Commit Graph

30 Commits

Author SHA1 Message Date
djm@openbsd.org
499cf36fec upstream commit
move the certificate validity formatting code to
 sshkey.[ch]

Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523
2015-11-19 12:11:37 +11:00
millert@openbsd.org
259adb6179 upstream commit
Replace remaining calls to index(3) with strchr(3).  OK
 jca@ krw@

Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d
2015-11-17 11:22:15 +11:00
djm@openbsd.org
3a9f84b58b upstream commit
improve sshkey_read() semantics; only update *cpp when a
 key is successfully read; ok markus@

Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089
2015-11-17 11:18:58 +11:00
djm@openbsd.org
1a2663a15d upstream commit
argument to sshkey_from_private() and sshkey_demote()
 can't be NULL

Upstream-ID: 0111245b1641d387977a9b38da15916820a5fd1f
2015-10-16 10:54:07 +11:00
tim@openbsd.org
3c019a936b upstream commit
- Fix error message: passphrase needs to be at least 5
 characters, not 4. - Remove unused function argument. - Remove two
 unnecessary variables.

OK djm@

Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
2015-09-16 17:52:09 +10:00
jsg@openbsd.org
f3a3ea180a upstream commit
Fix occurrences of "r = func() != 0" which result in the
 wrong error codes being returned due to != having higher precedence than =.

ok deraadt@ markus@

Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
2015-09-03 10:44:41 +10:00
djm@openbsd.org
ec6eda16eb upstream commit
fix double-free() in error path of DSA key generation
 reported by Mateusz Kocielski; ok markus@

Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c
2015-08-20 13:07:41 +10:00
djm@openbsd.org
c28fc62d78 upstream commit
delete support for legacy v00 certificates; "sure"
 markus@ dtucker@

Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
2015-07-15 15:35:09 +10:00
djm@openbsd.org
d80fbe41a5 upstream commit
refactor: split base64 encoding of pubkey into its own
 sshkey_to_base64() function and out of sshkey_write(); ok markus@

Upstream-ID: 54fc38f5832e9b91028900819bda46c3959a0c1a
2015-05-21 15:06:06 +10:00
djm@openbsd.org
e661a86353 upstream commit
Remove pattern length argument from match_pattern_list(), we
 only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.

ok markus@
2015-05-10 11:38:04 +10:00
djm@openbsd.org
63ebf019be upstream commit
don't choke on new-format private keys encrypted with an
 AEAD cipher; bz#2366, patch from Ron Frederick; ok markus@
2015-05-08 13:32:58 +10:00
djm@openbsd.org
3f4ea3c9ab upstream commit
correct return value in pubkey parsing, spotted by Ben Hawkes
 ok markus@
2015-04-04 09:18:26 +11:00
djm@openbsd.org
55e5bdeb51 upstream commit
fix sshkey_certify() return value for unsupported key types;
 ok markus@ deraadt@
2015-03-06 13:22:44 +11:00
djm@openbsd.org
60b1825262 upstream commit
small refactor and add some convenience functions; ok
 markus
2015-01-27 00:00:36 +11:00
deraadt@openbsd.org
2ae4f337b2 upstream commit
Replace <sys/param.h> with <limits.h> and other less
 dirty headers where possible.  Annotate <sys/param.h> lines with their
 current reasons.  Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
 LOGIN_NAME_MAX, etc.  Change MIN() and MAX() to local definitions of
 MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
 These are the files confirmed through binary verification. ok guenther,
 millert, doug (helped with the verification protocol)
2015-01-16 18:24:48 +11:00
djm@openbsd.org
54924b53af upstream commit
avoid an warning for the !OPENSSL case
2015-01-14 21:46:49 +11:00
djm@openbsd.org
1f729f0614 upstream commit
add sshd_config HostbasedAcceptedKeyTypes and
 PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
 will be accepted. Currently defaults to all. Feedback & ok markus@
2015-01-13 19:27:18 +11:00
markus@openbsd.org
816d1538c2 upstream commit
unbreak parsing of pubkey comments; with gerhard; ok
 djm/deraadt
2015-01-13 19:26:12 +11:00
markus@openbsd.org
f067cca2bc upstream commit
allow WITH_OPENSSL w/o WITH_SSH1; ok djm@
2015-01-13 19:25:08 +11:00
djm@openbsd.org
1195f4cb07 upstream commit
deprecate key_load_private_pem() and
 sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
 not require pathnames to be specified (they weren't really used).

Fixes a few other things en passant:

Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).

Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.

ok markus@
2015-01-09 00:17:12 +11:00
Damien Miller
d16bdd8027 missing include for base64 encoding 2014-12-22 10:18:09 +11:00
djm@openbsd.org
56d1c83cdd upstream commit
Add FingerprintHash option to control algorithm used for
 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
 base64.

Feedback and ok naddy@ markus@
2014-12-22 09:32:29 +11:00
djm@openbsd.org
4cf87f4b81 upstream commit
better error value for invalid signature length
2014-12-10 12:21:40 +11:00
djm@openbsd.org
d2d51003a6 upstream commit
fix NULL pointer dereference crash in key loading

found by Michal Zalewski's AFL fuzzer
2014-11-18 12:00:51 +11:00
djm@openbsd.org
3cc1fbb4fb upstream commit
parse cert sections using nested buffers to reduce
 copies; ok markus
2014-10-13 11:39:11 +11:00
Darren Tucker
948a1774a7 - (dtucker) [sshkey.c] ifdef out unused variable when compiling without
OPENSSL_HAS_ECC.
2014-07-22 01:07:11 +10:00
Darren Tucker
d1a0421f8e - (dtucker) [key.c sshkey.c] Put new ecdsa bits inside ifdef OPENSSL_HAS_ECC. 2014-07-19 07:23:55 +10:00
Damien Miller
61e28e55c3 - djm@cvs.openbsd.org 2014/07/03 01:45:38
[sshkey.c]
     make Ed25519 keys' title fit properly in the randomart border; bz#2247
     based on patch from Christian Hesse
2014-07-03 21:22:22 +10:00
Damien Miller
82b2482ce6 - (djm) [sshkey.c] Conditionalise inclusion of util.h 2014-07-02 17:43:41 +10:00
Damien Miller
8668706d0f - djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
2014-07-02 15:28:02 +10:00