summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Add protection for private keys at rest in RAM againstdjm@openbsd.org2019-06-2111-41/+324
| | | | | | | | | | | | | | | | | | | | | | | | | speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@ OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
* upstream: print the correct AuthorizedPrincipalsCommand rather thandjm@openbsd.org2019-06-211-3/+3
| | | | | | an uninitialised variable; spotted by dtucker@ OpenBSD-Commit-ID: 02802018784250f68202f01c8561de82e17b0638
* upstream: from tim: - for reput, it is remote-path which isjmc@openbsd.org2019-06-212-22/+30
| | | | | | | | | | | | | | | | | | | optional, not local-path - sync help from deraadt: - prefer -R and undocument -r (but add a comment for future editors) from schwarze: - prefer -p and undocument -P (as above. the comment was schwarze's too) more: - add the -f flag to reput and reget - sort help (i can;t remember who suggested this originally) djm and deraadt were ok with earlier versions of this; tim and schwarze ok OpenBSD-Commit-ID: 3c699b53b46111f5c57eed4533f132e7e58bacdd
* upstream: check for convtime() refusing to accept times thatdjm@openbsd.org2019-06-191-1/+3
| | | | | | resolve to LONG_MAX Reported by Kirk Wolf bz2977; ok dtucker OpenBSD-Regress-ID: 15c9fe87be1ec241d24707006a31123d3a3117e0
* upstream: Add unit tests for user@host and URI parsing.dtucker@openbsd.org2019-06-191-2/+2
| | | | OpenBSD-Regress-ID: 69d5b6f278e04ed32377046f7692c714c2d07a68
* upstream: Add tests for sshd -T -C with Match.dtucker@openbsd.org2019-06-191-3/+46
| | | | OpenBSD-Regress-ID: d4c34916fe20d717692f10ef50b5ae5a271c12c7
* Include stdio.h for vsnprintf.Darren Tucker2019-06-161-0/+1
| | | | Patch from mforney at mforney.org.
* upstream rev 1.27: fix integer overflow.Darren Tucker2019-06-141-2/+2
| | | | | | | Cast bitcount to u_in64_t before bit shifting to prevent integer overflow on 32bit platforms which cause incorrect results when adding a block >=512M in size. sha1 patch from ante84 at gmail.com via openssh github, sha2 with djm@, ok tedu@
* upstream rev 1.25: add DEF_WEAK.Darren Tucker2019-06-141-1/+6
| | | | | Wrap blowfish, sha*, md5, and rmd160 so that internal calls go direct ok deraadt@
* upstream rev 1.25: add sys/types.hDarren Tucker2019-06-141-2/+2
|
* upstream: Use explicit_bzero instead of memsetDarren Tucker2019-06-141-2/+2
| | | | in hash Final and End functions. OK deraadt@ djm@
* upstream: slightly more instructive error message when the userdjm@openbsd.org2019-06-141-3/+6
| | | | | | specifies multiple -J options on the commandline. bz3015 ok dtucker@ OpenBSD-Commit-ID: 181c15a65cac3b575819bc8d9a56212c3c748179
* upstream: process agent requests for RSA certificate private keys usingdjm@openbsd.org2019-06-141-1/+6
| | | | | | | correct signature algorithm when requested. Patch from Jakub Jelen in bz3016 ok dtucker markus OpenBSD-Commit-ID: 61f86efbeb4a1857a3e91298c1ccc6cf49b79624
* upstream: for public key authentication, check AuthorizedKeysFilesdjm@openbsd.org2019-06-141-11/+18
| | | | | | files before consulting AuthorizedKeysCommand; ok dtucker markus OpenBSD-Commit-ID: 13652998bea5cb93668999c39c3c48e8429db8b3
* upstream: if passed a bad fd, log what it wasdjm@openbsd.org2019-06-141-2/+2
| | | | OpenBSD-Commit-ID: 582e2bd05854e49365195b58989b68ac67f09140
* upstream: Hostname->HostName cleanup; from lauri tirkkonen okjmc@openbsd.org2019-06-147-22/+22
| | | | | | dtucker OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4
* upstream: deraadt noticed some inconsistency in the way we denotejmc@openbsd.org2019-06-142-10/+10
| | | | | | | | | the "Hostname" and "X11UseLocalhost" keywords; this makes things consistent (effectively reversing my commit of yesterday); ok deraadt markus djm OpenBSD-Commit-ID: 255c02adb29186ac91dcf47dfad7adb1b1e54667
* upstream: consistent lettering for "HostName" keyword; from laurijmc@openbsd.org2019-06-141-3/+3
| | | | | | tirkkonen OpenBSD-Commit-ID: 0c267a1257ed7482b13ef550837b6496e657d563
* Typo fixes in error messages.Darren Tucker2019-06-071-3/+3
| | | | | Patch from knweiss at gmail.com via github pull req #97 (portable- specific parts).
* upstream: Typo and spelling fixes in comments and error messages.dtucker@openbsd.org2019-06-074-9/+9
| | | | | | Patch from knweiss at gmail.com via -portable. OpenBSD-Commit-ID: 2577465442f761a39703762c4f87a8dfcb918b4b
* Include missed bits from previous sync.Darren Tucker2019-06-072-3/+2
|
* upstream: Check for user@host when parsing sftp target. Thisdtucker@openbsd.org2019-06-071-6/+11
| | | | | | | allows user@[1.2.3.4] to work without a path in addition to with one. bz#2999, ok djm@ OpenBSD-Commit-ID: d989217110932490ba8ce92127a9a6838878928b
* upstream: Replace calls to ssh_malloc_init() by a static init ofotto@openbsd.org2019-06-0712-31/+13
| | | | | | | malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@ OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
* upstream: fix ssh-keysign fd handling problem introduced in r1.304djm@openbsd.org2019-06-071-2/+2
| | | | | | caused by a typo (STDIN_FILENO vs STDERR_FILENO) OpenBSD-Commit-ID: 57a0b4be7bef23963afe24150e24bf014fdd9cb0
* upstream: Make the standard output messages of both methods oflum@openbsd.org2019-06-071-5/+16
| | | | | | | changing a key pair's comments (using -c and -C) more applicable to both methods. ok and suggestions djm@ dtucker@ OpenBSD-Commit-ID: b379338118109eb36e14a65bc0a12735205b3de6
* Always clean up before and after utimensat test.Darren Tucker2019-06-071-6/+13
|
* Update utimensat test.Darren Tucker2019-06-071-3/+17
| | | | | | | | | | | POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should update the symlink and not the destination. The compat code doesn't have a way to do this, so where possible it fails instead of following a symlink when explicitly asked not to. Instead of checking for an explicit failure, check that it does not update the destination, which both the real and compat implmentations should honour. Inspired by github pull req #125 from chutzpah at gentoo.org.
* Have pthread_create return errno on failure.Darren Tucker2019-06-071-3/+2
| | | | | | According to POSIX, pthread_create returns the failure reason in the non-zero function return code so make the fork wrapper do that. Matches previous change.
* pthread_create(3) returns positive values on failure.Elliott Hughes2019-06-071-2/+4
| | | | | Found by inspection after finding similar bugs in other code used by Android.
* allow s390 specific ioctl for ecc hardware supportHarald Freudenberger2019-06-051-0/+1
| | | | | | | | | | | | | | | | | | | Adding another s390 specific ioctl to be able to support ECC hardware acceleration to the sandbox seccomp filter rules. Now the ibmca openssl engine provides elliptic curve cryptography support with the help of libica and CCA crypto cards. This is done via jet another ioctl call to the zcrypt device driver and so there is a need to enable this on the openssl sandbox. Code is s390 specific and has been tested, verified and reviewed. Please note that I am also the originator of the previous changes in that area. I posted these changes to Eduardo and he forwarded the patches to the openssl community. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
* openssl-devel is obsoleted by libssl-develSorin Adrian Savu2019-06-051-1/+1
| | | | | openssl-devel is no longer installable via the cygwin setup and it's hidden by default, so you can't see the replacement very easy.
* upstream: tweak previous;jmc@openbsd.org2019-05-211-3/+4
| | | | OpenBSD-Commit-ID: 42f39f22f53cfcb913bce401ae0f1bb93e08dd6c
* upstream: embiggen format buffer size for certificate serial number sodjm@openbsd.org2019-05-201-2/+2
| | | | | | that it will fit a full 64 bit integer. bz#3012 from Manoel Domingues Junior OpenBSD-Commit-ID: a51f3013056d05b976e5af6b978dcb9e27bbc12b
* upstream: When signing certificates with an RSA key, default todjm@openbsd.org2019-05-202-3/+19
| | | | | | | | | | | | | using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH < 7.2 unless the default is overridden. Document the ability of the ssh-keygen -t flag to override the signature algorithm when signing certificates, and the new default. ok deraadt@ OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
* Add no-op implementation of pam_putenv.Darren Tucker2019-05-171-4/+8
| | | | | | Some platforms such as HP-UX do not have pam_putenv. Currently the calls are ifdef'ed out, but a new one was recently added. Remove the ifdefs and add a no-op implementation. bz#3008, ok djm.
* Use the correct macro for SSH_ALLOWED_CA_SIGALGS.Darren Tucker2019-05-171-1/+1
|
* Fix building w/out ECC.Darren Tucker2019-05-173-0/+32
| | | | | Ifdef out ECC specific code so that that it'll build against an OpenSSL configured w/out ECC. With & ok djm@
* Conditionalize ECDH methods in CA algos.Darren Tucker2019-05-171-3/+1
| | | | | When building against an OpenSSL configured without ECC, don't include those algos in CASignatureAlgorithms. ok djm@
* upstream: Move a variable declaration to the block where it's useddtucker@openbsd.org2019-05-171-3/+3
| | | | | | to make things a little tidier for -portable. OpenBSD-Commit-ID: 616379861be95619e5358768b7dee4793e2f3a75
* upstream: When doing the fork+exec'ing for ssh-keysign, rearrangederaadt@openbsd.org2019-05-171-7/+9
| | | | | | | the socket into fd3, so as to not mistakenly leak other fd forward accidentally. ok djm OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296
* upstream: Delete some .Sx macros that were used in a wrong way.schwarze@openbsd.org2019-05-172-10/+6
| | | | | | Part of a patch from Stephen Gregoratto <dev at sgregoratto dot me>. OpenBSD-Commit-ID: 15501ed13c595f135e7610b1a5d8345ccdb513b7
* upstream: For PermitOpen violations add the remote host and port toflorian@openbsd.org2019-05-171-3/+21
| | | | | | | | | | | | | | be able to find out from where the request was comming. Add the same logging for PermitListen violations which where not logged at all. Pointed out by Robert Kisteleki (robert AT ripe.net) input markus OK deraadt OpenBSD-Commit-ID: 8a7d0f1b7175504c0d1dca8d9aca1588b66448c8
* Add OpenSSL 1.1.1 to the supported list.Darren Tucker2019-05-151-6/+8
| | | | Clarify the language around prngd and egd.
* Fix typo in man page formatter selector.Darren Tucker2019-05-151-1/+1
|
* Use "doc" man page format if mandoc present.Darren Tucker2019-05-101-5/+5
| | | | | | | Previously configure would not select the "doc" man page format if mandoc was present but nroff was not. This checks for mandoc first and removes a now-superflous AC_PATH_PROG. Based on a patch from vehk at vehk.de and feedback from schwarze at usta.de.
* upstream: Use the correct (according to POSIX) format fordtucker@openbsd.org2019-05-081-3/+3
| | | | | | | left-justification in snmprintf. bz#3002, patch from velemas at gmail.com, ok markus@. OpenBSD-Commit-ID: 65d252b799be0cc8f68b6c47cece0a57bb00fea7
* upstream: Free channel objects on exit path. Patch from markus atdtucker@openbsd.org2019-05-081-4/+24
| | | | | | blueflash.cc, ok deraadt OpenBSD-Commit-ID: dbe4db381603909482211ffdd2b48abd72169117
* upstream: Free host on exit path. Patch from markus atdtucker@openbsd.org2019-05-081-1/+2
| | | | | | blueflash.cc, ok djm@ OpenBSD-Commit-ID: c54e9945d93c4ce28350d8b9fa8b71f744ef2b5a
* upstream: Wrap XMSS including in ifdef. Patch from markus atdtucker@openbsd.org2019-05-081-2/+4
| | | | | | blueflash.cc, ok djm OpenBSD-Commit-ID: e3b34fc35cf12d33bde91ac03633210a3bc0f8b5
* upstream: Import regenerated moduli.dtucker@openbsd.org2019-05-081-0/+1
| | | | OpenBSD-Commit-ID: db6375fc302e3bdf07d96430c63c991b2c2bd3ff
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 09:09:32 +0100