tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,380 Commits 7 Branches 18 Tags 96 MiB
Commit Graph

75 Commits

Author SHA1 Message Date
djm@openbsd.org d2d772f55b upstream commit 
avoid fatal() for PKCS11 tokens that present empty key IDs
 bz#1773, ok markus@

Upstream-ID: 044a764fee526f2c4a9d530bd10695422d01fc54
 2016-02-12 11:23:05 +11:00
djm@openbsd.org 63ebcd0005 upstream commit 
don't ignore PKCS#11 hosted keys that return empty
 CKA_ID; patch by Jakub Jelen via bz#2429; ok markus

Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485
 2015-07-20 10:32:25 +10:00
djm@openbsd.org b15fd989c8 upstream commit 
skip uninitialised PKCS#11 slots; patch from Jakub Jelen
 in bz#2427 ok markus@

Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29
 2015-07-20 10:32:25 +10:00
djm@openbsd.org a71ba58adf upstream commit 
support PKCS#11 devices with external PIN entry devices
 bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker@

Upstream-ID: 504568992b55a8fc984375242b1bd505ced61b0d
 2015-05-27 15:16:59 +10:00
deraadt@openbsd.org 657a5fbc0d upstream commit 
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
 2015-04-29 18:15:23 +10:00
deraadt@openbsd.org ce4f59b240 upstream commit 
missing ; djm and mlarkin really having great
 interactions recently
 2015-02-05 07:43:00 +11:00
djm@openbsd.org cb3bde373e upstream commit 
handle PKCS#11 C_Login returning
 CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@
 2015-02-03 11:06:16 +11:00
djm@openbsd.org 1129dcfc5a upstream commit 
sync ssh-keysign, ssh-keygen and some dependencies to the
 new buffer/key API; mostly mechanical, ok markus@
 2015-01-15 21:39:14 +11:00
Damien Miller 8668706d0f - djm@cvs.openbsd.org 2014/06/24 01:13:21 
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
 2014-07-02 15:28:02 +10:00
Damien Miller 686c7d9ee6 - djm@cvs.openbsd.org 2014/05/02 03:27:54 
[chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c]
     [misc.h poly1305.h ssh-pkcs11.c defines.h]
     revert __bounded change; it causes way more problems for portable than
     it solves; pointed out by dtucker@
 2014-05-15 14:37:03 +10:00
Damien Miller 4f40209aa4 - djm@cvs.openbsd.org 2014/03/26 04:55:35 
[chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c
     [misc.h poly1305.h ssh-pkcs11.c]
     use __bounded(...) attribute recently added to sys/cdefs.h instead of
     longform __attribute__(__bounded(...));

     for brevity and a warning free compilation with llvm/clang
 2014-04-20 13:21:22 +10:00
Damien Miller 867e6934be - markus@cvs.openbsd.org 2013/11/13 13:48:20 
[ssh-pkcs11.c]
     add missing braces found by pedro
 2013-11-21 13:56:06 +11:00
Damien Miller c8908aabff - djm@cvs.openbsd.org 2013/11/06 23:05:59 
[ssh-pkcs11.c]
     from portable: s/true/true_val/ to avoid name collisions on dump platforms
     RCSID sync only
 2013-11-07 13:38:35 +11:00
Damien Miller 61c5c2319e - (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5) 
that got lost in recent merge.
 2013-11-07 11:34:14 +11:00
Damien Miller d2252c7919 - markus@cvs.openbsd.org 2013/11/02 20:03:54 
[ssh-pkcs11.c]
     support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;
     fixes bz#1908; based on patch from Laurent Barbe; ok djm
 2013-11-04 07:41:48 +11:00
Damien Miller 746d1a6c52 - djm@cvs.openbsd.org 2013/07/12 00:20:00 
[sftp.c ssh-keygen.c ssh-pkcs11.c]
     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
 2013-07-18 16:13:02 +10:00
Darren Tucker a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13 
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
 2013-06-02 07:31:17 +10:00
Darren Tucker 0dd24e02ec - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations 
ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen support.
 2011-09-04 19:59:26 +10:00
Damien Miller 4fe686d35f - markus@cvs.openbsd.org 2010/06/08 21:32:19 
[ssh-pkcs11.c]
     check length of value returned  C_GetAttributValue for != 0
     from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
 2010-06-26 09:36:10 +10:00
Damien Miller 031c9100df - markus@cvs.openbsd.org 2010/04/15 20:32:55 
[ssh-pkcs11.c]
     retry lookup for private key if there's no matching key with CKA_SIGN
     attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
     ok djm@
 2010-04-16 15:54:44 +10:00
Tim Rice 179eee081a - (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older 
compilers. OK djm@
 2010-03-04 12:48:05 -08:00
Damien Miller 05abd2c968 - (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] 
[ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable
 2010-02-24 17:16:08 +11:00
Damien Miller dfa4156dbd - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] 
Use ssh_get_progname to fill __progname
 2010-02-12 10:06:28 +11:00
Damien Miller 8ad0fbd98e - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] 
Make it compile on OSX
 2010-02-12 09:49:06 +11:00
Damien Miller 7ea845e48d - markus@cvs.openbsd.org 2010/02/08 10:50:20 
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
     replace our obsolete smartcard code with PKCS#11.
        ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
     ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
     provider (shared library) while ssh-agent(1) delegates PKCS#11 to
     a forked a ssh-pkcs11-helper process.
     PKCS#11 is currently a compile time option.
     feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
 2010-02-12 09:21:02 +11:00