summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/authfile.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* In sshkey_in_file(), ignore keys that are considered for being toodjm2018-09-211-4/+10
| | | | | | | | short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered to be "in the file". This allows key revocation lists to contain short keys without the entire revocation list being considered invalid. bz#2897; ok dtucker
* replace cast with call to sshbuf_mutable_ptr(); ok djm@markus2018-07-091-2/+2
|
* switch config file parsing to getline(3) as this avoids static limitsmarkus2018-06-061-11/+11
| | | | noted by gerhard@; ok dtucker@, djm@
* Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)markus2018-02-231-1/+7
| | | | | | | The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
* remove post-SSHv1 removal dead code from rsa.c and merge thedjm2017-07-011-2/+1
| | | | remaining bit that it still used into ssh-rsa.c; ok markus
* Switch to recallocarray() for a few operations. Both growth and shrinkagederaadt2017-05-311-14/+2
| | | | | | are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
* revise sshkey_load_public(): remove ssh1 related comments, remove extramarkus2017-05-301-23/+21
| | | | | open()/close() on keyfile, prevent leak of 'pub' if 'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@
* unifdef WITH_SSH1djm2017-04-301-55/+1
| | | | ok markus@
* incorrect renditions of this quote bother mederaadt2017-03-261-2/+2
|
* use sshbuf_allocate() to pre-allocate the buffer used for loadingdjm2016-11-251-2/+14
| | | | | | | | | keys. This avoids implicit realloc inside the buffer code, which might theoretically leave fragments of the key on the heap. This doesn't appear to happen in practice for normal sized keys, but was observed for novelty oversize ones. Pointed out by Jann Horn of Project Zero; ok markus@
* make private key loading functions consistently handle NULLdjm2016-04-091-12/+22
| | | | key pointer arguments; ok markus@
* Remove NULL-checks before sshbuf_free().mmcc2015-12-111-5/+3
| | | | ok djm@
* Remove NULL-checks before sshkey_free().mmcc2015-12-111-9/+5
| | | | ok djm@
* Remove NULL-checks before free().mmcc2015-12-101-3/+2
| | | | ok dtucker@
* - Fix error message: passphrase needs to be at least 5 characters, not 4.tim2015-09-131-3/+3
| | | | | | | - Remove unused function argument. - Remove two unnecessary variables. OK djm@
* re-enable ed25519-certs if compiled w/o openssl; ok djmmarkus2015-07-091-3/+3
|
* delete support for legacy v00 certificates; "sure" markus@ dtucker@djm2015-07-031-2/+2
|
* s/recommended/required/ that private keys be og-rdjm2015-04-171-2/+2
| | | | this wording change was made a while ago but got accidentally reverted
* fd leak for !ssh1 case; found by unittests; ok markus@djm2015-03-311-1/+3
|
* KRL support doesn't need OpenSSL anymore, remove #ifdefsdjm2015-03-181-3/+1
| | | | from around call
* add an XXX to remind me to improve sshkey_load_publicdjm2015-02-231-1/+4
|
* Reduce use of <sys/param.h> and transition to <limits.h> throughout.deraadt2015-01-201-3/+3
| | | | ok djm markus
* deprecate key_load_private_pem() and sshkey_load_private_pem()djm2015-01-081-40/+24
| | | | | | | | | | | | | | | interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@
* add RevokedHostKeys option for the clientdjm2014-12-041-10/+48
| | | | Allow textfile or KRL-based revocation of hostkeys.
* New key API: refactor key-related functions to be more library-like,djm2014-06-241-1088/+316
| | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-1/+32
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* buffer_get_string_ptr's return should be const to reminddjm2014-04-281-2/+3
| | | | | callers that futzing with it will futz with the actual buffer contents
* correct test that kdf name is not "none" or "bcrypt"djm2014-03-121-2/+2
|
* convert memset of potentially-private data to explicit_bzero()djm2014-02-021-7/+7
|
* replace most bzero with explicit_bzero, except a few that cna be memsettedu2014-01-311-4/+4
| | | | ok djm dtucker
* don't refuse to load Ed25519 certificatesdjm2013-12-291-1/+2
|
* support ed25519 keys (hostkeys and user identities) using the public domainmarkus2013-12-061-1/+9
| | | | | ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
* new private key format, bcrypt as KDF by default; details in PROTOCOL.key;markus2013-12-061-10/+361
| | | | feedback and lots help from djm; ok djm@
* Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com"djm2013-11-211-3/+3
| | | | | | | | | | | | | | that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
* bye, bye xfree(); ok markus@djm2013-05-171-5/+5
|
* add the ability to query supported ciphers, MACs, key type and KEXdjm2013-04-191-3/+3
| | | | | algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
* support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)markus2013-01-081-3/+3
| | | | ok and feedback djm@
* add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithmsmarkus2012-12-111-3/+3
| | | | | | | that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
* memleak in key_load_file(); from Jan Klemkowmarkus2012-01-251-2/+2
|
* make sure key_parse_public/private_rsa1() no longer consumes its input buffer.markus2011-06-141-25/+28
| | | | fixes ssh-add for passphrase-protected ssh1-keys; noted by naddy@; ok djm@
* read in key comments for v.2 keys (though note that these are notdjm2011-05-231-3/+6
| | | | | passed over the agent protocol); bz#439, based on patch from binder AT arago.de; ok markus@
* warn on unexpected key type in key_parse_private_type()djm2011-05-131-1/+2
|
* despam debug() logs by detecting that we are trying to load a private keydjm2011-05-101-1/+4
| | | | in key_try_load_public() and returning early; ok markus@
* allow "ssh-add - < key"; feedback and ok markus@djm2011-05-041-36/+64
|
* correctly load comment for encrypted rsa1 keys;markus2010-11-291-2/+3
| | | | report/fix Joachim Schipper; ok djm@
* Refactor internals of private key loading and saving to work on memorydjm2010-11-211-193/+254
| | | | | buffers rather than directly on files. This will make a few things easier to do in the future; ok markus@
* fix a possible NULL deref on loading a corrupt ECDH keydjm2010-10-281-9/+5
| | | | | | | store ECDH group information in private keys files as "named groups" rather than as a set of explicit group parameters (by setting the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and retrieves the group's OpenSSL NID that we need for various things.
* typodjm2010-09-081-2/+2
|
* Implement Elliptic Curve Cryptography modes for key exchange (ECDH) anddjm2010-08-311-1/+31
| | | | | | | | | | | | | | | | | host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* commited the wrong version of the hostbased certificate diff; thisdjm2010-08-041-5/+7
| | | | | version replaces some strlc{py,at} verbosity with xasprintf() at the request of markus@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.