Commit Graph

252 Commits

Author SHA1 Message Date
djm@openbsd.org@openbsd.org
93c68a8f3d upstream commit
fix regression in 7.6: failure to parse a signature request
message shouldn't be fatal to the process, just the request. Reported by Ron
Frederick

OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05
2017-11-15 11:14:28 +11:00
djm@openbsd.org
9f0e44e1a0 upstream commit
g/c unused variable; make a little more portable

Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea
2017-07-24 14:49:07 +10:00
djm@openbsd.org
fd0e8fa5f8 upstream commit
switch from select() to poll() for the ssh-agent
mainloop; ok markus

Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448
2017-07-21 14:17:33 +10:00
djm@openbsd.org
83fa3a0448 upstream commit
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus

Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
2017-07-21 14:17:32 +10:00
djm@openbsd.org
f4a6a88ddb upstream commit
flense SSHv1 support from ssh-agent, considerably
simplifying it

ok markus

Upstream-ID: 71d772cdcefcb29f76e01252e8361e6fc2dfc365
2017-05-01 10:05:07 +10:00
djm@openbsd.org
873d3e7d9a upstream commit
remove KEY_RSA1

ok markus@

Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
2017-05-01 10:05:01 +10:00
djm@openbsd.org
56912dea6e upstream commit
unifdef WITH_SSH1 ok markus@

Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
2017-05-01 09:37:40 +10:00
deraadt@openbsd.org
1a321bfdb9 upstream commit
accidents happen to the best of us; ok djm

Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
2017-03-15 15:04:14 +11:00
djm@openbsd.org
25f837646b upstream commit
fix regression in 7.4: deletion of PKCS#11-hosted keys
would fail unless they were specified by full physical pathname. Report and
fix from Jakub Jelen via bz#2682; ok dtucker@

Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
2017-03-15 13:34:20 +11:00
djm@openbsd.org
b108ce92aa upstream commit
relax PKCS#11 whitelist a bit to allow libexec as well as
lib directories.

Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702
2017-01-04 13:23:04 +11:00
djm@openbsd.org
786d5994da upstream commit
add a whitelist of paths from which ssh-agent will load
(via ssh-pkcs11-helper) a PKCS#11 module; ok markus@

Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f
2016-11-30 19:44:24 +11:00
deraadt@openbsd.org
9136ec134c upstream commit
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker

Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2016-09-12 13:46:29 +10:00
Darren Tucker
0fb7f59853 Move prctl PR_SET_DUMPABLE into platform.c.
This should make it easier to add additional platform support such as
Solaris (bz#2584).
2016-06-09 16:23:07 +10:00
djm@openbsd.org
1a31d02b24 upstream commit
fix signed/unsigned errors reported by clang-3.7; add
 sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
 better safety checking; feedback and ok markus@

Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
2016-05-02 20:35:04 +10:00
dtucker@openbsd.org
ffb1e7e896 upstream commit
Add a function to enable security-related malloc_options.
  With and ok deraadt@, something similar has been in the snaps for a while.

Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
2016-02-16 10:44:00 +11:00
Damien Miller
4626cbaf78 Support Illumos/Solaris fine-grained privileges
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.

ok dtucker@
2016-01-08 14:29:12 +11:00
doug@openbsd.org
43849a47c5 upstream commit
Add "id" to ssh-agent pledge for subprocess support.

Found the hard way by Jan Johansson when using ssh-agent with X.  Also,
rearranged proc/exec and retval to match other pledge calls in the tree.

ok djm@

Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db
2015-12-18 14:50:49 +11:00
dtucker@openbsd.org
79394ed6d7 upstream commit
fflush stdout so that output is seen even when running in
 debug mode when output may otherwise not be flushed.  Patch from dustin at
 null-ptr.net.

Upstream-ID: b0c6b4cd2cdb01d7e9eefbffdc522e35b5bc4acc
2015-12-18 14:49:32 +11:00
djm@openbsd.org
39736be06c upstream commit
correct error messages; from Tomas Kuthan bz#2507

Upstream-ID: 7454a0affeab772398052954c79300aa82077093
2015-12-11 13:23:14 +11:00
markus@openbsd.org
76c9fbbe35 upstream commit
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
 (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
 draft-ssh-ext-info-04.txt; with & ok djm@

Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
2015-12-07 12:38:58 +11:00
doug@openbsd.org
bcce47466b upstream commit
Add "cpath" to the ssh-agent pledge so the cleanup
 handler can unlink().

ok djm@

Upstream-ID: 9e632991d48241d56db645602d381253a3d8c29d
2015-12-04 15:14:59 +11:00
djm@openbsd.org
a90d001543 upstream commit
ssh-agent pledge needs proc for askpass; spotted by todd@

Upstream-ID: 349aa261b29cc0e7de47ef56167769c432630b2a
2015-12-04 15:14:58 +11:00
djm@openbsd.org
d952162b3c upstream commit
basic pledge() for ssh-agent, more refinement needed

Upstream-ID: 5b5b03c88162fce549e45e1b6dd833f20bbb5e13
2015-12-04 15:14:58 +11:00
markus@openbsd.org
c355bf306a upstream commit
no need to include the old buffer/key API

Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b
2015-07-15 15:37:16 +10:00
Damien Miller
e97201feca conditionalise util.h inclusion 2015-05-21 17:55:15 +10:00
dtucker@openbsd.org
9173d0fbe4 upstream commit
Use a salted hash of the lock passphrase instead of plain
 text and do constant-time comparisons of it. Should prevent leaking any
 information about it via timing, pointed out by Ryan Castellucci.  Add a 0.1s
 incrementing delay for each failed unlock attempt up to 10s.  ok markus@
 (earlier version), djm@

Upstream-ID: c599fcc325aa1cc65496b25220b622d22208c85f
2015-05-21 14:58:29 +10:00
jmc@openbsd.org
b7ca276fca upstream commit
combine -Dd onto one line and update usage();
2015-04-29 18:15:38 +10:00
djm@openbsd.org
2ea974630d upstream commit
add ssh-agent -D to leave ssh-agent in foreground
 without enabling debug mode; bz#2381 ok dtucker@
2015-04-29 18:15:38 +10:00
deraadt@openbsd.org
657a5fbc0d upstream commit
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
2015-04-29 18:15:23 +10:00
djm@openbsd.org
2f04af92f0 upstream commit
make ssh-add -D work with !SSH1 agent
2015-03-05 10:27:22 +11:00
Damien Miller
6c2039286f fix merge both that broke --without-ssh1 compile 2015-03-03 13:48:48 -08:00
djm@openbsd.org
111dfb2254 upstream commit
add SSH1 Makefile knob to make it easier to build without
 SSH1 support; ok markus@
2015-03-04 08:24:11 +11:00
djm@openbsd.org
9ce86c926d upstream commit
update to new API (key_fingerprint => sshkey_fingerprint)
 check sshkey_fingerprint return values; ok markus
2015-01-29 10:18:56 +11:00
deraadt@openbsd.org
2ae4f337b2 upstream commit
Replace <sys/param.h> with <limits.h> and other less
 dirty headers where possible.  Annotate <sys/param.h> lines with their
 current reasons.  Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
 LOGIN_NAME_MAX, etc.  Change MIN() and MAX() to local definitions of
 MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
 These are the files confirmed through binary verification. ok guenther,
 millert, doug (helped with the verification protocol)
2015-01-16 18:24:48 +11:00
djm@openbsd.org
0088c57af3 upstream commit
fix small regression: ssh-agent would return a success
 message but an empty signature if asked to sign using an unknown key; ok
 markus@
2015-01-15 21:37:33 +11:00
Damien Miller
b03ebe2c22 more --without-openssl
fix some regressions caused by upstream merges

enable KRLs now that they no longer require BIGNUMs
2015-01-15 03:08:58 +11:00
markus@openbsd.org
139ca81866 upstream commit
switch to sshbuf/sshkey; with & ok djm@
2015-01-15 02:22:17 +11:00
jmc@openbsd.org
a5375ccb97 upstream commit
tweak previous;
2014-12-22 13:16:58 +11:00
djm@openbsd.org
56d1c83cdd upstream commit
Add FingerprintHash option to control algorithm used for
 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
 base64.

Feedback and ok naddy@ markus@
2014-12-22 09:32:29 +11:00
krw@openbsd.org
335c83d5f3 upstream commit
Nuke more obvious #include duplications.

ok deraadt@ millert@ tedu@
2014-11-24 10:15:04 +11:00
Damien Miller
f497794b69 - dtucker@cvs.openbsd.org 2014/07/25 21:22:03
[ssh-agent.c]
     Clear buffer used for handling messages.  This prevents keys being
     left in memory after they have been expired or deleted in some cases
     (but note that ssh-agent is setgid so you would still need root to
     access them).  Pointed out by Kevin Burns, ok deraadt
2014-07-30 12:32:46 +10:00
Damien Miller
ab2ec586ba - djm@cvs.openbsd.org 2014/07/18 02:46:01
[ssh-agent.c]
     restore umask around listener socket creation (dropped in streamlocal patch
     merge)
2014-07-18 15:04:47 +10:00
Damien Miller
7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
2014-07-18 14:11:24 +10:00
Damien Miller
b1e967c8d7 - djm@cvs.openbsd.org 2014/07/03 03:11:03
[ssh-agent.c]
     Only cleanup agent socket in the main agent process and not in any
     subprocesses it may have started (e.g. forked askpass). Fixes
     agent sockets being zapped when askpass processes fatal();
     bz#2236 patch from Dmitry V. Levin
2014-07-03 21:22:40 +10:00
Damien Miller
8668706d0f - djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
2014-07-02 15:28:02 +10:00
Damien Miller
1f0311c7c7 - markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
     [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
     [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
     make compiling against OpenSSL optional (make OPENSSL=no);
     reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
     allows us to explore further options; with and ok djm
2014-05-15 14:24:09 +10:00
Damien Miller
f0858de6e1 - deraadt@cvs.openbsd.org 2014/03/15 17:28:26
[ssh-agent.c ssh-keygen.1 ssh-keygen.c]
     Improve usage() and documentation towards the standard form.
     In particular, this line saves a lot of man page reading time.
       usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
                         [-N new_passphrase] [-C comment] [-f output_keyfile]
     ok schwarze jmc
2014-04-20 13:01:30 +10:00
Damien Miller
a5103f413b - djm@cvs.openbsd.org 2014/02/02 03:44:32
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
     [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
     [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
     [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
     [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c]
     convert memset of potentially-private data to explicit_bzero()
2014-02-04 11:20:14 +11:00
Damien Miller
4a1c7aa640 - markus@cvs.openbsd.org 2014/01/27 19:18:54
[auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c]
     replace openssl MD5 with our ssh_digest_*; ok djm@
2014-02-04 11:03:36 +11:00
Damien Miller
0b36c83148 - djm@cvs.openbsd.org 2013/12/19 01:19:41
[ssh-agent.c]
     bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
     that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
     ok dtucker
2013-12-29 17:45:51 +11:00