fd1a3b5e38
upstream: update sk-api to version 2 for ed25519 support; ok djm
...
OpenBSD-Commit-ID: 77aa4d5b6ab17987d8a600907b49573940a0044a
2019-11-13 08:49:59 +11:00
7c32b51edb
upstream: implement sshsk_ed25519_assemble(); ok djm
...
OpenBSD-Commit-ID: af9ec838b9bc643786310b5caefc4ca4754e68c6
2019-11-13 08:49:52 +11:00
fe05a36dc0
upstream: implement sshsk_ed25519_inner_sig(); ok djm
...
OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910
2019-11-13 08:49:52 +11:00
e03a29e655
upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
...
OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19
2019-11-13 08:49:52 +11:00
bc7b5d6187
upstream: factor out sshsk_ecdsa_inner_sig(); ok djm@
...
OpenBSD-Commit-ID: 07e41997b542f670a15d7e2807143fe01efef584
2019-11-13 08:48:48 +11:00
cef84a062d
upstream: factor out sshsk_ecdsa_assemble(); ok djm@
...
OpenBSD-Commit-ID: 2313761a3a84ccfe032874d638d3c363e0f14026
2019-11-13 08:48:48 +11:00
7c096c456f
upstream: implement ssh-ed25519-sk verification; ok djm@
...
OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6
2019-11-13 08:48:48 +11:00
ba5fb02bed
ignore ssh-sk-helper
2019-11-13 08:48:30 +11:00
78c9649894
upstream: skip demanding -fstack-protector-all on hppa. we never
...
wrote a stack protector for reverse-stack architectures, and i don't think
anyone else did either. a warning per compiled file is just annoying.
OpenBSD-Commit-ID: 14806a59353152f843eb349e618abbf6f4dd3ada
2019-11-13 08:47:31 +11:00
aa1c9e3778
upstream: duplicate 'x' character in getopt(3) optstring
...
OpenBSD-Commit-ID: 64c81caa0cb5798de3621eca16b7dd22e5d0d8a7
2019-11-11 14:25:46 +11:00
aa4c640dc3
upstream: Fill in missing man page bits for U2F security key support:
...
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's
SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable,
and ssh-keygen's new -w and -x options.
Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal
substitutions.
ok djm@
OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
2019-11-08 14:09:32 +11:00
b236b27d6d
Put sftp-realpath in libssh.a
...
and remove it from the specific binary targets.
2019-11-03 00:10:43 +11:00
382c18c20c
statfs might be defined in sys/mount.h.
...
eg on old NetBSDs.
2019-11-03 00:09:21 +11:00
03ffc0951c
Put stdint.h inside ifdef HAVE_STDINT_H.
2019-11-02 23:25:01 +11:00
19cb64c4b4
Rebuild .depend.
2019-11-02 22:46:22 +11:00
3611bfe89b
Define __BSD_VISIBLE in fnmatch.h.
...
.. since we use symbols defined only when it is when using the compat
fnmatch.
2019-11-02 22:46:22 +11:00
f5cc5816aa
Only enable U2F if OpenSSL supports ECC.
...
This requires moving the U2F bits to below the OpenSSL parts so we have
the required information. ok djm@
2019-11-02 16:39:38 +11:00
ad38406fc9
upstream: fix miscellaneous text problems; ok djm@
...
OpenBSD-Commit-ID: 0cbf411a14d8fa0b269b69cbb1b4fc0ca699fe9f
2019-11-02 11:12:50 +11:00
9cac151c2d
Add flags needed to build and work on Ultrix.
2019-11-01 18:27:37 +11:00
0e3c5bc509
Hook up fnmatch for platforms that don't have it.
2019-11-01 18:27:37 +11:00
b56dbfd9d9
Add missing bracket in realpath macro.
2019-11-01 18:27:37 +11:00
59ccb56f15
Import fnmatch.c from OpenBSD.
2019-11-01 18:27:37 +11:00
79d46de9fb
Use sftp_realpath if no native realpath.
2019-11-01 18:27:37 +11:00
bb4f003ed8
Configure flags for haiku from haikuports.
...
Should build with the default flags with ./configure
2019-11-01 15:06:16 +11:00
4332b4fe49
upstream: fix a race condition in the SIGCHILD handler that could turn
...
in to a kill(-1); bz3084, reported by Gao Rui, ok dtucker@
OpenBSD-Commit-ID: ac2742e04a69d4c34223505b6a32f6d686e18896
2019-11-01 14:56:38 +11:00
03f9205f0f
conditionalise SK sign/verify on ENABLE_SK
...
Spotted by Darren and his faux-Vax
2019-11-01 14:49:55 +11:00
5eb7b9563f
Add prototype for localtime_r if needed.
2019-11-01 14:41:07 +11:00
d500b59a82
Check if IP_TOS is defined before using.
2019-11-01 13:42:52 +11:00
764d51e044
autoconf pieces for U2F support
...
Mostly following existing logic for PKCS#11 - turning off support
when either libcrypto or dlopen(3) are unavailable.
2019-11-01 13:35:34 +11:00
45f17a159a
upstream: remove duplicate PUBKEY_DEFAULT_PK_ALG on !WITH_OPENSSL path
...
OpenBSD-Commit-ID: 95a7cafad2a4665d57cabacc28031fabc0bea9fc
2019-11-01 13:33:44 +11:00
db8d13f792
upstream: more additional source files
...
OpenBSD-Regress-ID: 8eaa25fb901594aee23b76eda99dca5b8db94c6f
2019-11-01 13:10:52 +11:00
f89c5df65d
upstream: additional source files here too
...
OpenBSD-Regress-ID: 8809f8e1c8f7459e7096ab6b58d8e56cb2f483fd
2019-11-01 13:10:09 +11:00
02275afa1e
upstream: additional source files here too
...
OpenBSD-Regress-ID: 09297e484327f911fd353489518cceaa0c1b95ce
2019-11-01 13:10:09 +11:00
dfc8f01b98
upstream: adapt to extra sshkey_sign() argument and additional
...
dependencies
OpenBSD-Regress-ID: 7a25604968486c4d6f81d06e8fbc7d17519de50e
2019-11-01 13:10:09 +11:00
afa59e26ee
upstream: skip security-key key types for tests until we have a
...
dummy U2F middleware to use.
OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95
2019-11-01 13:10:09 +11:00
de871e4daf
upstream: sort;
...
OpenBSD-Commit-ID: 8264b0be01ec5a60602bd50fd49cc3c81162ea16
2019-11-01 13:05:49 +11:00
2aae149a34
upstream: undo debugging bits that shouldn't have been committed
...
OpenBSD-Commit-ID: 4bd5551b306df55379afe17d841207990eb773bf
2019-11-01 13:05:48 +11:00
3420e0464b
depend
2019-11-01 09:46:10 +11:00
b923a90abc
upstream: fix -Wshadow warning
...
OpenBSD-Commit-ID: 3441eb04f872a00c2483c11a5f1570dfe775103c
2019-11-01 09:46:10 +11:00
9a14c64c38
upstream: Refactor signing - use sshkey_sign for everything,
...
including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.
Suggested by / ok markus@
OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
2019-11-01 09:46:10 +11:00
07da39f71d
upstream: ssh-agent support for U2F/FIDO keys
...
feedback & ok markus@
OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb
2019-11-01 09:46:09 +11:00
eebec620c9
upstream: ssh AddKeysToAgent support for U2F/FIDO keys
...
feedback & ok markus@
OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91
2019-11-01 09:46:09 +11:00
486164d060
upstream: ssh-add support for U2F/FIDO keys
...
OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644
2019-11-01 09:46:09 +11:00
b9dd14d309
upstream: add new agent key constraint for U2F/FIDO provider
...
feedback & ok markus@
OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
2019-11-01 09:46:09 +11:00
884416bdb1
upstream: ssh client support for U2F/FIDO keys
...
OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc
2019-11-01 09:46:09 +11:00
01a0670f69
upstream: Separate myproposal.h userauth pubkey types
...
U2F/FIDO keys are not supported for host authentication, so we need
a separate list for user keys.
feedback & ok markus@
OpenBSD-Commit-ID: 7fe2e6ab85f9f2338866e5af8ca2d312abbf0429
2019-11-01 09:46:09 +11:00
23f38c2d8c
upstream: ssh-keygen support for generating U2F/FIDO keys
...
OpenBSD-Commit-ID: 6ce04f2b497ac9dd8c327f76f1e6c724fb1d1b37
2019-11-01 09:46:09 +11:00
ed3467c1e1
upstream: U2F/FIDO middleware interface
...
Supports enrolling (generating) keys and signatures.
feedback & ok markus@
OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592
2019-11-01 09:46:09 +11:00
02bb0768a9
upstream: Initial infrastructure for U2F/FIDO support
...
Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.
feedback & ok markus@
OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
2019-11-01 09:46:08 +11:00
57ecc10628
upstream: Protocol documentation for U2F/FIDO keys in OpenSSH
...
OpenBSD-Commit-ID: 8f3247317c2909870593aeb306dff848bc427915
2019-11-01 08:36:34 +11:00
markus@openbsd.org
Damien Miller
deraadt@openbsd.org
djm@openbsd.org
naddy@openbsd.org
Darren Tucker
jmc@openbsd.org