summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-11-01upstream: skip security-key key types for tests until we have adjm@openbsd.org
dummy U2F middleware to use. OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95
2019-11-01upstream: sort;jmc@openbsd.org
OpenBSD-Commit-ID: 8264b0be01ec5a60602bd50fd49cc3c81162ea16
2019-11-01upstream: undo debugging bits that shouldn't have been committeddjm@openbsd.org
OpenBSD-Commit-ID: 4bd5551b306df55379afe17d841207990eb773bf
2019-11-01dependDamien Miller
2019-11-01upstream: fix -Wshadow warningdjm@openbsd.org
OpenBSD-Commit-ID: 3441eb04f872a00c2483c11a5f1570dfe775103c
2019-11-01upstream: Refactor signing - use sshkey_sign for everything,djm@openbsd.org
including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
2019-11-01upstream: ssh-agent support for U2F/FIDO keysdjm@openbsd.org
feedback & ok markus@ OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb
2019-11-01upstream: ssh AddKeysToAgent support for U2F/FIDO keysdjm@openbsd.org
feedback & ok markus@ OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91
2019-11-01upstream: ssh-add support for U2F/FIDO keysdjm@openbsd.org
OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644
2019-11-01upstream: add new agent key constraint for U2F/FIDO providerdjm@openbsd.org
feedback & ok markus@ OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
2019-11-01upstream: ssh client support for U2F/FIDO keysdjm@openbsd.org
OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc
2019-11-01upstream: Separate myproposal.h userauth pubkey typesdjm@openbsd.org
U2F/FIDO keys are not supported for host authentication, so we need a separate list for user keys. feedback & ok markus@ OpenBSD-Commit-ID: 7fe2e6ab85f9f2338866e5af8ca2d312abbf0429
2019-11-01upstream: ssh-keygen support for generating U2F/FIDO keysdjm@openbsd.org
OpenBSD-Commit-ID: 6ce04f2b497ac9dd8c327f76f1e6c724fb1d1b37
2019-11-01upstream: U2F/FIDO middleware interfacedjm@openbsd.org
Supports enrolling (generating) keys and signatures. feedback & ok markus@ OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592
2019-11-01upstream: Initial infrastructure for U2F/FIDO supportdjm@openbsd.org
Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
2019-11-01upstream: Protocol documentation for U2F/FIDO keys in OpenSSHdjm@openbsd.org
OpenBSD-Commit-ID: 8f3247317c2909870593aeb306dff848bc427915
2019-11-01Missing unit test filesDamien Miller
2019-10-29Add implementation of localtime_r.Darren Tucker
2019-10-29upstream: Signal handler cleanup: remove leftover support fordtucker@openbsd.org
unreliable signals and now-unneeded save and restore of errno. ok deraadt@ markus@ OpenBSD-Commit-ID: 01dd8a1ebdd991c8629ba1f5237283341a93cd88
2019-10-29upstream: fixes from lucas;jmc@openbsd.org
OpenBSD-Commit-ID: 4c4bfd2806c5bbc753788ffe19c5ee13aaf418b2
2019-10-29upstream: Import regenerated moduli file.dtucker@openbsd.org
OpenBSD-Commit-ID: 58ec755be4e51978ecfee73539090eb68652a987
2019-10-28Fix ifdefs to not mask needed bits.Darren Tucker
2019-10-28Only use RLIMIT_NOFILE if it's defined.Darren Tucker
2019-10-28Make sure we have struct statfs before using.Darren Tucker
2019-10-28Define UINT32_MAX if needed.Darren Tucker
2019-10-28Move utimensat definition into timespec section.Darren Tucker
Since utimensat uses struct timespec, move it to the section where we define struct timespec when needed.
2019-10-28Wrap OpenSSL bits in WITH_OPENSSL.Darren Tucker
2019-10-28Wrap poll.h includes in HAVE_POLL_H.Darren Tucker
2019-10-24Add a function call stackprotector tests.Darren Tucker
Including a function call in the test programs for the gcc stack protector flag tests exercises more of the compiler and makes it more likely it'll detect problems.
2019-10-22Import regenerated moduli file.Darren Tucker
2019-10-16upstream: potential NULL dereference for revoked hostkeys; reporteddjm@openbsd.org
by krishnaiah bommu OpenBSD-Commit-ID: 35ff685e7cc9dd2e3fe2e3dfcdcb9bc5c79f6506
2019-10-16upstream: free buf before return; reported by krishnaiah bommudjm@openbsd.org
OpenBSD-Commit-ID: 091bb23a6e913af5d4f72c50030b53ce1cef4de1
2019-10-14upstream: memleak in error path; spotted by oss-fuzz, ok markus@djm@openbsd.org
OpenBSD-Commit-ID: d6ed260cbbc297ab157ad63931802fb1ef7a4266
2019-10-11Re-add SA_RESTART to mysignal.Darren Tucker
This makes mysignal implement reliable BSD semantics according to Stevens' APUE. This was first attempted in 2001 but was reverted due to problems with HP-UX 10.20 and select() and possibly grantpt(). Modern systems should be fine with it, but if any current platforms have a problem with it now we can disable it just for those. ok djm@
2019-10-10Fix ifdef typo for declaration of memmem.Darren Tucker
Fixes build on IRIX. bz#3081.
2019-10-09Update README.mdAbhishek Arya
2019-10-09add a fuzzer for private key parsingDamien Miller
2019-10-09prepare for 8.1 releaseDamien Miller
2019-10-09upstream: openssh-8.1djm@openbsd.org
OpenBSD-Commit-ID: 3356bb34e2aa287f0e6d6773c9ae659dc680147d
2019-10-09upstream: fix an unreachable integer overflow similar to the XMSSdjm@openbsd.org
case, and some other NULL dereferences found by fuzzing. fix with and ok markus@ OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b
2019-10-09upstream: fix integer overflow in XMSS private key parsing.djm@openbsd.org
Reported by Adam Zabrocki via SecuriTeam's SSH program. Note that this code is experimental and not compiled by default. ok markus@ OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
2019-10-09upstream: Correct type for end-of-list sentinel; fixes initializerdtucker@openbsd.org
warnings on some platforms. ok deraadt. OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2
2019-10-09upstream: reversed test yielded incorrect debug messagedjm@openbsd.org
OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3
2019-10-09dependDamien Miller
2019-10-09Make MAKE_CLONE no-op macro more correct.Darren Tucker
Similar to the previous change to DEF_WEAK, some compilers don't like the empty statement, so convert into a no-op function prototype.
2019-10-09wrap stdint.h include in HAVE_STDINT_HDamien Miller
make the indenting a little more consistent too.. Fixes Solaris 2.6; reported by Tom G. Christensen
2019-10-08avoid "return (value)" in void-declared functionDamien Miller
spotted by Tim Rice; ok dtucker
2019-10-08Make DEF_WEAK more likely to be correct.Darren Tucker
Completely nop-ing out DEF_WEAK leaves an empty statemment which some compilers don't like. Replace with a no-op function template. ok djm@
2019-10-07upstream: Instead of running sed over the whole log to remove CRs,dtucker@openbsd.org
remove them only where it's needed (and confuses test(1) on at least OS X in portable). OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0
2019-10-05Enable specific ioctl call for EP11 crypto card (s390)Eduardo Barretto
The EP11 crypto card needs to make an ioctl call, which receives an specific argument. This crypto card is for s390 only. Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>