| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
| |
to ssh-agent. ok jmc@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When signing messages in ssh-agent using a FIDO key that has an
application string that does not start with "ssh:", ensure that the
message being signed is one of the forms expected for the SSH protocol
(currently pubkey authentication and sshsig signatures).
This prevents ssh-agent forwarding on a host that has FIDO keys
attached granting the ability for the remote side to sign challenges
for web authentication using those keys too.
Note that the converse case of web browsers signing SSH challenges is
already precluded because no web RP can have the "ssh:" prefix in the
application string that we require.
ok markus@
|
| | |
|
| |
|
|
|
|
|
|
| |
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
| |
|
|
|
|
|
| |
This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".
ok djm@
|
| |
|
|
|
|
|
| |
malicious client from being able to cause agent to load arbitrary
libraries into ssh-sk-helper.
reported by puck AT puckipedia.com; ok markus
|
| |
|
|
|
|
|
|
|
|
|
| |
Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.
based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church
feedback and ok markus@
|
| |
|
|
|
|
| |
This wrapper blocks all other signals during the handler preventing
races between handlers, and sets SA_RESTART which should reduce the
potential for short read/write operations.
|
| |
|
|
|
|
|
|
|
| |
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*
requested by, feedback and ok markus@
|
| | |
|
| |
|
|
| |
ok djm
|
| | |
|
| |
|
|
|
|
| |
This avoid the need for a wpath pledge in ssh-agent.
reported by jmc@
|
| |
|
|
| |
agent. spotted by dtucker@
|
| |
|
|
| |
spotted by dtucker@
|
| |
|
|
| |
(default) build-in security key support.
|
| |
|
|
|
|
| |
against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for
Bluetooth, NFC and test/debugging.
|
| |
|
|
|
|
|
|
| |
- in ssh-agent we need to delay the call to shield
until we have received key specific options.
- when serializing xmss keys for shield we need to deal with
all optional components (e.g. state might not be loaded).
ok djm@
|
| |
|
|
|
|
|
| |
a signature operation. Notify the user when this is expected via
the TTY (if available) or $SSH_ASKPASS if we can.
ok markus@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.
Suggested by / ok markus@
|
| |
|
|
| |
feedback & ok markus@
|
| |
|
|
|
|
| |
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and
Rambleed. This change encrypts private keys when they are not in use
with a symmetic key that is derived from a relatively large "prekey"
consisting of random data (currently 16KB).
Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.
Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.
Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.
been in snaps for a bit already; thanks deraadt@
ok dtucker@ deraadt@
|
| |
|
|
|
| |
signature algorithm when requested. Patch from Jakub Jelen in bz3016
ok dtucker markus
|
| |
|
|
| |
Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
|
| |
|
|
|
| |
is too full to read one, or if the output buffer is too full to enqueue
a response; feedback & ok dtucker@
|
| | |
|
| |
|
|
|
|
|
| |
and stop accepting new connections when it is exceeded (with some
grace). Accept is resumed when enough connections are closed.
bz#2576. feedback deraadt; ok dtucker@
|
| |
|
|
| |
with codespell tool (https://github.com/lucasdemarchi/codespell)
|
| |
|
|
| |
connection; bz#2837, patch from Lukas Kuster
|
| |
|
|
|
|
|
| |
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
ok djm@
|
| |
|
|
|
|
|
|
|
|
| |
ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
|
| |
|
|
|
| |
just returning failure, making them consistent with the others that
were already like that.
|
| |
|
|
|
| |
shouldn't be fatal to the process, just the request. Reported by
Ron Frederick
|
| | |
|
| | |
|
| |
|
|
| |
remaining bit that it still used into ssh-rsa.c; ok markus
|
| |
|
|
| |
ok markus
|
| |
|
|
| |
ok markus@
|
| |
|
|
| |
ok markus@
|
| | |
|
| |
|
|
|
| |
unless they were specified by full physical pathname.
Report and fix from Jakub Jelen via bz#2682; ok dtucker@
|
| |
|
|
| |
directories.
|
| |
|
|
| |
ssh-pkcs11-helper) a PKCS#11 module; ok markus@
|
| |
|
|
|
| |
rather than pulling <sys/param.h> and unknown namespace pollution.
ok djm markus dtucker
|
| |
|
|
|
|
| |
sshbuf_dup_string() to replace a common idiom of
strdup(sshbuf_ptr()) with better safety checking;
feedback and ok markus@
|
| |
|
|
| |
deraadt@, something similar has been in the snaps for a while.
|
jmc
djm
dtucker
markus
jsg
naddy
deraadt
otto