Commit Graph

32 Commits

Author SHA1 Message Date
Darren Tucker
888c459925 Remove some whitespace not in upstream.
Reduces diff vs OpenBSD by a small amount.
2021-07-03 20:32:46 +10:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
markus@openbsd.org
e26a31757c upstream: remove unused variables in ssh-pkcs11-helper; ok djm
OpenBSD-Commit-ID: 13e572846d0d1b28f1251ddd2165e9cf18135ae1
2020-03-13 13:18:31 +11:00
djm@openbsd.org
89a8d4525e upstream: expose PKCS#11 key labels/X.509 subjects as comments
Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.

based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church

feedback and ok markus@

OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
2020-01-25 11:35:55 +11:00
Darren Tucker
6fc7e1c6fe Wrap poll.h includes in HAVE_POLL_H. 2019-10-28 16:27:53 +11:00
djm@openbsd.org
670104b923 upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06 17:54:21 +10:00
djm@openbsd.org
be02d7cbde upstream: lots of things were relying on libcrypto headers to
transitively include various system headers (mostly stdlib.h); include them
explicitly

OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
2019-09-06 17:54:21 +10:00
otto@openbsd.org
0323d9b619 upstream: Replace calls to ssh_malloc_init() by a static init of
malloc_options. Prepares for changes in the way malloc is initialized.  ok
guenther@ dtucker@

OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
2019-06-08 00:25:42 +10:00
Darren Tucker
97370f6c2c Fix building w/out ECC.
Ifdef out ECC specific code so that that it'll build against an OpenSSL
configured w/out ECC.  With & ok djm@
2019-05-17 10:54:51 +10:00
dtucker@openbsd.org
5c8d14c512 upstream: Move a variable declaration to the block where it's used
to make things a little tidier for -portable.

OpenBSD-Commit-ID: 616379861be95619e5358768b7dee4793e2f3a75
2019-05-17 10:07:43 +10:00
djm@openbsd.org
2c223878e5 upstream: switch mainloop from select(2) to poll(2); ok deraadt@
OpenBSD-Commit-ID: 37645419a330037d297f6f0adc3b3663e7ae7b2e
2019-01-23 13:02:50 +11:00
djm@openbsd.org
c7670b091a upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up
debug verbosity.

Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
in debug mode ("ssh-agent -d"), so we get to see errors from the
PKCS#11 code.

ok markus@

OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
2019-01-21 23:56:52 +11:00
djm@openbsd.org
93f02107f4 upstream: add support for ECDSA keys in PKCS#11 tokens
Work by markus@ and Pedro Martelletto, feedback and ok me@

OpenBSD-Commit-ID: a37d651e221341376636056512bddfc16efb4424
2019-01-21 10:54:37 +11:00
markus@openbsd.org
b0d34132b3 upstream commit
switch ssh-pkcs11-helper to new API; ok djm@

OpenBSD-Commit-ID: e0c0ed2a568e25b1d2024f3e630f3fea837c2a42
2018-01-23 16:31:55 +11:00
markus@openbsd.org
54d90ace1d upstream commit
switch from Key typedef with struct sshkey; ok djm@

Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
2017-05-31 10:47:31 +10:00
dtucker@openbsd.org
ffb1e7e896 upstream commit
Add a function to enable security-related malloc_options.
  With and ok deraadt@, something similar has been in the snaps for a while.

Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
2016-02-16 10:44:00 +11:00
deraadt@openbsd.org
ce445b0ed9 upstream commit
Do not cast result of malloc/calloc/realloc* if stdlib.h
 is in scope ok krw millert

Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
2015-08-21 13:43:25 +10:00
deraadt@openbsd.org
087266ec33 upstream commit
Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus
2015-01-26 23:58:53 +11:00
djm@openbsd.org
48b68ce19c upstream commit
explicitly include sys/param.h in files that use the
 howmany() macro; from portable
2014-12-11 19:20:29 +11:00
Damien Miller
8668706d0f - djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
2014-07-02 15:28:02 +10:00
Damien Miller
f1e44ea9d9 - djm@cvs.openbsd.org 2013/12/02 02:56:17
[ssh-pkcs11-helper.c]
     use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
2013-12-05 10:23:21 +11:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Darren Tucker
64c6fceecd - dtucker@cvs.openbsd.org 2013/05/10 10:13:50
[ssh-pkcs11-helper.c]
     remove unused extern optarg.  ok markus@
2013-05-16 20:27:14 +10:00
Darren Tucker
4908d44e67 - dtucker@cvs.openbsd.org 2012/07/02 12:13:26
[ssh-pkcs11-helper.c sftp-client.c]
     fix a couple of "assigned but not used" warnings.  ok markus@
2012-07-02 22:15:38 +10:00
Damien Miller
f22019bdbf - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
   [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
   [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
   [regress/README.regress] Remove ssh-rand-helper and all its
   tentacles. PRNGd seeding has been rolled into entropy.c directly.
   Thanks to tim@ for testing on affected platforms.
2011-05-05 13:48:37 +10:00
Damien Miller
47f9a4106a - (djm) [ssh-pkcs11-helper.c] Move #ifdef to after #defines to fix
compilation failure when !HAVE_DLOPEN. Reported by felix-mindrot
   AT fefe.de
2010-03-14 08:37:49 +11:00
Tim Rice
bff24b8ad2 - (tim) [ssh-pkcs11-helper.c] Move declarations before calling functions
to make older compilers (gcc 2.95) happy.
2010-02-28 14:51:56 -08:00
Damien Miller
09a24db2d7 - (djm) [ssh-pkcs11-helper.c ] Ensure RNG is initialised and seeded 2010-02-28 03:28:05 +11:00
Damien Miller
05abd2c968 - (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]
[ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable
2010-02-24 17:16:08 +11:00
Damien Miller
dfa4156dbd - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]
Use ssh_get_progname to fill __progname
2010-02-12 10:06:28 +11:00
Damien Miller
8ad0fbd98e - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]
Make it compile on OSX
2010-02-12 09:49:06 +11:00
Damien Miller
7ea845e48d - markus@cvs.openbsd.org 2010/02/08 10:50:20
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
     replace our obsolete smartcard code with PKCS#11.
        ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
     ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
     provider (shared library) while ssh-agent(1) delegates PKCS#11 to
     a forked a ssh-pkcs11-helper process.
     PKCS#11 is currently a compile time option.
     feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
2010-02-12 09:21:02 +11:00