summaryrefslogtreecommitdiff
path: root/authfile.c
AgeCommit message (Collapse)Author
2020-04-08upstream: let sshkey_try_load_public() load public keys from thedjm@openbsd.org
unencrypted envelope of private key files if not sidecar public key file is present. ok markus@ OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040
2020-04-08upstream: simplify sshkey_try_load_public()djm@openbsd.org
ok markus@ OpenBSD-Commit-ID: 05a5d46562aafcd70736c792208b1856064f40ad
2020-01-26upstream: factor out reading/writing sshbufs to dedicateddjm@openbsd.org
functions; feedback and ok markus@ OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d
2020-01-03upstream: add sshkey_save_public(), to save a public key; okdjm@openbsd.org
markus@ OpenBSD-Commit-ID: 5d6f96a966d10d7fa689ff9aa9e1d6767ad5a076
2019-09-03upstream: move advance_past_options to authfile.c and make itdjm@openbsd.org
public; ok markus@ OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c
2019-08-08upstream: Remove now-redundant perm_ok arg sincedtucker@openbsd.org
sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that case. Patch from jitendra.sharma at intel.com, ok djm@ OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77
2019-07-15upstream: support PKCS8 as an optional format for storage ofdjm@openbsd.org
private keys, enabled via "ssh-keygen -m PKCS8" on operations that save private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less terrible KDF (IIRC PEM uses a single round of MD5 as a KDF). adapted from patch by Jakub Jelen via bz3013; ok markus OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
2019-07-05upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org
some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2018-09-21upstream: In sshkey_in_file(), ignore keys that are considered fordjm@openbsd.org
being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered to be "in the file". This allows key revocation lists to contain short keys without the entire revocation list being considered invalid. bz#2897; ok dtucker OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
2018-07-10upstream: replace cast with call to sshbuf_mutable_ptr(); ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 4dfe9d29fa93d9231645c89084f7217304f7ba29
2018-06-07upstream: switch config file parsing to getline(3) as this avoidsmarkus@openbsd.org
static limits noted by gerhard@; ok dtucker@, djm@ OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
2018-02-26upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
2017-07-21upstream commitdjm@openbsd.org
remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
2017-06-01upstream commitderaadt@openbsd.org
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
2017-05-31upstream commitmarkus@openbsd.org
revise sshkey_load_public(): remove ssh1 related comments, remove extra open()/close() on keyfile, prevent leak of 'pub' if 'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@ Upstream-ID: 6175e47cab5b4794dcd99c1175549a483ec673ca
2017-05-01upstream commitdjm@openbsd.org
unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
2017-04-04upstream commitderaadt@openbsd.org
incorrect renditions of this quote bother me Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49
2016-11-29upstream commitdjm@openbsd.org
use sshbuf_allocate() to pre-allocate the buffer used for loading keys. This avoids implicit realloc inside the buffer code, which might theoretically leave fragments of the key on the heap. This doesn't appear to happen in practice for normal sized keys, but was observed for novelty oversize ones. Pointed out by Jann Horn of Project Zero; ok markus@ Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1
2016-04-13upstream commitdjm@openbsd.org
make private key loading functions consistently handle NULL key pointer arguments; ok markus@ Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761
2015-12-18upstream commitmmcc@openbsd.org
Remove NULL-checks before sshbuf_free(). ok djm@ Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917
2015-12-18upstream commitmmcc@openbsd.org
Remove NULL-checks before sshkey_free(). ok djm@ Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
2015-12-11upstream commitmmcc@openbsd.org
Remove NULL-checks before free(). ok dtucker@ Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
2015-09-16upstream committim@openbsd.org
- Fix error message: passphrase needs to be at least 5 characters, not 4. - Remove unused function argument. - Remove two unnecessary variables. OK djm@ Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
2015-07-15upstream commitmarkus@openbsd.org
re-enable ed25519-certs if compiled w/o openssl; ok djm Upstream-ID: e10c90808b001fd2c7a93778418e9b318f5c4c49
2015-07-15upstream commitdjm@openbsd.org
delete support for legacy v00 certificates; "sure" markus@ dtucker@ Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
2015-04-29upstream commitdjm@openbsd.org
s/recommended/required/ that private keys be og-r this wording change was made a while ago but got accidentally reverted
2015-04-01upstream commitdjm@openbsd.org
fd leak for !ssh1 case; found by unittests; ok markus@
2015-03-23upstream commitdjm@openbsd.org
KRL support doesn't need OpenSSL anymore, remove #ifdefs from around call
2015-02-24upstream commitdjm@openbsd.org
add an XXX to remind me to improve sshkey_load_public
2015-01-26upstream commitderaadt@openbsd.org
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
2015-01-15more --without-opensslDamien Miller
fix some regressions caused by upstream merges enable KRLs now that they no longer require BIGNUMs
2015-01-09upstream commitdjm@openbsd.org
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@
2014-12-05upstream commitdjm@openbsd.org
add RevokedHostKeys option for the client Allow textfile or KRL-based revocation of hostkeys.
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 01:13:21Damien Miller
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e.
2014-05-15 - markus@cvs.openbsd.org 2014/04/29 18:01:49Damien Miller
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
2014-05-15 - djm@cvs.openbsd.org 2014/04/28 03:09:18Damien Miller
[authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h] [ssh-keygen.c] buffer_get_string_ptr's return should be const to remind callers that futzing with it will futz with the actual buffer contents
2014-04-20 - djm@cvs.openbsd.org 2014/03/12 04:51:12Damien Miller
[authfile.c] correct test that kdf name is not "none" or "bcrypt"
2014-02-04 - djm@cvs.openbsd.org 2014/02/02 03:44:32Damien Miller
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
2014-02-04 - tedu@cvs.openbsd.org 2014/01/31 16:39:19Damien Miller
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
2013-12-29 - djm@cvs.openbsd.org 2013/12/29 04:35:50Damien Miller
[authfile.c] don't refuse to load Ed25519 certificates
2013-12-07 - [authfile.c] Conditionalise inclusion of util.hDamien Miller
2013-12-07 - markus@cvs.openbsd.org 2013/12/06 13:39:49Damien Miller
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c] [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c] [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c] [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c] [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c] support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
2013-12-07 - markus@cvs.openbsd.org 2013/12/06 13:34:54Damien Miller
[authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c] [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
2013-11-21 - djm@cvs.openbsd.org 2013/11/21 00:45:44Damien Miller
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
2013-06-02 - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
2013-04-23 - djm@cvs.openbsd.org 2013/04/19 01:06:50Damien Miller
[authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c] [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c] add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
2013-01-09 - markus@cvs.openbsd.org 2013/01/08 18:49:04Damien Miller
[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c] [myproposal.h packet.c ssh_config.5 sshd_config.5] support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
2012-12-12 - markus@cvs.openbsd.org 2012/12/11 22:31:18Damien Miller
[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h] [packet.c ssh_config.5 sshd_config.5] add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:36:31Damien Miller
[authfile.c] memleak in key_load_file(); from Jan Klemkow
2011-06-20 - markus@cvs.openbsd.org 2011/06/14 22:49:18Damien Miller
[authfile.c] make sure key_parse_public/private_rsa1() no longer consumes its input buffer. fixes ssh-add for passphrase-protected ssh1-keys; noted by naddy@; ok djm@