2cf262c21f
upstream: document '$' environment variable expansion for
...
SecurityKeyProvider; ok djm@
OpenBSD-Commit-ID: 76db507ebd336a573e1cd4146cc40019332c5799
2019-11-20 09:27:29 +11:00
f0edda81c5
upstream: more missing mentions of ed25519-sk; ok djm@
...
OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff
2019-11-20 09:27:29 +11:00
189550f5bc
upstream: additional missing stdarg.h includes when built without
...
WITH_OPENSSL; ok djm@
OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b
2019-11-20 09:27:29 +11:00
723a536986
upstream: add the missing WITH_OPENSSL ifdefs after the ED25519-SK
...
addition; ok djm@
OpenBSD-Commit-ID: a9545e1c273e506cf70e328cbb9d0129b6d62474
2019-11-20 09:26:59 +11:00
478f4f98e4
remove all EC algs from proposals, no just sk ones
...
ok dtucker@
2019-11-19 08:52:24 +11:00
6a7ef310da
filter PUBKEY_DEFAULT_PK_ALG for ECC algorithms
...
Remove ECC algorithms from the PUBKEY_DEFAULT_PK_ALG list when
compiling without ECC support in libcrypto.
2019-11-18 22:23:05 +11:00
64f56f1d1a
upstream: LibreSSL change the format for openssl rsa -text output from
...
"publicExponent" to "Exponent" so accept either. with djm.
OpenBSD-Regress-ID: b7e6c4bf700029a31c98be14600d4472fe0467e6
2019-11-18 20:54:05 +11:00
4bfc0503ad
upstream: fix a bug that prevented serialisation of ed25519-sk keys
...
OpenBSD-Commit-ID: 066682b79333159cac04fcbe03ebd9c8dcc152a9
2019-11-18 17:59:43 +11:00
d882054170
upstream: Fix incorrect error message when key certification fails
...
OpenBSD-Commit-ID: 7771bd77ee73f7116df37c734c41192943a73cee
2019-11-18 17:42:11 +11:00
740c4bc987
upstream: fix bug that prevented certification of ed25519-sk keys
...
OpenBSD-Commit-ID: 64c8cc6f5de2cdd0ee3a81c3a9dee8d862645996
2019-11-18 17:42:11 +11:00
85409cbb50
upstream: allow *-sk key types to be turned into certificates
...
OpenBSD-Commit-ID: cd365ee343934862286d0b011aa77fa739d2a945
2019-11-18 17:25:26 +11:00
e2e1283404
upstream: mention ed25519-sk key/cert types here too; prompted by
...
jmc@
OpenBSD-Commit-ID: e281977e4a4f121f3470517cbd5e483eee37b818
2019-11-18 15:57:18 +11:00
97dc5d1d82
upstream: mention ed25519-sk in places where it is accepted;
...
prompted by jmc@
OpenBSD-Commit-ID: 076d386739ebe7336c2137e583bc7a5c9538a442
2019-11-18 15:57:17 +11:00
1306643448
upstream: document ed25519-sk pubkey, private key and certificate
...
formats
OpenBSD-Commit-ID: 795a7c1c80315412e701bef90e31e376ea2f3c88
2019-11-18 15:57:17 +11:00
71856e1142
upstream: correct order or ecdsa-sk private key fields
...
OpenBSD-Commit-ID: 4d4a0c13226a79f0080ce6cbe74f73b03ed8092e
2019-11-18 15:57:17 +11:00
93fa2a6649
upstream: correct description of fields in pub/private keys (was
...
missing curve name); spotted by Sebastian Kinne
OpenBSD-Commit-ID: 2a11340dc7ed16200342d384fb45ecd4fcce26e7
2019-11-18 15:57:17 +11:00
b497e920b4
Teach the GTK2/3 ssh-askpass the new prompt hints
...
ssh/ssh-agent now sets a hint environment variable $SSH_ASKPASS_PROMPT
when running the askpass program. This is intended to allow the
askpass to vary its UI across the three cases it supports: asking for
a passphrase, confirming the use of a key and (recently) reminding
a user to touch their security key.
This adapts the gnome-ssh-askpass[23] to use these hints. Specifically,
for SSH_ASKPASS_PROMPT=confirm it will skip the text input box and show
only "yes"/"no" buttons. For SSH_ASKPASS_PROMPT=none (used to remind
users to tap their security key), it shows only a "close" button.
Help wanted: adapt the other askpass programs in active use, including
x11-ssh-askpass, lxqt-openssh-askpass, etc.
2019-11-18 15:22:40 +11:00
857f49e91e
Move ifdef OPENSSL_HAS_ECC.
...
Found by -Wimplicit-fallthrough: one ECC case was not inside the ifdef.
ok djm@
2019-11-18 14:15:26 +11:00
6cf1c40096
Enable -Wimplicit-fallthrough if supported
...
Suggested by djm.
2019-11-18 14:14:18 +11:00
103c51fd5f
upstream: missing break in getopt switch; spotted by Sebastian Kinne
...
OpenBSD-Commit-ID: f002dbf14dba5586e8407e90f0141148ade8e8fc
2019-11-18 13:00:43 +11:00
9a1225e8ca
upstream: tweak debug message
...
OpenBSD-Commit-ID: 2bf336d3be0b7e3dd97920d7e7471146a281d2b9
2019-11-18 11:54:56 +11:00
4103a3ec7c
upstream: a little debug() in the security key interface
...
OpenBSD-Commit-ID: 4c70300609a5c8b19707207bb7ad4109e963b0e8
2019-11-17 09:44:43 +11:00
05daa211de
upstream: always use ssh-sk-helper, even for the internal USB HID
...
support. This avoid the need for a wpath pledge in ssh-agent.
reported by jmc@
OpenBSD-Commit-ID: 19f799c4d020b870741d221335dbfa5e76691c23
2019-11-17 09:44:43 +11:00
d431778a56
upstream: fix typos in sk_enroll
...
OpenBSD-Commit-ID: faa9bf779e008b3e64e2eb1344d9b7d83b3c4487
2019-11-17 09:44:43 +11:00
af90aec044
upstream: double word;
...
OpenBSD-Commit-ID: 43d09bafa4ea9002078cb30ca9adc3dcc0b9c2b9
2019-11-17 09:44:43 +11:00
fd1a96490c
upstream: remove most uses of BN_CTX
...
We weren't following the rules re BN_CTX_start/BN_CTX_end and the places
we were using it didn't benefit from its use anyway. ok dtucker@
OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a
2019-11-17 09:44:43 +11:00
39b87104cd
Add wrappers for other ultrix headers.
...
Wrappers protect against multiple inclusions for headers that don't do
it themselves.
2019-11-15 18:56:54 +11:00
134a74f4e0
Add SSIZE_MAX when we define ssize_t.
2019-11-15 18:55:13 +11:00
9c6d0a3a1e
Remove ultrix realpath hack.
2019-11-15 17:13:19 +11:00
c63fba5e34
upstream: unshield security key privkey before attempting signature
...
in agent. spotted by dtucker@
OpenBSD-Commit-ID: fb67d451665385b8a0a55371231c50aac67b91d2
2019-11-15 16:39:31 +11:00
d165bb5396
upstream: rewrite c99-ism
...
OpenBSD-Commit-ID: d0c70cca29cfa7e6d9f7ec1d6d5dabea112499b3
2019-11-15 16:39:31 +11:00
03e06dd0e6
upstream: only clang understands those new -W options
...
OpenBSD-Commit-ID: d9b910e412d139141b072a905e66714870c38ac0
2019-11-15 16:39:31 +11:00
5c0bc273cb
configure flag to built-in security key support
...
Require --with-security-key-builtin before enabling the built-in
security key support (and consequent dependency on libfido2).
2019-11-15 16:08:00 +11:00
fbcb9a7fa5
upstream commit
...
revision 1.48
date: 2019/02/04 16:45:40; author: millert; state: Exp; lines: +16 -17; commitid: cpNtVC7erojNyctw;
Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match POSIX.
This requires a libc major version bump. OK deraadt@
2019-11-15 16:06:30 +11:00
2cfb11abac
upstream commit
...
revision 1.47
date: 2017/05/08 14:53:27; author: millert; state: Exp; lines: +34 -21; commitid: sYfxfyUHAfarP8sE;
Fix exponential CPU use with repeated '*' operators by changing '*'
handling to be interative instead of recursive.
Fix by Yves Orton, ported to OpenBSD glob.c by Ray Lai. OK tb@
2019-11-15 16:05:07 +11:00
228dd595c7
upstream commit
...
revision 1.46
date: 2015/12/28 22:08:18; author: mmcc; state: Exp; lines: +5 -9; commitid: 0uXuF2O13NH9q2e1;
Remove NULL-checks before free() and a few related dead assignments.
ok and valuable input from millert@
2019-11-15 16:04:28 +11:00
a16f748690
upstream commit
...
revision 1.44
date: 2015/09/14 16:09:13; author: tedu; state: Exp; lines: +3 -5; commitid: iWfSX2BIn0sLw62l;
remove null check before free. from Michael McConville
ok semarie
2019-11-15 16:02:43 +11:00
fd37cdeafe
upstream commit
...
revision 1.43
date: 2015/06/13 16:57:04; author: deraadt; state: Exp; lines: +4 -4; commitid: zOUKuqWBdOPOz1SZ;
in glob() initialize the glob_t before the first failure check.
from j@pureftpd.org
ok millert stsp
2019-11-15 16:02:27 +11:00
fd62769c38
upstream commit
...
revision 1.42
date: 2015/02/05 12:59:57; author: millert; state: Exp; lines: +2 -1; commitid: DTQbfd4poqBW8iSJ;
Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
2019-11-15 16:01:20 +11:00
2b6cba7ee2
upstream commit
...
revision 1.41
date: 2014/10/08 05:35:27; author: deraadt; state: Exp; lines: +3 -3; commitid: JwTGarRLHQKDgPh2;
obvious realloc -> reallocarray conversion
2019-11-15 16:00:07 +11:00
ab36006653
upstream: don't consult dlopen whitelist for internal security key
...
provider; spotted by dtucker@
OpenBSD-Commit-ID: bfe5fbd17e4ff95dd85b9212181652b54444192e
2019-11-15 15:14:00 +11:00
19f8ec428d
upstream commit
...
revision 1.40
date: 2013/09/30 12:02:34; author: millert; state: Exp; lines: +14 -15;
Use PATH_MAX, NAME_MAX and LOGIN_NAME_MAX not MAXPATHNAMELEN,
MAXNAMLEN or MAXLOGNAME where possible. OK deraadt@
2019-11-15 15:08:28 +11:00
bb7413db98
upstream commit
...
revision 1.39
date: 2012/01/20 07:09:42; author: tedu; state: Exp; lines: +4 -4;
the glob stat limit is way too low. bump to 2048.
while here, failed stats should count against the limit too.
ok deraadt sthen stsp
2019-11-15 15:07:30 +11:00
01362cf7cb
upstream: U2F tokens may return FIDO_ERR_USER_PRESENCE_REQUIRED when
...
probed to see if they own a key handle. Handle this case so the find_device()
look can work for them. Reported by Michael Forney
OpenBSD-Commit-ID: 2ccd5b30a6ddfe4dba228b7159bf168601bd9166
2019-11-15 14:43:34 +11:00
cf62307bc9
Add libfido2 to INSTALL.
2019-11-15 14:01:20 +11:00
69fbda1894
libcrypto is now optional.
2019-11-15 14:01:20 +11:00
45ffa36988
upstream: show the "please touch your security key" notifier when
...
using the (default) build-in security key support.
OpenBSD-Commit-ID: 4707643aaa7124501d14e92d1364b20f312a6428
2019-11-15 13:41:40 +11:00
49dc9fa928
upstream: close the "touch your security key" notifier on the error
...
path too
OpenBSD-Commit-ID: c7628bf80505c1aefbb1de7abc8bb5ee51826829
2019-11-15 13:41:40 +11:00
22a82712e8
upstream: correct function name in debug message
...
OpenBSD-Commit-ID: 2482c99d2ce448f39282493050f8a01e3ffc39ab
2019-11-15 13:41:40 +11:00
018e2902a6
upstream: follow existing askpass logic for security key notifier:
...
fall back to _PATH_SSH_ASKPASS_DEFAULT if no $SSH_ASKPASS environment
variable is set.
OpenBSD-Commit-ID: cda753726b13fb797bf7a9f7a0b3022d9ade4520
2019-11-15 13:41:40 +11:00
naddy@openbsd.org
Damien Miller
dtucker@openbsd.org
djm@openbsd.org
Darren Tucker
markus@openbsd.org
jmc@openbsd.org
deraadt@openbsd.org