail because the directory did not exist.
* dedicated gnome-ssk-askpass3 source
Compatibility with Wayland requires that we use the gdk_seat_grab()
API for grabbing mouse/keyboard, however these API don't exist in
Gtk+2.
This branches gnome-ssk-askpass2.c => gnome-ssk-askpass3.c and
makes the changes to use the gdk_seat_grab() instead of grabbing
mouse/focus separately via GDK.
In the future, we can also use the branched file to avoid some
API that has been soft-deprecated in GTK+3, e.g. gtk_widget_modify_fg
* perform report_failed_grab() inline
* sshd don't exit on transient read errors
openssh-8.5 introduced a regression that would cause sshd to exit
because of transient read errors on the network socket (e.g. EINTR,
EAGAIN). Reported by balu.gajjala AT gmail.com via bz3297
* upstream: do not pass file/func to monitor; noted by Ilja van Sprundel;
ok djm@
OpenBSD-Commit-ID: 85ae5c063845c410283cbdce685515dcd19479fa
* upstream: openssh-8.6
OpenBSD-Commit-ID: b5f3e133c846127ec114812248bc17eff07c3e19
* crank version in README and RPM spec files
* depend
Co-authored-by: Darren Tucker <dtucker@dtucker.net>
Co-authored-by: djm@openbsd.org <djm@openbsd.org>
Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org>
Co-authored-by: Damien Miller <djm@mindrot.org>
Co-authored-by: tobhe@openbsd.org <tobhe@openbsd.org>
Co-authored-by: tb@openbsd.org <tb@openbsd.org>
Co-authored-by: jmc@openbsd.org <jmc@openbsd.org>
Co-authored-by: anatasluo <luolongjuna@gmail.com>
Co-authored-by: rob@openbsd.org <rob@openbsd.org>
Co-authored-by: naddy@openbsd.org <naddy@openbsd.org>
Co-authored-by: Luca Weiss <luca@z3ntu.xyz>
Co-authored-by: David Carlier <devnexen@gmail.com>
Co-authored-by: dlg@openbsd.org <dlg@openbsd.org>
Co-authored-by: markus@openbsd.org <markus@openbsd.org>
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
Co-authored-by: Philip Hands <phil@hands.com>
Co-authored-by: Dmitrii Turlupov <dturlupov@factor-ts.ru>
Co-authored-by: Jeffrey H. Johnson <61629094+johnsonjh@users.noreply.github.com>
Co-authored-by: sthen@openbsd.org <sthen@openbsd.org>
Co-authored-by: millert@openbsd.org <millert@openbsd.org>
Co-authored-by: jsg@openbsd.org <jsg@openbsd.org>
mirabilos
pushed a commit
to MirBSD/ssh
that referenced
this pull request
Dec 6, 2021
from openssh/openssh-portable#225 by ZenithalHourlyRate
mirabilos
pushed a commit
to MirBSD/ssh
that referenced
this pull request
Dec 6, 2021
from openssh/openssh-portable#225 by ZenithalHourlyRate
keradoracomb
pushed a commit
to keradoracomb/datasheet
that referenced
this pull request
Sep 19, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The error
This error is introduced by 59d2de9
In this commit, variable
messageis removed from funcsshsk_signintosk_signinsk-usbhid.cbut its debug code is not removed.
Variable names
Also, variable names in func argument was renamed in definition but not
in declaration, so in this commit their names are unified.