![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.59 / (download) - annotate - [select for diffs], Mon Jul 17 05:22:30 2023 UTC (10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.58: +1 -2 lines
Diff to previous 1.58 (colored)
Move RCSID to before license block and away from #includes, where it caused merge conflict in -portable for each commit :(
Revision 1.58 / (download) - annotate - [select for diffs], Mon Jul 17 05:20:15 2023 UTC (10 months ago) by djm
Branch: MAIN
Changes since 1.57: +2 -2 lines
Diff to previous 1.57 (colored)
return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a valid magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is needed to fall back to text revocation lists in some cases; fixes t-cert-hostkey.
Revision 1.57 / (download) - annotate - [select for diffs], Mon Jul 17 04:01:10 2023 UTC (10 months ago) by djm
Branch: MAIN
Changes since 1.56: +25 -170 lines
Diff to previous 1.56 (colored)
remove vestigal support for KRL signatures When the KRL format was originally defined, it included support for signing of KRL objects. However, the code to sign KRLs and verify KRL signatues was never completed in OpenSSH. Now, some years later, we have SSHSIG support in ssh-keygen that is more general, well tested and actually works. So this removes the semi-finished KRL signing/verification support from OpenSSH and refactors the remaining code to realise the benefit - primarily, we no longer need to perform multiple parsing passes over KRL objects. ok markus@
Revision 1.56 / (download) - annotate - [select for diffs], Mon Jul 17 03:57:21 2023 UTC (10 months ago) by djm
Branch: MAIN
Changes since 1.55: +85 -1 lines
Diff to previous 1.55 (colored)
Support for KRL extensions. This defines wire formats for optional KRL extensions and implements parsing of the new submessages. No actual extensions are supported at this point. ok markus
Revision 1.55 / (download) - annotate - [select for diffs], Tue Mar 14 07:28:47 2023 UTC (14 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.54: +2 -1 lines
Diff to previous 1.54 (colored)
Free KRL itself in addition to its contents. From Coverity CID 291841, ok djm@
Revision 1.54 / (download) - annotate - [select for diffs], Thu Apr 28 02:53:31 2022 UTC (2 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)
avoid printing hash algorithm twice; from lucas AT sexy.is
Revision 1.53 / (download) - annotate - [select for diffs], Fri Jun 4 06:19:07 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.52: +4 -4 lines
Diff to previous 1.52 (colored)
The RB_GENERATE_STATIC(3) macro expands to a series of function definitions and not a statement, so there should be no semicolon following them. Patch from Michael Forney
Revision 1.52 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:01 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.51: +47 -53 lines
Diff to previous 1.51 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.51 / (download) - annotate - [select for diffs], Thu Aug 27 01:06:18 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.50: +4 -3 lines
Diff to previous 1.50 (colored)
support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
Revision 1.50 / (download) - annotate - [select for diffs], Fri Apr 3 05:48:57 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.49: +9 -6 lines
Diff to previous 1.49 (colored)
avoid another compiler warning spotted in -portable
Revision 1.49 / (download) - annotate - [select for diffs], Fri Apr 3 04:43:24 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.48: +4 -4 lines
Diff to previous 1.48 (colored)
fix format string (use %llu for uint64, not %lld). spotted by Darren and his tinderbox tests
Revision 1.48 / (download) - annotate - [select for diffs], Fri Apr 3 02:26:56 2020 UTC (4 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.47: +93 -1 lines
Diff to previous 1.47 (colored)
give ssh-keygen the ability to dump the contents of a binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker
Revision 1.47 / (download) - annotate - [select for diffs], Sat Jan 25 23:02:13 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.46: +3 -13 lines
Diff to previous 1.46 (colored)
factor out reading/writing sshbufs to dedicated functions; feedback and ok markus@
Revision 1.46 / (download) - annotate - [select for diffs], Mon Nov 25 00:51:37 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)
Add new structure for signature options This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@
Revision 1.45 / (download) - annotate - [select for diffs], Thu Oct 31 21:23:19 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)
Refactor signing - use sshkey_sign for everything, including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
Revision 1.44 / (download) - annotate - [select for diffs], Fri Sep 6 04:53:27 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.43: +2 -1 lines
Diff to previous 1.43 (colored)
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
Revision 1.43 / (download) - annotate - [select for diffs], Fri Jun 21 04:21:04 2019 UTC (4 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)
Add protection for private keys at rest in RAM against speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@
Revision 1.42 / (download) - annotate - [select for diffs], Wed Sep 12 01:21:34 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.41: +97 -29 lines
Diff to previous 1.41 (colored)
allow key revocation by SHA256 hash and allow ssh-keygen to create KRLs using SHA256/base64 key fingerprints; ok markus@
Revision 1.41 / (download) - annotate - [select for diffs], Mon Dec 18 02:25:15 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
Revision 1.40 / (download) - annotate - [select for diffs], Wed May 31 09:15:42 2017 UTC (6 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
Revision 1.39 / (download) - annotate - [select for diffs], Fri Mar 10 07:18:32 2017 UTC (7 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.38: +4 -3 lines
Diff to previous 1.38 (colored)
krl.c
Revision 1.38 / (download) - annotate - [select for diffs], Mon Sep 12 01:22:38 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.37: +7 -8 lines
Diff to previous 1.37 (colored)
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
Revision 1.37 / (download) - annotate - [select for diffs], Thu Dec 31 00:33:52 2015 UTC (8 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.36: +3 -4 lines
Diff to previous 1.36 (colored)
fix three bugs in KRL code related to (unused) signature support: verification length was being incorrectly calculated, multiple signatures were being incorrectly processed and a NULL dereference that occurred when signatures were verified. Reported by Carl Jackson
Revision 1.36 / (download) - annotate - [select for diffs], Fri Dec 11 04:21:12 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
Changes since 1.35: +5 -9 lines
Diff to previous 1.35 (colored)
Remove NULL-checks before sshbuf_free(). ok djm@
Revision 1.35 / (download) - annotate - [select for diffs], Fri Dec 4 16:41:28 2015 UTC (8 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@
Revision 1.34 / (download) - annotate - [select for diffs], Wed Sep 2 07:51:12 2015 UTC (8 years, 8 months ago) by jsg
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
Fix occurrences of "r = func() != 0" which result in the wrong error codes being returned due to != having higher precedence than =. ok deraadt@ markus@
Revision 1.33 / (download) - annotate - [select for diffs], Fri Jul 3 03:43:18 2015 UTC (8 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.32: +5 -5 lines
Diff to previous 1.32 (colored)
delete support for legacy v00 certificates; "sure" markus@ dtucker@
Revision 1.32 / (download) - annotate - [select for diffs], Wed Jun 24 23:47:23 2015 UTC (8 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)
correct test to sshkey_sign(); spotted by Albert S.
Revision 1.31 / (download) - annotate - [select for diffs], Fri Jan 30 01:10:33 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.30: +64 -38 lines
Diff to previous 1.30 (colored)
permit KRLs that revoke certificates by serial number or key ID without scoping to a particular CA; ok markus@
Revision 1.30 / (download) - annotate - [select for diffs], Mon Jan 26 02:59:11 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.29: +5 -12 lines
Diff to previous 1.29 (colored)
small refactor and add some convenience functions; ok markus
Revision 1.29 / (download) - annotate - [select for diffs], Tue Jan 20 23:14:00 2015 UTC (9 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
Revision 1.28 / (download) - annotate - [select for diffs], Mon Jan 19 17:35:48 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.27: +4 -4 lines
Diff to previous 1.27 (colored)
fix format strings in (disabled) debugging
Revision 1.27 / (download) - annotate - [select for diffs], Sun Jan 18 14:01:00 2015 UTC (9 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
string truncation due to sizeof(size) ok djm markus
Revision 1.26 / (download) - annotate - [select for diffs], Wed Jan 14 15:02:39 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.25: +41 -21 lines
Diff to previous 1.25 (colored)
avoid BIGNUM in KRL code by using a simple bitmap; feedback and ok markus
Revision 1.25 / (download) - annotate - [select for diffs], Tue Jan 13 19:04:35 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.24: +48 -50 lines
Diff to previous 1.24 (colored)
sync changes from libopenssh; prepared by markus@ mostly debug output tweaks, a couple of error return value changes and some other minor stuff
Revision 1.24 / (download) - annotate - [select for diffs], Mon Jan 12 19:22:46 2015 UTC (9 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored)
missing error assigment on sshbuf_put_string()
Revision 1.23 / (download) - annotate - [select for diffs], Mon Jan 12 14:05:19 2015 UTC (9 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
free->sshkey_free; ok djm@
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jan 8 10:14:08 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@
Revision 1.21 / (download) - annotate - [select for diffs], Sun Dec 21 22:27:56 2014 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.20: +5 -3 lines
Diff to previous 1.20 (colored)
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
Revision 1.20 / (download) - annotate - [select for diffs], Thu Dec 4 01:49:59 2014 UTC (9 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.19: +335 -316 lines
Diff to previous 1.19 (colored)
convert KRL code to new buffer API ok markus@
Revision 1.19 / (download) - annotate - [select for diffs], Fri Nov 21 01:00:38 2014 UTC (9 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.18: +7 -3 lines
Diff to previous 1.18 (colored)
fix NULL pointer dereference crash on invalid timestamp found using Michal Zalewski's afl fuzzer
Revision 1.18 / (download) - annotate - [select for diffs], Mon Nov 17 00:21:40 2014 UTC (9 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.17: +2 -1 lines
Diff to previous 1.17 (colored)
fix KRL generation when multiple CAs are in use We would generate an invalid KRL when revoking certs by serial number for multiple CA keys due to a section being written out twice. Also extend the regress test to catch this case by having it produce a multi-CA KRL. Reported by peter AT pean.org
Revision 1.17 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.16: +4 -4 lines
Diff to previous 1.16 (colored)
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
Revision 1.16 / (download) - annotate - [select for diffs], Tue Jun 24 00:52:02 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored)
fix bug in KRL generation: multiple consecutive revoked certificate serial number ranges could be serialised to an invalid format. Readers of a broken KRL caused by this bug will fail closed, so no should-have-been-revoked key will be accepted.
Revision 1.15 / (download) - annotate - [select for diffs], Mon Apr 28 03:09:18 2014 UTC (10 years ago) by djm
Branch: MAIN
Changes since 1.14: +5 -3 lines
Diff to previous 1.14 (colored)
buffer_get_string_ptr's return should be const to remind callers that futzing with it will futz with the actual buffer contents
Revision 1.14 / (download) - annotate - [select for diffs], Fri Jan 31 16:39:19 2014 UTC (10 years, 3 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.13: +6 -6 lines
Diff to previous 1.13 (colored)
replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
Revision 1.13 / (download) - annotate - [select for diffs], Sat Jul 20 22:20:42 2013 UTC (10 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
fix verification error in (as-yet usused) KRL signature checking path
Revision 1.12 / (download) - annotate - [select for diffs], Thu Jun 20 19:15:06 2013 UTC (10 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.11: +11 -8 lines
Diff to previous 1.11 (colored)
don't leak the rdata blob on errors; ok djm@
Revision 1.11 / (download) - annotate - [select for diffs], Fri Apr 5 00:14:00 2013 UTC (11 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.10: +11 -6 lines
Diff to previous 1.10 (colored)
hush some {unused, printf type} warnings
Revision 1.10 / (download) - annotate - [select for diffs], Tue Feb 19 02:12:47 2013 UTC (11 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.9: +1 -2 lines
Diff to previous 1.9 (colored)
Remove bogus include. ok djm
Revision 1.9 / (download) - annotate - [select for diffs], Sun Jan 27 10:06:12 2013 UTC (11 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)
actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jan 25 10:22:19 2013 UTC (11 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.7: +6 -3 lines
Diff to previous 1.7 (colored)
redo last commit without the vi-vomit that snuck in: skip serial lookup when cert's serial number is zero (now with 100% better comment)
Revision 1.7 / (download) - annotate - [select for diffs], Fri Jan 25 05:00:27 2013 UTC (11 years, 3 months ago) by krw
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
Revert last. Breaks due to likely typo. Let djm@ fix later. ok djm@ via dlg@
Revision 1.6 / (download) - annotate - [select for diffs], Thu Jan 24 22:08:56 2013 UTC (11 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
skip serial lookup when cert's serial number is zero
Revision 1.5 / (download) - annotate - [select for diffs], Thu Jan 24 21:45:37 2013 UTC (11 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
fix handling of (unused) KRL signatures; skip string in correct buffer
Revision 1.4 / (download) - annotate - [select for diffs], Sat Jan 19 12:34:55 2013 UTC (11 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
RB_INSERT does not remove existing elments; ok djm@
Revision 1.3 / (download) - annotate - [select for diffs], Fri Jan 18 03:00:32 2013 UTC (11 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
fix KRL generation bug for list sections
Revision 1.2 / (download) - annotate - [select for diffs], Fri Jan 18 00:24:58 2013 UTC (11 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.1: +2 -0 lines
Diff to previous 1.1 (colored)
RCD IDs help us keep portable in synch
Revision 1.1 / (download) - annotate - [select for diffs], Thu Jan 17 23:00:01 2013 UTC (11 years, 4 months ago) by djm
Branch: MAIN
add support for Key Revocation Lists (KRLs). These are a compact way to represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@