de871e4daf
upstream: sort;
...
OpenBSD-Commit-ID: 8264b0be01ec5a60602bd50fd49cc3c81162ea16
2019-11-01 13:05:49 +11:00
2aae149a34
upstream: undo debugging bits that shouldn't have been committed
...
OpenBSD-Commit-ID: 4bd5551b306df55379afe17d841207990eb773bf
2019-11-01 13:05:48 +11:00
3420e0464b
depend
2019-11-01 09:46:10 +11:00
b923a90abc
upstream: fix -Wshadow warning
...
OpenBSD-Commit-ID: 3441eb04f872a00c2483c11a5f1570dfe775103c
2019-11-01 09:46:10 +11:00
9a14c64c38
upstream: Refactor signing - use sshkey_sign for everything,
...
including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.
Suggested by / ok markus@
OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
2019-11-01 09:46:10 +11:00
07da39f71d
upstream: ssh-agent support for U2F/FIDO keys
...
feedback & ok markus@
OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb
2019-11-01 09:46:09 +11:00
eebec620c9
upstream: ssh AddKeysToAgent support for U2F/FIDO keys
...
feedback & ok markus@
OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91
2019-11-01 09:46:09 +11:00
486164d060
upstream: ssh-add support for U2F/FIDO keys
...
OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644
2019-11-01 09:46:09 +11:00
b9dd14d309
upstream: add new agent key constraint for U2F/FIDO provider
...
feedback & ok markus@
OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
2019-11-01 09:46:09 +11:00
884416bdb1
upstream: ssh client support for U2F/FIDO keys
...
OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc
2019-11-01 09:46:09 +11:00
01a0670f69
upstream: Separate myproposal.h userauth pubkey types
...
U2F/FIDO keys are not supported for host authentication, so we need
a separate list for user keys.
feedback & ok markus@
OpenBSD-Commit-ID: 7fe2e6ab85f9f2338866e5af8ca2d312abbf0429
2019-11-01 09:46:09 +11:00
23f38c2d8c
upstream: ssh-keygen support for generating U2F/FIDO keys
...
OpenBSD-Commit-ID: 6ce04f2b497ac9dd8c327f76f1e6c724fb1d1b37
2019-11-01 09:46:09 +11:00
ed3467c1e1
upstream: U2F/FIDO middleware interface
...
Supports enrolling (generating) keys and signatures.
feedback & ok markus@
OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592
2019-11-01 09:46:09 +11:00
02bb0768a9
upstream: Initial infrastructure for U2F/FIDO support
...
Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.
feedback & ok markus@
OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
2019-11-01 09:46:08 +11:00
57ecc10628
upstream: Protocol documentation for U2F/FIDO keys in OpenSSH
...
OpenBSD-Commit-ID: 8f3247317c2909870593aeb306dff848bc427915
2019-11-01 08:36:34 +11:00
f4fdcd2b7a
Missing unit test files
2019-11-01 08:36:16 +11:00
1bcd1169c5
Add implementation of localtime_r.
2019-10-29 20:48:46 +11:00
2046ed16c1
upstream: Signal handler cleanup: remove leftover support for
...
unreliable signals and now-unneeded save and restore of errno. ok deraadt@
markus@
OpenBSD-Commit-ID: 01dd8a1ebdd991c8629ba1f5237283341a93cd88
2019-10-29 20:47:25 +11:00
70fc9a6ca4
upstream: fixes from lucas;
...
OpenBSD-Commit-ID: 4c4bfd2806c5bbc753788ffe19c5ee13aaf418b2
2019-10-29 20:47:25 +11:00
702368aa43
upstream: Import regenerated moduli file.
...
OpenBSD-Commit-ID: 58ec755be4e51978ecfee73539090eb68652a987
2019-10-29 20:47:25 +11:00
5fe81da226
Fix ifdefs to not mask needed bits.
2019-10-28 21:19:47 +11:00
7694e9d2fb
Only use RLIMIT_NOFILE if it's defined.
2019-10-28 17:05:36 +11:00
d561b0b2fa
Make sure we have struct statfs before using.
2019-10-28 16:27:53 +11:00
2912596aec
Define UINT32_MAX if needed.
2019-10-28 16:27:53 +11:00
7169e31121
Move utimensat definition into timespec section.
...
Since utimensat uses struct timespec, move it to the section where we
define struct timespec when needed.
2019-10-28 16:27:53 +11:00
850ec1773d
Wrap OpenSSL bits in WITH_OPENSSL.
2019-10-28 16:27:53 +11:00
6fc7e1c6fe
Wrap poll.h includes in HAVE_POLL_H.
2019-10-28 16:27:53 +11:00
9239a18f96
Add a function call stackprotector tests.
...
Including a function call in the test programs for the gcc stack
protector flag tests exercises more of the compiler and makes it more
likely it'll detect problems.
2019-10-24 14:39:49 +11:00
b9705393be
Import regenerated moduli file.
2019-10-22 18:09:22 +11:00
76ed219949
upstream: potential NULL dereference for revoked hostkeys; reported
...
by krishnaiah bommu
OpenBSD-Commit-ID: 35ff685e7cc9dd2e3fe2e3dfcdcb9bc5c79f6506
2019-10-16 17:08:38 +11:00
6500c3bc71
upstream: free buf before return; reported by krishnaiah bommu
...
OpenBSD-Commit-ID: 091bb23a6e913af5d4f72c50030b53ce1cef4de1
2019-10-16 17:08:38 +11:00
d7d116b6d9
upstream: memleak in error path; spotted by oss-fuzz, ok markus@
...
OpenBSD-Commit-ID: d6ed260cbbc297ab157ad63931802fb1ef7a4266
2019-10-14 17:03:54 +11:00
9b9e3ca694
Re-add SA_RESTART to mysignal.
...
This makes mysignal implement reliable BSD semantics according to
Stevens' APUE. This was first attempted in 2001 but was reverted
due to problems with HP-UX 10.20 and select() and possibly grantpt().
Modern systems should be fine with it, but if any current platforms have
a problem with it now we can disable it just for those. ok djm@
2019-10-11 14:12:16 +11:00
0bd312a362
Fix ifdef typo for declaration of memmem.
...
Fixes build on IRIX. bz#3081.
2019-10-10 09:42:03 +11:00
01ce1cd402
Update README.md
2019-10-09 14:25:09 +11:00
1ba130ac8f
add a fuzzer for private key parsing
2019-10-09 13:49:35 +11:00
cdf1d0a9f5
prepare for 8.1 release
2019-10-09 11:31:03 +11:00
3b4e56d740
upstream: openssh-8.1
...
OpenBSD-Commit-ID: 3356bb34e2aa287f0e6d6773c9ae659dc680147d
2019-10-09 11:12:26 +11:00
29e0ecd9b4
upstream: fix an unreachable integer overflow similar to the XMSS
...
case, and some other NULL dereferences found by fuzzing.
fix with and ok markus@
OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b
2019-10-09 11:11:41 +11:00
a546b17bba
upstream: fix integer overflow in XMSS private key parsing.
...
Reported by Adam Zabrocki via SecuriTeam's SSH program.
Note that this code is experimental and not compiled by default.
ok markus@
OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
2019-10-09 11:11:41 +11:00
c2cc25480b
upstream: Correct type for end-of-list sentinel; fixes initializer
...
warnings on some platforms. ok deraadt.
OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2
2019-10-09 11:11:41 +11:00
e827aedf88
upstream: reversed test yielded incorrect debug message
...
OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3
2019-10-09 11:06:47 +11:00
8ca491d29f
depend
2019-10-09 11:06:37 +11:00
86a0323374
Make MAKE_CLONE no-op macro more correct.
...
Similar to the previous change to DEF_WEAK, some compilers don't like
the empty statement, so convert into a no-op function prototype.
2019-10-09 09:36:06 +11:00
cfc1897a20
wrap stdint.h include in HAVE_STDINT_H
...
make the indenting a little more consistent too..
Fixes Solaris 2.6; reported by Tom G. Christensen
2019-10-09 09:06:35 +11:00
13b3369830
avoid "return (value)" in void-declared function
...
spotted by Tim Rice; ok dtucker
2019-10-08 15:32:02 +11:00
0c7f8d2326
Make DEF_WEAK more likely to be correct.
...
Completely nop-ing out DEF_WEAK leaves an empty statemment which some
compilers don't like. Replace with a no-op function template. ok djm@
2019-10-08 14:48:32 +11:00
b1e79ea8fa
upstream: Instead of running sed over the whole log to remove CRs,
...
remove them only where it's needed (and confuses test(1) on at least OS X in
portable).
OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0
2019-10-07 13:08:57 +11:00
8dc7d6b75a
Enable specific ioctl call for EP11 crypto card (s390)
...
The EP11 crypto card needs to make an ioctl call, which receives an
specific argument. This crypto card is for s390 only.
Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
2019-10-05 18:30:40 +10:00
07f2c7f349
upstream: fix memory leak in error path; bz#3074 patch from
...
krishnaiah.bommu@intel.com , ok dtucker
OpenBSD-Commit-ID: d031853f3ecf47b35a0669588f4d9d8e3b307b3c
2019-10-04 14:34:05 +10:00
jmc@openbsd.org
djm@openbsd.org
Damien Miller
Darren Tucker
dtucker@openbsd.org
Abhishek Arya
Eduardo Barretto