aboutsummaryrefslogtreecommitdiff
path: root/src/pki_crypto.c
AgeCommit message (Collapse)AuthorFilesLines
2019-01-30pki_crypto: plug pki_signature_from_blob leaksJon Simons1-0/+8
In 3341f49a49a07cbce003e487ef24a2042e800f01, some direct assignments to OpenSSL structures was replaced with usage of getter and setter macros. Ensure to `bignum_safe_free` a couple of intermediate values in error paths for `pki_signature_from_blob` DSS and ECDSA cases. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-30pki: NULL check pki_signature_from_rsa_blob resultJon Simons1-0/+3
Check for a potential NULL result from `pki_signature_from_rsa_blob` in `pki_signature_from_blob`. Otherwise the following `sig->type_c` will result in a segfault. Introduced in 7f83a1efae6a7da19e18268d6298fc11b4e68c57. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30include: Add macro for unused arguments and variablesAndreas Schneider1-2/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30pki: Sanitize input to verificationJakub Jelen1-1/+9
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30pki: Verify the provided public key has expected typeJakub Jelen1-0/+8
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30pki: Set correct type for imported signaturesJakub Jelen1-1/+2
Issue reported by Tilo Eckert <tilo.eckert@flam.de> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30The largest ECDSA key has 521 bitsJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-08crypto: Fix compilation for OpenSSL without deprecated APIsRosen Penev1-1/+1
Added missing bn.h include. Made engine.h include conditional, otherwise it would fail. DSA_generate_parameters was deprecated long before 1.1.0. Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-10-24pki_crypto: Mark iqmp as unusedAndreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-16src: Fix typosAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18pki: Allow reading keys in new OpenSSH formatJakub Jelen1-0/+150
This implements reading the OpenSSH key format accross the cryptographic backends. Most of the code is shared and moved to pki.c, just the building of the keys is implemented in pki_privkey_build_*() functions. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17pki_crypto: Clarify that memory passed with set0 is managed by openssl objectsJakub Jelen1-0/+15
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17pki: Initialize pointers to NULLJakub Jelen1-4/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-04pki_crypto: Use explicit_bzero()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-08-31pki: Support RSA SHA2 signatures of sessionid for serverJakub Jelen1-24/+13
This involves mostly creation of host keys proofs but needs to follow the same procedure as the client authentication signatures. At the same time, the SHA2 extension is enabled in the pkd so we are able to atomicaly provide correct signatures and pass tests. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31pki: RSA signatures with SHA2 hash algorithms (RFC 8332)Jakub Jelen1-8/+58
* This change introduces a new API to request signature using one key and different hash algorithms. This is used only with RSA keys, that used to have SHA1 hardcoded, but the new algorithsms allow to use the SHA2 hashes, if the extension is negotiated. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31pki: Support RSA verification using different hash algorithmsJakub Jelen1-3/+27
This changes the private API by adding one more argument to function pki_signature_from_blob() Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-03Remove internal calls to ssh_initAnderson Toshiyuki Sasaki1-10/+0
Since the call is made automatically when the library is loaded, these calls are no longer required (if the library is not linked statically). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29Rest in Peace SSHv1Andreas Schneider1-31/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-02-12src: Use explicit_bzero() if available on the platformAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10pki_crypto: Fix private key generation with passwordAndreas Schneider1-3/+3
We need to specify a cipher when we generate a key with a password. OpenSSH uses aes_128_cbc, so we should use the same. Thanks to Julian Lunz for the report. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-28pki: Fix accidental ECC switch case fallthroughs into ed25119 cases when ↵jvijtiuk1-1/+2
built without ECC Summary: When ed25519 was introduced in commit 93c7b81b4ea1046bd2f65f4a510d5966786e8d3d, the ed25519 case was added after the ecdsa case in src/pki.c. The ecdsa case seems to have relied on falling through to report an error, when HAVE_ECC is not defined. If HAVE_ECC is not defined, but ecdsa keys are used, with for example, ssh_pki_import_pubkey_file, the code fallthroughs into the ed25519 case. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Test Plan: Unit tests passed. No memory leaks found with valgrind. Reviewers: asn Differential Revision: https://bugs.libssh.org/D13 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-08pki_crypto: Avoid potential memory leakJakub Jelen1-1/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-07pki_crypto: Avoid segfault with OpenSSL 1.1.0Jakub Jelen1-0/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-29pki_crypto: Don't use deprecated function with newer OpenSSLAndreas Schneider1-0/+13
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-28Fix config.h includesAndreas Schneider1-0/+2
We need stdlib.h and string.h in priv.h for free() and memset(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-07pki_crypto: Use getters and setters for opaque keys and signaturesJakub Jelen1-92/+203
This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-03-15pki_crypto: Add cert auth support to pki_publickey_to_blob()Axel Eppe1-0/+10
Signed-off-by: Axel Eppe <aeppe@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: do not use ssh_buffer_get_rest_len()Fabiano Fidêncio1-4/+4
As ssh_buffer_get_len() actually calls ssh_buffer_get_rest_len(), let's just use the first one. This is a preparatory step for removing ssh_buffer_get_rest_len(). Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: rename ssh_buffer_get_rest() to ssh_buffer_get()Fabiano Fidêncio1-2/+2
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19cleanup: use ssh_ prefix in the buffer (non-static) functionsFabiano Fidêncio1-19/+19
Having "ssh_" prefix in the functions' name will avoid possible clashes when compiling libssh statically. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19cleanup: use ssh_ prefix in the bignum (non-static) functionsFabiano Fidêncio1-20/+20
Having "ssh_" prefix in the functions' name will avoid possible clashes when compiling libssh statically. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-09-07pki: Add rsa, dss certificate key type definitionsAxel Eppe1-0/+4
- Add rsa/dsa (ssh-{rsa,dss}-cert-v01@openssh.com) as key types. - Add a cert_type member in the ssh_key struct. Signed-off-by: Axel Eppe <aeppe@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-09-07pki: Use the standard logging functionAndreas Schneider1-23/+32
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02libcrypto: Make the PEM parser ed25519 awareAris Adamantiadis1-0/+6
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-05pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaksJon Simons1-2/+2
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields. Fix a bug where the initial 'r' and 's' bignums were being overwritten with newly-allocated bignums, resulting in a memory leak. BUG: https://red.libssh.org/issues/175 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-09-07ed25519: Generate, sign and verify keys.Aris1-1/+55
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-08-06bignums: detach bignum-related functions from dh.c.Aris Adamantiadis1-1/+1
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-23pki: Move ssh_pki_key_ecdsa_name() to the correct file.Andreas Schneider1-14/+0
2014-04-23pki: Make pki_key_ecdsa_nid_to_name() a shared function.Andreas Schneider1-1/+1
2014-04-09pki crypto: expose new ssh_pki_key_ecdsa_name APIJon Simons1-0/+14
Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a new 'ssh_pki_key_ecdsa_name' API. This gives more information than the 'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys. The motivation is that this info is useful to have in a server context. The torture_pki unit test is updated to include the new API, and a few more passes are added to additionally test 384 and 521-bit keys. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27pki_crypto: guard against NULL pubkey->rsa in signature extractionJon Simons1-1/+7
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27pki_crypto: Replace deprecated RSA_generate_key() with RSA_generate_key_ex()Petar Koretic1-4/+14
On Mar 16, 09:41, Aris Adamantiadis wrote: > Hi Petar, > I agree with the principle, but I don't think this code can work... > RSA_generate_key takes an RSA* as parameter and in our code we probably > have key->rsa==NULL. (if we don't then the old code had a memory leak). > > Does the test case work ? > > Aris > Yes, you are right. This works, tested with tests/unittests/torture_pki Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
2014-03-12pki_crypto: Always copy ecdsa_nid into duplicated ECDSA keysAlan Dunn1-2/+2
BUG: https://red.libssh.org/issues/147 Signed-off-by: Alan Dunn <amdunn@gmail.com>
2014-02-14pki: Fix build warning about unused variables.Andreas Schneider1-2/+2
2014-01-28pki_crypto: Fix memory leak with EC_KEY_set_public_key().Andreas Schneider1-1/+3
BUG: https://red.libssh.org/issues/146
2014-01-23pki_crypto: fix DSA signature extractionJon Simons1-26/+50
Fix the DSA portion of 'pki_signature_to_blob': before this change, it is possible to sometimes observe DSA signature validation failure when testing with OpenSSH clients. The problem ended up being the following snippet which did not account for the case when 'ssh_string_len(x)' may be less than 20: r = make_bignum_string(sig->dsa_sig->r); ... memcpy(buffer, ((char *) ssh_string_data(r)) + ssh_string_len(r) - 20, 20); Above consider the case that ssh_string_len(r) is 19; in that case the memcpy unintentionally starts in the wrong place. The same situation can happen for value 's' in this code. To fix, adjust the offsets used for the input and output pointers, taking into account that the lengths of 'r' and 's' can be less than 20. With the fix I am no longer able to reproduce the original failure mode. BUG: https://red.libssh.org/issues/144 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-21pki_crypto: pad RSA signature blobsJon Simons1-24/+56
Pad RSA signature blobs to the expected RSA signature length when processing via 'pki_signature_to_blob'. Some clients, notably PuTTY, may send unpadded RSA signatures during the public key exchange: before this change, one can sometimes observe failure in signature validation when using PuTTY's 'plink' client, along these lines: ssh_packet_process: ssh_packet_process: Dispatching handler for packet type 50 ssh_packet_userauth_request: ssh_packet_userauth_request: Auth request for service ssh-connection, method publickey for user 'foo' ssh_pki_signature_verify_blob: ssh_pki_signature_verify_blob: Going to verify a ssh-rsa type signature pki_signature_verify: pki_signature_verify: RSA error: error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length ssh_packet_userauth_request: ssh_packet_userauth_request: Received an invalid signature from peer For cross-reference this issue once also existed between PuTTY and OpenSSH: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsa-verify-failed.html http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-rsa.c?rev=1.19;content-type=text%2Fx-cvsweb-markup With the fix I am unable to reproduce the above failure mode when testing with 'plink'. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-19src: Rename buffer_add_data() to ssh_buffer_add_data().Andreas Schneider1-3/+3
2014-01-19src: Rename buffer_init to ssh_buffer_init().Andreas Schneider1-1/+1