summaryrefslogtreecommitdiffstats
path: root/sshkey.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: be more strict in parsing key type names. Only allowdjm@openbsd.org2024-09-041-5/+19
| | | | | | | | | shortnames (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. Prompted by bz3725; ok markus@ OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187
* simplify sshkey_prekey_alloc(); always use mmapDamien Miller2024-08-211-17/+10
|
* upstream: actually use the length parameter that was passed in ratherdjm@openbsd.org2024-08-201-4/+4
| | | | | | | than a constant (this makes no difference in practice because the length is always the same); reported by martin AT nmkd.net OpenBSD-Commit-ID: 4aecce232c2fe9b16e9217ff6bcb3c848d853e7e
* private key coredump protection for Linux/FreeBSDDamien Miller2024-08-201-0/+18
| | | | | platforms not supporting coredump exclusion using mmap/madvise flags fall back to plain old malloc(3).
* upstream: place shielded keys (i.e. keys at rest in RAM) into memorydjm@openbsd.org2024-08-201-6/+26
| | | | | | | | | | allocated using mmap(3) with MAP_CONCEAL set. This prevents exposure of the key material in coredumps, etc (this is in addition to other measures we take in this area). ok deraadt@ OpenBSD-Commit-ID: cbbae59f337a00c9858d6358bc65f74e62261369
* missed OPENSSL_HAS_ECC caseDamien Miller2024-08-151-0/+2
|
* upstream: Convert RSA and ECDSA key to the libcrypto EVP_PKEY API.djm@openbsd.org2024-08-151-71/+154
| | | | | | | | | | | | DSA remains unconverted as it will be removed within six months. Based on patches originally from Dmitry Belyavskiy, but significantly reworked based on feedback from Bob Beck, Joel Sing and especially Theo Buehler (apologies to anyone I've missed). ok tb@ OpenBSD-Commit-ID: d098744e89f1dc7e5952a6817bef234eced648b5
* upstream: make DSA key support compile-time optional, defaulting todjm@openbsd.org2024-01-111-1/+9
| | | | | | | | on ok markus@ OpenBSD-Commit-ID: 4f8e98fc1fd6de399d0921d5b31b3127a03f581d
* upstream: spelling; ok markus@jsg@openbsd.org2024-01-081-2/+2
| | | | OpenBSD-Commit-ID: 9d01f2e9d59a999d5d42fc3b3efcf8dfb892e31b
* upstream: Move declaration of "len" into the block where it's used.dtucker@openbsd.org2023-10-161-2/+3
| | | | | | | This lets us compile Portable with -Werror with when OpenSSL doesn't have Ed25519 support. OpenBSD-Commit-ID: e02e4b4af351946562a7caee905da60eff16ba29
* upstream: add support for reading ED25519 private keys in PEM PKCS8djm@openbsd.org2023-10-121-2/+37
| | | | | | format; ok markus@ tb@ OpenBSD-Commit-ID: 01b85c91757e6b057e9b23b8a23f96415c3c7174
* upstream: want stdlib.h for free(3)djm@openbsd.org2023-08-211-1/+2
| | | | OpenBSD-Commit-ID: 743af3c6e3ce5e6cecd051668f0327a01f44af29
* upstream: increase default KDF work-factor for OpenSSH formatdjm@openbsd.org2023-07-281-2/+2
| | | | | | private keys from 16 to 24; { feedback ok } x { deraadt markus } OpenBSD-Commit-ID: a3afb1383f8ff0a49613d449f02395d9e8d4a9ec
* upstream: better validate CASignatureAlgorithms in ssh_config anddjm@openbsd.org2023-06-211-2/+5
| | | | | | | | | | | sshd_config. Previously this directive would accept certificate algorithm names, but these were unusable in practice as OpenSSH does not support CA chains. part of bz3577; ok dtucker@ OpenBSD-Commit-ID: a992d410c8a78ec982701bc3f91043dbdb359912
* upstream: remove unused variable; prompted by Coverity CID 291879djm@openbsd.org2023-03-311-4/+1
| | | | OpenBSD-Commit-ID: 4c7d20ef776887b0ba1aabcfc1b14690e4ad0a40
* Allow building with BoringSSLDamien Miller2023-03-241-0/+6
|
* upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreakdjm@openbsd.org2022-10-281-1/+20
| | | | | | OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
* fix merge botchDamien Miller2022-10-281-1/+0
|
* upstream: refactor sshkey_private_deserializedjm@openbsd.org2022-10-281-246/+29
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* upstream: refactor sshkey_private_serialize_opt()djm@openbsd.org2022-10-281-168/+26
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor certifydjm@openbsd.org2022-10-281-93/+33
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6
* upstream: refactor sshkey_sign() and sshkey_verify()djm@openbsd.org2022-10-281-68/+17
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor sshkey_from_blob_internal()djm@openbsd.org2022-10-281-232/+22
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_from_private()djm@openbsd.org2022-10-281-125/+14
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: factor out key generationdjm@openbsd.org2022-10-281-126/+14
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: refactor and simplify sshkey_read()djm@openbsd.org2022-10-281-122/+24
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971
* upstream: factor out public key serializationdjm@openbsd.org2022-10-281-93/+24
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: factor out sshkey_equal_public()djm@openbsd.org2022-10-281-74/+26
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: begin big refactor of sshkeydjm@openbsd.org2022-10-281-264/+171
| | | | | | | | | | | Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: Add a sshkey_check_rsa_length() call for checking thedjm@openbsd.org2022-09-171-10/+16
| | | | | | length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
* upstream: sshkey_unshield_private() contains a exact duplicate ofdjm@openbsd.org2022-05-051-40/+32
| | | | | | | the code in private2_check_padding(). Pull private2_check_padding() up so the code can be reused. From Martin Vahlensieck, ok deraadt@ OpenBSD-Commit-ID: 876884c3f0e62e8fd8d1594bab06900f971c9c85
* upstream: add a helper function to match a key type to a list ofdjm@openbsd.org2022-01-061-1/+24
| | | | | | | signature algorithms. RSA keys can make signatures with multiple algorithms, so some special handling is required. ok markus@ OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff
* Only enable sk-* key types if ENABLE_SK is definedDarren Tucker2021-10-071-0/+6
|
* upstream: Let allowed signers files used by ssh-keygen(1)djm@openbsd.org2021-07-231-11/+21
| | | | | | | | signatures support key lifetimes, and allow the verification mode to specify a signature time to check at. This is intended for use by git to support signing objects using ssh keys. ok dtucker@ OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
* upstream: Use existing format_absolute_time() function whendtucker@openbsd.org2021-07-121-17/+5
| | | | | | printing cert validity instead of doing it inline. Part of bz#3329. OpenBSD-Commit-ID: a13d4e3c4f59644c23745eb02a09b2a4e717c00c
* upstream: Fix a couple of whitespace things. Portable already hasdtucker@openbsd.org2021-07-081-1/+1
| | | | | | these so this removes two diffs between the two. OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56
* polish whitespace for portable filesDamien Miller2021-04-031-2/+2
|
* upstream: highly polished whitespace, mostly fixing spaces-for-tabdjm@openbsd.org2021-04-031-11/+11
| | | | | | and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* upstream: fix memleaks in private key deserialisation; enforce moredjm@openbsd.org2021-02-051-1/+20
| | | | | | | consistency between redundant fields in private key certificate and private key body; ok markus@ OpenBSD-Commit-ID: dec344e414d47f0a7adc13aecf3760fe58101240
* upstream: move check_host_cert() from sshconnect,c to sshkey.c anddjm@openbsd.org2021-01-261-4/+35
| | | | | | | | refactor it to make it more generally usable and testable. ok markus@ OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4
* upstream: Make output buffer larger to prevent potential truncationdtucker@openbsd.org2021-01-181-2/+2
| | | | | | | warnings from compilers not smart enough to know the strftime calls won't ever fully fill "to" and "from". ok djm@ OpenBSD-Commit-ID: 83733f1b01b82da88b9dd1769475952aff10bdd7
* upstream: Adapt XMSS to new logging infrastructure. With markus@, okdtucker@openbsd.org2020-10-201-5/+5
| | | | | | djm@. OpenBSD-Commit-ID: 9c35ec3aa0f710e4e3325187ceff4fa3791686de
* upstream: support for user-verified FIDO keysdjm@openbsd.org2020-08-271-9/+11
| | | | | | | | | | | | | | | | | FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@ OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
* upstream: only call sshkey_xmss_init() once for KEY_XMSS_CERT; okmarkus@openbsd.org2020-06-261-2/+4
| | | | | | djm OpenBSD-Commit-ID: d0002ffb7f20f538b014d1d0735facd5a81ff096
* upstream: Add support for FIDO webauthn (verification only).djm@openbsd.org2020-06-221-1/+3
| | | | | | | | webauthn is a standard for using FIDO keys in web browsers. webauthn signatures are a slightly different format to plain FIDO signatures - this support allows verification of these. Feedback and ok markus@ OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
* upstream: Refactor private key parsing. Eliminates a fair bit ofdjm@openbsd.org2020-04-111-147/+40
| | | | | | | | | duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key type check in the ECDSA_CERT parsing path. feedback and ok markus@ OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9
* upstream: add sshkey_parse_pubkey_from_private_fileblob_type()djm@openbsd.org2020-04-081-1/+65
| | | | | | | | | Extracts a public key from the unencrypted envelope of a new-style OpenSSH private key. ok markus@ OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
* upstream: simplify sshkey_parse_private_fileblob_type()djm@openbsd.org2020-04-081-16/+5
| | | | | | | | | Try new format parser for all key types first, fall back to PEM parser only for invalid format errors. ok markus@ OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77
* upstream: check private key type against requested key type indjm@openbsd.org2020-04-081-1/+7
| | | | | | new-style private decoding; ok markus@ OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662
* upstream: check that pubkey in private key envelope matches actualdjm@openbsd.org2020-04-081-8/+19
| | | | | | | | | | private key (this public key is currently unusued) ok markus@ OpenBSD-Commit-ID: 634a60b5e135d75f48249ccdf042f3555112049c