| Age | Commit message (Collapse) | Author |
|---|
|
This patch has been rejected upstream: "None of the OpenSSH developers are
in favour of adding this, and this situation has not changed for several
years. This is not a slight on Simon's patch, which is of fine quality, but
just that a) we don't trust GSSAPI implementations that much and b) we don't
like adding new KEX since they are pre-auth attack surface. This one is
particularly scary, since it requires hooks out to typically root-owned
system resources."
However, quite a lot of people rely on this in Debian, and it's better to
have it merged into the main openssh package rather than having separate
-krb5 packages (as we used to have). It seems to have a generally good
security history.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
Last-Updated: 2017-10-04
Patch-Name: gssapi.patch
|
|
Switch from aes256-cbc to aes256-ctr for encrypting
new-style private keys. The latter having the advantage of being supported
for no-OpenSSL builds; bz#2754 ok markus@
Upstream-ID: 54179a2afd28f93470471030567ac40431e56909
|
|
fix support for unknown key types; ok djm@
Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48
|
|
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus
Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
|
|
Allow ssh-keygen to use a key held in ssh-agent as a CA when
signing certificates. bz#2377 ok markus
Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
|
|
better translate libcrypto errors by looking deeper in
the accursed error stack for codes that indicate the wrong passphrase was
supplied for a PEM key. bz#2699 ok dtucker@
Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681
|
|
Switch to recallocarray() for a few operations. Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus
Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
|
|
make requesting bad ECDSA bits yield the same error
(SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA
Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6
|
|
Refuse RSA keys <1024 bits in length. Improve reporting
for keys that do not meet this requirement. ok markus@
Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
|
|
remove KEY_RSA1
ok markus@
Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
|
|
remove SSHv1 ciphers; ok markus@
Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
|
|
unifdef WITH_SSH1 ok markus@
Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
|
|
Resyncs that code with OpenBSD upstream.
|
|
fix regression in 7.4 server-sig-algs, where we were
accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
Goncalves; ok dtucker@
Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
|
|
Check for NULL argument to sshkey_read. Patch from
jjelen at redhat.com via bz#2687, ok djm@
Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e
|
|
ifdef out "rsa1" from the list of supported keytypes when
compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@
Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f
|
|
EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out
for the benefit of OpenSSL versions prior to that.
|
|
bring back r1.34 that was backed out for problems loading
public keys:
translate OpenSSL error codes to something more
meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
with additional fix from Jakub Jelen to solve the backout.
bz#2525 bz#2523 re-ok dtucker@
Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
|
|
Remove dead breaks, found via opencoverage.net. ok
deraadt@
Upstream-ID: ad9cc655829d67fad219762810770787ba913069
|
|
add a comment about implicitly-expected checks to
sshkey_ec_validate_public()
Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f
|
|
Avoid a theoretical signed integer overflow should
BN_num_bytes() ever violate its manpage and return a negative value. Improve
order of tests to avoid confusing increasingly pedantic compilers.
Reported by Guido Vranken from stack (css.csail.mit.edu/stack)
unstable optimisation analyser output. ok deraadt@
Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505
|
|
list all supported signature algorithms in the
server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly)
Ron Frederick; ok markus@
Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd
|
|
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker
Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
|
|
small refactor of cipher.c: make ciphercontext opaque to
callers feedback and ok markus@
Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f
|
|
revert 1.34; causes problems loading public keys
reported by semarie@
Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179
|
|
translate OpenSSL error codes to something more
meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
|
|
support SHA256 and SHA512 RSA signatures in certificates;
ok markus@
Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
|
|
make private key loading functions consistently handle NULL
key pointer arguments; ok markus@
Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761
|
|
Remove NULL-checks before sshbuf_free().
ok djm@
Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917
|
|
Remove NULL-checks before sshkey_free().
ok djm@
Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
|
|
Remove NULL-checks before free().
ok dtucker@
Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
|
|
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@
Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
|
|
move the certificate validity formatting code to
sshkey.[ch]
Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523
|
|
Replace remaining calls to index(3) with strchr(3). OK
jca@ krw@
Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d
|
|
improve sshkey_read() semantics; only update *cpp when a
key is successfully read; ok markus@
Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089
|
|
argument to sshkey_from_private() and sshkey_demote()
can't be NULL
Upstream-ID: 0111245b1641d387977a9b38da15916820a5fd1f
|
|
- Fix error message: passphrase needs to be at least 5
characters, not 4. - Remove unused function argument. - Remove two
unnecessary variables.
OK djm@
Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
|
|
Fix occurrences of "r = func() != 0" which result in the
wrong error codes being returned due to != having higher precedence than =.
ok deraadt@ markus@
Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
|
|
fix double-free() in error path of DSA key generation
reported by Mateusz Kocielski; ok markus@
Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c
|
|
delete support for legacy v00 certificates; "sure"
markus@ dtucker@
Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
|
|
refactor: split base64 encoding of pubkey into its own
sshkey_to_base64() function and out of sshkey_write(); ok markus@
Upstream-ID: 54fc38f5832e9b91028900819bda46c3959a0c1a
|
|
Remove pattern length argument from match_pattern_list(), we
only ever use it for strlen(pattern).
Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.
ok markus@
|
|
don't choke on new-format private keys encrypted with an
AEAD cipher; bz#2366, patch from Ron Frederick; ok markus@
|
|
correct return value in pubkey parsing, spotted by Ben Hawkes
ok markus@
|
|
fix sshkey_certify() return value for unsupported key types;
ok markus@ deraadt@
|
|
small refactor and add some convenience functions; ok
markus
|
|
Replace <sys/param.h> with <limits.h> and other less
dirty headers where possible. Annotate <sys/param.h> lines with their
current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of
MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
These are the files confirmed through binary verification. ok guenther,
millert, doug (helped with the verification protocol)
|
|
avoid an warning for the !OPENSSL case
|
|
add sshd_config HostbasedAcceptedKeyTypes and
PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
will be accepted. Currently defaults to all. Feedback & ok markus@
|
|
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
|
