upstream: support PKCS8 as an optional format for storage of
private keys, enabled via "ssh-keygen -m PKCS8" on operations that save
private keys to disk.
The OpenSSH native key format remains the default, but PKCS8 is a
superior format to PEM if interoperability with non-OpenSSH software
is required, as it may use a less terrible KDF (IIRC PEM uses a single
round of MD5 as a KDF).
adapted from patch by Jakub Jelen via bz3013; ok markus
Damien Miller [Mon, 8 Jul 2019 03:38:39 +0000 (13:38 +1000)]
remove realpath() compat replacement
We shipped a BSD implementation of realpath() because sftp-server
depended on its behaviour.
OpenBSD is now moving to a more strictly POSIX-compliant realpath(2),
so sftp-server now unconditionally requires its own BSD-style realpath
implementation. As such, there is no need to carry another independant
implementation in openbsd-compat.
Darren Tucker [Sat, 6 Jul 2019 02:00:41 +0000 (12:00 +1000)]
Add missing bracket in EGD seeding code.
When configured --with-prngd-socket the code had a missing bracket after
an API change. Fix that and a couple of warnings. bz#3032 , from
ole.weidner at protonmail.ch
upstream: Adapt the PuTTY/Conch tests to new key names.
A recent regress change (2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 in
portable) broke the PuTTY and Twisted Conch interop tests, because the
key they want to use is now called ssh-rsa rather than rsa. Adapt the
tests to the new file names. bz#3020, patch from cjwatson at debian.org.
upstream: Add a sleep to allow forwards to come up.
Currently when the multiplex client requests a forward it returns
once the request has been sent but not necessarily when the forward
is up. This causes intermittent text failures due to this race,
so add some sleeps to mitigate this until we can fix it properly.
Darren Tucker [Fri, 5 Jul 2019 03:21:45 +0000 (13:21 +1000)]
Do not fatal on failed lookup of group "tty".
Some platforms (eg AIX and Cygwin) do not have a "tty" group. In those
cases we will fall back to making the tty device the user's primary
group, so do not fatal if the group lookup fails. ok djm@
upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.
upstream: asprintf returns -1, not an arbitrary value < 0. Also
upon error the (very sloppy specification) leaves an undefined value in *ret,
so it is wrong to inspect it, the error condition is enough. discussed a
little with nicm, and then much more with millert until we were exasperated
djm@openbsd.org [Fri, 21 Jun 2019 04:21:04 +0000 (04:21 +0000)]
upstream: Add protection for private keys at rest in RAM against
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
and Rambleed. This change encrypts private keys when they are not in use with
a symmetic key that is derived from a relatively large "prekey" consisting of
random data (currently 16KB).
Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.
Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.
Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.
Darren Tucker [Fri, 7 Jun 2019 23:07:04 +0000 (09:07 +1000)]
upstream rev 1.27: fix integer overflow.
Cast bitcount to u_in64_t before bit shifting to prevent integer overflow
on 32bit platforms which cause incorrect results when adding a block
>=512M in size. sha1 patch from ante84 at gmail.com via openssh github,
sha2 with djm@, ok tedu@
Darren Tucker [Fri, 7 Jun 2019 13:47:37 +0000 (23:47 +1000)]
Update utimensat test.
POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should
update the symlink and not the destination. The compat code doesn't
have a way to do this, so where possible it fails instead of following a
symlink when explicitly asked not to. Instead of checking for an explicit
failure, check that it does not update the destination, which both the
real and compat implmentations should honour.
Inspired by github pull req #125 from chutzpah at gentoo.org.
Darren Tucker [Fri, 7 Jun 2019 04:26:54 +0000 (14:26 +1000)]
Have pthread_create return errno on failure.
According to POSIX, pthread_create returns the failure reason in
the non-zero function return code so make the fork wrapper do that.
Matches previous change.
allow s390 specific ioctl for ecc hardware support
Adding another s390 specific ioctl to be able to support ECC hardware
acceleration to the sandbox seccomp filter rules.
Now the ibmca openssl engine provides elliptic curve cryptography
support with the help of libica and CCA crypto cards. This is done via
jet another ioctl call to the zcrypt device driver and so there is a
need to enable this on the openssl sandbox.
Code is s390 specific and has been tested, verified and reviewed.
Please note that I am also the originator of the previous changes in
that area. I posted these changes to Eduardo and he forwarded the
patches to the openssl community.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
djm@openbsd.org [Mon, 20 May 2019 00:20:35 +0000 (00:20 +0000)]
upstream: When signing certificates with an RSA key, default to
using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
will therefore be incompatible with OpenSSH < 7.2 unless the default is
overridden.
Document the ability of the ssh-keygen -t flag to override the
signature algorithm when signing certificates, and the new default.
Darren Tucker [Fri, 17 May 2019 03:14:12 +0000 (13:14 +1000)]
Add no-op implementation of pam_putenv.
Some platforms such as HP-UX do not have pam_putenv. Currently the
calls are ifdef'ed out, but a new one was recently added. Remove the
ifdefs and add a no-op implementation. bz#3008, ok djm.
Darren Tucker [Fri, 10 May 2019 05:04:42 +0000 (15:04 +1000)]
Use "doc" man page format if mandoc present.
Previously configure would not select the "doc" man page format if
mandoc was present but nroff was not. This checks for mandoc first
and removes a now-superflous AC_PATH_PROG. Based on a patch from
vehk at vehk.de and feedback from schwarze at usta.de.
projects / thirdparty / openssh-portable.git / log
