summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/sshkey.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* When signing certificates with an RSA key, default to using thedjm2019-05-201-1/+8
| | | | | | | | | | | rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH < 7.2 unless the default is overridden. Document the ability of the ssh-keygen -t flag to override the signature algorithm when signing certificates, and the new default. ok deraadt@
* Wrap XMSS including in ifdef. Patch from markus at blueflash.cc, ok djmdtucker2019-05-031-2/+4
|
* Make sshpkt_get_bignum2() allocate the bignum it is parsing ratherdjm2019-01-211-70/+26
| | | | | | than make the caller do it. Saves a lot of boilerplate code. from markus@ ok djm@
* typo in plain RSA algorithm counterpart names for certificates;djm2018-10-111-3/+3
| | | | spotted by Adam Eijdenberg; ok dtucker@
* Treat all PEM_read_bio_PrivateKey() errors when a passphrase is specifieddjm2018-10-091-2/+11
| | | | | | | | | | | | | as "incorrect passphrase" instead of trying to choose between that and "invalid format". libcrypto can return ASN1 parsing errors rather than the expected decrypt error in certain infrequent cases when trying to decrypt/parse PEM private keys when supplied with an invalid passphrase. Report and repro recipe from Thomas Deutschmann in bz#2901 ok markus@
* garbage-collect moribund ssh_new_private() API.djm2018-09-141-17/+6
|
* hold our collective noses and use the openssl-1.1.x API in OpenSSH;djm2018-09-131-289/+331
| | | | feedback and ok tb@ jsing@ markus@
* add sshkey_check_cert_sigtype() that checks a cert->signature_typedjm2018-09-121-1/+22
| | | | against a supplied whitelist; ok markus
* add cert->signature_type field and keep it in sync with certificatedjm2018-09-121-26/+67
| | | | signature wrt loading and certification operations; ok markus@
* some finesse to fix RSA-SHA2 certificate authentication for certsdjm2018-07-031-4/+4
| | | | hosted in ssh-agent
* Improve strictness and control over RSA-SHA2 signature types:djm2018-07-031-21/+75
| | | | | | | | | | | | | | | | | | | | | In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@
* ssh/xmss: fix deserialize for certs; ok djm@markus2018-03-221-1/+6
|
* refactor sshkey_read() to make it a little more, err, readable.djm2018-03-021-113/+135
| | | | ok markus
* Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)markus2018-02-231-15/+395
| | | | | | | The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
* Some obvious freezero() conversions.jsing2018-02-141-26/+11
| | | | | | This also zeros an ed25519_pk when it was not being zeroed previously. ok djm@ dtucker@
* Remove all guards for calls to OpenSSL free functions - all of thesejsing2018-02-071-35/+18
| | | | | | | | | functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@
* pass negotiated signing algorithm though to sshkey_verify() anddjm2017-12-181-4/+5
| | | | | check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
* sshkey_sigtype() function to return the type of a signature;djm2017-12-181-1/+26
| | | | ok markus@
* BIO_get_mem_data() is supposed to take a char* as pointer argument,djm2017-10-131-2/+2
| | | | so don't pass it a const char*
* Switch from aes256-cbc to aes256-ctr for encrypting new-styledjm2017-08-121-2/+2
| | | | | private keys. The latter having the advantage of being supported for no-OpenSSL builds; bz#2754 ok markus@
* fix support for unknown key types; ok djm@markus2017-07-191-6/+1
|
* remove post-SSHv1 removal dead code from rsa.c and merge thedjm2017-07-011-4/+3
| | | | remaining bit that it still used into ssh-rsa.c; ok markus
* Allow ssh-keygen to use a key held in ssh-agent as a CA when signingdjm2017-06-281-4/+21
| | | | certificates. bz#2377 ok markus
* better translate libcrypto errors by looking deeper in the accurseddjm2017-06-091-40/+62
| | | | | error stack for codes that indicate the wrong passphrase was supplied for a PEM key. bz#2699 ok dtucker@
* Switch to recallocarray() for a few operations. Both growth and shrinkagederaadt2017-05-311-3/+4
| | | | | | are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
* make requesting bad ECDSA bits yield the same error (SSH_ERR_KEY_LENGTH)djm2017-05-081-3/+4
| | | | as the same mistake for RSA/DSA
* Refuse RSA keys <1024 bits in length. Improve reporting for keys thatdjm2017-05-071-5/+24
| | | | do not meet this requirement. ok markus@
* remove KEY_RSA1djm2017-04-301-56/+7
| | | | ok markus@
* remove SSHv1 ciphers; ok markus@djm2017-04-301-6/+2
|
* unifdef WITH_SSH1djm2017-04-301-379/+1
| | | | ok markus@
* fix regression in 7.4 server-sig-algs, where we were accidentallydjm2017-03-101-3/+5
| | | | | excluding SHA2 RSA signature methods. bz#2680, patch from Nuno Goncalves; ok dtucker@
* Check for NULL argument to sshkey_read. Patch from jjelen at redhat.comdtucker2017-03-101-1/+4
| | | | via bz#2687, ok djm@
* ifdef out "rsa1" from the list of supported keytypes when compiled withoutdtucker2017-02-171-1/+3
| | | | SSH1 support. Found by kdunlop at guralp.com, ok djm@
* bring back r1.34 that was backed out for problems loading public keys:djm2017-02-101-5/+46
| | | | | | | | translate OpenSSL error codes to something more meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ with additional fix from Jakub Jelen to solve the backout. bz#2525 bz#2523 re-ok dtucker@
* Remove dead breaks, found via opencoverage.net. ok deraadt@dtucker2016-10-241-2/+1
|
* add a comment about implicitly-expected checks todjm2016-10-041-1/+9
| | | | sshkey_ec_validate_public()
* Avoid a theoretical signed integer overflow should BN_num_bytes()djm2016-09-261-3/+6
| | | | | | | | ever violate its manpage and return a negative value. Improve order of tests to avoid confusing increasingly pedantic compilers. Reported by Guido Vranken from stack (css.csail.mit.edu/stack) unstable optimisation analyser output. ok deraadt@
* list all supported signature algorithms in the server-sig-algsdjm2016-09-121-3/+3
| | | | | Reported by mb AT smartftp.com in bz#2547 and (independantly) Ron Frederick; ok markus@
* Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitionsderaadt2016-09-121-7/+6
| | | | | rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
* small refactor of cipher.c: make ciphercontext opaque to callersdjm2016-08-031-23/+14
| | | | feedback and ok markus@
* revert 1.34; causes problems loading public keysdjm2016-06-191-39/+2
| | | | reported by semarie@
* translate OpenSSL error codes to something more meaninful;djm2016-06-171-2/+39
| | | | bz#2522 reported by Jakub Jelen, ok dtucker@
* support SHA256 and SHA512 RSA signatures in certificates;djm2016-05-021-3/+3
| | | | ok markus@
* make private key loading functions consistently handle NULLdjm2016-04-091-16/+24
| | | | key pointer arguments; ok markus@
* Remove NULL-checks before sshbuf_free().mmcc2015-12-111-19/+10
| | | | ok djm@
* Remove NULL-checks before sshkey_free().mmcc2015-12-111-9/+5
| | | | ok djm@
* Remove NULL-checks before free().mmcc2015-12-101-11/+6
| | | | ok dtucker@
* implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)markus2015-12-041-20/+23
| | | | | based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
* move the certificate validity formatting code to sshkey.[ch]djm2015-11-191-1/+38
|
* Replace remaining calls to index(3) with strchr(3). OK jca@ krw@millert2015-11-161-3/+3
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.