[Bug 2319] [PATCH REVIEW] U2F authentication

2016-01-18 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2319

mm...@e-motz.com changed:

   What|Removed |Added

 CC||mm...@e-motz.com

--- Comment #17 from mm...@e-motz.com ---
A couple of things to mention here, the patch has failed in two
different files, which I manually patched,

patching file readconf.c
Hunk #1 succeeded at 150 (offset 1 line).
Hunk #2 succeeded at 199 (offset 1 line).
Hunk #3 succeeded at 927 (offset 29 lines).
Hunk #4 succeeded at 1673 (offset 52 lines).
Hunk #5 FAILED at 1851.
Hunk #6 succeeded at 2345 (offset 55 lines).
1 out of 6 hunks FAILED -- saving rejects to file readconf.c.rej

readconf.c.rej:
--- readconf.c
+++ readconf.c
@@ -1851,6 +1869,10 @@ fill_default_options(Options * options)
options->tun_remote = SSH_TUNID_ANY;
if (options->permit_local_command == -1)
options->permit_local_command = 0;
+   if (options->u2f_authentication == -1)
+   options->u2f_authentication = 1;
+   if (options->u2f_mode == NULL)
+   options->u2f_mode = strdup("authentication");
if (options->use_roaming == -1)
options->use_roaming = 1;
if (options->visual_host_key == -1)





patching file sshkey.c
Hunk #3 FAILED at 117.
Hunk #4 succeeded at 515 (offset -3 lines).
Hunk #5 succeeded at 797 (offset -3 lines).
Hunk #6 succeeded at 1276 (offset -4 lines).
Hunk #7 succeeded at 2016 (offset -3 lines).
Hunk #8 succeeded at 2158 (offset -3 lines).
Hunk #9 succeeded at 2212 (offset -3 lines).
1 out of 9 hunks FAILED -- saving rejects to file sshkey.c.rej

sshkey.c.rej:
--- sshkey.c
+++ sshkey.c
@@ -117,6 +122,7 @@ static const struct keytype keytypes[] = {
 #  endif /* OPENSSL_HAS_NISTP521 */
 # endif /* OPENSSL_HAS_ECC */
 #endif /* WITH_OPENSSL */
+   { "ssh-u2f", "U2F", KEY_U2F, 0, 0 },
{ NULL, NULL, -1, -1, 0 }
 };



 and while trying to make openssh the following errors are produced and
am unable to solve

qr@vpn:~/openssh $ make
(cd openbsd-compat && make)
make[1]: Entering directory '/home/qr/openssh/openbsd-compat'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/qr/openssh/openbsd-compat'
gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign
-Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv
-fno-builtin-memset -fstack-protector-strong -fPIE  -I. -I. 
-I/usr/local/include/u2f-host  -DSSHDIR=\"/usr/local/etc\"
-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
-D_PATH_SSH_PIDDIR=\"/var/run\"
-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshkey.c
-o sshkey.o
sshkey.c:65:17: fatal error: u2f.h: No such file or directory
 #include "u2f.h"
 ^
compilation terminated.
Makefile:155: recipe for target 'sshkey.o' failed
make: *** [sshkey.o] Error 1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2319] [PATCH REVIEW] U2F authentication

2016-01-18 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2319

Adam Goode  changed:

   What|Removed |Added

 CC|a...@spicenitz.org  |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2527] New: default algorithms mismatch between man pages and myproposal.h

2016-01-18 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2527

Bug ID: 2527
   Summary: default algorithms mismatch between man pages and
myproposal.h
   Product: Portable OpenSSH
   Version: 7.1p1
  Hardware: All
OS: All
Status: NEW
  Severity: major
  Priority: P5
 Component: Documentation
  Assignee: unassigned-b...@mindrot.org
  Reporter: i...@f2light.com

DEFAULT ALGORITHMs in man pages of ssh_config(5) and sshd_config(5)
differ with what openssh actually take.

NOTE: the following diff-style sections have the last algorithm ends
with ",". It's only for getting pretty diff result.

KEX_SERVER_MAC: sshd_config(5) didn't tell me hmac-sha1-...@openssh.com
and hman-sha1 is taken by default.

  --- DOCUMENT_SERVER_MAC
  +++ CODE_SERVER_MAC

   umac-64-...@openssh.com,
   umac-128-...@openssh.com,
   hmac-sha2-256-...@openssh.com,
   hmac-sha2-512-...@openssh.com,
  +hmac-sha1-...@openssh.com,
   umac...@openssh.com,
   umac-...@openssh.com,
   hmac-sha2-256,
   hmac-sha2-512,
  +hmac-sha1,

KEX_CLIENT_ENCRYPT: rijndael-...@lysator.liu.se is missing in
ssh_config(5).

  --- DOCUMENT_CLIENT_ENCRYPT
  +++ CODE_CLIENT_ENCRYPT

   chacha20-poly1...@openssh.com,
   aes128-ctr,
   aes192-ctr,
   aes256-ctr,
   aes128-...@openssh.com,
   aes256-...@openssh.com,
   arcfour256,
   arcfour128,
   aes128-cbc,
   3des-cbc,
   blowfish-cbc,
   cast128-cbc,
   aes192-cbc,
   aes256-cbc,
   arcfour,
  +rijndael-...@lysator.liu.se,

KEX_CLIENT_MAC: hmac-sha1 series has higher priority than them in
ssh_config(5), and hmac-ripemd...@openssh.com is removed. (Probably
it's just an alias to hmac-ripemd160?)

  --- DOCUMENT_CLIENT_MAC
  +++ CODE_CLIENT_MAC

   umac-64-...@openssh.com,
   umac-128-...@openssh.com,
   hmac-sha2-256-...@openssh.com,
   hmac-sha2-512-...@openssh.com,
   +hmac-sha1-...@openssh.com,
   umac...@openssh.com,
   umac-...@openssh.com,
   hmac-sha2-256,
   hmac-sha2-512,
   +hmac-sha1,
   hmac-md5-...@openssh.com,
   -hmac-sha1-...@openssh.com,
   hmac-ripemd160-...@openssh.com,
   hmac-sha1-96-...@openssh.com,
   hmac-md5-96-...@openssh.com,
   hmac-md5,
   -hmac-sha1,
   hmac-ripemd160,
   -hmac-ripemd...@openssh.com,
   hmac-sha1-96,
   hmac-md5-96,

P.S.: KEX_SERVER_KEX, KEX_CLIENT_KEX, KEX_DEFAULT_PK_ALG,
KEX_SERVER_ENCRYPT are correct.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 1773] PKCS#11 authentication fails with "xmalloc: zero size" for some certificates.

2016-01-18 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=1773

--- Comment #9 from Sergey Ivanov  ---
Any updates on status of this patch?
Will it be included in next release?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs