1. 09 Jan, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/01/09 23:20:00 · b3051d01
      Damien Miller authored
           [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
           [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
           [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
           [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
           Introduce digest API and use it to perform all hashing operations
           rather than calling OpenSSL EVP_Digest* directly. Will make it easier
           to build a reduced-feature OpenSSH without OpenSSL in future;
           feedback, ok markus@
  2. 29 Dec, 2013 4 commits
  3. 07 Dec, 2013 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/12/07 00:19:15 · ca570a51
      Damien Miller authored
           set k->cert = NULL after freeing it
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2013/12/06 13:39:49 · 5be9d9e3
      Damien Miller authored
           [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
           [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
           [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
           [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
           [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
           support ed25519 keys (hostkeys and user identities) using the public
           domain ed25519 reference code from SUPERCOP, see
           feedback, help & ok djm@
  4. 06 Dec, 2013 2 commits
  5. 04 Dec, 2013 1 commit
  6. 10 Nov, 2013 1 commit
  7. 09 Nov, 2013 1 commit
  8. 30 Oct, 2013 1 commit
  9. 01 Jun, 2013 2 commits
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/19 02:42:42 · 0acca379
      Darren Tucker authored
           [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
           Standardise logging of supplemental information during userauth. Keys
           and ruser is now logged in the auth success/failure message alongside
           the local username, remote host/port and protocol in use. Certificates
           contents and CA are logged too.
           Pushing all logging onto a single line simplifies log analysis as it is
           no longer necessary to relate information scattered across multiple log
           entries. "I like it" markus@
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/17 00:13:13 · a627d42e
      Darren Tucker authored
           [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
           ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
           gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
           auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
           servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
           auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
           sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
           kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
           kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
           monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
           ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
           sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
           ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
           dns.c packet.c readpass.c authfd.c moduli.c]
           bye, bye xfree(); ok markus@
  10. 16 May, 2013 1 commit
  11. 23 Apr, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/04/19 01:06:50 · ea11119e
      Damien Miller authored
           [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
           [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
           add the ability to query supported ciphers, MACs, key type and KEX
           algorithms to ssh. Includes some refactoring of KEX and key type handling
           to be table-driven; ok markus@
  12. 18 Jan, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/01/17 23:00:01 · f3747bf4
      Damien Miller authored
           [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
           [krl.c krl.h PROTOCOL.krl]
           add support for Key Revocation Lists (KRLs). These are a compact way to
           represent lists of revoked keys and certificates, taking as little as
           a single bit of incremental cost to revoke a certificate by serial number.
           KRLs are loaded via the existing RevokedKeys sshd_config option.
           feedback and ok markus@
  13. 30 Jun, 2012 1 commit
  14. 20 Jun, 2012 1 commit
  15. 18 Oct, 2011 1 commit
  16. 20 May, 2011 1 commit
  17. 04 Feb, 2011 1 commit
  18. 20 Nov, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/11/10 01:33:07 · 4499f4cc
      Damien Miller authored
           [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
           use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
           these have been around for years by this time. ok markus
  19. 04 Nov, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/10/28 11:22:09 · b472a90d
      Damien Miller authored
           [authfile.c key.c key.h ssh-keygen.c]
           fix a possible NULL deref on loading a corrupt ECDH key
           store ECDH group information in private keys files as "named groups"
           rather than as a set of explicit group parameters (by setting
           the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
           retrieves the group's OpenSSL NID that we need for various things.
  20. 10 Sep, 2010 3 commits
    • Darren Tucker's avatar
      - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs · 8ccb7392
      Darren Tucker authored
         for missing headers and compiler warnings.
    • Damien Miller's avatar
      - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] · 6af914a1
      Damien Miller authored
         [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
         [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
         platforms that don't have the requisite OpenSSL support. ok dtucker@
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/09/09 10:45:45 · 041ab7c1
      Damien Miller authored
           [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
           ECDH/ECDSA compliance fix: these methods vary the hash function they use
           (SHA256/384/512) depending on the length of the curve in use. The previous
           code incorrectly used SHA256 in all cases.
           This fix will cause authentication failure when using 384 or 521-bit curve
           keys if one peer hasn't been upgraded and the other has. (256-bit curve
           keys work ok). In particular you may need to specify HostkeyAlgorithms
           when connecting to a server that has not been upgraded from an upgraded
           ok naddy@
  21. 31 Aug, 2010 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/31 11:54:45 · eb8b60e3
      Damien Miller authored
           [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
           [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
           [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
           [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
           [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
           [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
           [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
           Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
           host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
           better performance than plain DH and DSA at the same equivalent symmetric
           key length, as well as much shorter keys.
           Only the mandatory sections of RFC5656 are implemented, specifically the
           three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
           ECDSA. Point compression (optional in RFC5656 is NOT implemented).
           Certificate host and user keys using the new ECDSA key types are supported.
           Note that this code has not been tested for interoperability and may be
           subject to change.
           feedback and ok markus@
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/31 09:58:37 · da108ece
      Damien Miller authored
           [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
           [packet.h ssh-dss.c ssh-rsa.c]
           Add buffer_get_cstring() and related functions that verify that the
           string extracted from the buffer contains no embedded \0 characters*
           This prevents random (possibly malicious) crap from being appended to
           strings where it would not be noticed if the string is used with
           a string(3) function.
           Use the new API in a few sensitive places.
           * actually, we allow a single one at the end of the string for now because
           we don't know how many deployed implementations get this wrong, but don't
           count on this to remain indefinitely.
  22. 16 Jul, 2010 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/07/13 23:13:16 · ea1651c9
      Damien Miller authored
           [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/07/13 11:52:06 · 8a0268f1
      Damien Miller authored
           [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
           [packet.c ssh-rsa.c]
           implement a timing_safe_cmp() function to compare memory without leaking
           timing information by short-circuiting like memcmp() and use it for
           some of the more sensitive comparisons (though nothing high-value was
           readily attackable anyway); "looks ok" markus@
  23. 10 May, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/05/07 11:30:30 · 30da3447
      Damien Miller authored
           [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
           [key.c servconf.c servconf.h sshd.8 sshd_config.5]
           add some optional indirection to matching of principal names listed
           in certificates. Currently, a certificate must include the a user's name
           to be accepted for authentication. This change adds the ability to
           specify a list of certificate principal names that are acceptable.
           When authenticating using a CA trusted through ~/.ssh/authorized_keys,
           this adds a new principals="name1[,name2,...]" key option.
           For CAs listed through sshd_config's TrustedCAKeys option, a new config
           option "AuthorizedPrincipalsFile" specifies a per-user file containing
           the list of acceptable names.
           If either option is absent, the current behaviour of requiring the
           username to appear in principals continues to apply.
           These options are useful for role accounts, disjoint account namespaces
           and "user@realm"-style naming policies in certificates.
           feedback and ok markus@
  24. 16 Apr, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/04/16 01:47:26 · 4e270b05
      Damien Miller authored
           [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
           [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
           [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
           [sshconnect.c sshconnect2.c sshd.c]
           revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
           following changes:
           move the nonce field to the beginning of the certificate where it can
           better protect against chosen-prefix attacks on the signature hash
           Rename "constraints" field to "critical options"
           Add a new non-critical "extensions" field
           Add a serial number
           The older format is still support for authentication and cert generation
           (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
           ok markus@
  25. 21 Mar, 2010 1 commit
  26. 04 Mar, 2010 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/03/04 01:44:57 · 2befbad9
      Damien Miller authored
           use buffer_get_string_ptr_ret() where we are checking the return
           value explicitly instead of the fatal()-causing buffer_get_string_ptr()
    • Damien Miller's avatar
      - OpenBSD CVS Sync · 41396573
      Damien Miller authored
         - djm@cvs.openbsd.org 2010/03/03 01:44:36
           [auth-options.c key.c]
           reject strings with embedded ASCII nul chars in certificate key IDs,
           principal names and constraints
  27. 26 Feb, 2010 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Sync · 0a80ca19
      Damien Miller authored
         - djm@cvs.openbsd.org 2010/02/26 20:29:54
           [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
           [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
           [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
           [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
           [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
           [sshconnect2.c sshd.8 sshd.c sshd_config.5]
           Add support for certificate key types for users and hosts.
           OpenSSH certificate key types are not X.509 certificates, but a much
           simpler format that encodes a public key, identity information and
           some validity constraints and signs it with a CA key. CA keys are
           regular SSH keys. This certificate style avoids the attack surface
           of X.509 certificates and is very easy to deploy.
           Certified host keys allow automatic acceptance of new host keys
           when a CA certificate is marked as sh/known_hosts.
           see VERIFYING HOST KEYS in ssh(1) for details.
           Certified user keys allow authentication of users when the signing
           CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
           FILE FORMAT" in sshd(8) for details.
           Certificates are minted using ssh-keygen(1), documentation is in
           the "CERTIFICATES" section of that manpage.
           Documentation on the format of certificates is in the file
           feedback and ok markus@
  28. 13 Jan, 2010 1 commit
  29. 08 Jan, 2010 1 commit