summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/authfd.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* factor out common code in the agent clientdjm2021-01-261-24/+39
| | | | | | | | Add a ssh_request_reply_decode() function that sends a message to the agent, reads and parses a success/failure reply. Use it for all requests that only expect success/failure ok markus@
* whitespace; no code changedjm2020-10-291-2/+2
|
* Adapt XMSS to new logging infrastructure. With markus@, ok djm@.dtucker2020-10-191-2/+2
|
* constify a few things; ok dtucker (as part of another diff)djm2020-06-261-3/+3
|
* ssh_fetch_identitylist() returns the return value frommarkus2020-03-061-2/+2
| | | | | ssh_request_reply() so we should also check against != 0 ok djm
* change explicit_bzero();free() to freezero()jsg2020-02-261-5/+3
| | | | | | | | While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@
* Allow forwarding a different agent socket to the path specified bydjm2019-12-211-11/+25
| | | | | | | | $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. Patch by Eric Chiang, manpage by me; ok markus@
* stdarg.h required more broadly; ok djmderaadt2019-11-131-1/+2
|
* enable ed25519 support; ok djmmarkus2019-11-121-1/+3
|
* add new agent key constraint for U2F/FIDO providerdjm2019-10-311-6/+19
| | | | feedback & ok markus@
* authfd: add function to check if key is in agentdjm2019-09-031-1/+27
| | | | | | | This commit adds a helper function which allows the caller to check if a given public key is present in ssh-agent. work by Sebastian Kinne; ok markus@
* fix memleak in ssh_free_identitylist(); ok markus@djm2019-09-031-1/+3
|
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-3/+3
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Add protection for private keys at rest in RAM against speculationdjm2019-06-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@
* Request RSA-SHA2 signatures for rsa-sha2-{256|512}-cert-v01@openssh.comdjm2018-12-271-4/+6
| | | | cert algorithms; ok markus@
* don't attempt to connect to empty SSH_AUTH_SOCK; bz#293djm2018-11-301-2/+2
|
* replace cast with call to sshbuf_mutable_ptr(); ok djm@markus2018-07-091-2/+2
|
* Improve strictness and control over RSA-SHA2 signature types:djm2018-07-031-11/+13
| | | | | | | | | | | | | | | | | | | | | In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@
* lots of typos in comments/docs. Patch from Karsten Weiss after checkingdjm2018-04-101-2/+2
| | | | with codespell tool (https://github.com/lucasdemarchi/codespell)
* Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)markus2018-02-231-21/+18
| | | | | | | The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
* constify some private key-related functions; based ondjm2018-02-101-4/+4
| | | | https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault
* Drop compatibility hacks for some ancient SSH implementations, includingdjm2018-01-231-3/+1
| | | | | | | | | | ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
* remove post-SSHv1 removal dead code from rsa.c and merge thedjm2017-07-011-2/+1
| | | | remaining bit that it still used into ssh-rsa.c; ok markus
* Allow ssh-keygen to use a key held in ssh-agent as a CA when signingdjm2017-06-281-3/+3
| | | | certificates. bz#2377 ok markus
* more simplification and removal of SSHv1-related code; ok djm@naddy2017-05-051-33/+13
|
* since a couple of people have asked, leave a comment explaining why wedjm2017-05-041-1/+5
| | | | retain SSH v.1 support in the "delete all keys from agent" path.
* unifdef WITH_SSH1djm2017-04-301-122/+1
| | | | ok markus@
* implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)markus2015-12-041-2/+16
| | | | | based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
* Fix occurrences of "r = func() != 0" which result in the wrong errorjsg2015-09-021-2/+2
| | | | | | codes being returned due to != having higher precedence than =. ok deraadt@ markus@
* delete support for legacy v00 certificates; "sure" markus@ dtucker@djm2015-07-031-3/+1
|
* sigp and lenp are not optional in ssh_agent_sign(); ok djm@markus2015-03-261-7/+4
|
* unbreak ssh_agent_sign (lenp vs *lenp)markus2015-03-251-2/+2
|
* consistent check for NULL as noted by Nicholas Lemonias; ok djm@markus2015-03-241-2/+3
|
* move authfd.c and its tentacles to the new buffer/key API;djm2015-01-141-399/+441
| | | | ok markus@
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-5/+17
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* replace most bzero with explicit_bzero, except a few that cna be memsettedu2014-01-311-2/+2
| | | | ok djm dtucker
* allow deletion of ed25519 keys from the agentdjm2013-12-291-4/+2
|
* support ed25519 keys (hostkeys and user identities) using the public domainmarkus2013-12-061-1/+3
| | | | | ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
* move private key (de)serialization to key.c; ok djmmarkus2013-12-061-52/+3
|
* use calloc for all structure allocations; from markus@djm2013-11-081-2/+2
|
* bye, bye xfree(); ok markus@djm2013-05-171-5/+5
|
* bzero the agent address. the kernel was for a while very cranky abouttedu2011-07-061-1/+2
| | | | | these things. evne though that's fixed, always good to initialize memory. ok deraadt djm
* use FD_CLOEXEC consistently; patch from zion AT x96.orgdjm2011-05-151-2/+2
|
* Implement Elliptic Curve Cryptography modes for key exchange (ECDH) anddjm2010-08-311-2/+18
| | | | | | | | | | | | | | | | | host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with thedjm2010-04-161-1/+5
| | | | | | | | | | | | | | | | | | following changes: move the nonce field to the beginning of the certificate where it can better protect against chosen-prefix attacks on the signature hash Rename "constraints" field to "critical options" Add a new non-critical "extensions" field Add a serial number The older format is still support for authentication and cert generation (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) ok markus@
* Add support for certificate key types for users and hosts.djm2010-02-261-2/+22
| | | | | | | | | | | | | | | | | | | | | | | | OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
* Do not fall back to adding keys without contraints (ssh-add -c / -t ...)djm2009-08-271-7/+1
| | | | | | | | when the agent refuses the constrained add request. This was a useful migration measure back in 2002 when constraints were new, but just adds risk now. bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-4/+4
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.