changeset | 3f4cdf839a1a |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Make SHA1 optional, implement SHA256 fingerprints SHA256 is always compiled and only enable SHA1 when needed. Fingerprints are always SHA256: base64 format, md5 and sha1 are removed. dbrandom now uses sha256 its hash function. |
files |
changeset | 35d504d59c05 |
---|---|
branch | |
bookmark | |
tag | |
user | egor-duda <egor-duda@users.noreply.github.com> |
description | Implement server-side support for sk-ecdsa U2F-backed keys (#142) * Implement server-side support for sk-ecdsa U2F-backed keys * Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys * Fix one more potential out-of-bounds read * Check if nistp256 curve is used in sk-ecdsa-sha2- key It's the only allowed curve per PROTOCOL.u2f specification * Implement server-side support for sk-ed25519 FIDO2-backed keys * Keys with type sk-* make no sense as host keys, so they should be disabled * fix typo * Make sk-ecdsa call buf_ecdsa_verify This reduces code duplication, the SK code just handles the different message format. * Reduce sk specific code The application id can be stored in signkey, then we don't need to call sk-specific functions from svr-authpubkey * Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled * Proper cleanup of sk_app Co-authored-by: Matt Johnston <matt@codeconstruct.com.au> |
files |
changeset | fa6ff07dcc77 |
---|---|
branch | |
bookmark | |
tag | |
user | Sven Roederer <devel-sven@geroedel.de> |
description | signkey: remove !! from SHA1 digest (#130) Remove the "!!" chars from message when printing the key-fingerprint, as it's confusing users. They have been added when switching from MD5, but SHA1 can be considered as standard today. Signed-off-by: Sven Roederer <devel-sven@geroedel.de> |
files |
changeset | 064f5be2fc45 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Add buf_decrpos() |
files |
changeset | d5d25ce2a2ed |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | cast to fix warning |
files |
changeset | 435cfb9ec96e |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | send and handle SSH_MSG_EXT_INFO only at the correct point - other fixes for rsa pubkey auth - only include ext-info handling when rsa pubkey auth is compiled |
files |
changeset | d5cdc60db08e |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | ext-info handling for server-sig-algs only client side is handled |
files |
changeset | ae41624c2198 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | split signkey_type and signature_type for RSA sha1 vs sha256 |
files |
changeset | ba6fc7afe1c5 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | use sigtype where appropriate |
files |
changeset | d32bcb5c557d |
---|---|
branch | |
bookmark | |
tag | |
user | Vladislav Grishenko <themiron@users.noreply.github.com> |
description | Add Ed25519 support (#91) * Add support for Ed25519 as a public key type Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys. OpenSSH key import and fuzzer are not supported yet. Initially inspired by Peter Szabo. * Add curve25519 and ed25519 fuzzers * Add import and export of Ed25519 keys |
files |
changeset | 2f64cb3d3007 |
---|---|
branch | fuzz |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | - #if not #ifdef for DROPBEAR_FUZZ - fix some unused variables |
files |
changeset | 5916af64acd4 |
---|---|
branch | fuzz |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | merge from main |
files |
changeset | 2d450c1056e3 |
---|---|
branch | |
bookmark | |
tag | |
user | Michael Witten <mfwitten@gmail.com> |
description | options: Complete the transition to numeric toggles (`#if') For the sake of review, this commit alters only the code; the affiliated comments within the source files also need to be updated, but doing so now would obscure the operational changes that have been made here. * All on/off options have been switched to the numeric `#if' variant; that is the only way to make this `default_options.h.in' thing work in a reasonable manner. * There is now some very minor compile-time checking of the user's choice of options. * NO_FAST_EXPTMOD doesn't seem to be used, so it has been removed. * ENABLE_USER_ALGO_LIST was supposed to be renamed DROPBEAR_USER_ALGO_LIST, and this commit completes that work. * DROPBEAR_FUZZ seems to be a relatively new, as-yet undocumented option, which was added by the following commit: commit 6e0b539e9ca0b5628c6c5a3d118ad6a2e79e8039 Author: Matt Johnston <matt@ucc.asn.au> Date: Tue May 23 22:29:21 2017 +0800 split out checkpubkey_line() separately It has now been added to `sysoptions.h' and defined as `0' by default. * The configuration option `DROPBEAR_PASSWORD_ENV' is no longer listed in `default_options.h.in'; it is no longer meant to be set by the user, and is instead left to be defined in `sysoptions.h' (where it was already being defined) as merely the name of the environment variable in question: DROPBEAR_PASSWORD To enable or disable use of that environment variable, the user must now toggle `DROPBEAR_USE_DROPBEAR_PASSWORD'. * The sFTP support is now toggled by setting `DROPBEAR_SFTPSERVER', and the path of the sFTP server program is set independently through the usual SFTPSERVER_PATH. |
files |
changeset | 06d52bcb8094 |
---|---|
branch | |
bookmark | |
tag | |
user | Francois Perrad <francois.perrad@gadz.org> |
description | Pointer parameter could be declared as pointing to const |
files |
changeset | 69862e8cc405 |
---|---|
branch | fuzz |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | merge from main |
files |
changeset | 8a4b8f026de6 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | fix null pointer crash |
files |
changeset | c1c3d5943bfc |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Fix null pointer dereference found by libfuzzer |
files |
changeset | 798854f62430 |
---|---|
branch | fuzz |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | merge from main |
files |
changeset | c721e8c42d2a |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | add m_mp_free_multi, be more careful freeing when failing to load keys |
files |
changeset | c98e242dc505 |
---|---|
branch | fuzz |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | add m_mp_free_multi, be more careful freeing when failing to load keys |
files |
changeset | 616417b27f55 |
---|---|
branch | fuzz |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | fix null pointer crash |
files |
changeset | bc9e2e148f58 |
---|---|
branch | fuzz |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | avoid NULL argument to base64 decode |
files |
changeset | ddfcadca3c4c |
---|---|
branch | fuzz |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | fuzzer-pubkey |
files |
changeset | 74a22c562cdf |
---|---|
branch | fuzz |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Fix null pointer dereference found by libfuzzer |
files |
changeset | 750ec4ec4cbe |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Convert #ifdef to #if, other build changes |
files |
changeset | 0c47d97aa9d5 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | merge |
files |
changeset | 139935236c72 |
---|---|
branch | |
bookmark | |
tag | |
user | Francois Perrad <francois.perrad@gadz.org> |
description | const variables |
files |
changeset | 55d485943eb0 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | cast return type to enum |
files |
changeset | c6346c63281b |
---|---|
branch | |
bookmark | |
tag | |
user | Francois Perrad <francois.perrad@gadz.org> |
description | refactor indentation with hard tab |
files |
changeset | aaf576b27a10 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Merge pull request #13 from gazoo74/fix-warnings Fix warnings |
files |
changeset | c45d65392c1a |
---|---|
branch | |
bookmark | |
tag | |
user | Gaël PORTAY <gael.portay@gmail.com> |
description | Fix pointer differ in signess warnings [-Werror=pointer-sign] |
files |
changeset | 063c38ea622b |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Fix some memory leaks in ecc code |
files |
changeset | 0da8ba489c23 |
---|---|
branch | fastopen |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Move generic network routines to netio.c |
files |
changeset | 25692c60479e |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Fix compiling with ECDSA and DSS disabled |
files |
changeset | 30ab30e46452 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Fix some warnings |
files |
changeset | c19acba28590 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | use oldstyle comments |
files |
changeset | 04ede40a529a |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | - Some fixes for old compilers like tru64 v4 from Daniel Richard G. - Don't warn about blocking random device for prngd |
files |
changeset | 7540c0822374 |
---|---|
branch | ecc |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Various cleanups and fixes for warnings |
files |
changeset | f4bb964c8678 |
---|---|
branch | keyondemand |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Add '-R' for delayed hostkey option |
files |
changeset | b298bb438625 |
---|---|
branch | keyondemand |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | refactor key generation, make it generate as required. Needs UI in server command line options |
files |
changeset | d4ce5269a439 |
---|---|
branch | ecc |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Fix specifying a keysize for key generation, fix key name arguments |
files |
changeset | 75509065db53 |
---|---|
branch | ecc |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | have separate ecdsa keys for each size fix crash from the mp_alloc_init_multi change in RSA |
files |
changeset | 7dcb46da72d9 |
---|---|
branch | ecc |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | merge in HEAD |
files |
changeset | 7f604f9b3756 |
---|---|
branch | ecc |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | ecdsa is working |
files |
changeset | d386defb5376 |
---|---|
branch | ecc |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | more ecdsa signkey work, not correct |
files |
changeset | 70625eed40c9 |
---|---|
branch | ecc |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | A bit of work on ecdsa for host/auth keys |
files |
changeset | f336d232fc63 |
---|---|
branch | ecc |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Make _sign and _verify functions take a buffer* rather than void* and int |
files |
changeset | 9a5438271556 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Move the more verbose TRACE() statements into TRACE2() |
files |
changeset | a48a1f6ab43e |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | - Fix some format strings in TRACE()s |
files |
changeset | a98a2138364a |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Improve capitalisation for all logged strings |
files |
changeset | b50f0107e505 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Rename rsa_key to dropbear_rsa_key (and same for dss too) so we don't conflict with libtomcrypt. |
files |
changeset | 52d7301e46bd |
---|---|
branch | agent-client |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Agent forwarding works |
files |
changeset | c3f2ec71e3d4 |
---|---|
branch | agent-client |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList |
files |
changeset | 7282370416a0 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Improve known_hosts checking. |
files |
changeset | dc6173e09ff7 |
---|---|
branch | ucc-axis-hack |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | smaller yet again |
files |
changeset | eb7b9f2bb8e8 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | - add explicit check that correct keytype exists for pubkey verification |
files |
changeset | 5a75f8a21503 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Change the format of for loops, gcc4 produces incorrect binaries with the previous code. |
files |
changeset | 0cfba3034be5 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place |
files |
changeset | d3eb1fa8484e |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Nasty. |
files |
changeset | b0316ce64e4b |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Merging in the changes from 0.41-0.43 main Dropbear tree |
files |