| Age | Commit message (Collapse) | Author |
|---|
|
This patch has been rejected upstream: "None of the OpenSSH developers are
in favour of adding this, and this situation has not changed for several
years. This is not a slight on Simon's patch, which is of fine quality, but
just that a) we don't trust GSSAPI implementations that much and b) we don't
like adding new KEX since they are pre-auth attack surface. This one is
particularly scary, since it requires hooks out to typically root-owned
system resources."
However, quite a lot of people rely on this in Debian, and it's better to
have it merged into the main openssh package rather than having separate
-krb5 packages (as we used to have). It seems to have a generally good
security history.
Author: Simon Wilkinson <simon@sxw.org.uk>
Author: Colin Watson <cjwatson@debian.org>
Author: Jakub Jelen <jjelen@redhat.com>
Origin: other, https://github.com/openssh-gsskex/openssh-gsskex/commits/debian/master
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
Last-Updated: 2020-06-07
Patch-Name: gssapi.patch
|
|
FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
|
|
djm
OpenBSD-Commit-ID: d0002ffb7f20f538b014d1d0735facd5a81ff096
|
|
webauthn is a standard for using FIDO keys in web browsers. webauthn
signatures are a slightly different format to plain FIDO signatures - this
support allows verification of these. Feedback and ok markus@
OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
|
|
duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key
type check in the ECDSA_CERT parsing path.
feedback and ok markus@
OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9
|
|
Extracts a public key from the unencrypted envelope of a new-style
OpenSSH private key.
ok markus@
OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
|
|
Try new format parser for all key types first, fall back to PEM
parser only for invalid format errors.
ok markus@
OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77
|
|
new-style private decoding; ok markus@
OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662
|
|
private key
(this public key is currently unusued)
ok markus@
OpenBSD-Commit-ID: 634a60b5e135d75f48249ccdf042f3555112049c
|
|
Split out the base64 decoding and private section decryption steps in
to separate functions. This will make the decryption step easier to fuzz
as well as making it easier to write a "load public key from new-format
private key" function.
ok markus@
OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e
|
|
ok djm
OpenBSD-Commit-ID: 6f7a6f19540ed5749763c2f9530c0897c94aa552
|
|
null-deref); ok djm
OpenBSD-Commit-ID: 0d39668edf5e790b5837df4926ee1141cec5471c
|
|
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
|
|
prompt; reported by jmc@
OpenBSD-Commit-ID: 04d4f582fc194eb3897ebcbfe286c49958ba2859
|
|
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.
feedback and ok markus@
OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
|
|
The ssh-sk-helper client API gives us a nice place to disable
security key support when it is wasn't enabled at compile time,
so we don't need to check everywere.
Also, verification of security key signatures can remain enabled
all the time - it has no additional dependencies. So sshd can
accept security key pubkeys in authorized_keys, etc regardless of
the host's support for dlopen, etc.
|
|
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*
requested by, feedback and ok markus@
OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f
|
|
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
|
|
OpenBSD-Commit-ID: 066682b79333159cac04fcbe03ebd9c8dcc152a9
|
|
OpenBSD-Commit-ID: 64c8cc6f5de2cdd0ee3a81c3a9dee8d862645996
|
|
Found by -Wimplicit-fallthrough: one ECC case was not inside the ifdef.
ok djm@
|
|
We weren't following the rules re BN_CTX_start/BN_CTX_end and the places
we were using it didn't benefit from its use anyway. ok dtucker@
OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a
|
|
signatures left on a shielded key, we need to transfer the number of
signatures left from the private to the public key. ok djm@
OpenBSD-Commit-ID: 8a5d0d260aeace47d372695fdae383ce9b962574
|
|
to delay the call to shield until we have received key specific options. -
when serializing xmss keys for shield we need to deal with all optional
components (e.g. state might not be loaded). ok djm@
OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f
|
|
Fixes build against OpenSSL configured without ECC.
|
|
OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
|
|
OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910
|
|
OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19
|
|
OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6
|
|
Spotted by Darren and his faux-Vax
|
|
including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.
Suggested by / ok markus@
OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
|
|
Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.
feedback & ok markus@
OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
|
|
case, and some other NULL dereferences found by fuzzing.
fix with and ok markus@
OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b
|
|
|
|
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
|
|
markus@
OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8
|
|
functionality there (wrapping of base64-encoded data) to sshbuf functions;
feedback and ok markus@
OpenBSD-Commit-ID: 4dba6735d88c57232f6fccec8a08bdcfea44ac4c
|
|
private keys, enabled via "ssh-keygen -m PKCS8" on operations that save
private keys to disk.
The OpenSSH native key format remains the default, but PKCS8 is a
superior format to PEM if interoperability with non-OpenSSH software
is required, as it may use a less terrible KDF (IIRC PEM uses a single
round of MD5 as a KDF).
adapted from patch by Jakub Jelen via bz3013; ok markus
OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
|
|
OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7
|
|
=?UTF-8?q?or=20path=20added=20in=20last=20commit;=20spotted=20by=20Reynir?=
=?UTF-8?q?=20Bj=C3=B6rnsson?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
ok deraadt@ markus@ tb@
OpenBSD-Commit-ID: b11b084bcc551b2c630560eb08618dd501027bbd
|
|
via oss-fuzz
OpenBSD-Commit-ID: 1ea0ba05ded2c5557507bd844cd446e5c8b5b3b7
|
|
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
and Rambleed. This change encrypts private keys when they are not in use with
a symmetic key that is derived from a relatively large "prekey" consisting of
random data (currently 16KB).
Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.
Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.
Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.
been in snaps for a bit already; thanks deraadt@
ok dtucker@ deraadt@
OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
|
|
using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
will therefore be incompatible with OpenSSH < 7.2 unless the default is
overridden.
Document the ability of the ssh-keygen -t flag to override the
signature algorithm when signing certificates, and the new default.
ok deraadt@
OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
|
|
blueflash.cc, ok djm
OpenBSD-Commit-ID: e3b34fc35cf12d33bde91ac03633210a3bc0f8b5
|
|
parsing rather than make the caller do it. Saves a lot of boilerplate code.
from markus@ ok djm@
OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9
|
|
From Adam Eijdenberg
|
|
Spotted by Adam Eijdenberg
|
|
certificates; spotted by Adam Eijdenberg; ok dtucker@
OpenBSD-Commit-ID: bfcdeb6f4fc9e7607f5096574c8f118f2e709e00
|
|
OpenSSL 1.1.0i has changed the behaviour of their PEM APIs,
so that empty passphrases are interpreted differently. This
probabalistically breaks loading some keys, because the PEM format
is terrible and doesn't include a proper MAC.
Avoid this by providing a basic callback to avoid passing empty
passphrases to OpenSSL in cases where one is required.
Based on patch from Jakub Jelen in bz#2913; ok dtucker@
|
|
is specified as "incorrect passphrase" instead of trying to choose between
that and "invalid format".
libcrypto can return ASN1 parsing errors rather than the expected
decrypt error in certain infrequent cases when trying to decrypt/parse
PEM private keys when supplied with an invalid passphrase.
Report and repro recipe from Thomas Deutschmann in bz#2901
ok markus@
OpenBSD-Commit-ID: b1d4cd92395f9743f81c0d23aab2524109580870
|
