summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-11-13Fix comment in match_usergroup_pattern_list.Darren Tucker
Spotted by balu.gajjala@gmail.com via bz#3092.
2019-11-13upstream: allow an empty attestation certificate returned by adjm@openbsd.org
security key enrollment - these are possible for tokens that only offer self- attestation. This also needs support from the middleware. ok markus@ OpenBSD-Commit-ID: 135eeeb937088ef6830a25ca0bbe678dfd2c57cc
2019-11-13upstream: security keys typically need to be tapped/touched indjm@openbsd.org
order to perform a signature operation. Notify the user when this is expected via the TTY (if available) or $SSH_ASKPASS if we can. ok markus@ OpenBSD-Commit-ID: 0ef90a99a85d4a2a07217a58efb4df8444818609
2019-11-13upstream: pass SSH_ASKPASS_PROMPT hint to y/n key confirm toodjm@openbsd.org
OpenBSD-Commit-ID: 08d46712e5e5f1bad0aea68e7717b7bec1ab8959
2019-11-13upstream: dd API for performing one-shot notifications via tty ordjm@openbsd.org
SSH_ASKPASS OpenBSD-Commit-ID: 9484aea33aff5b62ce3642bf259546c7639f23f3
2019-11-13upstream: add xvasprintf()djm@openbsd.org
OpenBSD-Commit-ID: e5e3671c05c121993b034db935bce1a7aa372247
2019-11-13Remove leftover if statement from sync.Darren Tucker
2019-11-13upstream: remove extra layer for ed25519 signature; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 7672d9d0278b4bf656a12d3aab0c0bfe92a8ae47
2019-11-13upstream: check sig_r and sig_s for ssh-sk keys; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 1a1e6a85b5f465d447a3800f739e35c5b74e0abc
2019-11-13upstream: enable ed25519 support; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
2019-11-13upstream: update sk-api to version 2 for ed25519 support; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 77aa4d5b6ab17987d8a600907b49573940a0044a
2019-11-13upstream: implement sshsk_ed25519_assemble(); ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: af9ec838b9bc643786310b5caefc4ca4754e68c6
2019-11-13upstream: implement sshsk_ed25519_inner_sig(); ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910
2019-11-13upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19
2019-11-13upstream: factor out sshsk_ecdsa_inner_sig(); ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 07e41997b542f670a15d7e2807143fe01efef584
2019-11-13upstream: factor out sshsk_ecdsa_assemble(); ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 2313761a3a84ccfe032874d638d3c363e0f14026
2019-11-13upstream: implement ssh-ed25519-sk verification; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6
2019-11-13ignore ssh-sk-helperDamien Miller
2019-11-13upstream: skip demanding -fstack-protector-all on hppa. we neverderaadt@openbsd.org
wrote a stack protector for reverse-stack architectures, and i don't think anyone else did either. a warning per compiled file is just annoying. OpenBSD-Commit-ID: 14806a59353152f843eb349e618abbf6f4dd3ada
2019-11-11upstream: duplicate 'x' character in getopt(3) optstringdjm@openbsd.org
OpenBSD-Commit-ID: 64c81caa0cb5798de3621eca16b7dd22e5d0d8a7
2019-11-08upstream: Fill in missing man page bits for U2F security key support:naddy@openbsd.org
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@ OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
2019-11-03Put sftp-realpath in libssh.aDarren Tucker
and remove it from the specific binary targets.
2019-11-03statfs might be defined in sys/mount.h.Darren Tucker
eg on old NetBSDs.
2019-11-02Put stdint.h inside ifdef HAVE_STDINT_H.Darren Tucker
2019-11-02Rebuild .depend.Darren Tucker
2019-11-02Define __BSD_VISIBLE in fnmatch.h.Darren Tucker
.. since we use symbols defined only when it is when using the compat fnmatch.
2019-11-02Only enable U2F if OpenSSL supports ECC.Darren Tucker
This requires moving the U2F bits to below the OpenSSL parts so we have the required information. ok djm@
2019-11-02upstream: fix miscellaneous text problems; ok djm@naddy@openbsd.org
OpenBSD-Commit-ID: 0cbf411a14d8fa0b269b69cbb1b4fc0ca699fe9f
2019-11-01Add flags needed to build and work on Ultrix.Darren Tucker
2019-11-01Hook up fnmatch for platforms that don't have it.Darren Tucker
2019-11-01Add missing bracket in realpath macro.Darren Tucker
2019-11-01Import fnmatch.c from OpenBSD.Darren Tucker
2019-11-01Use sftp_realpath if no native realpath.Darren Tucker
2019-11-01Configure flags for haiku from haikuports.Darren Tucker
Should build with the default flags with ./configure
2019-11-01upstream: fix a race condition in the SIGCHILD handler that could turndjm@openbsd.org
in to a kill(-1); bz3084, reported by Gao Rui, ok dtucker@ OpenBSD-Commit-ID: ac2742e04a69d4c34223505b6a32f6d686e18896
2019-11-01conditionalise SK sign/verify on ENABLE_SKDamien Miller
Spotted by Darren and his faux-Vax
2019-11-01Add prototype for localtime_r if needed.Darren Tucker
2019-11-01Check if IP_TOS is defined before using.Darren Tucker
2019-11-01autoconf pieces for U2F supportDamien Miller
Mostly following existing logic for PKCS#11 - turning off support when either libcrypto or dlopen(3) are unavailable.
2019-11-01upstream: remove duplicate PUBKEY_DEFAULT_PK_ALG on !WITH_OPENSSL pathdjm@openbsd.org
OpenBSD-Commit-ID: 95a7cafad2a4665d57cabacc28031fabc0bea9fc
2019-11-01upstream: more additional source filesdjm@openbsd.org
OpenBSD-Regress-ID: 8eaa25fb901594aee23b76eda99dca5b8db94c6f
2019-11-01upstream: additional source files here toodjm@openbsd.org
OpenBSD-Regress-ID: 8809f8e1c8f7459e7096ab6b58d8e56cb2f483fd
2019-11-01upstream: additional source files here toodjm@openbsd.org
OpenBSD-Regress-ID: 09297e484327f911fd353489518cceaa0c1b95ce
2019-11-01upstream: adapt to extra sshkey_sign() argument and additionaldjm@openbsd.org
dependencies OpenBSD-Regress-ID: 7a25604968486c4d6f81d06e8fbc7d17519de50e
2019-11-01upstream: skip security-key key types for tests until we have adjm@openbsd.org
dummy U2F middleware to use. OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95
2019-11-01upstream: sort;jmc@openbsd.org
OpenBSD-Commit-ID: 8264b0be01ec5a60602bd50fd49cc3c81162ea16
2019-11-01upstream: undo debugging bits that shouldn't have been committeddjm@openbsd.org
OpenBSD-Commit-ID: 4bd5551b306df55379afe17d841207990eb773bf
2019-11-01dependDamien Miller
2019-11-01upstream: fix -Wshadow warningdjm@openbsd.org
OpenBSD-Commit-ID: 3441eb04f872a00c2483c11a5f1570dfe775103c
2019-11-01upstream: Refactor signing - use sshkey_sign for everything,djm@openbsd.org
including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c