summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-11-01upstream: Initial infrastructure for U2F/FIDO supportdjm@openbsd.org
Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
2019-11-01upstream: Protocol documentation for U2F/FIDO keys in OpenSSHdjm@openbsd.org
OpenBSD-Commit-ID: 8f3247317c2909870593aeb306dff848bc427915
2019-11-01Missing unit test filesDamien Miller
2019-10-29Add implementation of localtime_r.Darren Tucker
2019-10-29upstream: Signal handler cleanup: remove leftover support fordtucker@openbsd.org
unreliable signals and now-unneeded save and restore of errno. ok deraadt@ markus@ OpenBSD-Commit-ID: 01dd8a1ebdd991c8629ba1f5237283341a93cd88
2019-10-29upstream: fixes from lucas;jmc@openbsd.org
OpenBSD-Commit-ID: 4c4bfd2806c5bbc753788ffe19c5ee13aaf418b2
2019-10-29upstream: Import regenerated moduli file.dtucker@openbsd.org
OpenBSD-Commit-ID: 58ec755be4e51978ecfee73539090eb68652a987
2019-10-28Fix ifdefs to not mask needed bits.Darren Tucker
2019-10-28Only use RLIMIT_NOFILE if it's defined.Darren Tucker
2019-10-28Make sure we have struct statfs before using.Darren Tucker
2019-10-28Define UINT32_MAX if needed.Darren Tucker
2019-10-28Move utimensat definition into timespec section.Darren Tucker
Since utimensat uses struct timespec, move it to the section where we define struct timespec when needed.
2019-10-28Wrap OpenSSL bits in WITH_OPENSSL.Darren Tucker
2019-10-28Wrap poll.h includes in HAVE_POLL_H.Darren Tucker
2019-10-24Add a function call stackprotector tests.Darren Tucker
Including a function call in the test programs for the gcc stack protector flag tests exercises more of the compiler and makes it more likely it'll detect problems.
2019-10-22Import regenerated moduli file.Darren Tucker
2019-10-16upstream: potential NULL dereference for revoked hostkeys; reporteddjm@openbsd.org
by krishnaiah bommu OpenBSD-Commit-ID: 35ff685e7cc9dd2e3fe2e3dfcdcb9bc5c79f6506
2019-10-16upstream: free buf before return; reported by krishnaiah bommudjm@openbsd.org
OpenBSD-Commit-ID: 091bb23a6e913af5d4f72c50030b53ce1cef4de1
2019-10-14upstream: memleak in error path; spotted by oss-fuzz, ok markus@djm@openbsd.org
OpenBSD-Commit-ID: d6ed260cbbc297ab157ad63931802fb1ef7a4266
2019-10-11Re-add SA_RESTART to mysignal.Darren Tucker
This makes mysignal implement reliable BSD semantics according to Stevens' APUE. This was first attempted in 2001 but was reverted due to problems with HP-UX 10.20 and select() and possibly grantpt(). Modern systems should be fine with it, but if any current platforms have a problem with it now we can disable it just for those. ok djm@
2019-10-10Fix ifdef typo for declaration of memmem.Darren Tucker
Fixes build on IRIX. bz#3081.
2019-10-09Update README.mdAbhishek Arya
2019-10-09add a fuzzer for private key parsingDamien Miller
2019-10-09prepare for 8.1 releaseDamien Miller
2019-10-09upstream: openssh-8.1djm@openbsd.org
OpenBSD-Commit-ID: 3356bb34e2aa287f0e6d6773c9ae659dc680147d
2019-10-09upstream: fix an unreachable integer overflow similar to the XMSSdjm@openbsd.org
case, and some other NULL dereferences found by fuzzing. fix with and ok markus@ OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b
2019-10-09upstream: fix integer overflow in XMSS private key parsing.djm@openbsd.org
Reported by Adam Zabrocki via SecuriTeam's SSH program. Note that this code is experimental and not compiled by default. ok markus@ OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
2019-10-09upstream: Correct type for end-of-list sentinel; fixes initializerdtucker@openbsd.org
warnings on some platforms. ok deraadt. OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2
2019-10-09upstream: reversed test yielded incorrect debug messagedjm@openbsd.org
OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3
2019-10-09dependDamien Miller
2019-10-09Make MAKE_CLONE no-op macro more correct.Darren Tucker
Similar to the previous change to DEF_WEAK, some compilers don't like the empty statement, so convert into a no-op function prototype.
2019-10-09wrap stdint.h include in HAVE_STDINT_HDamien Miller
make the indenting a little more consistent too.. Fixes Solaris 2.6; reported by Tom G. Christensen
2019-10-08avoid "return (value)" in void-declared functionDamien Miller
spotted by Tim Rice; ok dtucker
2019-10-08Make DEF_WEAK more likely to be correct.Darren Tucker
Completely nop-ing out DEF_WEAK leaves an empty statemment which some compilers don't like. Replace with a no-op function template. ok djm@
2019-10-07upstream: Instead of running sed over the whole log to remove CRs,dtucker@openbsd.org
remove them only where it's needed (and confuses test(1) on at least OS X in portable). OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0
2019-10-05Enable specific ioctl call for EP11 crypto card (s390)Eduardo Barretto
The EP11 crypto card needs to make an ioctl call, which receives an specific argument. This crypto card is for s390 only. Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
2019-10-04upstream: fix memory leak in error path; bz#3074 patch fromdjm@openbsd.org
krishnaiah.bommu@intel.com, ok dtucker OpenBSD-Commit-ID: d031853f3ecf47b35a0669588f4d9d8e3b307b3c
2019-10-04upstream: spacedjm@openbsd.org
OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac
2019-10-04upstream: more sshsig regress tests: check key revocation, thedjm@openbsd.org
check-novalidate signature test mode and signing keys in ssh-agent. From Sebastian Kinne (slightly tweaked) OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2
2019-10-04upstream: Check for gmtime failure in moduli generation. Based ondtucker@openbsd.org
patch from krishnaiah.bommu@intel.com, ok djm@ OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa
2019-10-04upstream: use a more common options order in SYNOPSIS and syncjmc@openbsd.org
usage(); while here, no need for Bk/Ek; ok dtucker OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90
2019-10-02upstream: thinko in previous; spotted by Mantasdjm@openbsd.org
=?UTF-8?q?=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d
2019-10-02upstream: make signature format match PROTOCOdjm@openbsd.org
=?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?= =?UTF-8?q?s=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f
2019-10-02upstream: ban empty namespace strings for sdjm@openbsd.org
=?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698
2019-10-02Put ssherr.h back as it's actually needed.Darren Tucker
2019-10-02Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.Lonnie Abelbeck
New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
2019-10-02remove duplicate #includesDamien Miller
Prompted by Jakub Jelen
2019-10-02typo in commentDamien Miller
2019-10-02upstream: remove some duplicate #includesdjm@openbsd.org
OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
2019-10-01upstream: revert unconditional forced login implemented in r1.41 ofdjm@openbsd.org
ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the token returns no objects and this is less disruptive for users of tokens directly in ssh (rather than via ssh-agent) and in ssh-keygen bz3006, patch from Jakub Jelen; ok markus OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e