summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* upstream: adapt to extra sshkey_sign() argument and additionaldjm@openbsd.org2019-11-013-8/+9
| | | | | | dependencies OpenBSD-Regress-ID: 7a25604968486c4d6f81d06e8fbc7d17519de50e
* upstream: skip security-key key types for tests until we have adjm@openbsd.org2019-11-0110-22/+22
| | | | | | dummy U2F middleware to use. OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95
* upstream: sort;jmc@openbsd.org2019-11-011-6/+6
| | | | OpenBSD-Commit-ID: 8264b0be01ec5a60602bd50fd49cc3c81162ea16
* upstream: undo debugging bits that shouldn't have been committeddjm@openbsd.org2019-11-011-0/+1
| | | | OpenBSD-Commit-ID: 4bd5551b306df55379afe17d841207990eb773bf
* dependDamien Miller2019-10-311-5/+8
|
* upstream: fix -Wshadow warningdjm@openbsd.org2019-10-311-2/+2
| | | | OpenBSD-Commit-ID: 3441eb04f872a00c2483c11a5f1570dfe775103c
* upstream: Refactor signing - use sshkey_sign for everything,djm@openbsd.org2019-10-3114-72/+82
| | | | | | | | | | | | | including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
* upstream: ssh-agent support for U2F/FIDO keysdjm@openbsd.org2019-10-316-32/+372
| | | | | | feedback & ok markus@ OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb
* upstream: ssh AddKeysToAgent support for U2F/FIDO keysdjm@openbsd.org2019-10-311-3/+5
| | | | | | feedback & ok markus@ OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91
* upstream: ssh-add support for U2F/FIDO keysdjm@openbsd.org2019-10-312-12/+38
| | | | OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644
* upstream: add new agent key constraint for U2F/FIDO providerdjm@openbsd.org2019-10-314-13/+28
| | | | | | feedback & ok markus@ OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
* upstream: ssh client support for U2F/FIDO keysdjm@openbsd.org2019-10-314-29/+120
| | | | OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc
* upstream: Separate myproposal.h userauth pubkey typesdjm@openbsd.org2019-10-312-4/+27
| | | | | | | | | U2F/FIDO keys are not supported for host authentication, so we need a separate list for user keys. feedback & ok markus@ OpenBSD-Commit-ID: 7fe2e6ab85f9f2338866e5af8ca2d312abbf0429
* upstream: ssh-keygen support for generating U2F/FIDO keysdjm@openbsd.org2019-10-311-6/+35
| | | | OpenBSD-Commit-ID: 6ce04f2b497ac9dd8c327f76f1e6c724fb1d1b37
* upstream: U2F/FIDO middleware interfacedjm@openbsd.org2019-10-314-1/+490
| | | | | | | | Supports enrolling (generating) keys and signatures. feedback & ok markus@ OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592
* upstream: Initial infrastructure for U2F/FIDO supportdjm@openbsd.org2019-10-315-29/+381
| | | | | | | | | Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
* upstream: Protocol documentation for U2F/FIDO keys in OpenSSHdjm@openbsd.org2019-10-311-0/+224
| | | | OpenBSD-Commit-ID: 8f3247317c2909870593aeb306dff848bc427915
* Missing unit test filesDamien Miller2019-10-312-0/+95
|
* Add implementation of localtime_r.Darren Tucker2019-10-293-0/+15
|
* upstream: Signal handler cleanup: remove leftover support fordtucker@openbsd.org2019-10-292-7/+2
| | | | | | | unreliable signals and now-unneeded save and restore of errno. ok deraadt@ markus@ OpenBSD-Commit-ID: 01dd8a1ebdd991c8629ba1f5237283341a93cd88
* upstream: fixes from lucas;jmc@openbsd.org2019-10-291-4/+5
| | | | OpenBSD-Commit-ID: 4c4bfd2806c5bbc753788ffe19c5ee13aaf418b2
* upstream: Import regenerated moduli file.dtucker@openbsd.org2019-10-291-0/+1
| | | | OpenBSD-Commit-ID: 58ec755be4e51978ecfee73539090eb68652a987
* Fix ifdefs to not mask needed bits.Darren Tucker2019-10-281-2/+1
|
* Only use RLIMIT_NOFILE if it's defined.Darren Tucker2019-10-281-0/+2
|
* Make sure we have struct statfs before using.Darren Tucker2019-10-282-3/+9
|
* Define UINT32_MAX if needed.Darren Tucker2019-10-282-0/+14
|
* Move utimensat definition into timespec section.Darren Tucker2019-10-281-10/+12
| | | | | Since utimensat uses struct timespec, move it to the section where we define struct timespec when needed.
* Wrap OpenSSL bits in WITH_OPENSSL.Darren Tucker2019-10-282-1/+4
|
* Wrap poll.h includes in HAVE_POLL_H.Darren Tucker2019-10-284-0/+8
|
* Add a function call stackprotector tests.Darren Tucker2019-10-241-4/+10
| | | | | | Including a function call in the test programs for the gcc stack protector flag tests exercises more of the compiler and makes it more likely it'll detect problems.
* Import regenerated moduli file.Darren Tucker2019-10-221-451/+405
|
* upstream: potential NULL dereference for revoked hostkeys; reporteddjm@openbsd.org2019-10-161-2/+2
| | | | | | by krishnaiah bommu OpenBSD-Commit-ID: 35ff685e7cc9dd2e3fe2e3dfcdcb9bc5c79f6506
* upstream: free buf before return; reported by krishnaiah bommudjm@openbsd.org2019-10-161-1/+2
| | | | OpenBSD-Commit-ID: 091bb23a6e913af5d4f72c50030b53ce1cef4de1
* upstream: memleak in error path; spotted by oss-fuzz, ok markus@djm@openbsd.org2019-10-141-9/+17
| | | | OpenBSD-Commit-ID: d6ed260cbbc297ab157ad63931802fb1ef7a4266
* Re-add SA_RESTART to mysignal.Darren Tucker2019-10-111-1/+6
| | | | | | | | This makes mysignal implement reliable BSD semantics according to Stevens' APUE. This was first attempted in 2001 but was reverted due to problems with HP-UX 10.20 and select() and possibly grantpt(). Modern systems should be fine with it, but if any current platforms have a problem with it now we can disable it just for those. ok djm@
* Fix ifdef typo for declaration of memmem.Darren Tucker2019-10-101-1/+1
| | | | Fixes build on IRIX. bz#3081.
* Update README.mdAbhishek Arya2019-10-091-0/+2
|
* add a fuzzer for private key parsingDamien Miller2019-10-092-1/+26
|
* prepare for 8.1 releaseV_8_1_P1Damien Miller2019-10-093-3/+3
|
* upstream: openssh-8.1djm@openbsd.org2019-10-091-2/+2
| | | | OpenBSD-Commit-ID: 3356bb34e2aa287f0e6d6773c9ae659dc680147d
* upstream: fix an unreachable integer overflow similar to the XMSSdjm@openbsd.org2019-10-091-4/+22
| | | | | | | | case, and some other NULL dereferences found by fuzzing. fix with and ok markus@ OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b
* upstream: fix integer overflow in XMSS private key parsing.djm@openbsd.org2019-10-091-2/+3
| | | | | | | | | | Reported by Adam Zabrocki via SecuriTeam's SSH program. Note that this code is experimental and not compiled by default. ok markus@ OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
* upstream: Correct type for end-of-list sentinel; fixes initializerdtucker@openbsd.org2019-10-091-2/+2
| | | | | | warnings on some platforms. ok deraadt. OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2
* upstream: reversed test yielded incorrect debug messagedjm@openbsd.org2019-10-091-2/+2
| | | | OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3
* dependDamien Miller2019-10-091-1/+1
|
* Make MAKE_CLONE no-op macro more correct.Darren Tucker2019-10-091-1/+2
| | | | | Similar to the previous change to DEF_WEAK, some compilers don't like the empty statement, so convert into a no-op function prototype.
* wrap stdint.h include in HAVE_STDINT_HDamien Miller2019-10-0912-12/+16
| | | | | | make the indenting a little more consistent too.. Fixes Solaris 2.6; reported by Tom G. Christensen
* avoid "return (value)" in void-declared functionDamien Miller2019-10-081-1/+1
| | | | spotted by Tim Rice; ok dtucker
* Make DEF_WEAK more likely to be correct.Darren Tucker2019-10-081-2/+3
| | | | | Completely nop-ing out DEF_WEAK leaves an empty statemment which some compilers don't like. Replace with a no-op function template. ok djm@
* upstream: Instead of running sed over the whole log to remove CRs,dtucker@openbsd.org2019-10-071-5/+3
| | | | | | | remove them only where it's needed (and confuses test(1) on at least OS X in portable). OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-31 23:00:48 +0100