summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/krl.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* use the new variant log macros instead of prepending __func__ anddjm2020-10-181-53/+47
| | | | appending ssh_err(r) manually; ok markus@
* support for user-verified FIDO keysdjm2020-08-271-3/+4
| | | | | | | | | | | | | | | FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
* avoid another compiler warning spotted in -portabledjm2020-04-031-6/+9
|
* fix format string (use %llu for uint64, not %lld). spotted by Darren anddjm2020-04-031-4/+4
| | | | his tinderbox tests
* give ssh-keygen the ability to dump the contents of a binary keydjm2020-04-031-1/+93
| | | | revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker
* factor out reading/writing sshbufs to dedicated functions;djm2020-01-251-13/+3
| | | | feedback and ok markus@
* Add new structure for signature optionsdjm2019-11-251-2/+2
| | | | | | | | | This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@
* Refactor signing - use sshkey_sign for everything, including the newdjm2019-10-311-2/+2
| | | | | | | | | | | U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
* lots of things were relying on libcrypto headers to transitivelydjm2019-09-061-1/+2
| | | | | include various system headers (mostly stdlib.h); include them explicitly
* Add protection for private keys at rest in RAM against speculationdjm2019-06-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@
* allow key revocation by SHA256 hash and allow ssh-keygen to create KRLsdjm2018-09-121-29/+97
| | | | using SHA256/base64 key fingerprints; ok markus@
* pass negotiated signing algorithm though to sshkey_verify() anddjm2017-12-181-2/+2
| | | | | check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
* Switch to recallocarray() for a few operations. Both growth and shrinkagederaadt2017-05-311-2/+2
| | | | | | are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
* krl.cdtucker2017-03-101-3/+4
|
* Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitionsderaadt2016-09-121-8/+7
| | | | | rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
* fix three bugs in KRL code related to (unused) signature support:djm2015-12-311-4/+3
| | | | | | | verification length was being incorrectly calculated, multiple signatures were being incorrectly processed and a NULL dereference that occurred when signatures were verified. Reported by Carl Jackson
* Remove NULL-checks before sshbuf_free().mmcc2015-12-111-9/+5
| | | | ok djm@
* implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)markus2015-12-041-2/+2
| | | | | based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
* Fix occurrences of "r = func() != 0" which result in the wrong errorjsg2015-09-021-2/+2
| | | | | | codes being returned due to != having higher precedence than =. ok deraadt@ markus@
* delete support for legacy v00 certificates; "sure" markus@ dtucker@djm2015-07-031-5/+5
|
* correct test to sshkey_sign(); spotted by Albert S.djm2015-06-241-2/+2
|
* permit KRLs that revoke certificates by serial number or key IDdjm2015-01-301-38/+64
| | | | without scoping to a particular CA; ok markus@
* small refactor and add some convenience functions;djm2015-01-261-12/+5
| | | | ok markus
* Reduce use of <sys/param.h> and transition to <limits.h> throughout.deraadt2015-01-201-2/+2
| | | | ok djm markus
* fix format strings in (disabled) debuggingdjm2015-01-191-4/+4
|
* string truncation due to sizeof(size)deraadt2015-01-181-2/+2
| | | | ok djm markus
* avoid BIGNUM in KRL code by using a simple bitmap;djm2015-01-141-21/+41
| | | | feedback and ok markus
* sync changes from libopenssh; prepared by markus@djm2015-01-131-50/+48
| | | | | mostly debug output tweaks, a couple of error return value changes and some other minor stuff
* missing error assigment on sshbuf_put_string()markus2015-01-121-3/+3
|
* free->sshkey_free; ok djm@markus2015-01-121-2/+2
|
* deprecate key_load_private_pem() and sshkey_load_private_pem()djm2015-01-081-2/+2
| | | | | | | | | | | | | | | interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@
* Add FingerprintHash option to control algorithm used for keydjm2014-12-211-3/+5
| | | | | | | fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* convert KRL code to new buffer APIdjm2014-12-041-316/+335
| | | | ok markus@
* fix NULL pointer dereference crash on invalid timestampdjm2014-11-211-3/+7
| | | | found using Michal Zalewski's afl fuzzer
* fix KRL generation when multiple CAs are in usedjm2014-11-171-1/+2
| | | | | | | | | | | We would generate an invalid KRL when revoking certs by serial number for multiple CA keys due to a section being written out twice. Also extend the regress test to catch this case by having it produce a multi-CA KRL. Reported by peter AT pean.org
* New key API: refactor key-related functions to be more library-like,djm2014-06-241-4/+4
| | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
* fix bug in KRL generation: multiple consecutive revoked certificatedjm2014-06-241-1/+2
| | | | | | | serial number ranges could be serialised to an invalid format. Readers of a broken KRL caused by this bug will fail closed, so no should-have-been-revoked key will be accepted.
* buffer_get_string_ptr's return should be const to reminddjm2014-04-281-3/+5
| | | | | callers that futzing with it will futz with the actual buffer contents
* replace most bzero with explicit_bzero, except a few that cna be memsettedu2014-01-311-6/+6
| | | | ok djm dtucker
* fix verification error in (as-yet usused) KRL signature checking pathdjm2013-07-201-2/+2
|
* don't leak the rdata blob on errors; ok djm@markus2013-06-201-8/+11
|
* hush some {unused, printf type} warningsdjm2013-04-051-6/+11
|
* Remove bogus include. ok djmdtucker2013-02-191-2/+1
|
* actually use the xrealloc() return value; spotted by xi.wang AT gmail.comdjm2013-01-271-2/+2
|
* redo last commit without the vi-vomit that snuck in:djm2013-01-251-3/+6
| | | | | | skip serial lookup when cert's serial number is zero (now with 100% better comment)
* Revert last. Breaks due to likely typo. Let djm@ fix later.krw2013-01-251-2/+2
| | | | ok djm@ via dlg@
* skip serial lookup when cert's serial number is zerodjm2013-01-241-2/+2
|
* fix handling of (unused) KRL signatures; skip string in correct bufferdjm2013-01-241-2/+2
|
* RB_INSERT does not remove existing elments; ok djm@markus2013-01-191-2/+2
|
* fix KRL generation bug for list sectionsdjm2013-01-181-2/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.