summaryrefslogtreecommitdiff
path: root/sshkey.c
Commit message (Collapse)AuthorAgeFilesLines
* upstream: add a helper function to match a key type to a list ofdjm@openbsd.org2022-01-071-1/+24
| | | | | | | signature algorithms. RSA keys can make signatures with multiple algorithms, so some special handling is required. ok markus@ OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff
* Only enable sk-* key types if ENABLE_SK is definedDarren Tucker2021-10-071-0/+6
|
* upstream: Let allowed signers files used by ssh-keygen(1)djm@openbsd.org2021-07-231-11/+21
| | | | | | | | signatures support key lifetimes, and allow the verification mode to specify a signature time to check at. This is intended for use by git to support signing objects using ssh keys. ok dtucker@ OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
* upstream: Use existing format_absolute_time() function whendtucker@openbsd.org2021-07-121-17/+5
| | | | | | printing cert validity instead of doing it inline. Part of bz#3329. OpenBSD-Commit-ID: a13d4e3c4f59644c23745eb02a09b2a4e717c00c
* upstream: Fix a couple of whitespace things. Portable already hasdtucker@openbsd.org2021-07-081-1/+1
| | | | | | these so this removes two diffs between the two. OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56
* polish whitespace for portable filesDamien Miller2021-04-031-2/+2
|
* upstream: highly polished whitespace, mostly fixing spaces-for-tabdjm@openbsd.org2021-04-031-11/+11
| | | | | | and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* upstream: fix memleaks in private key deserialisation; enforce moredjm@openbsd.org2021-02-051-1/+20
| | | | | | | consistency between redundant fields in private key certificate and private key body; ok markus@ OpenBSD-Commit-ID: dec344e414d47f0a7adc13aecf3760fe58101240
* upstream: move check_host_cert() from sshconnect,c to sshkey.c anddjm@openbsd.org2021-01-261-4/+35
| | | | | | | | refactor it to make it more generally usable and testable. ok markus@ OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4
* upstream: Make output buffer larger to prevent potential truncationdtucker@openbsd.org2021-01-181-2/+2
| | | | | | | warnings from compilers not smart enough to know the strftime calls won't ever fully fill "to" and "from". ok djm@ OpenBSD-Commit-ID: 83733f1b01b82da88b9dd1769475952aff10bdd7
* upstream: Adapt XMSS to new logging infrastructure. With markus@, okdtucker@openbsd.org2020-10-201-5/+5
| | | | | | djm@. OpenBSD-Commit-ID: 9c35ec3aa0f710e4e3325187ceff4fa3791686de
* upstream: support for user-verified FIDO keysdjm@openbsd.org2020-08-271-9/+11
| | | | | | | | | | | | | | | | | FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@ OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
* upstream: only call sshkey_xmss_init() once for KEY_XMSS_CERT; okmarkus@openbsd.org2020-06-261-2/+4
| | | | | | djm OpenBSD-Commit-ID: d0002ffb7f20f538b014d1d0735facd5a81ff096
* upstream: Add support for FIDO webauthn (verification only).djm@openbsd.org2020-06-221-1/+3
| | | | | | | | webauthn is a standard for using FIDO keys in web browsers. webauthn signatures are a slightly different format to plain FIDO signatures - this support allows verification of these. Feedback and ok markus@ OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
* upstream: Refactor private key parsing. Eliminates a fair bit ofdjm@openbsd.org2020-04-111-147/+40
| | | | | | | | | duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key type check in the ECDSA_CERT parsing path. feedback and ok markus@ OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9
* upstream: add sshkey_parse_pubkey_from_private_fileblob_type()djm@openbsd.org2020-04-081-1/+65
| | | | | | | | | Extracts a public key from the unencrypted envelope of a new-style OpenSSH private key. ok markus@ OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
* upstream: simplify sshkey_parse_private_fileblob_type()djm@openbsd.org2020-04-081-16/+5
| | | | | | | | | Try new format parser for all key types first, fall back to PEM parser only for invalid format errors. ok markus@ OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77
* upstream: check private key type against requested key type indjm@openbsd.org2020-04-081-1/+7
| | | | | | new-style private decoding; ok markus@ OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662
* upstream: check that pubkey in private key envelope matches actualdjm@openbsd.org2020-04-081-8/+19
| | | | | | | | | | private key (this public key is currently unusued) ok markus@ OpenBSD-Commit-ID: 634a60b5e135d75f48249ccdf042f3555112049c
* upstream: refactor private key parsing a littledjm@openbsd.org2020-04-081-40/+114
| | | | | | | | | | | Split out the base64 decoding and private section decryption steps in to separate functions. This will make the decryption step easier to fuzz as well as making it easier to write a "load public key from new-format private key" function. ok markus@ OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e
* upstream: sshkey_cert_check_authority requires reason to be set;markus@openbsd.org2020-03-131-3/+3
| | | | | | ok djm OpenBSD-Commit-ID: 6f7a6f19540ed5749763c2f9530c0897c94aa552
* upstream: passphrase depends on kdfname, not ciphername (possiblemarkus@openbsd.org2020-03-131-8/+8
| | | | | | null-deref); ok djm OpenBSD-Commit-ID: 0d39668edf5e790b5837df4926ee1141cec5471c
* upstream: change explicit_bzero();free() to freezero()jsg@openbsd.org2020-02-281-29/+15
| | | | | | | | | | While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
* upstream: fix ssh-keygen not displaying authenticator touchdjm@openbsd.org2020-01-211-1/+4
| | | | | | prompt; reported by jmc@ OpenBSD-Commit-ID: 04d4f582fc194eb3897ebcbfe286c49958ba2859
* upstream: SK API and sk-helper error/PIN passingdjm@openbsd.org2019-12-301-2/+2
| | | | | | | | | | | | | Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow. Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc. feedback and ok markus@ OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
* remove a bunch of ENABLE_SK #ifdefsDamien Miller2019-12-141-4/+0
| | | | | | | | | | | The ssh-sk-helper client API gives us a nice place to disable security key support when it is wasn't enabled at compile time, so we don't need to check everywere. Also, verification of security key signatures can remain enabled all the time - it has no additional dependencies. So sshd can accept security key pubkeys in authorized_keys, etc regardless of the host's support for dlopen, etc.
* upstream: use ssh-sk-helper for all security key signing operationsdjm@openbsd.org2019-12-141-10/+5
| | | | | | | | | | | This extracts and refactors the client interface for ssh-sk-helper from ssh-agent and generalises it for use by the other programs. This means that most OpenSSH tools no longer need to link against libfido2 or directly interact with /dev/uhid* requested by, feedback and ok markus@ OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f
* upstream: Add new structure for signature optionsdjm@openbsd.org2019-11-251-5/+14
| | | | | | | | | | | This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
* upstream: fix a bug that prevented serialisation of ed25519-sk keysdjm@openbsd.org2019-11-181-1/+2
| | | | OpenBSD-Commit-ID: 066682b79333159cac04fcbe03ebd9c8dcc152a9
* upstream: fix bug that prevented certification of ed25519-sk keysdjm@openbsd.org2019-11-181-1/+7
| | | | OpenBSD-Commit-ID: 64c8cc6f5de2cdd0ee3a81c3a9dee8d862645996
* Move ifdef OPENSSL_HAS_ECC.Darren Tucker2019-11-181-1/+1
| | | | | Found by -Wimplicit-fallthrough: one ECC case was not inside the ifdef. ok djm@
* upstream: remove most uses of BN_CTXdjm@openbsd.org2019-11-171-59/+33
| | | | | | | We weren't following the rules re BN_CTX_start/BN_CTX_end and the places we were using it didn't benefit from its use anyway. ok dtucker@ OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a
* upstream: in order to be able to figure out the number ofmarkus@openbsd.org2019-11-151-1/+6
| | | | | | | signatures left on a shielded key, we need to transfer the number of signatures left from the private to the public key. ok djm@ OpenBSD-Commit-ID: 8a5d0d260aeace47d372695fdae383ce9b962574
* upstream: fix shield/unshield for xmss keys: - in ssh-agent we needmarkus@openbsd.org2019-11-151-2/+2
| | | | | | | | to delay the call to shield until we have received key specific options. - when serializing xmss keys for shield we need to deal with all optional components (e.g. state might not be loaded). ok djm@ OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f
* Put sshsk_sign call inside ifdef ENABLE_SK.Darren Tucker2019-11-141-0/+2
| | | | Fixes build against OpenSSL configured without ECC.
* upstream: enable ed25519 support; ok djmmarkus@openbsd.org2019-11-131-1/+153
| | | | OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
* upstream: implement sshsk_ed25519_inner_sig(); ok djmmarkus@openbsd.org2019-11-131-1/+6
| | | | OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910
* upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djmmarkus@openbsd.org2019-11-131-3/+3
| | | | OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19
* upstream: implement ssh-ed25519-sk verification; ok djm@markus@openbsd.org2019-11-131-1/+5
| | | | OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6
* conditionalise SK sign/verify on ENABLE_SKDamien Miller2019-11-011-0/+4
| | | | Spotted by Darren and his faux-Vax
* upstream: Refactor signing - use sshkey_sign for everything,djm@openbsd.org2019-11-011-8/+18
| | | | | | | | | | | | | including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
* upstream: Initial infrastructure for U2F/FIDO supportdjm@openbsd.org2019-11-011-26/+179
| | | | | | | | | Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
* upstream: fix an unreachable integer overflow similar to the XMSSdjm@openbsd.org2019-10-091-4/+22
| | | | | | | | case, and some other NULL dereferences found by fuzzing. fix with and ok markus@ OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b
* needs time.h for --without-opensslDamien Miller2019-09-081-0/+1
|
* upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@djm@openbsd.org2019-09-061-1/+1
| | | | OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
* upstream: make get_sigtype public as sshkey_get_sigtype(); okdjm@openbsd.org2019-09-031-7/+7
| | | | | | markus@ OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8
* upstream: remove mostly vestigal uuencode.[ch]; moving the only uniquedjm@openbsd.org2019-07-161-20/+7
| | | | | | | functionality there (wrapping of base64-encoded data) to sshbuf functions; feedback and ok markus@ OpenBSD-Commit-ID: 4dba6735d88c57232f6fccec8a08bdcfea44ac4c
* upstream: support PKCS8 as an optional format for storage ofdjm@openbsd.org2019-07-151-22/+56
| | | | | | | | | | | | | | private keys, enabled via "ssh-keygen -m PKCS8" on operations that save private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less terrible KDF (IIRC PEM uses a single round of MD5 as a KDF). adapted from patch by Jakub Jelen via bz3013; ok markus OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
* upstream: Remove some set but never used variables. ok daraadt@dtucker@openbsd.org2019-07-081-4/+2
| | | | OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7
* upstream: fix NULL deference (bzero) on errdjm@openbsd.org2019-06-281-2/+2
| | | | | | | | | | | | =?UTF-8?q?or=20path=20added=20in=20last=20commit;=20spotted=20by=20Reynir?= =?UTF-8?q?=20Bj=C3=B6rnsson?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ok deraadt@ markus@ tb@ OpenBSD-Commit-ID: b11b084bcc551b2c630560eb08618dd501027bbd
View Lorry Controller Status