summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-rsa.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with thedjm2010-04-161-7/+5
| | | | | | | | | | | | | | | | | | following changes: move the nonce field to the beginning of the certificate where it can better protect against chosen-prefix attacks on the signature hash Rename "constraints" field to "critical options" Add a new non-critical "extensions" field Add a serial number The older format is still support for authentication and cert generation (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) ok markus@
* Add support for certificate key types for users and hosts.djm2010-02-261-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-3/+3
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+3
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* change OpenSSH's xrealloc() function from being xrealloc(p, new_size) todjm2006-03-251-1/+1
| | | | | | | | xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
* annoying spacing fixes getting in the way of real diffsderaadt2006-03-201-0/+1
|
* in a switch (), break after return or goto is stupidderaadt2006-03-201-1/+0
|
* RCSID() can diederaadt2006-03-191-1/+0
|
* make this -Wsign-compare clean; ok avsm@ markus@djm2005-06-171-2/+2
|
* constify. ok markus@ & djm@jakob2003-11-101-5/+5
|
* backout last change, since it violates pkcs#1markus2003-06-181-23/+14
| | | | switch to share/misc/license.template
* make sure the signature has at least the expected length (don'tmarkus2003-06-161-3/+3
| | | | | insist on len == hlen + oidlen, since this breaks some smartcards) bugzilla #592; ok djm@
* merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@markus2003-02-121-2/+1
|
* KNFderaadt2002-11-211-2/+2
|
* RSA_public_decrypt() returns -1 on error so len must be signed; ok markus@stevesk2002-08-271-2/+3
|
* replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parsermarkus2002-08-021-7/+93
| | | | for authentication; ok deraadt/djm
* diff is u_int (2x); ok deraadt/provosmarkus2002-08-021-3/+3
|
* don't allocate, copy, and discard if there is not interested in the data; ok deraadt@markus2002-07-041-10/+8
|
* patch memory leaks; grendel@zeitbombe.orgderaadt2002-07-041-1/+3
|
* various KNF and %d for unsignedderaadt2002-06-231-13/+11
|
* display minimum RSA modulus in error(); ok markus@stevesk2002-06-101-3/+3
|
* pad received signature with leading zeros, because RSA_verify expectsmarkus2002-05-311-2/+17
| | | | | a signature of RSA_size. the drafts says the signature is transmitted unpadded (e.g. putty does not pad), reported by anakin@pobox.com
* ignore SSH_BUG_SIGBLOB for ssh-rsa; #187markus2002-04-021-9/+1
|
* make RSA modulus minimum #define; ok markus@stevesk2002-03-291-2/+3
|
* signed vs. unsigned: make size arguments u_int, ok stevesk@markus2002-02-241-5/+5
|
* use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@markus2002-01-251-13/+7
| | | | don't use evp_md->md_size, it's not public.
* minor KNFderaadt2001-12-051-2/+2
|
* KNF (unexpand)markus2001-11-101-3/+3
|
* missing free and sync dss/rsa code.markus2001-11-071-3/+3
|
* ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supportedmarkus2001-11-071-1/+9
|
* u_char*/char* cleanup; ok markus@stevesk2001-09-171-3/+3
|
* cleanup, remove old codemarkus2001-06-061-2/+1
|
* some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5markus2001-03-271-3/+4
| | | | signatures in SSH protocol 2, ok djm@
* use EVP_get_digestbynid, reorder some calls and fix missing free.markus2001-03-271-12/+22
|
* sync with netbsd tree changes.itojun2001-02-081-1/+2
| | | | | | - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
* split ssh.h and try to cleanup the #include mess. remove unnecessary #includes.markus2001-01-211-8/+5
| | | | rename util.[ch] -> misc.[ch]
* make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from galb@vandyke.com.markus2001-01-161-1/+6
| | | | | | | | note that you have to delete older ssh2-rsa keys, since they are in the wrong format, too. they must be removed from .ssh/authorized_keys2 and .ssh/known_hosts2, etc. (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2) additionally, we now check that BN_num_bits(rsa->n) >= 768.
* remove unusedmarkus2001-01-061-4/+1
|
* replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned'markus2000-12-191-10/+10
| | | | with u_char.
* add support for RSA to SSH2. please test.markus2000-11-121-0/+163
there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.