summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/authfile.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* avoid spurious "Unable to load host key" message when sshd can load adjm2020-06-181-2/+8
| | | | private key but no public counterpart; with & ok markus@
* refactor out some duplicate private key loading code; based ondjm2020-04-171-34/+9
| | | | patch from loic AT venez.fr, ok dtucker@
* let sshkey_try_load_public() load public keys from the unencrypteddjm2020-04-081-1/+37
| | | | | | | envelope of private key files if not sidecar public key file is present. ok markus@
* simplify sshkey_try_load_public()djm2020-04-081-39/+19
| | | | ok markus@
* factor out reading/writing sshbufs to dedicated functions;djm2020-01-251-68/+9
| | | | feedback and ok markus@
* add sshkey_save_public(), to save a public key; ok markus@djm2020-01-021-1/+32
|
* move advance_past_options to authfile.c and make it public;djm2019-09-031-1/+23
| | | | ok markus@
* Remove now-redundant perm_ok arg since sshkey_load_private_type willdtucker2019-08-051-16/+8
| | | | | now return SSH_ERR_KEY_BAD_PERMISSIONS in that case. Patch from jitendra.sharma at intel.com, ok djm@
* support PKCS8 as an optional format for storage of private keys,djm2019-07-151-3/+3
| | | | | | | | | | | | enabled via "ssh-keygen -m PKCS8" on operations that save private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less terrible KDF (IIRC PEM uses a single round of MD5 as a KDF). adapted from patch by Jakub Jelen via bz3013; ok markus
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-6/+6
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* In sshkey_in_file(), ignore keys that are considered for being toodjm2018-09-211-4/+10
| | | | | | | | short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered to be "in the file". This allows key revocation lists to contain short keys without the entire revocation list being considered invalid. bz#2897; ok dtucker
* replace cast with call to sshbuf_mutable_ptr(); ok djm@markus2018-07-091-2/+2
|
* switch config file parsing to getline(3) as this avoids static limitsmarkus2018-06-061-11/+11
| | | | noted by gerhard@; ok dtucker@, djm@
* Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)markus2018-02-231-1/+7
| | | | | | | The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
* remove post-SSHv1 removal dead code from rsa.c and merge thedjm2017-07-011-2/+1
| | | | remaining bit that it still used into ssh-rsa.c; ok markus
* Switch to recallocarray() for a few operations. Both growth and shrinkagederaadt2017-05-311-14/+2
| | | | | | are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
* revise sshkey_load_public(): remove ssh1 related comments, remove extramarkus2017-05-301-23/+21
| | | | | open()/close() on keyfile, prevent leak of 'pub' if 'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@
* unifdef WITH_SSH1djm2017-04-301-55/+1
| | | | ok markus@
* incorrect renditions of this quote bother mederaadt2017-03-261-2/+2
|
* use sshbuf_allocate() to pre-allocate the buffer used for loadingdjm2016-11-251-2/+14
| | | | | | | | | keys. This avoids implicit realloc inside the buffer code, which might theoretically leave fragments of the key on the heap. This doesn't appear to happen in practice for normal sized keys, but was observed for novelty oversize ones. Pointed out by Jann Horn of Project Zero; ok markus@
* make private key loading functions consistently handle NULLdjm2016-04-091-12/+22
| | | | key pointer arguments; ok markus@
* Remove NULL-checks before sshbuf_free().mmcc2015-12-111-5/+3
| | | | ok djm@
* Remove NULL-checks before sshkey_free().mmcc2015-12-111-9/+5
| | | | ok djm@
* Remove NULL-checks before free().mmcc2015-12-101-3/+2
| | | | ok dtucker@
* - Fix error message: passphrase needs to be at least 5 characters, not 4.tim2015-09-131-3/+3
| | | | | | | - Remove unused function argument. - Remove two unnecessary variables. OK djm@
* re-enable ed25519-certs if compiled w/o openssl; ok djmmarkus2015-07-091-3/+3
|
* delete support for legacy v00 certificates; "sure" markus@ dtucker@djm2015-07-031-2/+2
|
* s/recommended/required/ that private keys be og-rdjm2015-04-171-2/+2
| | | | this wording change was made a while ago but got accidentally reverted
* fd leak for !ssh1 case; found by unittests; ok markus@djm2015-03-311-1/+3
|
* KRL support doesn't need OpenSSL anymore, remove #ifdefsdjm2015-03-181-3/+1
| | | | from around call
* add an XXX to remind me to improve sshkey_load_publicdjm2015-02-231-1/+4
|
* Reduce use of <sys/param.h> and transition to <limits.h> throughout.deraadt2015-01-201-3/+3
| | | | ok djm markus
* deprecate key_load_private_pem() and sshkey_load_private_pem()djm2015-01-081-40/+24
| | | | | | | | | | | | | | | interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@
* add RevokedHostKeys option for the clientdjm2014-12-041-10/+48
| | | | Allow textfile or KRL-based revocation of hostkeys.
* New key API: refactor key-related functions to be more library-like,djm2014-06-241-1088/+316
| | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-1/+32
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* buffer_get_string_ptr's return should be const to reminddjm2014-04-281-2/+3
| | | | | callers that futzing with it will futz with the actual buffer contents
* correct test that kdf name is not "none" or "bcrypt"djm2014-03-121-2/+2
|
* convert memset of potentially-private data to explicit_bzero()djm2014-02-021-7/+7
|
* replace most bzero with explicit_bzero, except a few that cna be memsettedu2014-01-311-4/+4
| | | | ok djm dtucker
* don't refuse to load Ed25519 certificatesdjm2013-12-291-1/+2
|
* support ed25519 keys (hostkeys and user identities) using the public domainmarkus2013-12-061-1/+9
| | | | | ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
* new private key format, bcrypt as KDF by default; details in PROTOCOL.key;markus2013-12-061-10/+361
| | | | feedback and lots help from djm; ok djm@
* Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com"djm2013-11-211-3/+3
| | | | | | | | | | | | | | that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
* bye, bye xfree(); ok markus@djm2013-05-171-5/+5
|
* add the ability to query supported ciphers, MACs, key type and KEXdjm2013-04-191-3/+3
| | | | | algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
* support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)markus2013-01-081-3/+3
| | | | ok and feedback djm@
* add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithmsmarkus2012-12-111-3/+3
| | | | | | | that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
* memleak in key_load_file(); from Jan Klemkowmarkus2012-01-251-2/+2
|
* make sure key_parse_public/private_rsa1() no longer consumes its input buffer.markus2011-06-141-25/+28
| | | | fixes ssh-add for passphrase-protected ssh1-keys; noted by naddy@; ok djm@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.