linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
and test/debugging.
OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
to delay the call to shield until we have received key specific options. -
when serializing xmss keys for shield we need to deal with all optional
components (e.g. state might not be loaded). ok djm@
OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f
order to perform a signature operation. Notify the user when this is expected
via the TTY (if available) or $SSH_ASKPASS if we can.
ok markus@
OpenBSD-Commit-ID: 0ef90a99a85d4a2a07217a58efb4df8444818609
including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.
Suggested by / ok markus@
OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.
OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
and Rambleed. This change encrypts private keys when they are not in use with
a symmetic key that is derived from a relatively large "prekey" consisting of
random data (currently 16KB).
Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.
Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.
Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.
been in snaps for a bit already; thanks deraadt@
ok dtucker@ deraadt@
OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
correct signature algorithm when requested. Patch from Jakub Jelen in bz3016
ok dtucker markus
OpenBSD-Commit-ID: 61f86efbeb4a1857a3e91298c1ccc6cf49b79624
malloc_options. Prepares for changes in the way malloc is initialized. ok
guenther@ dtucker@
OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
input buffer is too full to read one, or if the output buffer is too full to
enqueue a response; feedback & ok dtucker@
OpenBSD-Commit-ID: df3c5b6d57c968975875de40d8955cbfed05a6c8
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.
Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().
Prompted by patch from Rosen Penev
fd rlimit and stop accepting new connections when it is exceeded (with some
grace). Accept is resumed when enough connections are closed.
bz#2576. feedback deraadt; ok dtucker@
OpenBSD-Commit-ID: 6a85d9cec7b85741961e7116a49f8dae777911ea
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
downgrade a couple more request parsing errors from
process-fatal to just returning failure, making them consistent with the
others that were already like that.
OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918
fix regression in 7.6: failure to parse a signature request
message shouldn't be fatal to the process, just the request. Reported by Ron
Frederick
OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus
Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
fix regression in 7.4: deletion of PKCS#11-hosted keys
would fail unless they were specified by full physical pathname. Report and
fix from Jakub Jelen via bz#2682; ok dtucker@
Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
add a whitelist of paths from which ssh-agent will load
(via ssh-pkcs11-helper) a PKCS#11 module; ok markus@
Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker
Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
better safety checking; feedback and ok markus@
Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
Add a function to enable security-related malloc_options.
With and ok deraadt@, something similar has been in the snaps for a while.
Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
Add "id" to ssh-agent pledge for subprocess support.
Found the hard way by Jan Johansson when using ssh-agent with X. Also,
rearranged proc/exec and retval to match other pledge calls in the tree.
ok djm@
Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db
fflush stdout so that output is seen even when running in
debug mode when output may otherwise not be flushed. Patch from dustin at
null-ptr.net.
Upstream-ID: b0c6b4cd2cdb01d7e9eefbffdc522e35b5bc4acc
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@
Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
jmc@openbsd.org
naddy@openbsd.org
djm@openbsd.org
markus@openbsd.org
Darren Tucker
deraadt@openbsd.org
otto@openbsd.org
Damien Miller
djm@openbsd.org@openbsd.org
Darren Tucker
dtucker@openbsd.org
doug@openbsd.org