Commit Graph

131 Commits

Author SHA1 Message Date
djm@openbsd.org
4448a2938a
upstream: Make it possible to load certs from PKCS#11 tokens
Adds a protocol extension to allow grafting certificates supplied by
ssh-add to keys loaded from PKCS#11 tokens in the agent.

feedback/ok markus@

OpenBSD-Commit-ID: bb5433cd28ede2bc910996eb3c0b53e20f86037f
2023-12-19 01:52:55 +11:00
jcs@openbsd.org
633d3dc2a1
upstream: modify parentheses in conditionals to make it clearer what is
being assigned and what is being checked

ok djm dtucker

OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8
2023-03-10 10:40:02 +11:00
djm@openbsd.org
54ac4ab2b5
upstream: include destination constraints for smartcard keys too.
Spotted by Luci Stanescu; ok deraadt@ markus@

OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f
2023-03-09 18:32:48 +11:00
dtucker@openbsd.org
fc7f8f2188
upstream: Remove unused compat.h includes.
We've previously removed a lot of the really old compatibility code,
and with it went the need to include compat.h in most of the files that
have it.

OpenBSD-Commit-ID: 5af8baa194be00a3092d17598e88a5b29f7ea2b4
2023-03-05 19:27:31 +11:00
dtucker@openbsd.org
0979e29356 upstream: Add authfd path to debug output. ok markus@
OpenBSD-Commit-ID: f735a17d1a6f2bee63bfc609d76ef8db8c090890
2022-04-27 21:33:11 +10:00
djm@openbsd.org
5e950d7657 upstream: ssh-add side of destination constraints
Have ssh-add accept a list of "destination constraints" that allow
restricting where keys may be used in conjunction with a ssh-agent/ssh
that supports session ID/hostkey binding.

Constraints are specified as either "[user@]host-pattern" or
"host-pattern>[user@]host-pattern".

The first form permits a key to be used to authenticate as the
specified user to the specified host.

The second form permits a key that has previously been permitted
for use at a host to be available via a forwarded agent to an
additional host.

For example, constraining a key with "user1@host_a" and
"host_a>host_b". Would permit authentication as "user1" at
"host_a", and allow the key to be available on an agent forwarded
to "host_a" only for authentication to "host_b". The key would not
be visible on agent forwarded to other hosts or usable for
authentication there.

Internally, destination constraints use host keys to identify hosts.
The host patterns are used to obtain lists of host keys for that
destination that are communicated to the agent. The user/hostkeys are
encoded using a new restrict-destination-v00@openssh.com key
constraint.

host keys are looked up in the default client user/system known_hosts
files. It is possible to override this set on the command-line.

feedback Jann Horn & markus@
ok markus@

OpenBSD-Commit-ID: ef47fa9ec0e3c2a82e30d37ef616e245df73163e
2021-12-20 09:25:17 +11:00
djm@openbsd.org
e9497ecf73 upstream: ssh client side of binding
send session ID, hostkey, signature and a flag indicating whether the
agent connection is being forwarded to ssh agent each time a connection
is opened via a new "session-bind@openssh.com" agent extension.

ok markus@

OpenBSD-Commit-ID: 2f154844fe13167d3ab063f830d7455fcaa99135
2021-12-20 09:24:42 +11:00
djm@openbsd.org
cb7b22ea20 upstream: factor out common code in the agent client
Add a ssh_request_reply_decode() function that sends a message to
the agent, reads and parses a success/failure reply.
Use it for all requests that only expect success/failure

ok markus@

OpenBSD-Commit-ID: e0c1f4d5e6cfa525d62581e2b8de93be0cb85adb
2021-01-26 12:21:48 +11:00
djm@openbsd.org
1a14c13147 upstream: whitespace; no code change
OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79
2020-10-29 13:54:13 +11:00
dtucker@openbsd.org
eab2888cfc upstream: Adapt XMSS to new logging infrastructure. With markus@, ok
djm@.

OpenBSD-Commit-ID: 9c35ec3aa0f710e4e3325187ceff4fa3791686de
2020-10-20 10:15:02 +11:00
djm@openbsd.org
a3e0c376ff upstream: constify a few things; ok dtucker (as part of another
diff)

OpenBSD-Commit-ID: 7c17fc987085994d752304bd20b1ae267a9bcdf6
2020-06-26 15:24:28 +10:00
markus@openbsd.org
bc30b44684 upstream: ssh_fetch_identitylist() returns the return value from
ssh_request_reply() so we should also check against != 0 ok djm

OpenBSD-Commit-ID: 28d0028769d03e665688c61bb5fd943e18614952
2020-03-13 13:18:09 +11:00
jsg@openbsd.org
d5ba1c0327 upstream: change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.

ok deraadt@ djm@

OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
2020-02-28 12:26:28 +11:00
djm@openbsd.org
40be78f503 upstream: Allow forwarding a different agent socket to the path
specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable in addition
to yes/no.

Patch by Eric Chiang, manpage by me; ok markus@

OpenBSD-Commit-ID: 98f2ed80bf34ea54d8b2ddd19ac14ebbf40e9265
2019-12-21 13:22:07 +11:00
deraadt@openbsd.org
72687c8e7c upstream: stdarg.h required more broadly; ok djm
OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513
2019-11-15 08:50:10 +11:00
markus@openbsd.org
2c55744a56 upstream: enable ed25519 support; ok djm
OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
2019-11-13 08:54:09 +11:00
djm@openbsd.org
b9dd14d309 upstream: add new agent key constraint for U2F/FIDO provider
feedback & ok markus@

OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
2019-11-01 09:46:09 +11:00
djm@openbsd.org
06af3583f4 upstream: authfd: add function to check if key is in agent
This commit adds a helper function which allows the caller to
check if a given public key is present in ssh-agent.

work by Sebastian Kinne; ok markus@

OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13
2019-09-03 18:39:31 +10:00
djm@openbsd.org
2ab5a84648 upstream: fix memleak in ssh_free_identitylist(); ok markus@
OpenBSD-Commit-ID: aa51f77ae2c5330a1f61b2d22933f24a443f9abf
2019-09-03 18:39:31 +10:00
deraadt@openbsd.org
4d28fa78ab upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0.  errno is only updated in this case.  Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-07-05 11:10:39 +10:00
djm@openbsd.org
4f7a56d5e0 upstream: Add protection for private keys at rest in RAM against
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
and Rambleed. This change encrypts private keys when they are not in use with
a symmetic key that is derived from a relatively large "prekey" consisting of
random data (currently 16KB).

Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.

Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.

Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.

been in snaps for a bit already; thanks deraadt@

ok dtucker@ deraadt@

OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
2019-06-21 14:24:35 +10:00
djm@openbsd.org
007a88b48c upstream: Request RSA-SHA2 signatures for
rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@

OpenBSD-Commit-ID: afc6f7ca216ccd821656d1c911d2a3deed685033
2018-12-28 10:06:50 +11:00
djm@openbsd.org
87d6cf1cbc upstream: don't attempt to connect to empty SSH_AUTH_SOCK; bz#293
OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929
2018-12-07 13:10:57 +11:00
markus@openbsd.org
49f47e656b upstream: replace cast with call to sshbuf_mutable_ptr(); ok djm@
OpenBSD-Commit-ID: 4dfe9d29fa93d9231645c89084f7217304f7ba29
2018-07-10 16:44:17 +10:00
djm@openbsd.org
4ba0d54794 upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.

In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.

Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.

Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.

feedback and ok markus@

OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
2018-07-03 23:26:36 +10:00
djm@openbsd.org
001aa55484 upstream: lots of typos in comments/docs. Patch from Karsten Weiss
after checking with codespell tool
(https://github.com/lucasdemarchi/codespell)

OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
2018-04-10 10:17:15 +10:00
markus@openbsd.org
1b11ea7c58 upstream: Add experimental support for PQC XMSS keys (Extended
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@

OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
2018-02-26 11:40:41 +11:00
djm@openbsd.org
d9e5cf078e upstream commit
constify some private key-related functions; based on
https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault

OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c
2018-02-10 20:26:40 +11:00
djm@openbsd.org
14b5c635d1 upstream commit
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2018-01-23 16:40:29 +11:00
djm@openbsd.org
83fa3a0448 upstream commit
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus

Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
2017-07-21 14:17:32 +10:00
djm@openbsd.org
a98339edbc upstream commit
Allow ssh-keygen to use a key held in ssh-agent as a CA when
signing certificates. bz#2377 ok markus

Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
2017-06-28 11:13:19 +10:00
naddy@openbsd.org
3e371bd212 upstream commit
more simplification and removal of SSHv1-related code;
ok djm@

Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55
2017-05-08 09:18:27 +10:00
djm@openbsd.org
744bde79c3 upstream commit
since a couple of people have asked, leave a comment
explaining why we retain SSH v.1 support in the "delete all keys from agent"
path.

Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4
2017-05-08 09:18:27 +10:00
djm@openbsd.org
56912dea6e upstream commit
unifdef WITH_SSH1 ok markus@

Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
2017-05-01 09:37:40 +10:00
markus@openbsd.org
76c9fbbe35 upstream commit
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
 (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
 draft-ssh-ext-info-04.txt; with & ok djm@

Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
2015-12-07 12:38:58 +11:00
jsg@openbsd.org
f3a3ea180a upstream commit
Fix occurrences of "r = func() != 0" which result in the
 wrong error codes being returned due to != having higher precedence than =.

ok deraadt@ markus@

Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
2015-09-03 10:44:41 +10:00
djm@openbsd.org
c28fc62d78 upstream commit
delete support for legacy v00 certificates; "sure"
 markus@ dtucker@

Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
2015-07-15 15:35:09 +10:00
markus@openbsd.org
fecede00a7 upstream commit
sigp and lenp are not optional in ssh_agent_sign(); ok
 djm@
2015-03-27 12:02:38 +11:00
markus@openbsd.org
5f57e77f91 upstream commit
unbreak ssh_agent_sign (lenp vs *lenp)
2015-03-27 12:02:13 +11:00
markus@openbsd.org
7d4f96f9de upstream commit
consistent check for NULL as noted by Nicholas
 Lemonias; ok djm@
2015-03-27 12:00:52 +11:00
djm@openbsd.org
141efe4954 upstream commit
move authfd.c and its tentacles to the new buffer/key
 API; ok markus@
2015-01-15 21:37:34 +11:00
Damien Miller
1f0311c7c7 - markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
     [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
     [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
     make compiling against OpenSSL optional (make OPENSSL=no);
     reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
     allows us to explore further options; with and ok djm
2014-05-15 14:24:09 +10:00
Damien Miller
1d2c456426 - tedu@cvs.openbsd.org 2014/01/31 16:39:19
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
     replace most bzero with explicit_bzero, except a few that cna be memset
     ok djm dtucker
2014-02-04 11:18:20 +11:00
Damien Miller
f72cdde6e6 - djm@cvs.openbsd.org 2013/12/29 04:29:25
[authfd.c]
     allow deletion of ed25519 keys from the agent
2013-12-29 17:49:55 +11:00
Damien Miller
5be9d9e3cb - markus@cvs.openbsd.org 2013/12/06 13:39:49
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
     [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
     [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
     [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
     [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
     support ed25519 keys (hostkeys and user identities) using the public
     domain ed25519 reference code from SUPERCOP, see
     http://ed25519.cr.yp.to/software.html
     feedback, help & ok djm@
2013-12-07 11:24:01 +11:00
Damien Miller
f0e9060d23 - markus@cvs.openbsd.org 2013/12/06 13:30:08
[authfd.c key.c key.h ssh-agent.c]
     move private key (de)serialization to key.c; ok djm
2013-12-07 10:40:26 +11:00
Damien Miller
6c81fee693 - djm@cvs.openbsd.org 2013/11/08 00:39:15
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
     [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
     [sftp-client.c sftp-glob.c]
     use calloc for all structure allocations; from markus@
2013-11-08 12:19:55 +11:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller
6ea5e44871 - tedu@cvs.openbsd.org 2011/07/06 18:09:21
[authfd.c]
     bzero the agent address.  the kernel was for a while very cranky about
     these things.  evne though that's fixed, always good to initialize
     memory.  ok deraadt djm
2011-08-06 06:16:00 +10:00
Damien Miller
814ace0875 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/05/15 08:09:01
     [authfd.c monitor.c serverloop.c]
     use FD_CLOEXEC consistently; patch from zion AT x96.org
2011-05-20 19:02:47 +10:00