02275afa1e
upstream: additional source files here too
...
OpenBSD-Regress-ID: 09297e484327f911fd353489518cceaa0c1b95ce
2019-11-01 13:10:09 +11:00
dfc8f01b98
upstream: adapt to extra sshkey_sign() argument and additional
...
dependencies
OpenBSD-Regress-ID: 7a25604968486c4d6f81d06e8fbc7d17519de50e
2019-11-01 13:10:09 +11:00
afa59e26ee
upstream: skip security-key key types for tests until we have a
...
dummy U2F middleware to use.
OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95
2019-11-01 13:10:09 +11:00
de871e4daf
upstream: sort;
...
OpenBSD-Commit-ID: 8264b0be01ec5a60602bd50fd49cc3c81162ea16
2019-11-01 13:05:49 +11:00
2aae149a34
upstream: undo debugging bits that shouldn't have been committed
...
OpenBSD-Commit-ID: 4bd5551b306df55379afe17d841207990eb773bf
2019-11-01 13:05:48 +11:00
3420e0464b
depend
2019-11-01 09:46:10 +11:00
b923a90abc
upstream: fix -Wshadow warning
...
OpenBSD-Commit-ID: 3441eb04f872a00c2483c11a5f1570dfe775103c
2019-11-01 09:46:10 +11:00
9a14c64c38
upstream: Refactor signing - use sshkey_sign for everything,
...
including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.
Suggested by / ok markus@
OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
2019-11-01 09:46:10 +11:00
07da39f71d
upstream: ssh-agent support for U2F/FIDO keys
...
feedback & ok markus@
OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb
2019-11-01 09:46:09 +11:00
eebec620c9
upstream: ssh AddKeysToAgent support for U2F/FIDO keys
...
feedback & ok markus@
OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91
2019-11-01 09:46:09 +11:00
486164d060
upstream: ssh-add support for U2F/FIDO keys
...
OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644
2019-11-01 09:46:09 +11:00
b9dd14d309
upstream: add new agent key constraint for U2F/FIDO provider
...
feedback & ok markus@
OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
2019-11-01 09:46:09 +11:00
884416bdb1
upstream: ssh client support for U2F/FIDO keys
...
OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc
2019-11-01 09:46:09 +11:00
01a0670f69
upstream: Separate myproposal.h userauth pubkey types
...
U2F/FIDO keys are not supported for host authentication, so we need
a separate list for user keys.
feedback & ok markus@
OpenBSD-Commit-ID: 7fe2e6ab85f9f2338866e5af8ca2d312abbf0429
2019-11-01 09:46:09 +11:00
23f38c2d8c
upstream: ssh-keygen support for generating U2F/FIDO keys
...
OpenBSD-Commit-ID: 6ce04f2b497ac9dd8c327f76f1e6c724fb1d1b37
2019-11-01 09:46:09 +11:00
ed3467c1e1
upstream: U2F/FIDO middleware interface
...
Supports enrolling (generating) keys and signatures.
feedback & ok markus@
OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592
2019-11-01 09:46:09 +11:00
02bb0768a9
upstream: Initial infrastructure for U2F/FIDO support
...
Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.
feedback & ok markus@
OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
2019-11-01 09:46:08 +11:00
57ecc10628
upstream: Protocol documentation for U2F/FIDO keys in OpenSSH
...
OpenBSD-Commit-ID: 8f3247317c2909870593aeb306dff848bc427915
2019-11-01 08:36:34 +11:00
f4fdcd2b7a
Missing unit test files
2019-11-01 08:36:16 +11:00
1bcd1169c5
Add implementation of localtime_r.
2019-10-29 20:48:46 +11:00
2046ed16c1
upstream: Signal handler cleanup: remove leftover support for
...
unreliable signals and now-unneeded save and restore of errno. ok deraadt@
markus@
OpenBSD-Commit-ID: 01dd8a1ebdd991c8629ba1f5237283341a93cd88
2019-10-29 20:47:25 +11:00
70fc9a6ca4
upstream: fixes from lucas;
...
OpenBSD-Commit-ID: 4c4bfd2806c5bbc753788ffe19c5ee13aaf418b2
2019-10-29 20:47:25 +11:00
702368aa43
upstream: Import regenerated moduli file.
...
OpenBSD-Commit-ID: 58ec755be4e51978ecfee73539090eb68652a987
2019-10-29 20:47:25 +11:00
5fe81da226
Fix ifdefs to not mask needed bits.
2019-10-28 21:19:47 +11:00
7694e9d2fb
Only use RLIMIT_NOFILE if it's defined.
2019-10-28 17:05:36 +11:00
d561b0b2fa
Make sure we have struct statfs before using.
2019-10-28 16:27:53 +11:00
2912596aec
Define UINT32_MAX if needed.
2019-10-28 16:27:53 +11:00
7169e31121
Move utimensat definition into timespec section.
...
Since utimensat uses struct timespec, move it to the section where we
define struct timespec when needed.
2019-10-28 16:27:53 +11:00
850ec1773d
Wrap OpenSSL bits in WITH_OPENSSL.
2019-10-28 16:27:53 +11:00
6fc7e1c6fe
Wrap poll.h includes in HAVE_POLL_H.
2019-10-28 16:27:53 +11:00
9239a18f96
Add a function call stackprotector tests.
...
Including a function call in the test programs for the gcc stack
protector flag tests exercises more of the compiler and makes it more
likely it'll detect problems.
2019-10-24 14:39:49 +11:00
b9705393be
Import regenerated moduli file.
2019-10-22 18:09:22 +11:00
76ed219949
upstream: potential NULL dereference for revoked hostkeys; reported
...
by krishnaiah bommu
OpenBSD-Commit-ID: 35ff685e7cc9dd2e3fe2e3dfcdcb9bc5c79f6506
2019-10-16 17:08:38 +11:00
6500c3bc71
upstream: free buf before return; reported by krishnaiah bommu
...
OpenBSD-Commit-ID: 091bb23a6e913af5d4f72c50030b53ce1cef4de1
2019-10-16 17:08:38 +11:00
d7d116b6d9
upstream: memleak in error path; spotted by oss-fuzz, ok markus@
...
OpenBSD-Commit-ID: d6ed260cbbc297ab157ad63931802fb1ef7a4266
2019-10-14 17:03:54 +11:00
9b9e3ca694
Re-add SA_RESTART to mysignal.
...
This makes mysignal implement reliable BSD semantics according to
Stevens' APUE. This was first attempted in 2001 but was reverted
due to problems with HP-UX 10.20 and select() and possibly grantpt().
Modern systems should be fine with it, but if any current platforms have
a problem with it now we can disable it just for those. ok djm@
2019-10-11 14:12:16 +11:00
0bd312a362
Fix ifdef typo for declaration of memmem.
...
Fixes build on IRIX. bz#3081.
2019-10-10 09:42:03 +11:00
01ce1cd402
Update README.md
2019-10-09 14:25:09 +11:00
1ba130ac8f
add a fuzzer for private key parsing
2019-10-09 13:49:35 +11:00
cdf1d0a9f5
prepare for 8.1 release
2019-10-09 11:31:03 +11:00
3b4e56d740
upstream: openssh-8.1
...
OpenBSD-Commit-ID: 3356bb34e2aa287f0e6d6773c9ae659dc680147d
2019-10-09 11:12:26 +11:00
29e0ecd9b4
upstream: fix an unreachable integer overflow similar to the XMSS
...
case, and some other NULL dereferences found by fuzzing.
fix with and ok markus@
OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b
2019-10-09 11:11:41 +11:00
a546b17bba
upstream: fix integer overflow in XMSS private key parsing.
...
Reported by Adam Zabrocki via SecuriTeam's SSH program.
Note that this code is experimental and not compiled by default.
ok markus@
OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
2019-10-09 11:11:41 +11:00
c2cc25480b
upstream: Correct type for end-of-list sentinel; fixes initializer
...
warnings on some platforms. ok deraadt.
OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2
2019-10-09 11:11:41 +11:00
e827aedf88
upstream: reversed test yielded incorrect debug message
...
OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3
2019-10-09 11:06:47 +11:00
8ca491d29f
depend
2019-10-09 11:06:37 +11:00
86a0323374
Make MAKE_CLONE no-op macro more correct.
...
Similar to the previous change to DEF_WEAK, some compilers don't like
the empty statement, so convert into a no-op function prototype.
2019-10-09 09:36:06 +11:00
cfc1897a20
wrap stdint.h include in HAVE_STDINT_H
...
make the indenting a little more consistent too..
Fixes Solaris 2.6; reported by Tom G. Christensen
2019-10-09 09:06:35 +11:00
13b3369830
avoid "return (value)" in void-declared function
...
spotted by Tim Rice; ok dtucker
2019-10-08 15:32:02 +11:00
0c7f8d2326
Make DEF_WEAK more likely to be correct.
...
Completely nop-ing out DEF_WEAK leaves an empty statemment which some
compilers don't like. Replace with a no-op function template. ok djm@
2019-10-08 14:48:32 +11:00
djm@openbsd.org
jmc@openbsd.org
Damien Miller
Darren Tucker
dtucker@openbsd.org
Abhishek Arya