Commit Graph

40 Commits

Author SHA1 Message Date
djm@openbsd.org 422d1b3ee9 upstream commit
fix three bugs in KRL code related to (unused) signature
 support: verification length was being incorrectly calculated, multiple
 signatures were being incorrectly processed and a NULL dereference that
 occurred when signatures were verified. Reported by Carl Jackson

Upstream-ID: e705e97ad3ccce84291eaa651708dd1b9692576b
2016-01-07 20:13:33 +11:00
mmcc@openbsd.org 52d7078421 upstream commit
Remove NULL-checks before sshbuf_free().

ok djm@

Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917
2015-12-18 14:50:48 +11:00
markus@openbsd.org 76c9fbbe35 upstream commit
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
 (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
 draft-ssh-ext-info-04.txt; with & ok djm@

Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
2015-12-07 12:38:58 +11:00
jsg@openbsd.org f3a3ea180a upstream commit
Fix occurrences of "r = func() != 0" which result in the
 wrong error codes being returned due to != having higher precedence than =.

ok deraadt@ markus@

Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
2015-09-03 10:44:41 +10:00
djm@openbsd.org c28fc62d78 upstream commit
delete support for legacy v00 certificates; "sure"
 markus@ dtucker@

Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
2015-07-15 15:35:09 +10:00
djm@openbsd.org 9d27fb73b4 upstream commit
correct test to sshkey_sign(); spotted by Albert S.

Upstream-ID: 5f7347f40f0ca6abdaca2edb3bd62f4776518933
2015-06-25 09:50:30 +10:00
djm@openbsd.org 669aee9943 upstream commit
permit KRLs that revoke certificates by serial number or
 key ID without scoping to a particular CA; ok markus@
2015-01-30 12:17:07 +11:00
djm@openbsd.org 60b1825262 upstream commit
small refactor and add some convenience functions; ok
 markus
2015-01-27 00:00:36 +11:00
deraadt@openbsd.org 087266ec33 upstream commit
Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus
2015-01-26 23:58:53 +11:00
djm@openbsd.org 4e62cc68ce upstream commit
fix format strings in (disabled) debugging
2015-01-20 08:33:01 +11:00
deraadt@openbsd.org f101d8291d upstream commit
string truncation due to sizeof(size) ok djm markus
2015-01-20 00:20:17 +11:00
Damien Miller b03ebe2c22 more --without-openssl
fix some regressions caused by upstream merges

enable KRLs now that they no longer require BIGNUMs
2015-01-15 03:08:58 +11:00
Damien Miller 72ef7c148c support --without-openssl at configure time
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.
2015-01-15 02:28:36 +11:00
djm@openbsd.org a165bab605 upstream commit
avoid BIGNUM in KRL code by using a simple bitmap;
 feedback and ok markus
2015-01-15 02:22:18 +11:00
djm@openbsd.org e7fd952f4e upstream commit
sync changes from libopenssh; prepared by markus@ mostly
 debug output tweaks, a couple of error return value changes and some other
 minor stuff
2015-01-14 20:32:42 +11:00
markus@openbsd.org 0097565f84 upstream commit
missing error assigment on sshbuf_put_string()
2015-01-13 19:26:12 +11:00
markus@openbsd.org 905fe30fca upstream commit
free->sshkey_free; ok djm@
2015-01-13 19:25:52 +11:00
djm@openbsd.org 1195f4cb07 upstream commit
deprecate key_load_private_pem() and
 sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
 not require pathnames to be specified (they weren't really used).

Fixes a few other things en passant:

Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).

Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.

ok markus@
2015-01-09 00:17:12 +11:00
djm@openbsd.org 56d1c83cdd upstream commit
Add FingerprintHash option to control algorithm used for
 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
 base64.

Feedback and ok naddy@ markus@
2014-12-22 09:32:29 +11:00
djm@openbsd.org 74de254bb9 upstream commit
convert KRL code to new buffer API

ok markus@
2014-12-05 09:29:46 +11:00
djm@openbsd.org b6de5ac9ed upstream commit
fix NULL pointer dereference crash on invalid timestamp

found using Michal Zalewski's afl fuzzer
2014-11-24 10:15:47 +11:00
djm@openbsd.org 9f9fad0191 upstream commit
fix KRL generation when multiple CAs are in use

We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.

Also extend the regress test to catch this case by having it
produce a multi-CA KRL.

Reported by peter AT pean.org
2014-11-17 11:20:39 +11:00
Damien Miller 8668706d0f - djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
2014-07-02 15:28:02 +10:00
Damien Miller 2cd7929250 - djm@cvs.openbsd.org 2014/06/24 00:52:02
[krl.c]
     fix bug in KRL generation: multiple consecutive revoked certificate
     serial number ranges could be serialised to an invalid format.

     Readers of a broken KRL caused by this bug will fail closed, so no
     should-have-been-revoked key will be accepted.
2014-07-02 12:48:30 +10:00
Damien Miller 633de33b19 - djm@cvs.openbsd.org 2014/04/28 03:09:18
[authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h]
     [ssh-keygen.c]
     buffer_get_string_ptr's return should be const to remind
     callers that futzing with it will futz with the actual buffer
     contents
2014-05-15 13:48:26 +10:00
Damien Miller 1d2c456426 - tedu@cvs.openbsd.org 2014/01/31 16:39:19
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
     replace most bzero with explicit_bzero, except a few that cna be memset
     ok djm dtucker
2014-02-04 11:18:20 +11:00
Damien Miller c8669a8cd2 - djm@cvs.openbsd.org 2013/07/20 22:20:42
[krl.c]
     fix verification error in (as-yet usused) KRL signature checking path
2013-07-25 11:52:48 +10:00
Damien Miller 3071070b39 - markus@cvs.openbsd.org 2013/06/20 19:15:06
[krl.c]
     don't leak the rdata blob on errors; ok djm@
2013-07-18 16:09:44 +10:00
Damien Miller d677ad14ff - djm@cvs.openbsd.org 2013/04/05 00:14:00
[auth2-gss.c krl.c sshconnect2.c]
     hush some {unused, printf type} warnings
2013-04-23 15:18:51 +10:00
Darren Tucker f3c3814243 - dtucker@cvs.openbsd.org 2013/02/19 02:12:47
[krl.c]
     Remove bogus include.  ok djm
(id sync only)
2013-04-05 11:16:52 +11:00
Tim Rice c31db8cd6e - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded
err.h include from krl.c. Additional portability fixes for modpipe. OK djm
2013-02-19 19:01:51 -08:00
Damien Miller 0cd2f8e5f8 - djm@cvs.openbsd.org 2013/01/27 10:06:12
[krl.c]
     actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
2013-02-12 11:01:39 +11:00
Damien Miller 60565bcb5c - djm@cvs.openbsd.org 2013/01/25 10:22:19
[krl.c]
     redo last commit without the vi-vomit that snuck in:
     skip serial lookup when cert's serial number is zero
     (now with 100% better comment)
2013-02-12 10:56:42 +11:00
Damien Miller 377d9a44f9 - krw@cvs.openbsd.org 2013/01/25 05:00:27
[krl.c]
     Revert last. Breaks due to likely typo. Let djm@ fix later.
     ok djm@ via dlg@
2013-02-12 10:55:16 +11:00
Damien Miller 6045f5d574 - djm@cvs.openbsd.org 2013/01/24 22:08:56
[krl.c]
     skip serial lookup when cert's serial number is zero
2013-02-12 10:54:54 +11:00
Damien Miller ea078462ea - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2013/01/24 21:45:37
     [krl.c]
     fix handling of (unused) KRL signatures; skip string in correct buffer
2013-02-12 10:54:37 +11:00
Damien Miller d60b210830 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer
version.
2013-01-20 22:49:58 +11:00
Damien Miller a7522d9fc0 - markus@cvs.openbsd.org 2013/01/19 12:34:55
[krl.c]
     RB_INSERT does not remove existing elments; ok djm@
2013-01-20 22:35:31 +11:00
Damien Miller 13f5f768bc - djm@cvs.openbsd.org 2013/01/18 03:00:32
[krl.c]
     fix KRL generation bug for list sections
2013-01-18 15:32:03 +11:00
Damien Miller f3747bf401 - djm@cvs.openbsd.org 2013/01/17 23:00:01
[auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
     [krl.c krl.h PROTOCOL.krl]
     add support for Key Revocation Lists (KRLs). These are a compact way to
     represent lists of revoked keys and certificates, taking as little as
     a single bit of incremental cost to revoke a certificate by serial number.
     KRLs are loaded via the existing RevokedKeys sshd_config option.
     feedback and ok markus@
2013-01-18 11:44:04 +11:00