summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-dss.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* change explicit_bzero();free() to freezero()jsg2020-02-261-5/+3
| | | | | | | | While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@
* hold our collective noses and use the openssl-1.1.x API in OpenSSH;djm2018-09-131-9/+19
| | | | feedback and ok tb@ jsing@ markus@
* Remove all guards for calls to OpenSSL free functions - all of thesejsing2018-02-071-5/+3
| | | | | | | | | functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@
* Drop compatibility hacks for some ancient SSH implementations, includingdjm2018-01-231-51/+30
| | | | | | | | | | ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
* make argument == NULL tests more consistentdjm2016-04-211-2/+3
|
* Remove NULL-checks before sshbuf_free().mmcc2015-12-111-5/+3
| | | | ok djm@
* Remove NULL-checks before free().mmcc2015-12-101-3/+2
| | | | ok dtucker@
* New key API: refactor key-related functions to be more library-like,djm2014-06-241-104/+133
| | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
* convert memset of potentially-private data to explicit_bzero()djm2014-02-021-5/+5
|
* Introduce digest API and use it to perform all hashing operationsdjm2014-01-091-15/+16
| | | | | | rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@
* make the original RSA and DSA signing/verification code look more likedjm2013-12-271-14/+15
| | | | | | the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type rather than tediously listing all variants, use __func__ for debug/ error messages
* bye, bye xfree(); ok markus@djm2013-05-171-5/+5
|
* Add buffer_get_cstring() and related functions that verify that thedjm2010-08-311-2/+2
| | | | | | | | | | | | | string extracted from the buffer contains no embedded \0 characters* This prevents random (possibly malicious) crap from being appended to strings where it would not be noticed if the string is used with a string(3) function. Use the new API in a few sensitive places. * actually, we allow a single one at the end of the string for now because we don't know how many deployed implementations get this wrong, but don't count on this to remain indefinitely.
* revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with thedjm2010-04-161-7/+5
| | | | | | | | | | | | | | | | | | following changes: move the nonce field to the beginning of the certificate where it can better protect against chosen-prefix attacks on the signature hash Rename "constraints" field to "critical options" Add a new non-critical "extensions" field Add a serial number The older format is still support for authentication and cert generation (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) ok markus@
* Add support for certificate key types for users and hosts.djm2010-02-261-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
* add missing checks for openssl return codes; with & ok djm@markus2006-11-061-3/+4
|
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-3/+2
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+3
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* RCSID() can diederaadt2006-03-191-1/+0
|
* constify. ok markus@ & djm@jakob2003-11-101-10/+10
|
* merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@markus2003-02-121-2/+1
|
* don't allocate, copy, and discard if there is not interested in the data; ok deraadt@markus2002-07-041-15/+11
|
* patch memory leaks; grendel@zeitbombe.orgderaadt2002-07-041-1/+5
|
* various KNF and %d for unsignedderaadt2002-06-231-9/+5
|
* add some const EVP_MD for openssl-0.9.7markus2002-02-281-3/+3
|
* signed vs. unsigned: make size arguments u_int, ok stevesk@markus2002-02-241-5/+5
|
* use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@markus2002-01-251-13/+7
| | | | don't use evp_md->md_size, it's not public.
* call fatal() for openssl allocation failuresmarkus2001-12-271-4/+7
|
* minor KNFderaadt2001-12-051-2/+2
|
* missing free and sync dss/rsa code.markus2001-11-071-5/+7
|
* u_char*/char* cleanup; ok markus@stevesk2001-09-171-3/+3
|
* cleanup, remove old codemarkus2001-06-061-44/+13
|
* sync with netbsd tree changes.itojun2001-02-081-1/+2
| | | | | | - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
* unexpand and remove end-of-line whitespace; ok markus@stevesk2001-02-041-2/+2
|
* split ssh.h and try to cleanup the #include mess. remove unnecessary #includes.markus2001-01-211-8/+5
| | | | rename util.[ch] -> misc.[ch]
* clear and free digest, make consistent with other code (use dlen); from stevesk@markus2001-01-191-4/+7
|
* replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned'markus2000-12-191-15/+15
| | | | with u_char.
* add support for RSA to SSH2. please test.markus2000-11-121-0/+216
there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.