Commit Graph

166 Commits

Author SHA1 Message Date
dtucker@openbsd.org
264a966216 upstream: Ensure that the key lifetime provided fits within the
values allowed by the wire format (u32). Prevents integer wraparound of the
timeout values. bz#3119, ok markus@ djm@

OpenBSD-Commit-ID: 8afe6038b5cdfcf63360788f012a7ad81acc46a2
2020-02-18 20:23:25 +11:00
naddy@openbsd.org
a47f6a6c0e upstream: Replace "security key" with "authenticator" in program
messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".

ok djm@

OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
2020-02-07 09:52:59 +11:00
djm@openbsd.org
99aa803555 upstream: factor out reading/writing sshbufs to dedicated
functions; feedback and ok markus@

OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d
2020-01-26 10:18:42 +11:00
naddy@openbsd.org
e8c06c4ee7 upstream: Document loading of resident keys from a FIDO
authenticator.

* Rename -O to -K to keep "-O option" available.
* Document -K.
* Trim usage() message down to synopsis, like all other commands.

ok markus@

OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
2020-01-21 18:09:09 +11:00
djm@openbsd.org
c312ca077c upstream: Extends the SK API to accept a set of key/value options
for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to change
the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
2020-01-06 13:12:46 +11:00
djm@openbsd.org
79fe22d9bc upstream: implement loading resident keys in ssh-add
"ssh-add -O" will load resident keys from a FIDO2 token and add them
to a ssh-agent.

feedback and ok markus@

OpenBSD-Commit-ID: 608104ae957a7d65cb84e0a3a26c8f60e0df3290
2019-12-30 20:58:19 +11:00
djm@openbsd.org
b7e74ea072 upstream: Add new structure for signature options
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.

with and ok markus@

OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
2019-11-25 12:23:33 +11:00
naddy@openbsd.org
189550f5bc upstream: additional missing stdarg.h includes when built without
WITH_OPENSSL; ok djm@

OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b
2019-11-20 09:27:29 +11:00
djm@openbsd.org
6bff9521ab upstream: directly support U2F/FIDO2 security keys in OpenSSH by
linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
and test/debugging.

OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
2019-11-15 09:57:30 +11:00
markus@openbsd.org
2c55744a56 upstream: enable ed25519 support; ok djm
OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
2019-11-13 08:54:09 +11:00
djm@openbsd.org
486164d060 upstream: ssh-add support for U2F/FIDO keys
OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644
2019-11-01 09:46:09 +11:00
djm@openbsd.org
b9dd14d309 upstream: add new agent key constraint for U2F/FIDO provider
feedback & ok markus@

OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
2019-11-01 09:46:09 +11:00
djm@openbsd.org
670104b923 upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06 17:54:21 +10:00
deraadt@openbsd.org
4d28fa78ab upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0.  errno is only updated in this case.  Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-07-05 11:10:39 +10:00
otto@openbsd.org
0323d9b619 upstream: Replace calls to ssh_malloc_init() by a static init of
malloc_options. Prepares for changes in the way malloc is initialized.  ok
guenther@ dtucker@

OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
2019-06-08 00:25:42 +10:00
djm@openbsd.org
c7670b091a upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up
debug verbosity.

Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
in debug mode ("ssh-agent -d"), so we get to see errors from the
PKCS#11 code.

ok markus@

OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
2019-01-21 23:56:52 +11:00
djm@openbsd.org
aa22c20e0c upstream: add option to test whether keys in an agent are usable,
by performing a signature and a verification using each key "ssh-add -T
pubkey [...]"

work by markus@, ok djm@

OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b
2019-01-21 10:46:04 +11:00
Damien Miller
42c5ec4b97 refactor libcrypto initialisation
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().

Prompted by patch from Rosen Penev
2018-11-23 10:42:05 +11:00
djm@openbsd.org
f80e68ea7d upstream: Make "ssh-add -q" do what it says on the tin: silence
output from successful operations.

Based on patch from Thijs van Dijk; ok dtucker@ deraadt@

OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1
2018-09-20 14:00:11 +10:00
markus@openbsd.org
1b11ea7c58 upstream: Add experimental support for PQC XMSS keys (Extended
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@

OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
2018-02-26 11:40:41 +11:00
dlg@openbsd.org
530591a579 upstream commit
add a -q option to ssh-add to make it quiet on success.

if you want to silence ssh-add without this you generally redirect
the output to /dev/null, but that can hide error output which you
should see.

ok djm@

Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c
2017-09-04 09:38:57 +10:00
djm@openbsd.org
83fa3a0448 upstream commit
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus

Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
2017-07-21 14:17:32 +10:00
markus@openbsd.org
7da5df11ac upstream commit
remove unused wrapper functions from key.[ch]; ok djm@

Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e
2017-05-31 10:49:50 +10:00
naddy@openbsd.org
3e371bd212 upstream commit
more simplification and removal of SSHv1-related code;
ok djm@

Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55
2017-05-08 09:18:27 +10:00
djm@openbsd.org
744bde79c3 upstream commit
since a couple of people have asked, leave a comment
explaining why we retain SSH v.1 support in the "delete all keys from agent"
path.

Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4
2017-05-08 09:18:27 +10:00
djm@openbsd.org
56912dea6e upstream commit
unifdef WITH_SSH1 ok markus@

Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
2017-05-01 09:37:40 +10:00
dtucker@openbsd.org
ffb1e7e896 upstream commit
Add a function to enable security-related malloc_options.
  With and ok deraadt@, something similar has been in the snaps for a while.

Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
2016-02-16 10:44:00 +11:00
mmcc@openbsd.org
89540b6de0 upstream commit
Remove NULL-checks before sshkey_free().

ok djm@

Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
2015-12-18 14:49:32 +11:00
djm@openbsd.org
b1d38a3cc6 upstream commit
fix some signed/unsigned integer type mismatches in
 format strings; reported by Nicholas Lemonias

Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
2015-10-16 10:54:08 +11:00
tim@openbsd.org
3c019a936b upstream commit
- Fix error message: passphrase needs to be at least 5
 characters, not 4. - Remove unused function argument. - Remove two
 unnecessary variables.

OK djm@

Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
2015-09-16 17:52:09 +10:00
tim@openbsd.org
2681cdb6e0 upstream commit
When adding keys to the agent, don't ignore the comment
 of keys for which the user is prompted for a passphrase.

Tweak and OK djm@

Upstream-ID: dc737c620a5a8d282cc4f66e3b9b624e9abefbec
2015-09-16 17:52:08 +10:00
djm@openbsd.org
c28fc62d78 upstream commit
delete support for legacy v00 certificates; "sure"
 markus@ dtucker@

Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
2015-07-15 15:35:09 +10:00
naddy@openbsd.org
1b0ef38132 upstream commit
don't try to load .ssh/identity by default if SSH1 is
 disabled; ok markus@
2015-03-27 12:02:34 +11:00
markus@openbsd.org
47842f71e3 upstream commit
ignore v1 errors on ssh-add -D; only try v2 keys on
 -l/-L (unless WITH_SSH1) ok djm@
2015-03-27 12:02:16 +11:00
halex@openbsd.org
1797f49b1b upstream commit
make "ssh-add -d" properly remove a corresponding
 certificate, and also not whine and fail if there is none

ok djm@
2015-02-22 09:04:58 +11:00
halex@openbsd.org
5d34aa9493 upstream commit
slightly extend the passphrase prompt if running with -c
 in order to give the user a chance to notice if unintentionally running
 without it

wording tweak and ok djm@
2015-02-05 07:42:59 +11:00
djm@openbsd.org
9ce86c926d upstream commit
update to new API (key_fingerprint => sshkey_fingerprint)
 check sshkey_fingerprint return values; ok markus
2015-01-29 10:18:56 +11:00
deraadt@openbsd.org
2ae4f337b2 upstream commit
Replace <sys/param.h> with <limits.h> and other less
 dirty headers where possible.  Annotate <sys/param.h> lines with their
 current reasons.  Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
 LOGIN_NAME_MAX, etc.  Change MIN() and MAX() to local definitions of
 MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
 These are the files confirmed through binary verification. ok guenther,
 millert, doug (helped with the verification protocol)
2015-01-16 18:24:48 +11:00
djm@openbsd.org
141efe4954 upstream commit
move authfd.c and its tentacles to the new buffer/key
 API; ok markus@
2015-01-15 21:37:34 +11:00
Damien Miller
72ef7c148c support --without-openssl at configure time
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.
2015-01-15 02:28:36 +11:00
djm@openbsd.org
56d1c83cdd upstream commit
Add FingerprintHash option to control algorithm used for
 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
 base64.

Feedback and ok naddy@ markus@
2014-12-22 09:32:29 +11:00
millert@openbsd.org
db995f2eed upstream commit
Prefer setvbuf() to setlinebuf() for portability; ok
 deraadt@
2014-12-05 09:28:50 +11:00
Damien Miller
1d0df3249c - OpenBSD CVS Sync
- benno@cvs.openbsd.org 2014/07/09 14:15:56
     [ssh-add.c]
     fix ssh-add crash while loading more than one key
     ok markus@
2014-07-11 09:19:04 +10:00
Damien Miller
d7ca2cd31e - djm@cvs.openbsd.org 2014/07/03 03:15:01
[ssh-add.c]
     make stdout line-buffered; saves partial output getting lost when
     ssh-add fatal()s part-way through (e.g. when listing keys from an
     agent that supports key types that ssh-add doesn't);
     bz#2234, reported by Phil Pennock
2014-07-03 21:23:01 +10:00
Damien Miller
ec3d0e24a1 - markus@cvs.openbsd.org 2014/06/27 18:50:39
[ssh-add.c]
     fix loading of private keys
2014-07-02 15:30:00 +10:00
Damien Miller
8668706d0f - djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
2014-07-02 15:28:02 +10:00
Damien Miller
a5103f413b - djm@cvs.openbsd.org 2014/02/02 03:44:32
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
     [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
     [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
     [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
     [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c]
     convert memset of potentially-private data to explicit_bzero()
2014-02-04 11:20:14 +11:00
Damien Miller
ef275ead3d - djm@cvs.openbsd.org 2013/12/19 00:10:30
[ssh-add.c]
     skip requesting smartcard PIN when removing keys from agent; bz#2187
     patch from jay AT slushpupie.com; ok dtucker
2013-12-29 17:44:07 +11:00
Damien Miller
059321d19a - pascal@cvs.openbsd.org 2013/12/15 18:17:26
[ssh-add.c]
     Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page.
     ok markus@
2013-12-18 17:49:48 +11:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00