summaryrefslogtreecommitdiff
path: root/krl.c
AgeCommit message (Collapse)Author
2019-07-23Include stdlib.h for free() and calloc().Darren Tucker
2019-06-21upstream: Add protection for private keys at rest in RAM againstdjm@openbsd.org
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@ OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
2018-09-12upstream: allow key revocation by SHA256 hash and allow ssh-keygendjm@openbsd.org
to create KRLs using SHA256/base64 key fingerprints; ok markus@ OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
2017-12-19upstream commitdjm@openbsd.org
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
2017-06-01upstream commitderaadt@openbsd.org
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
2017-03-12upstream commitdtucker@openbsd.org
krl.c Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1
2016-09-12upstream commitderaadt@openbsd.org
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2016-01-07upstream commitdjm@openbsd.org
fix three bugs in KRL code related to (unused) signature support: verification length was being incorrectly calculated, multiple signatures were being incorrectly processed and a NULL dereference that occurred when signatures were verified. Reported by Carl Jackson Upstream-ID: e705e97ad3ccce84291eaa651708dd1b9692576b
2015-12-18upstream commitmmcc@openbsd.org
Remove NULL-checks before sshbuf_free(). ok djm@ Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917
2015-12-07upstream commitmarkus@openbsd.org
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@ Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
2015-09-03upstream commitjsg@openbsd.org
Fix occurrences of "r = func() != 0" which result in the wrong error codes being returned due to != having higher precedence than =. ok deraadt@ markus@ Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
2015-07-15upstream commitdjm@openbsd.org
delete support for legacy v00 certificates; "sure" markus@ dtucker@ Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
2015-06-25upstream commitdjm@openbsd.org
correct test to sshkey_sign(); spotted by Albert S. Upstream-ID: 5f7347f40f0ca6abdaca2edb3bd62f4776518933
2015-01-30upstream commitdjm@openbsd.org
permit KRLs that revoke certificates by serial number or key ID without scoping to a particular CA; ok markus@
2015-01-27upstream commitdjm@openbsd.org
small refactor and add some convenience functions; ok markus
2015-01-26upstream commitderaadt@openbsd.org
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
2015-01-20upstream commitdjm@openbsd.org
fix format strings in (disabled) debugging
2015-01-20upstream commitderaadt@openbsd.org
string truncation due to sizeof(size) ok djm markus
2015-01-15more --without-opensslDamien Miller
fix some regressions caused by upstream merges enable KRLs now that they no longer require BIGNUMs
2015-01-15support --without-openssl at configure timeDamien Miller
Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
2015-01-15upstream commitdjm@openbsd.org
avoid BIGNUM in KRL code by using a simple bitmap; feedback and ok markus
2015-01-14upstream commitdjm@openbsd.org
sync changes from libopenssh; prepared by markus@ mostly debug output tweaks, a couple of error return value changes and some other minor stuff
2015-01-13upstream commitmarkus@openbsd.org
missing error assigment on sshbuf_put_string()
2015-01-13upstream commitmarkus@openbsd.org
free->sshkey_free; ok djm@
2015-01-09upstream commitdjm@openbsd.org
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@
2014-12-22upstream commitdjm@openbsd.org
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
2014-12-05upstream commitdjm@openbsd.org
convert KRL code to new buffer API ok markus@
2014-11-24upstream commitdjm@openbsd.org
fix NULL pointer dereference crash on invalid timestamp found using Michal Zalewski's afl fuzzer
2014-11-17upstream commitdjm@openbsd.org
fix KRL generation when multiple CAs are in use We would generate an invalid KRL when revoking certs by serial number for multiple CA keys due to a section being written out twice. Also extend the regress test to catch this case by having it produce a multi-CA KRL. Reported by peter AT pean.org
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 01:13:21Damien Miller
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e.
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 00:52:02Damien Miller
[krl.c] fix bug in KRL generation: multiple consecutive revoked certificate serial number ranges could be serialised to an invalid format. Readers of a broken KRL caused by this bug will fail closed, so no should-have-been-revoked key will be accepted.
2014-05-15 - djm@cvs.openbsd.org 2014/04/28 03:09:18Damien Miller
[authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h] [ssh-keygen.c] buffer_get_string_ptr's return should be const to remind callers that futzing with it will futz with the actual buffer contents
2014-02-04 - tedu@cvs.openbsd.org 2014/01/31 16:39:19Damien Miller
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
2013-07-25 - djm@cvs.openbsd.org 2013/07/20 22:20:42Damien Miller
[krl.c] fix verification error in (as-yet usused) KRL signature checking path
2013-07-18 - markus@cvs.openbsd.org 2013/06/20 19:15:06Damien Miller
[krl.c] don't leak the rdata blob on errors; ok djm@
2013-04-23 - djm@cvs.openbsd.org 2013/04/05 00:14:00Damien Miller
[auth2-gss.c krl.c sshconnect2.c] hush some {unused, printf type} warnings
2013-04-05 - dtucker@cvs.openbsd.org 2013/02/19 02:12:47Darren Tucker
[krl.c] Remove bogus include. ok djm (id sync only)
2013-02-19 - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneededTim Rice
err.h include from krl.c. Additional portability fixes for modpipe. OK djm
2013-02-12 - djm@cvs.openbsd.org 2013/01/27 10:06:12Damien Miller
[krl.c] actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
2013-02-12 - djm@cvs.openbsd.org 2013/01/25 10:22:19Damien Miller
[krl.c] redo last commit without the vi-vomit that snuck in: skip serial lookup when cert's serial number is zero (now with 100% better comment)
2013-02-12 - krw@cvs.openbsd.org 2013/01/25 05:00:27Damien Miller
[krl.c] Revert last. Breaks due to likely typo. Let djm@ fix later. ok djm@ via dlg@
2013-02-12 - djm@cvs.openbsd.org 2013/01/24 22:08:56Damien Miller
[krl.c] skip serial lookup when cert's serial number is zero
2013-02-12 - (djm) OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2013/01/24 21:45:37 [krl.c] fix handling of (unused) KRL signatures; skip string in correct buffer
2013-01-20 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newerDamien Miller
version.
2013-01-20 - markus@cvs.openbsd.org 2013/01/19 12:34:55Damien Miller
[krl.c] RB_INSERT does not remove existing elments; ok djm@
2013-01-18 - djm@cvs.openbsd.org 2013/01/18 03:00:32Damien Miller
[krl.c] fix KRL generation bug for list sections
2013-01-18 - djm@cvs.openbsd.org 2013/01/17 23:00:01Damien Miller
[auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5] [krl.c krl.h PROTOCOL.krl] add support for Key Revocation Lists (KRLs). These are a compact way to represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@