RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,019 Commits 69 Branches 157 Tags 25 MiB
Commit Graph

10019 Commits

Author SHA1 Message Date
Darren Tucker 1e0b248d47 Put sshsk_sign call inside ifdef ENABLE_SK. 
Fixes build against OpenSSL configured without ECC.
 2019-11-14 16:08:17 +11:00
Darren Tucker 546274a6f8 Remove duplicate __NR_clock_nanosleep 2019-11-13 23:27:31 +11:00
Darren Tucker b1c82f4b8a seccomp: Allow clock_nanosleep() in sandbox. 
seccomp: Allow clock_nanosleep() to make OpenSSH working with latest
glibc.  Patch from Jakub Jelen <jjelen@redhat.com> via bz #3093.
 2019-11-13 23:19:35 +11:00
Darren Tucker 2b523d2380 Include stdarg.h for va_list in xmalloc.h. 2019-11-13 11:56:56 +11:00
Darren Tucker 245dcbdca5 Put headers inside ifdef _AIX. 
Prevents compile errors due to missing definitions (eg va_list) on
non-AIX platforms.
 2019-11-13 11:19:26 +11:00
Darren Tucker a4cc579c6a Fix comment in match_usergroup_pattern_list. 
Spotted by balu.gajjala@gmail.com via bz#3092.
 2019-11-13 10:42:46 +11:00
djm@openbsd.org fccff339ca upstream: allow an empty attestation certificate returned by a 
security key enrollment - these are possible for tokens that only offer self-
attestation. This also needs support from the middleware.

ok markus@

OpenBSD-Commit-ID: 135eeeb937088ef6830a25ca0bbe678dfd2c57cc
 2019-11-13 10:15:47 +11:00
djm@openbsd.org e44bb61824 upstream: security keys typically need to be tapped/touched in 
order to perform a signature operation. Notify the user when this is expected
via the TTY (if available) or $SSH_ASKPASS if we can.

ok markus@

OpenBSD-Commit-ID: 0ef90a99a85d4a2a07217a58efb4df8444818609
 2019-11-13 10:15:47 +11:00
djm@openbsd.org 4671211068 upstream: pass SSH_ASKPASS_PROMPT hint to y/n key confirm too 
OpenBSD-Commit-ID: 08d46712e5e5f1bad0aea68e7717b7bec1ab8959
 2019-11-13 10:15:46 +11:00
djm@openbsd.org 5d1c1590d7 upstream: dd API for performing one-shot notifications via tty or 
SSH_ASKPASS

OpenBSD-Commit-ID: 9484aea33aff5b62ce3642bf259546c7639f23f3
 2019-11-13 10:15:46 +11:00
djm@openbsd.org 166927fd41 upstream: add xvasprintf() 
OpenBSD-Commit-ID: e5e3671c05c121993b034db935bce1a7aa372247
 2019-11-13 10:15:46 +11:00
Darren Tucker 782093ec6c Remove leftover if statement from sync. 2019-11-13 09:08:55 +11:00
markus@openbsd.org b556cc3cbf upstream: remove extra layer for ed25519 signature; ok djm@ 
OpenBSD-Commit-ID: 7672d9d0278b4bf656a12d3aab0c0bfe92a8ae47
 2019-11-13 08:54:09 +11:00
markus@openbsd.org 3fcf69ace1 upstream: check sig_r and sig_s for ssh-sk keys; ok djm 
OpenBSD-Commit-ID: 1a1e6a85b5f465d447a3800f739e35c5b74e0abc
 2019-11-13 08:54:09 +11:00
markus@openbsd.org 2c55744a56 upstream: enable ed25519 support; ok djm 
OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
 2019-11-13 08:54:09 +11:00
markus@openbsd.org fd1a3b5e38 upstream: update sk-api to version 2 for ed25519 support; ok djm 
OpenBSD-Commit-ID: 77aa4d5b6ab17987d8a600907b49573940a0044a
 2019-11-13 08:49:59 +11:00
markus@openbsd.org 7c32b51edb upstream: implement sshsk_ed25519_assemble(); ok djm 
OpenBSD-Commit-ID: af9ec838b9bc643786310b5caefc4ca4754e68c6
 2019-11-13 08:49:52 +11:00
markus@openbsd.org fe05a36dc0 upstream: implement sshsk_ed25519_inner_sig(); ok djm 
OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910
 2019-11-13 08:49:52 +11:00
markus@openbsd.org e03a29e655 upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm 
OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19
 2019-11-13 08:49:52 +11:00
markus@openbsd.org bc7b5d6187 upstream: factor out sshsk_ecdsa_inner_sig(); ok djm@ 
OpenBSD-Commit-ID: 07e41997b542f670a15d7e2807143fe01efef584
 2019-11-13 08:48:48 +11:00
markus@openbsd.org cef84a062d upstream: factor out sshsk_ecdsa_assemble(); ok djm@ 
OpenBSD-Commit-ID: 2313761a3a84ccfe032874d638d3c363e0f14026
 2019-11-13 08:48:48 +11:00
markus@openbsd.org 7c096c456f upstream: implement ssh-ed25519-sk verification; ok djm@ 
OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6
 2019-11-13 08:48:48 +11:00
Damien Miller ba5fb02bed ignore ssh-sk-helper 2019-11-13 08:48:30 +11:00
deraadt@openbsd.org 78c9649894 upstream: skip demanding -fstack-protector-all on hppa. we never 
wrote a stack protector for reverse-stack architectures, and i don't think
anyone else did either. a warning per compiled file is just annoying.

OpenBSD-Commit-ID: 14806a59353152f843eb349e618abbf6f4dd3ada
 2019-11-13 08:47:31 +11:00
djm@openbsd.org aa1c9e3778 upstream: duplicate 'x' character in getopt(3) optstring 
OpenBSD-Commit-ID: 64c81caa0cb5798de3621eca16b7dd22e5d0d8a7
 2019-11-11 14:25:46 +11:00
naddy@openbsd.org aa4c640dc3 upstream: Fill in missing man page bits for U2F security key support: 
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's
SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable,
and ssh-keygen's new -w and -x options.

Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal
substitutions.

ok djm@

OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
 2019-11-08 14:09:32 +11:00
Darren Tucker b236b27d6d Put sftp-realpath in libssh.a 
and remove it from the specific binary targets.
 2019-11-03 00:10:43 +11:00
Darren Tucker 382c18c20c statfs might be defined in sys/mount.h. 
eg on old NetBSDs.
 2019-11-03 00:09:21 +11:00
Darren Tucker 03ffc0951c Put stdint.h inside ifdef HAVE_STDINT_H. 2019-11-02 23:25:01 +11:00
Darren Tucker 19cb64c4b4 Rebuild .depend. 2019-11-02 22:46:22 +11:00
Darren Tucker 3611bfe89b Define __BSD_VISIBLE in fnmatch.h. 
.. since we use symbols defined only when it is when using the compat
fnmatch.
 2019-11-02 22:46:22 +11:00
Darren Tucker f5cc5816aa Only enable U2F if OpenSSL supports ECC. 
This requires moving the U2F bits to below the OpenSSL parts so we have
the required information.  ok djm@
 2019-11-02 16:39:38 +11:00
naddy@openbsd.org ad38406fc9 upstream: fix miscellaneous text problems; ok djm@ 
OpenBSD-Commit-ID: 0cbf411a14d8fa0b269b69cbb1b4fc0ca699fe9f
 2019-11-02 11:12:50 +11:00
Darren Tucker 9cac151c2d Add flags needed to build and work on Ultrix. 2019-11-01 18:27:37 +11:00
Darren Tucker 0e3c5bc509 Hook up fnmatch for platforms that don't have it. 2019-11-01 18:27:37 +11:00
Darren Tucker b56dbfd9d9 Add missing bracket in realpath macro. 2019-11-01 18:27:37 +11:00
Darren Tucker 59ccb56f15 Import fnmatch.c from OpenBSD. 2019-11-01 18:27:37 +11:00
Darren Tucker 79d46de9fb Use sftp_realpath if no native realpath. 2019-11-01 18:27:37 +11:00
Darren Tucker bb4f003ed8 Configure flags for haiku from haikuports. 
Should build with the default flags with ./configure
 2019-11-01 15:06:16 +11:00
djm@openbsd.org 4332b4fe49 upstream: fix a race condition in the SIGCHILD handler that could turn 
in to a kill(-1); bz3084, reported by Gao Rui, ok dtucker@

OpenBSD-Commit-ID: ac2742e04a69d4c34223505b6a32f6d686e18896
 2019-11-01 14:56:38 +11:00
Damien Miller 03f9205f0f conditionalise SK sign/verify on ENABLE_SK 
Spotted by Darren and his faux-Vax
 2019-11-01 14:49:55 +11:00
Darren Tucker 5eb7b9563f Add prototype for localtime_r if needed. 2019-11-01 14:41:07 +11:00
Darren Tucker d500b59a82 Check if IP_TOS is defined before using. 2019-11-01 13:42:52 +11:00
Damien Miller 764d51e044 autoconf pieces for U2F support 
Mostly following existing logic for PKCS#11 - turning off support
when either libcrypto or dlopen(3) are unavailable.
 2019-11-01 13:35:34 +11:00
djm@openbsd.org 45f17a159a upstream: remove duplicate PUBKEY_DEFAULT_PK_ALG on !WITH_OPENSSL path 
OpenBSD-Commit-ID: 95a7cafad2a4665d57cabacc28031fabc0bea9fc
 2019-11-01 13:33:44 +11:00
djm@openbsd.org db8d13f792 upstream: more additional source files 
OpenBSD-Regress-ID: 8eaa25fb901594aee23b76eda99dca5b8db94c6f
 2019-11-01 13:10:52 +11:00
djm@openbsd.org f89c5df65d upstream: additional source files here too 
OpenBSD-Regress-ID: 8809f8e1c8f7459e7096ab6b58d8e56cb2f483fd
 2019-11-01 13:10:09 +11:00
djm@openbsd.org 02275afa1e upstream: additional source files here too 
OpenBSD-Regress-ID: 09297e484327f911fd353489518cceaa0c1b95ce
 2019-11-01 13:10:09 +11:00
djm@openbsd.org dfc8f01b98 upstream: adapt to extra sshkey_sign() argument and additional 
dependencies

OpenBSD-Regress-ID: 7a25604968486c4d6f81d06e8fbc7d17519de50e
 2019-11-01 13:10:09 +11:00
djm@openbsd.org afa59e26ee upstream: skip security-key key types for tests until we have a 
dummy U2F middleware to use.

OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95
 2019-11-01 13:10:09 +11:00