| Age | Commit message (Collapse) | Author |
|---|
|
some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.
OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
|
|
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
and Rambleed. This change encrypts private keys when they are not in use with
a symmetic key that is derived from a relatively large "prekey" consisting of
random data (currently 16KB).
Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.
Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.
Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.
been in snaps for a bit already; thanks deraadt@
ok dtucker@ deraadt@
OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
|
|
correct signature algorithm when requested. Patch from Jakub Jelen in bz3016
ok dtucker markus
OpenBSD-Commit-ID: 61f86efbeb4a1857a3e91298c1ccc6cf49b79624
|
|
malloc_options. Prepares for changes in the way malloc is initialized. ok
guenther@ dtucker@
OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
|
|
input buffer is too full to read one, or if the output buffer is too full to
enqueue a response; feedback & ok dtucker@
OpenBSD-Commit-ID: df3c5b6d57c968975875de40d8955cbfed05a6c8
|
|
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.
Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().
Prompted by patch from Rosen Penev
|
|
Colin Watson
OpenBSD-Commit-ID: bff614c7bd1f4ca491a84e9b5999f848d0d66758
|
|
fd rlimit and stop accepting new connections when it is exceeded (with some
grace). Accept is resumed when enough connections are closed.
bz#2576. feedback deraadt; ok dtucker@
OpenBSD-Commit-ID: 6a85d9cec7b85741961e7116a49f8dae777911ea
|
|
after checking with codespell tool
(https://github.com/lucasdemarchi/codespell)
OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
|
|
fail to accept a connection; bz#2837, patch from Lukas Kuster
OpenBSD-Commit-ID: 52413f5069179bebf30d38f524afe1a2133c738f
|
|
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@
OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
|
|
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
|
|
downgrade a couple more request parsing errors from
process-fatal to just returning failure, making them consistent with the
others that were already like that.
OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918
|
|
fix regression in 7.6: failure to parse a signature request
message shouldn't be fatal to the process, just the request. Reported by Ron
Frederick
OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05
|
|
g/c unused variable; make a little more portable
Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea
|
|
switch from select() to poll() for the ssh-agent
mainloop; ok markus
Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448
|
|
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus
Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
|
|
flense SSHv1 support from ssh-agent, considerably
simplifying it
ok markus
Upstream-ID: 71d772cdcefcb29f76e01252e8361e6fc2dfc365
|
|
remove KEY_RSA1
ok markus@
Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
|
|
unifdef WITH_SSH1 ok markus@
Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
|
|
accidents happen to the best of us; ok djm
Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
|
|
fix regression in 7.4: deletion of PKCS#11-hosted keys
would fail unless they were specified by full physical pathname. Report and
fix from Jakub Jelen via bz#2682; ok dtucker@
Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
|
|
relax PKCS#11 whitelist a bit to allow libexec as well as
lib directories.
Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702
|
|
add a whitelist of paths from which ssh-agent will load
(via ssh-pkcs11-helper) a PKCS#11 module; ok markus@
Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f
|
|
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker
Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
|
|
This should make it easier to add additional platform support such as
Solaris (bz#2584).
|
|
fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
better safety checking; feedback and ok markus@
Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
|
|
Add a function to enable security-related malloc_options.
With and ok deraadt@, something similar has been in the snaps for a while.
Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
|
|
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.
ok dtucker@
|
|
Add "id" to ssh-agent pledge for subprocess support.
Found the hard way by Jan Johansson when using ssh-agent with X. Also,
rearranged proc/exec and retval to match other pledge calls in the tree.
ok djm@
Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db
|
|
fflush stdout so that output is seen even when running in
debug mode when output may otherwise not be flushed. Patch from dustin at
null-ptr.net.
Upstream-ID: b0c6b4cd2cdb01d7e9eefbffdc522e35b5bc4acc
|
|
correct error messages; from Tomas Kuthan bz#2507
Upstream-ID: 7454a0affeab772398052954c79300aa82077093
|
|
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@
Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
|
|
Add "cpath" to the ssh-agent pledge so the cleanup
handler can unlink().
ok djm@
Upstream-ID: 9e632991d48241d56db645602d381253a3d8c29d
|
|
ssh-agent pledge needs proc for askpass; spotted by todd@
Upstream-ID: 349aa261b29cc0e7de47ef56167769c432630b2a
|
|
basic pledge() for ssh-agent, more refinement needed
Upstream-ID: 5b5b03c88162fce549e45e1b6dd833f20bbb5e13
|
|
no need to include the old buffer/key API
Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b
|
|
|
|
Use a salted hash of the lock passphrase instead of plain
text and do constant-time comparisons of it. Should prevent leaking any
information about it via timing, pointed out by Ryan Castellucci. Add a 0.1s
incrementing delay for each failed unlock attempt up to 10s. ok markus@
(earlier version), djm@
Upstream-ID: c599fcc325aa1cc65496b25220b622d22208c85f
|
|
combine -Dd onto one line and update usage();
|
|
add ssh-agent -D to leave ssh-agent in foreground
without enabling debug mode; bz#2381 ok dtucker@
|
|
rename xrealloc() to xreallocarray() since it follows
that form. ok djm
|
|
make ssh-add -D work with !SSH1 agent
|
|
|
|
add SSH1 Makefile knob to make it easier to build without
SSH1 support; ok markus@
|
|
update to new API (key_fingerprint => sshkey_fingerprint)
check sshkey_fingerprint return values; ok markus
|
|
Replace <sys/param.h> with <limits.h> and other less
dirty headers where possible. Annotate <sys/param.h> lines with their
current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of
MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
These are the files confirmed through binary verification. ok guenther,
millert, doug (helped with the verification protocol)
|
|
fix small regression: ssh-agent would return a success
message but an empty signature if asked to sign using an unknown key; ok
markus@
|
|
fix some regressions caused by upstream merges
enable KRLs now that they no longer require BIGNUMs
|
|
switch to sshbuf/sshkey; with & ok djm@
|
