path: root/sshkey.c
AgeCommit message (Collapse)Author
2018-09-15Fix openssl-1.1 fallout for --without-openssl.Darren Tucker
ok djm@
2018-09-14upstream: garbage-collect moribund ssh_new_private()
OpenBSD-Commit-ID: 7c05bf13b094093dfa01848a9306c82eb6e95f6c
2018-09-13adapt -portable to OpenSSL 1.1x APIDamien Miller
Polyfill missing API with replacement functions extracted from LibreSSL
2018-09-13upstream: hold our collective noses and use the openssl-1.1.x API
OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
2018-09-12upstream: add sshkey_check_cert_sigtype() that checks
cert->signature_type against a supplied whitelist; ok markus OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
2018-09-12upstream: add cert->signature_type field and keep it in sync
certificate signature wrt loading and certification operations; ok markus@ OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3
2018-07-03upstream: some finesse to fix RSA-SHA2 certificate
for certs hosted in ssh-agent OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f
2018-07-03upstream: Improve strictness and control over RSA-SHA2
In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "" and "" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@ OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
2018-03-23upstream: ssh/xmss: fix deserialize for certs; ok
OpenBSD-Commit-ID: f44c41636c16ec83502039828beaf521c057dddc
2018-03-02upstream: refactor sshkey_read() to make it a little more, err,
readable. ok markus OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28
2018-02-26upstream: Add experimental support for PQC XMSS keys (
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Joint work with stefan-lukas_gazdag at See ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
2018-02-16upstream: Some obvious freezero()
This also zeros an ed25519_pk when it was not being zeroed previously. ok djm@ dtucker@ OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@ OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
sshkey_sigtype() function to return the type of a signature; ok markus@ OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8
BIO_get_mem_data() is supposed to take a char* as pointer argument, so don't pass it a const char* Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec
Switch from aes256-cbc to aes256-ctr for encrypting new-style private keys. The latter having the advantage of being supported for no-OpenSSL builds; bz#2754 ok markus@ Upstream-ID: 54179a2afd28f93470471030567ac40431e56909
fix support for unknown key types; ok djm@ Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48
remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
Allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 ok markus Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
better translate libcrypto errors by looking deeper in the accursed error stack for codes that indicate the wrong passphrase was supplied for a PEM key. bz#2699 ok dtucker@ Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
make requesting bad ECDSA bits yield the same error (SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6
Refuse RSA keys <1024 bits in length. Improve reporting for keys that do not meet this requirement. ok markus@ Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
remove SSHv1 ciphers; ok markus@ Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
2017-03-29Remove compat code for OpenSSL < 0.9.7.Darren Tucker
Resyncs that code with OpenBSD upstream.
fix regression in 7.4 server-sig-algs, where we were accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno Goncalves; ok dtucker@ Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
Check for NULL argument to sshkey_read. Patch from jjelen at via bz#2687, ok djm@ Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e
ifdef out "rsa1" from the list of supported keytypes when compiled without SSH1 support. Found by kdunlop at, ok djm@ Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f
2017-02-12ifdef out EVP_R_PRIVATE_KEY_DECODE_ERRORDarren Tucker
EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out for the benefit of OpenSSL versions prior to that.
bring back r1.34 that was backed out for problems loading public keys: translate OpenSSL error codes to something more meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ with additional fix from Jakub Jelen to solve the backout. bz#2525 bz#2523 re-ok dtucker@ Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
Remove dead breaks, found via ok deraadt@ Upstream-ID: ad9cc655829d67fad219762810770787ba913069
add a comment about implicitly-expected checks to sshkey_ec_validate_public() Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f
Avoid a theoretical signed integer overflow should BN_num_bytes() ever violate its manpage and return a negative value. Improve order of tests to avoid confusing increasingly pedantic compilers. Reported by Guido Vranken from stack ( unstable optimisation analyser output. ok deraadt@ Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505
list all supported signature algorithms in the server-sig-algs Reported by mb AT in bz#2547 and (independantly) Ron Frederick; ok markus@ Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@ Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f
revert 1.34; causes problems loading public keys reported by semarie@ Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179
translate OpenSSL error codes to something more meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
support SHA256 and SHA512 RSA signatures in certificates; ok markus@ Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
make private key loading functions consistently handle NULL key pointer arguments; ok markus@ Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761
Remove NULL-checks before sshbuf_free(). ok djm@ Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917
Remove NULL-checks before sshkey_free(). ok djm@ Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
Remove NULL-checks before free(). ok dtucker@ Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@ Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
move the certificate validity formatting code to sshkey.[ch] Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523
Replace remaining calls to index(3) with strchr(3). OK jca@ krw@ Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d
improve sshkey_read() semantics; only update *cpp when a key is successfully read; ok markus@ Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089