Age | Commit message (Collapse) | Author |
|
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
|
|
OpenBSD-Commit-ID: 93488431bf02dde85a854429362695d2d43d9112
|
|
connect, not just readable. Prevents a timeout when the server doesn't
immediately send a banner (eg multiplexers like sslh) but is also slightly
quicker for other connections since, unlike ssh1, ssh2 doesn't specify
that the client should parse the server banner before sending its own.
Patch from mnissler@chromium.org, ok djm@
OpenBSD-Commit-ID: aba9cd8480d1d9dd31d0ca0422ea155c26c5df1d
|
|
Fixes warning for ECDSA_SIG_set0 on OpenSSL versions prior to 1.1.
|
|
better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne
NB. if you are depending on security keys (already?) then make sure you
update both your clients and servers.
OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
|
|
verification fails.
OpenBSD-Commit-ID: e6a30071e0518cac512f9e10be3dc3500e2003f3
|
|
happen. rethink needed...
OpenBSD-Commit-ID: fb0fede8123ea7f725fd65e00d49241c40bd3421
|
|
the main synopsis/usage; ok djm
OpenBSD-Commit-ID: f881ba253da015398ae8758d973e3390754869bc
|
|
SecurityKeyProvider; ok djm@
OpenBSD-Commit-ID: 76db507ebd336a573e1cd4146cc40019332c5799
|
|
OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff
|
|
WITH_OPENSSL; ok djm@
OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b
|
|
addition; ok djm@
OpenBSD-Commit-ID: a9545e1c273e506cf70e328cbb9d0129b6d62474
|
|
ok dtucker@
|
|
Remove ECC algorithms from the PUBKEY_DEFAULT_PK_ALG list when
compiling without ECC support in libcrypto.
|
|
"publicExponent" to "Exponent" so accept either. with djm.
OpenBSD-Regress-ID: b7e6c4bf700029a31c98be14600d4472fe0467e6
|
|
OpenBSD-Commit-ID: 066682b79333159cac04fcbe03ebd9c8dcc152a9
|
|
OpenBSD-Commit-ID: 7771bd77ee73f7116df37c734c41192943a73cee
|
|
OpenBSD-Commit-ID: 64c8cc6f5de2cdd0ee3a81c3a9dee8d862645996
|
|
OpenBSD-Commit-ID: cd365ee343934862286d0b011aa77fa739d2a945
|
|
jmc@
OpenBSD-Commit-ID: e281977e4a4f121f3470517cbd5e483eee37b818
|
|
prompted by jmc@
OpenBSD-Commit-ID: 076d386739ebe7336c2137e583bc7a5c9538a442
|
|
formats
OpenBSD-Commit-ID: 795a7c1c80315412e701bef90e31e376ea2f3c88
|
|
OpenBSD-Commit-ID: 4d4a0c13226a79f0080ce6cbe74f73b03ed8092e
|
|
missing curve name); spotted by Sebastian Kinne
OpenBSD-Commit-ID: 2a11340dc7ed16200342d384fb45ecd4fcce26e7
|
|
ssh/ssh-agent now sets a hint environment variable $SSH_ASKPASS_PROMPT
when running the askpass program. This is intended to allow the
askpass to vary its UI across the three cases it supports: asking for
a passphrase, confirming the use of a key and (recently) reminding
a user to touch their security key.
This adapts the gnome-ssh-askpass[23] to use these hints. Specifically,
for SSH_ASKPASS_PROMPT=confirm it will skip the text input box and show
only "yes"/"no" buttons. For SSH_ASKPASS_PROMPT=none (used to remind
users to tap their security key), it shows only a "close" button.
Help wanted: adapt the other askpass programs in active use, including
x11-ssh-askpass, lxqt-openssh-askpass, etc.
|
|
Found by -Wimplicit-fallthrough: one ECC case was not inside the ifdef.
ok djm@
|
|
Suggested by djm.
|
|
OpenBSD-Commit-ID: f002dbf14dba5586e8407e90f0141148ade8e8fc
|
|
OpenBSD-Commit-ID: 2bf336d3be0b7e3dd97920d7e7471146a281d2b9
|
|
OpenBSD-Commit-ID: 4c70300609a5c8b19707207bb7ad4109e963b0e8
|
|
support. This avoid the need for a wpath pledge in ssh-agent.
reported by jmc@
OpenBSD-Commit-ID: 19f799c4d020b870741d221335dbfa5e76691c23
|
|
OpenBSD-Commit-ID: faa9bf779e008b3e64e2eb1344d9b7d83b3c4487
|
|
OpenBSD-Commit-ID: 43d09bafa4ea9002078cb30ca9adc3dcc0b9c2b9
|
|
We weren't following the rules re BN_CTX_start/BN_CTX_end and the places
we were using it didn't benefit from its use anyway. ok dtucker@
OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a
|
|
Wrappers protect against multiple inclusions for headers that don't do
it themselves.
|
|
|
|
|
|
in agent. spotted by dtucker@
OpenBSD-Commit-ID: fb67d451665385b8a0a55371231c50aac67b91d2
|
|
OpenBSD-Commit-ID: d0c70cca29cfa7e6d9f7ec1d6d5dabea112499b3
|
|
OpenBSD-Commit-ID: d9b910e412d139141b072a905e66714870c38ac0
|
|
Require --with-security-key-builtin before enabling the built-in
security key support (and consequent dependency on libfido2).
|
|
revision 1.48
date: 2019/02/04 16:45:40; author: millert; state: Exp; lines: +16 -17; commitid: cpNtVC7erojNyctw;
Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match POSIX.
This requires a libc major version bump. OK deraadt@
|
|
revision 1.47
date: 2017/05/08 14:53:27; author: millert; state: Exp; lines: +34 -21; commitid: sYfxfyUHAfarP8sE;
Fix exponential CPU use with repeated '*' operators by changing '*'
handling to be interative instead of recursive.
Fix by Yves Orton, ported to OpenBSD glob.c by Ray Lai. OK tb@
|
|
revision 1.46
date: 2015/12/28 22:08:18; author: mmcc; state: Exp; lines: +5 -9; commitid: 0uXuF2O13NH9q2e1;
Remove NULL-checks before free() and a few related dead assignments.
ok and valuable input from millert@
|
|
revision 1.44
date: 2015/09/14 16:09:13; author: tedu; state: Exp; lines: +3 -5; commitid: iWfSX2BIn0sLw62l;
remove null check before free. from Michael McConville
ok semarie
|
|
revision 1.43
date: 2015/06/13 16:57:04; author: deraadt; state: Exp; lines: +4 -4; commitid: zOUKuqWBdOPOz1SZ;
in glob() initialize the glob_t before the first failure check.
from j@pureftpd.org
ok millert stsp
|
|
revision 1.42
date: 2015/02/05 12:59:57; author: millert; state: Exp; lines: +2 -1; commitid: DTQbfd4poqBW8iSJ;
Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
|
|
revision 1.41
date: 2014/10/08 05:35:27; author: deraadt; state: Exp; lines: +3 -3; commitid: JwTGarRLHQKDgPh2;
obvious realloc -> reallocarray conversion
|
|
provider; spotted by dtucker@
OpenBSD-Commit-ID: bfe5fbd17e4ff95dd85b9212181652b54444192e
|
|
revision 1.40
date: 2013/09/30 12:02:34; author: millert; state: Exp; lines: +14 -15;
Use PATH_MAX, NAME_MAX and LOGIN_NAME_MAX not MAXPATHNAMELEN,
MAXNAMLEN or MAXLOGNAME where possible. OK deraadt@
|