summaryrefslogtreecommitdiffstats
path: root/sshkey.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Initial infrastructure for U2F/FIDO supportdjm@openbsd.org2019-10-311-26/+179
| | | | | | | | | Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
* upstream: fix an unreachable integer overflow similar to the XMSSdjm@openbsd.org2019-10-091-4/+22
| | | | | | | | case, and some other NULL dereferences found by fuzzing. fix with and ok markus@ OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b
* needs time.h for --without-opensslDamien Miller2019-09-081-0/+1
|
* upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@djm@openbsd.org2019-09-061-1/+1
| | | | OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
* upstream: make get_sigtype public as sshkey_get_sigtype(); okdjm@openbsd.org2019-09-031-7/+7
| | | | | | markus@ OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8
* upstream: remove mostly vestigal uuencode.[ch]; moving the only uniquedjm@openbsd.org2019-07-161-20/+7
| | | | | | | functionality there (wrapping of base64-encoded data) to sshbuf functions; feedback and ok markus@ OpenBSD-Commit-ID: 4dba6735d88c57232f6fccec8a08bdcfea44ac4c
* upstream: support PKCS8 as an optional format for storage ofdjm@openbsd.org2019-07-151-22/+56
| | | | | | | | | | | | | | private keys, enabled via "ssh-keygen -m PKCS8" on operations that save private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less terrible KDF (IIRC PEM uses a single round of MD5 as a KDF). adapted from patch by Jakub Jelen via bz3013; ok markus OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
* upstream: Remove some set but never used variables. ok daraadt@dtucker@openbsd.org2019-07-081-4/+2
| | | | OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7
* upstream: fix NULL deference (bzero) on errdjm@openbsd.org2019-06-281-2/+2
| | | | | | | | | | | | =?UTF-8?q?or=20path=20added=20in=20last=20commit;=20spotted=20by=20Reynir?= =?UTF-8?q?=20Bj=C3=B6rnsson?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ok deraadt@ markus@ tb@ OpenBSD-Commit-ID: b11b084bcc551b2c630560eb08618dd501027bbd
* upstream: fix mismatch proto/decl from key shielding change; spotteddjm@openbsd.org2019-06-231-2/+2
| | | | | | via oss-fuzz OpenBSD-Commit-ID: 1ea0ba05ded2c5557507bd844cd446e5c8b5b3b7
* upstream: Add protection for private keys at rest in RAM againstdjm@openbsd.org2019-06-211-17/+282
| | | | | | | | | | | | | | | | | | | | | | | | | speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@ OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
* upstream: When signing certificates with an RSA key, default todjm@openbsd.org2019-05-201-1/+8
| | | | | | | | | | | | | using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH < 7.2 unless the default is overridden. Document the ability of the ssh-keygen -t flag to override the signature algorithm when signing certificates, and the new default. ok deraadt@ OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
* upstream: Wrap XMSS including in ifdef. Patch from markus atdtucker@openbsd.org2019-05-081-2/+4
| | | | | | blueflash.cc, ok djm OpenBSD-Commit-ID: e3b34fc35cf12d33bde91ac03633210a3bc0f8b5
* upstream: Make sshpkt_get_bignum2() allocate the bignum it isdjm@openbsd.org2019-01-211-70/+26
| | | | | | | | parsing rather than make the caller do it. Saves a lot of boilerplate code. from markus@ ok djm@ OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9
* some more duplicated key algorithm linesDamien Miller2018-10-111-4/+0
| | | | From Adam Eijdenberg
* fix duplicated algorithm specification linesDamien Miller2018-10-111-4/+0
| | | | Spotted by Adam Eijdenberg
* upstream: typo in plain RSA algorithm counterpart names fordjm@openbsd.org2018-10-111-3/+3
| | | | | | certificates; spotted by Adam Eijdenberg; ok dtucker@ OpenBSD-Commit-ID: bfcdeb6f4fc9e7607f5096574c8f118f2e709e00
* supply callback to PEM_read_bio_PrivateKeyDamien Miller2018-10-111-1/+15
| | | | | | | | | | | | OpenSSL 1.1.0i has changed the behaviour of their PEM APIs, so that empty passphrases are interpreted differently. This probabalistically breaks loading some keys, because the PEM format is terrible and doesn't include a proper MAC. Avoid this by providing a basic callback to avoid passing empty passphrases to OpenSSL in cases where one is required. Based on patch from Jakub Jelen in bz#2913; ok dtucker@
* upstream: Treat all PEM_read_bio_PrivateKey() errors when a passphrasedjm@openbsd.org2018-10-091-2/+11
| | | | | | | | | | | | | | | is specified as "incorrect passphrase" instead of trying to choose between that and "invalid format". libcrypto can return ASN1 parsing errors rather than the expected decrypt error in certain infrequent cases when trying to decrypt/parse PEM private keys when supplied with an invalid passphrase. Report and repro recipe from Thomas Deutschmann in bz#2901 ok markus@ OpenBSD-Commit-ID: b1d4cd92395f9743f81c0d23aab2524109580870
* Fix openssl-1.1 fallout for --without-openssl.Darren Tucker2018-09-151-0/+4
| | | | ok djm@
* upstream: garbage-collect moribund ssh_new_private() API.djm@openbsd.org2018-09-141-17/+6
| | | | OpenBSD-Commit-ID: 7c05bf13b094093dfa01848a9306c82eb6e95f6c
* adapt -portable to OpenSSL 1.1x APIDamien Miller2018-09-131-1/+2
| | | | Polyfill missing API with replacement functions extracted from LibreSSL
* upstream: hold our collective noses and use the openssl-1.1.x API indjm@openbsd.org2018-09-131-295/+342
| | | | | | OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
* upstream: add sshkey_check_cert_sigtype() that checks adjm@openbsd.org2018-09-121-1/+22
| | | | | | cert->signature_type against a supplied whitelist; ok markus OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
* upstream: add cert->signature_type field and keep it in sync withdjm@openbsd.org2018-09-121-26/+67
| | | | | | certificate signature wrt loading and certification operations; ok markus@ OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3
* upstream: some finesse to fix RSA-SHA2 certificate authenticationdjm@openbsd.org2018-07-031-4/+4
| | | | | | for certs hosted in ssh-agent OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f
* upstream: Improve strictness and control over RSA-SHA2 signaturedjm@openbsd.org2018-07-031-21/+83
| | | | | | | | | | | | | | | | | | | | | | | In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@ OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
* upstream: ssh/xmss: fix deserialize for certs; ok djm@markus@openbsd.org2018-03-231-1/+6
| | | | OpenBSD-Commit-ID: f44c41636c16ec83502039828beaf521c057dddc
* upstream: refactor sshkey_read() to make it a little more, err,djm@openbsd.org2018-03-021-113/+135
| | | | | | readable. ok markus OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28
* upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org2018-02-261-15/+395
| | | | | | | | | Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
* upstream: Some obvious freezero() conversions.jsing@openbsd.org2018-02-161-26/+11
| | | | | | | | This also zeros an ed25519_pk when it was not being zeroed previously. ok djm@ dtucker@ OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82
* upstream commitjsing@openbsd.org2018-02-071-35/+18
| | | | | | | | | | | | Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@ OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
* upstream commitdjm@openbsd.org2017-12-191-4/+5
| | | | | | | | pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
* upstream commitdjm@openbsd.org2017-12-191-1/+26
| | | | | | | sshkey_sigtype() function to return the type of a signature; ok markus@ OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8
* upstream commitdjm@openbsd.org2017-10-201-2/+2
| | | | | | | BIO_get_mem_data() is supposed to take a char* as pointer argument, so don't pass it a const char* Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec
* upstream commitdjm@openbsd.org2017-08-121-2/+2
| | | | | | | | Switch from aes256-cbc to aes256-ctr for encrypting new-style private keys. The latter having the advantage of being supported for no-OpenSSL builds; bz#2754 ok markus@ Upstream-ID: 54179a2afd28f93470471030567ac40431e56909
* upstream commitmarkus@openbsd.org2017-07-211-6/+1
| | | | | | fix support for unknown key types; ok djm@ Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48
* upstream commitdjm@openbsd.org2017-07-211-4/+3
| | | | | | | remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
* upstream commitdjm@openbsd.org2017-06-281-4/+21
| | | | | | | Allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 ok markus Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
* upstream commitdjm@openbsd.org2017-06-101-42/+62
| | | | | | | | better translate libcrypto errors by looking deeper in the accursed error stack for codes that indicate the wrong passphrase was supplied for a PEM key. bz#2699 ok dtucker@ Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681
* upstream commitderaadt@openbsd.org2017-06-011-3/+4
| | | | | | | | | Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
* upstream commitdjm@openbsd.org2017-05-101-3/+4
| | | | | | | make requesting bad ECDSA bits yield the same error (SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6
* upstream commitdjm@openbsd.org2017-05-081-5/+24
| | | | | | | Refuse RSA keys <1024 bits in length. Improve reporting for keys that do not meet this requirement. ok markus@ Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
* upstream commitdjm@openbsd.org2017-05-011-56/+7
| | | | | | | | remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
* upstream commitdjm@openbsd.org2017-05-011-6/+2
| | | | | | remove SSHv1 ciphers; ok markus@ Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
* upstream commitdjm@openbsd.org2017-05-011-379/+1
| | | | | | unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
* Remove compat code for OpenSSL < 0.9.7.Darren Tucker2017-03-291-5/+1
| | | | Resyncs that code with OpenBSD upstream.
* upstream commitdjm@openbsd.org2017-03-101-3/+5
| | | | | | | | fix regression in 7.4 server-sig-algs, where we were accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno Goncalves; ok dtucker@ Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
* upstream commitdtucker@openbsd.org2017-03-101-1/+4
| | | | | | | Check for NULL argument to sshkey_read. Patch from jjelen at redhat.com via bz#2687, ok djm@ Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e
* upstream commitdtucker@openbsd.org2017-02-171-1/+3
| | | | | | | ifdef out "rsa1" from the list of supported keytypes when compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@ Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f