summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-06-21upstream: Add protection for private keys at rest in RAM againstdjm@openbsd.org
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@ OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
2019-06-21upstream: print the correct AuthorizedPrincipalsCommand rather thandjm@openbsd.org
an uninitialised variable; spotted by dtucker@ OpenBSD-Commit-ID: 02802018784250f68202f01c8561de82e17b0638
2019-06-21upstream: from tim: - for reput, it is remote-path which isjmc@openbsd.org
optional, not local-path - sync help from deraadt: - prefer -R and undocument -r (but add a comment for future editors) from schwarze: - prefer -p and undocument -P (as above. the comment was schwarze's too) more: - add the -f flag to reput and reget - sort help (i can;t remember who suggested this originally) djm and deraadt were ok with earlier versions of this; tim and schwarze ok OpenBSD-Commit-ID: 3c699b53b46111f5c57eed4533f132e7e58bacdd
2019-06-19upstream: check for convtime() refusing to accept times thatdjm@openbsd.org
resolve to LONG_MAX Reported by Kirk Wolf bz2977; ok dtucker OpenBSD-Regress-ID: 15c9fe87be1ec241d24707006a31123d3a3117e0
2019-06-19upstream: Add unit tests for user@host and URI parsing.dtucker@openbsd.org
OpenBSD-Regress-ID: 69d5b6f278e04ed32377046f7692c714c2d07a68
2019-06-19upstream: Add tests for sshd -T -C with Match.dtucker@openbsd.org
OpenBSD-Regress-ID: d4c34916fe20d717692f10ef50b5ae5a271c12c7
2019-06-16Include stdio.h for vsnprintf.Darren Tucker
Patch from mforney at mforney.org.
2019-06-14upstream rev 1.27: fix integer overflow.Darren Tucker
Cast bitcount to u_in64_t before bit shifting to prevent integer overflow on 32bit platforms which cause incorrect results when adding a block >=512M in size. sha1 patch from ante84 at gmail.com via openssh github, sha2 with djm@, ok tedu@
2019-06-14upstream rev 1.25: add DEF_WEAK.Darren Tucker
Wrap blowfish, sha*, md5, and rmd160 so that internal calls go direct ok deraadt@
2019-06-14upstream rev 1.25: add sys/types.hDarren Tucker
2019-06-14upstream: Use explicit_bzero instead of memsetDarren Tucker
in hash Final and End functions. OK deraadt@ djm@
2019-06-14upstream: slightly more instructive error message when the userdjm@openbsd.org
specifies multiple -J options on the commandline. bz3015 ok dtucker@ OpenBSD-Commit-ID: 181c15a65cac3b575819bc8d9a56212c3c748179
2019-06-14upstream: process agent requests for RSA certificate private keys usingdjm@openbsd.org
correct signature algorithm when requested. Patch from Jakub Jelen in bz3016 ok dtucker markus OpenBSD-Commit-ID: 61f86efbeb4a1857a3e91298c1ccc6cf49b79624
2019-06-14upstream: for public key authentication, check AuthorizedKeysFilesdjm@openbsd.org
files before consulting AuthorizedKeysCommand; ok dtucker markus OpenBSD-Commit-ID: 13652998bea5cb93668999c39c3c48e8429db8b3
2019-06-14upstream: if passed a bad fd, log what it wasdjm@openbsd.org
OpenBSD-Commit-ID: 582e2bd05854e49365195b58989b68ac67f09140
2019-06-14upstream: Hostname->HostName cleanup; from lauri tirkkonen okjmc@openbsd.org
dtucker OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4
2019-06-14upstream: deraadt noticed some inconsistency in the way we denotejmc@openbsd.org
the "Hostname" and "X11UseLocalhost" keywords; this makes things consistent (effectively reversing my commit of yesterday); ok deraadt markus djm OpenBSD-Commit-ID: 255c02adb29186ac91dcf47dfad7adb1b1e54667
2019-06-14upstream: consistent lettering for "HostName" keyword; from laurijmc@openbsd.org
tirkkonen OpenBSD-Commit-ID: 0c267a1257ed7482b13ef550837b6496e657d563
2019-06-08Typo fixes in error messages.Darren Tucker
Patch from knweiss at gmail.com via github pull req #97 (portable- specific parts).
2019-06-08upstream: Typo and spelling fixes in comments and error messages.dtucker@openbsd.org
Patch from knweiss at gmail.com via -portable. OpenBSD-Commit-ID: 2577465442f761a39703762c4f87a8dfcb918b4b
2019-06-08Include missed bits from previous sync.Darren Tucker
2019-06-08upstream: Check for user@host when parsing sftp target. Thisdtucker@openbsd.org
allows user@[1.2.3.4] to work without a path in addition to with one. bz#2999, ok djm@ OpenBSD-Commit-ID: d989217110932490ba8ce92127a9a6838878928b
2019-06-08upstream: Replace calls to ssh_malloc_init() by a static init ofotto@openbsd.org
malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@ OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
2019-06-08upstream: fix ssh-keysign fd handling problem introduced in r1.304djm@openbsd.org
caused by a typo (STDIN_FILENO vs STDERR_FILENO) OpenBSD-Commit-ID: 57a0b4be7bef23963afe24150e24bf014fdd9cb0
2019-06-08upstream: Make the standard output messages of both methods oflum@openbsd.org
changing a key pair's comments (using -c and -C) more applicable to both methods. ok and suggestions djm@ dtucker@ OpenBSD-Commit-ID: b379338118109eb36e14a65bc0a12735205b3de6
2019-06-08Always clean up before and after utimensat test.Darren Tucker
2019-06-07Update utimensat test.Darren Tucker
POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should update the symlink and not the destination. The compat code doesn't have a way to do this, so where possible it fails instead of following a symlink when explicitly asked not to. Instead of checking for an explicit failure, check that it does not update the destination, which both the real and compat implmentations should honour. Inspired by github pull req #125 from chutzpah at gentoo.org.
2019-06-07Have pthread_create return errno on failure.Darren Tucker
According to POSIX, pthread_create returns the failure reason in the non-zero function return code so make the fork wrapper do that. Matches previous change.
2019-06-07pthread_create(3) returns positive values on failure.Elliott Hughes
Found by inspection after finding similar bugs in other code used by Android.
2019-06-05allow s390 specific ioctl for ecc hardware supportHarald Freudenberger
Adding another s390 specific ioctl to be able to support ECC hardware acceleration to the sandbox seccomp filter rules. Now the ibmca openssl engine provides elliptic curve cryptography support with the help of libica and CCA crypto cards. This is done via jet another ioctl call to the zcrypt device driver and so there is a need to enable this on the openssl sandbox. Code is s390 specific and has been tested, verified and reviewed. Please note that I am also the originator of the previous changes in that area. I posted these changes to Eduardo and he forwarded the patches to the openssl community. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
2019-06-05openssl-devel is obsoleted by libssl-develSorin Adrian Savu
openssl-devel is no longer installable via the cygwin setup and it's hidden by default, so you can't see the replacement very easy.
2019-05-21upstream: tweak previous;jmc@openbsd.org
OpenBSD-Commit-ID: 42f39f22f53cfcb913bce401ae0f1bb93e08dd6c
2019-05-20upstream: embiggen format buffer size for certificate serial number sodjm@openbsd.org
that it will fit a full 64 bit integer. bz#3012 from Manoel Domingues Junior OpenBSD-Commit-ID: a51f3013056d05b976e5af6b978dcb9e27bbc12b
2019-05-20upstream: When signing certificates with an RSA key, default todjm@openbsd.org
using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH < 7.2 unless the default is overridden. Document the ability of the ssh-keygen -t flag to override the signature algorithm when signing certificates, and the new default. ok deraadt@ OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
2019-05-17Add no-op implementation of pam_putenv.Darren Tucker
Some platforms such as HP-UX do not have pam_putenv. Currently the calls are ifdef'ed out, but a new one was recently added. Remove the ifdefs and add a no-op implementation. bz#3008, ok djm.
2019-05-17Use the correct macro for SSH_ALLOWED_CA_SIGALGS.Darren Tucker
2019-05-17Fix building w/out ECC.Darren Tucker
Ifdef out ECC specific code so that that it'll build against an OpenSSL configured w/out ECC. With & ok djm@
2019-05-17Conditionalize ECDH methods in CA algos.Darren Tucker
When building against an OpenSSL configured without ECC, don't include those algos in CASignatureAlgorithms. ok djm@
2019-05-17upstream: Move a variable declaration to the block where it's useddtucker@openbsd.org
to make things a little tidier for -portable. OpenBSD-Commit-ID: 616379861be95619e5358768b7dee4793e2f3a75
2019-05-17upstream: When doing the fork+exec'ing for ssh-keysign, rearrangederaadt@openbsd.org
the socket into fd3, so as to not mistakenly leak other fd forward accidentally. ok djm OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296
2019-05-17upstream: Delete some .Sx macros that were used in a wrong way.schwarze@openbsd.org
Part of a patch from Stephen Gregoratto <dev at sgregoratto dot me>. OpenBSD-Commit-ID: 15501ed13c595f135e7610b1a5d8345ccdb513b7
2019-05-17upstream: For PermitOpen violations add the remote host and port toflorian@openbsd.org
be able to find out from where the request was comming. Add the same logging for PermitListen violations which where not logged at all. Pointed out by Robert Kisteleki (robert AT ripe.net) input markus OK deraadt OpenBSD-Commit-ID: 8a7d0f1b7175504c0d1dca8d9aca1588b66448c8
2019-05-16Add OpenSSL 1.1.1 to the supported list.Darren Tucker
Clarify the language around prngd and egd.
2019-05-15Fix typo in man page formatter selector.Darren Tucker
2019-05-10Use "doc" man page format if mandoc present.Darren Tucker
Previously configure would not select the "doc" man page format if mandoc was present but nroff was not. This checks for mandoc first and removes a now-superflous AC_PATH_PROG. Based on a patch from vehk at vehk.de and feedback from schwarze at usta.de.
2019-05-08upstream: Use the correct (according to POSIX) format fordtucker@openbsd.org
left-justification in snmprintf. bz#3002, patch from velemas at gmail.com, ok markus@. OpenBSD-Commit-ID: 65d252b799be0cc8f68b6c47cece0a57bb00fea7
2019-05-08upstream: Free channel objects on exit path. Patch from markus atdtucker@openbsd.org
blueflash.cc, ok deraadt OpenBSD-Commit-ID: dbe4db381603909482211ffdd2b48abd72169117
2019-05-08upstream: Free host on exit path. Patch from markus atdtucker@openbsd.org
blueflash.cc, ok djm@ OpenBSD-Commit-ID: c54e9945d93c4ce28350d8b9fa8b71f744ef2b5a
2019-05-08upstream: Wrap XMSS including in ifdef. Patch from markus atdtucker@openbsd.org
blueflash.cc, ok djm OpenBSD-Commit-ID: e3b34fc35cf12d33bde91ac03633210a3bc0f8b5
2019-05-08upstream: Import regenerated moduli.dtucker@openbsd.org
OpenBSD-Commit-ID: db6375fc302e3bdf07d96430c63c991b2c2bd3ff