Switch from aes256-cbc to aes256-ctr for encrypting
new-style private keys. The latter having the advantage of being supported
for no-OpenSSL builds; bz#2754 ok markus@
Upstream-ID: 54179a2afd28f93470471030567ac40431e56909
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus
Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
Allow ssh-keygen to use a key held in ssh-agent as a CA when
signing certificates. bz#2377 ok markus
Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
better translate libcrypto errors by looking deeper in
the accursed error stack for codes that indicate the wrong passphrase was
supplied for a PEM key. bz#2699 ok dtucker@
Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681
Switch to recallocarray() for a few operations. Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus
Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
make requesting bad ECDSA bits yield the same error
(SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA
Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6
Refuse RSA keys <1024 bits in length. Improve reporting
for keys that do not meet this requirement. ok markus@
Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
fix regression in 7.4 server-sig-algs, where we were
accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
Goncalves; ok dtucker@
Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
ifdef out "rsa1" from the list of supported keytypes when
compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@
Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f
bring back r1.34 that was backed out for problems loading
public keys:
translate OpenSSL error codes to something more
meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
with additional fix from Jakub Jelen to solve the backout.
bz#2525 bz#2523 re-ok dtucker@
Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
Avoid a theoretical signed integer overflow should
BN_num_bytes() ever violate its manpage and return a negative value. Improve
order of tests to avoid confusing increasingly pedantic compilers.
Reported by Guido Vranken from stack (css.csail.mit.edu/stack)
unstable optimisation analyser output. ok deraadt@
Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505
list all supported signature algorithms in the
server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly)
Ron Frederick; ok markus@
Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker
Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
translate OpenSSL error codes to something more
meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@
Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
- Fix error message: passphrase needs to be at least 5
characters, not 4. - Remove unused function argument. - Remove two
unnecessary variables.
OK djm@
Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
Fix occurrences of "r = func() != 0" which result in the
wrong error codes being returned due to != having higher precedence than =.
ok deraadt@ markus@
Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
refactor: split base64 encoding of pubkey into its own
sshkey_to_base64() function and out of sshkey_write(); ok markus@
Upstream-ID: 54fc38f5832e9b91028900819bda46c3959a0c1a
Remove pattern length argument from match_pattern_list(), we
only ever use it for strlen(pattern).
Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.
ok markus@
Replace <sys/param.h> with <limits.h> and other less
dirty headers where possible. Annotate <sys/param.h> lines with their
current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of
MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
These are the files confirmed through binary verification. ok guenther,
millert, doug (helped with the verification protocol)
add sshd_config HostbasedAcceptedKeyTypes and
PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
will be accepted. Currently defaults to all. Feedback & ok markus@