Commit Graph

61 Commits

Author SHA1 Message Date
djm@openbsd.org
0f3455356b upstream commit
Switch from aes256-cbc to aes256-ctr for encrypting
new-style private keys. The latter having the advantage of being supported
for no-OpenSSL builds; bz#2754 ok markus@

Upstream-ID: 54179a2afd28f93470471030567ac40431e56909
2017-08-12 16:47:10 +10:00
markus@openbsd.org
dc2bd30876 upstream commit
fix support for unknown key types; ok djm@

Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48
2017-07-21 14:17:33 +10:00
djm@openbsd.org
83fa3a0448 upstream commit
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus

Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
2017-07-21 14:17:32 +10:00
djm@openbsd.org
a98339edbc upstream commit
Allow ssh-keygen to use a key held in ssh-agent as a CA when
signing certificates. bz#2377 ok markus

Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
2017-06-28 11:13:19 +10:00
djm@openbsd.org
2076e4adb9 upstream commit
better translate libcrypto errors by looking deeper in
the accursed error stack for codes that indicate the wrong passphrase was
supplied for a PEM key. bz#2699 ok dtucker@

Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681
2017-06-10 16:40:10 +10:00
deraadt@openbsd.org
9e509d4ec9 upstream commit
Switch to recallocarray() for a few operations.  Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus

Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
2017-06-01 14:55:22 +10:00
djm@openbsd.org
5f02bb1f99 upstream commit
make requesting bad ECDSA bits yield the same error
(SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA

Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6
2017-05-10 11:40:18 +10:00
djm@openbsd.org
bd636f4091 upstream commit
Refuse RSA keys <1024 bits in length. Improve reporting
for keys that do not meet this requirement. ok markus@

Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
2017-05-08 09:21:22 +10:00
djm@openbsd.org
873d3e7d9a upstream commit
remove KEY_RSA1

ok markus@

Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
2017-05-01 10:05:01 +10:00
djm@openbsd.org
cdccebdf85 upstream commit
remove SSHv1 ciphers; ok markus@

Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
2017-05-01 10:04:58 +10:00
djm@openbsd.org
56912dea6e upstream commit
unifdef WITH_SSH1 ok markus@

Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
2017-05-01 09:37:40 +10:00
Darren Tucker
8fed0a5fe7 Remove compat code for OpenSSL < 0.9.7.
Resyncs that code with OpenBSD upstream.
2017-03-29 10:16:15 +11:00
djm@openbsd.org
183ba55aaa upstream commit
fix regression in 7.4 server-sig-algs, where we were
accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
Goncalves; ok dtucker@

Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
2017-03-10 15:35:39 +11:00
dtucker@openbsd.org
7fadbb6da3 upstream commit
Check for NULL argument to sshkey_read.  Patch from
jjelen at redhat.com via bz#2687, ok djm@

Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e
2017-03-10 15:35:38 +11:00
dtucker@openbsd.org
ecc3589371 upstream commit
ifdef out "rsa1" from the list of supported keytypes when
compiled without SSH1 support.  Found by kdunlop at guralp.com, ok djm@

Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f
2017-02-17 14:52:24 +11:00
Darren Tucker
bd5d7d2395 ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR
EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out
for the benefit of OpenSSL versions prior to that.
2017-02-12 15:45:15 +11:00
djm@openbsd.org
155d540d00 upstream commit
bring back r1.34 that was backed out for problems loading
public keys:

translate OpenSSL error codes to something more
meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@

with additional fix from Jakub Jelen to solve the backout.
bz#2525 bz#2523 re-ok dtucker@

Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
2017-02-10 15:35:28 +11:00
dtucker@openbsd.org
a903e315de upstream commit
Remove dead breaks, found via opencoverage.net.  ok
deraadt@

Upstream-ID: ad9cc655829d67fad219762810770787ba913069
2016-10-26 08:52:46 +11:00
djm@openbsd.org
a571dbcc7b upstream commit
add a comment about implicitly-expected checks to
sshkey_ec_validate_public()

Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f
2016-10-06 06:00:43 +11:00
djm@openbsd.org
27c3a9c2ae upstream commit
Avoid a theoretical signed integer overflow should
BN_num_bytes() ever violate its manpage and return a negative value. Improve
order of tests to avoid confusing increasingly pedantic compilers.

Reported by Guido Vranken from stack (css.csail.mit.edu/stack)
unstable optimisation analyser output.  ok deraadt@

Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505
2016-09-29 03:09:50 +10:00
djm@openbsd.org
130f5df4fa upstream commit
list all supported signature algorithms in the
server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly)
Ron Frederick; ok markus@

Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd
2016-09-13 09:33:24 +10:00
deraadt@openbsd.org
9136ec134c upstream commit
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker

Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2016-09-12 13:46:29 +10:00
djm@openbsd.org
4706c1d8c1 upstream commit
small refactor of cipher.c: make ciphercontext opaque to
callers feedback and ok markus@

Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f
2016-08-09 09:06:52 +10:00
djm@openbsd.org
3147e7595d upstream commit
revert 1.34; causes problems loading public keys

reported by semarie@

Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179
2016-06-24 13:35:28 +10:00
djm@openbsd.org
5e28b1a2a3 upstream commit
translate OpenSSL error codes to something more
meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@

Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
2016-06-24 13:35:28 +10:00
djm@openbsd.org
57464e3934 upstream commit
support SHA256 and SHA512 RSA signatures in certificates;
 ok markus@

Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
2016-05-02 20:35:05 +10:00
djm@openbsd.org
dce19bf6e4 upstream commit
make private key loading functions consistently handle NULL
 key pointer arguments; ok markus@

Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761
2016-04-13 10:44:06 +10:00
mmcc@openbsd.org
52d7078421 upstream commit
Remove NULL-checks before sshbuf_free().

ok djm@

Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917
2015-12-18 14:50:48 +11:00
mmcc@openbsd.org
89540b6de0 upstream commit
Remove NULL-checks before sshkey_free().

ok djm@

Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
2015-12-18 14:49:32 +11:00
mmcc@openbsd.org
d59ce08811 upstream commit
Remove NULL-checks before free().

ok dtucker@

Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
2015-12-11 13:23:14 +11:00
markus@openbsd.org
76c9fbbe35 upstream commit
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
 (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
 draft-ssh-ext-info-04.txt; with & ok djm@

Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
2015-12-07 12:38:58 +11:00
djm@openbsd.org
499cf36fec upstream commit
move the certificate validity formatting code to
 sshkey.[ch]

Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523
2015-11-19 12:11:37 +11:00
millert@openbsd.org
259adb6179 upstream commit
Replace remaining calls to index(3) with strchr(3).  OK
 jca@ krw@

Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d
2015-11-17 11:22:15 +11:00
djm@openbsd.org
3a9f84b58b upstream commit
improve sshkey_read() semantics; only update *cpp when a
 key is successfully read; ok markus@

Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089
2015-11-17 11:18:58 +11:00
djm@openbsd.org
1a2663a15d upstream commit
argument to sshkey_from_private() and sshkey_demote()
 can't be NULL

Upstream-ID: 0111245b1641d387977a9b38da15916820a5fd1f
2015-10-16 10:54:07 +11:00
tim@openbsd.org
3c019a936b upstream commit
- Fix error message: passphrase needs to be at least 5
 characters, not 4. - Remove unused function argument. - Remove two
 unnecessary variables.

OK djm@

Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
2015-09-16 17:52:09 +10:00
jsg@openbsd.org
f3a3ea180a upstream commit
Fix occurrences of "r = func() != 0" which result in the
 wrong error codes being returned due to != having higher precedence than =.

ok deraadt@ markus@

Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
2015-09-03 10:44:41 +10:00
djm@openbsd.org
ec6eda16eb upstream commit
fix double-free() in error path of DSA key generation
 reported by Mateusz Kocielski; ok markus@

Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c
2015-08-20 13:07:41 +10:00
djm@openbsd.org
c28fc62d78 upstream commit
delete support for legacy v00 certificates; "sure"
 markus@ dtucker@

Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
2015-07-15 15:35:09 +10:00
djm@openbsd.org
d80fbe41a5 upstream commit
refactor: split base64 encoding of pubkey into its own
 sshkey_to_base64() function and out of sshkey_write(); ok markus@

Upstream-ID: 54fc38f5832e9b91028900819bda46c3959a0c1a
2015-05-21 15:06:06 +10:00
djm@openbsd.org
e661a86353 upstream commit
Remove pattern length argument from match_pattern_list(), we
 only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.

ok markus@
2015-05-10 11:38:04 +10:00
djm@openbsd.org
63ebf019be upstream commit
don't choke on new-format private keys encrypted with an
 AEAD cipher; bz#2366, patch from Ron Frederick; ok markus@
2015-05-08 13:32:58 +10:00
djm@openbsd.org
3f4ea3c9ab upstream commit
correct return value in pubkey parsing, spotted by Ben Hawkes
 ok markus@
2015-04-04 09:18:26 +11:00
djm@openbsd.org
55e5bdeb51 upstream commit
fix sshkey_certify() return value for unsupported key types;
 ok markus@ deraadt@
2015-03-06 13:22:44 +11:00
djm@openbsd.org
60b1825262 upstream commit
small refactor and add some convenience functions; ok
 markus
2015-01-27 00:00:36 +11:00
deraadt@openbsd.org
2ae4f337b2 upstream commit
Replace <sys/param.h> with <limits.h> and other less
 dirty headers where possible.  Annotate <sys/param.h> lines with their
 current reasons.  Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
 LOGIN_NAME_MAX, etc.  Change MIN() and MAX() to local definitions of
 MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
 These are the files confirmed through binary verification. ok guenther,
 millert, doug (helped with the verification protocol)
2015-01-16 18:24:48 +11:00
djm@openbsd.org
54924b53af upstream commit
avoid an warning for the !OPENSSL case
2015-01-14 21:46:49 +11:00
djm@openbsd.org
1f729f0614 upstream commit
add sshd_config HostbasedAcceptedKeyTypes and
 PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
 will be accepted. Currently defaults to all. Feedback & ok markus@
2015-01-13 19:27:18 +11:00
markus@openbsd.org
816d1538c2 upstream commit
unbreak parsing of pubkey comments; with gerhard; ok
 djm/deraadt
2015-01-13 19:26:12 +11:00
markus@openbsd.org
f067cca2bc upstream commit
allow WITH_OPENSSL w/o WITH_SSH1; ok djm@
2015-01-13 19:25:08 +11:00