2162171ad5
upstream: Support keys that set the CKA_ALWAYS_AUTHENTICATE by
...
requring a fresh login after the C_SignInit operation.
based on patch from Jakub Jelen in bz#2638; ok markus
OpenBSD-Commit-ID: a76e66996ba7c0923b46b74d46d499b811786661
2019-01-22 23:04:54 +11:00
7a2cb18a21
upstream: Mention that configuration for the destination host is
...
not applied to any ProxyJump/-J hosts. This has confused a few people...
OpenBSD-Commit-ID: 03f4f641df6ca236c1bfc69836a256b873db868b
2019-01-22 23:04:54 +11:00
ecd2f33cb7
upstream: Include -m in the synopsis for a few more commands that
...
support it
Be more explicit in the description of -m about where it may be used
Prompted by Jakub Jelen in bz2904
OpenBSD-Commit-ID: 3b398ac5e05d8a6356710d0ff114536c9d71046c
2019-01-22 22:42:02 +11:00
ff5d2cf4ca
upstream: print the full pubkey being attempted at loglevel >=
...
debug2; bz2939
OpenBSD-Commit-ID: ac0fe5ca1429ebf4d460bad602adc96de0d7e290
2019-01-22 22:42:01 +11:00
180b520e2b
upstream: clarify: ssh-keygen -e only writes public keys, never
...
private
OpenBSD-Commit-ID: 7de7ff6d274d82febf9feb641e2415ffd6a30bfb
2019-01-22 22:42:01 +11:00
c45616a199
upstream: mention the new vs. old key formats in the introduction
...
and give some hints on how keys may be converted or written in the old
format.
OpenBSD-Commit-ID: 9c90a9f92eddc249e07fad1204d0e15c8aa13823
2019-01-22 22:42:01 +11:00
fd8eb1383a
upstream: tweak previous;
...
OpenBSD-Commit-ID: d2a80e389da8e7ed71978643d8cbaa8605b597a8
2019-01-22 22:42:01 +11:00
68e924d547
upstream: Forgot to add -J to the synopsis.
...
OpenBSD-Commit-ID: 26d95e409a0b72526526fc56ca1caca5cc3d3c5e
2019-01-22 22:42:01 +11:00
622dedf1a8
upstream: Add a -J option as a shortcut for -o Proxyjump= to scp(1)
...
and sftp(1) to match ssh(1)'s interface.
ok djm
OpenBSD-Commit-ID: a75bc2d5f329caa7229a7e9fe346c4f41c2663fc
2019-01-22 22:42:01 +11:00
c882d74652
Allow building against OpenSSL dev (3.x) version.
2019-01-22 20:38:40 +11:00
d552039357
typo
2019-01-22 10:50:40 +11:00
2de9cec542
add missing header
2019-01-22 10:49:52 +11:00
533cfb01e4
upstream: switch sntrup implementation source from supercop to
...
libpqcrypto; the latter is almost identical but doesn't rely on signed
underflow to implement an optimised integer sort; from markus@
OpenBSD-Commit-ID: cd09bbf0e0fcef1bedca69fdf7990dc360567cf8
2019-01-22 09:20:14 +11:00
d50ab3cd6f
new files need includes.h
2019-01-22 00:02:23 +11:00
c7670b091a
upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up
...
debug verbosity.
Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
in debug mode ("ssh-agent -d"), so we get to see errors from the
PKCS#11 code.
ok markus@
OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
2019-01-21 23:56:52 +11:00
49d8c8e214
upstream: adapt to changes in KEX APIs and file removals
...
OpenBSD-Regress-ID: 54d6857e7c58999c7a6d40942ab0fed3529f43ca
2019-01-21 23:51:29 +11:00
35ecc53a83
upstream: adapt to changes in KEX API and file removals
...
OpenBSD-Regress-ID: 92cad022d3b0d11e08f3e0055d6a14b8f994c0d7
2019-01-21 23:41:21 +11:00
7d69aae64c
upstream: adapt to bignum1 API removal and bignum2 API change
...
OpenBSD-Regress-ID: cea6ff270f3d560de86b355a87a2c95b55a5ca63
2019-01-21 23:38:30 +11:00
beab553f0a
upstream: remove hack to use non-system libcrypto
...
OpenBSD-Regress-ID: ce72487327eee4dfae1ab0212a1f33871fe0809f
2019-01-21 23:38:10 +11:00
4dc06bd579
depend
2019-01-21 23:14:04 +11:00
70edd73edc
upstream: fix reversed arguments to kex_load_hostkey(); manifested as
...
errors in cert-hostkey.sh regress failures.
OpenBSD-Commit-ID: 12dab63850b844f84d5a67e86d9e21a42fba93ba
2019-01-21 23:13:53 +11:00
f1185abbf0
upstream: forgot to cvs add this file in previous series of commits;
...
grrr
OpenBSD-Commit-ID: bcff316c3e7da8fd15333e05d244442c3aaa66b0
2019-01-21 23:13:53 +11:00
7bef390b62
upstream: nothing shall escape this purge
...
OpenBSD-Commit-ID: 4795b0ff142b45448f7e15f3c2f77a947191b217
2019-01-21 23:13:03 +11:00
aaca72d6f1
upstream: rename kex->kem_client_pub -> kex->client_pub now that
...
KEM has been renamed to kexgen
from markus@ ok djm@
OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
2019-01-21 23:13:03 +11:00
70867e1ca2
upstream: merge kexkem[cs] into kexgen
...
from markus@ ok djm@
OpenBSD-Commit-ID: 87d886b7f1812ff9355fda1435f6ea9b71a0ac89
2019-01-21 23:13:03 +11:00
71e67fff94
upstream: pass values used in KEX hash computation as sshbuf
...
rather than pointer+len
suggested by me; implemented by markus@ ok me
OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0
2019-01-21 23:13:03 +11:00
4b83e2a2cc
upstream: remove kex_derive_keys_bn wrapper; no unused since the
...
DH-like KEX methods have moved to KEM
from markus@ ok djm@
OpenBSD-Commit-ID: bde9809103832f349545e4f5bb733d316db9a060
2019-01-21 23:13:03 +11:00
92dda34e37
upstream: use KEM API for vanilla ECDH
...
from markus@ ok djm@
OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
2019-01-21 23:13:02 +11:00
b72357217c
fixup missing ssherr.h
2019-01-21 23:13:02 +11:00
9c9c97e14f
upstream: use KEM API for vanilla DH KEX
...
from markus@ ok djm@
OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
2019-01-21 22:08:47 +11:00
2f6a9ddbbf
upstream: use KEM API for vanilla c25519 KEX
...
OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
2019-01-21 22:08:04 +11:00
dfd591618c
upstream: Add support for a PQC KEX/KEM:
...
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not
enabled by default.
introduce KEM API; a simplified framework for DH-ish KEX methods.
from markus@ feedback & ok djm@
OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
2019-01-21 22:07:02 +11:00
b1b2ff4ed5
upstream: factor out kex_verify_hostkey() - again, duplicated
...
almost exactly across client and server for several KEX methods.
from markus@ ok djm@
OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c
2019-01-21 21:47:28 +11:00
bb39bafb6d
upstream: factor out kex_load_hostkey() - this is duplicated in
...
both the client and server implementations for most KEX methods.
from markus@ ok djm@
OpenBSD-Commit-ID: 8232fa7c21fbfbcaf838313b0c166dc6c8762f3c
2019-01-21 21:47:28 +11:00
dec5e9d338
upstream: factor out kex_dh_compute_key() - it's shared between
...
plain DH KEX and DH GEX in both the client and server implementations
from markus@ ok djm@
OpenBSD-Commit-ID: 12186e18791fffcd4642c82e7e0cfdd7ea37e2ec
2019-01-21 21:47:28 +11:00
e93bd98eab
upstream: factor out DH keygen; it's identical between the client
...
and the server
from markus@ ok djm@
OpenBSD-Commit-ID: 2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9
2019-01-21 21:47:28 +11:00
5ae3f6d314
upstream: save the derived session id in kex_derive_keys() rather
...
than making each kex method implementation do it.
from markus@ ok djm@
OpenBSD-Commit-ID: d61ade9c8d1e13f665f8663c552abff8c8a30673
2019-01-21 21:47:28 +11:00
7be8572b32
upstream: Make sshpkt_get_bignum2() allocate the bignum it is
...
parsing rather than make the caller do it. Saves a lot of boilerplate code.
from markus@ ok djm@
OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9
2019-01-21 21:47:28 +11:00
803178bd5d
upstream: remove obsolete (SSH v.1) sshbuf_get/put_bignum1
...
functions
from markus@ ok djm@
OpenBSD-Commit-ID: 0380b1b2d9de063de3c5a097481a622e6a04943e
2019-01-21 21:46:57 +11:00
f3ebaffd87
upstream: fix all-zero check in kexc25519_shared_key
...
from markus@ ok djm@
OpenBSD-Commit-ID: 60b1d364e0d9d34d1d1ef1620cb92e36cf06712d
2019-01-21 21:46:05 +11:00
9d1a9771d0
upstream: - -T was added to the first synopsis by mistake - since
...
"..." denotes optional, no need to surround it in []
ok djm
OpenBSD-Commit-ID: 918f6d8eed4e0d8d9ef5eadae1b8983d796f0e25
2019-01-21 21:46:05 +11:00
2f0bad2bf8
Make --with-rpath take a flag instead of yes/no.
...
Linkers need various flags for -rpath and similar, so make --with-rpath
take an optional flag argument which is passed to the linker. ok djm@
2019-01-21 21:28:27 +11:00
23490a6c97
fix previous test
2019-01-21 15:05:43 +11:00
b6dd3277f2
Wrap ECC static globals in EC_KEY_METHOD_NEW too.
2019-01-21 13:50:17 +11:00
b2eb9db35b
pass TEST_SSH_SSHPKCS11HELPER to regress tests
2019-01-21 13:09:23 +11:00
ba58a529f4
make agent-pkcs11 search harder for softhsm2.so
2019-01-21 13:09:23 +11:00
662be40c62
upstream: always print the caller's error message in ossl_error(),
...
even when there are no libcrypto errors to report.
OpenBSD-Commit-ID: 09ebaa8f706e0eccedd209775baa1eee2ada806a
2019-01-21 13:07:04 +11:00
ce46c3a077
upstream: get the ex_data (pkcs11_key object) back from the keys at
...
the index at which it was inserted, rather than assuming index 0
OpenBSD-Commit-ID: 1f3a6ce0346c8014e895e50423bef16401510aa8
2019-01-21 13:06:58 +11:00
0a5f2ea356
upstream: GSSAPI code got missed when converting to new packet API
...
OpenBSD-Commit-ID: 37e4f06ab4a0f4214430ff462ba91acba28b7851
2019-01-21 12:05:49 +11:00
2efcf812b4
Fix -Wunused when compiling PKCS#11 without ECDSA
2019-01-21 11:57:21 +11:00
djm@openbsd.org
jmc@openbsd.org
tb@openbsd.org
Darren Tucker
Damien Miller