certificates were originally specified to represent any principal if the
principals list was empty.
This was, in retrospect, a mistake as it created a fail-open
situation if a CA could be convinced to accidentally sign a
certificate with no principals. This actually happened in a 3rd-
party CA product (CVE-2024-7594).
Somewhat fortunately, the main pathway for using certificates in
sshd (TrustedUserCAKeys) never supported empty-principals
certificates, so the blast radius of such mistakes was
substantially reduced.
This change removes this footcannon and requires all certificates
include principals sections. It also fixes interpretation of
wildcard principals, and properly enables them for host
certificates only.
This is a behaviour change that will permanently break uses of
certificates with empty principals sections.
ok markus@
OpenBSD-Commit-ID: 0a901f03c567c100724a492cf91e02939904712e
and ERR_load_crypto_strings(). These are no-ops in LibreSSL, and in
Portable have been mostly replaced by a call to OPENSSL_init_crypto()
in the compat layer. ok tb@
OpenBSD-Commit-ID: 4c3e0af10fe276766054eda34428a37a5606d3ea
Create replacement header files inside openbsd-compat for common headers
that are missing on a given platform. Usually these are just empty,
but in some cases they'll include the equivalent file. This avoids
having to wrap those includes in '#ifdef HAVE_FOO_H' and reduces the
diff vs OpenBSD.
If we create any such headers, add the path to includes.
Initially just stdint.h, more to follow.
ok djm@
This vaguely made sense 20 years ago, but these days you'd be hard
pressed to *find* a machine small enough to not support the maximum
(127MB), and no one is screening moduli on such machines anyway,
so just use the max. This also fixes Coverity CID 470522 by deleting
code in question. "kill it with fire" djm@.
OpenBSD-Commit-ID: 39036aa406a99f0a91923aa3a96afff1205558e6
prompts. Helps the user know what's going on when ssh-keygen is invoked via
other tools. Requested in GHPR503
OpenBSD-Commit-ID: 613b0bb6cf845b7e787d69a5b314057ceda6a8b6
shortnames (e.g "rsa") in user-interface code and require full SSH protocol
names (e.g. "ssh-rsa") everywhere else.
Prompted by bz3725; ok markus@
OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187
DSA remains unconverted as it will be removed within six months.
Based on patches originally from Dmitry Belyavskiy, but significantly
reworked based on feedback from Bob Beck, Joel Sing and especially
Theo Buehler (apologies to anyone I've missed).
ok tb@
OpenBSD-Commit-ID: d098744e89f1dc7e5952a6817bef234eced648b5
Ed25519 public keys are very convenient due to their small size.
OpenSSH has supported Ed25519 since version 6.5 (January 2014).
OK djm@ markus@ sthen@ deraadt@
OpenBSD-Commit-ID: f498beaad19c8cdcc357381a60df4a9c69858b3f
When the KRL format was originally defined, it included support for
signing of KRL objects. However, the code to sign KRLs and verify KRL
signatues was never completed in OpenSSH.
Now, some years later, we have SSHSIG support in ssh-keygen that is
more general, well tested and actually works. So this removes the
semi-finished KRL signing/verification support from OpenSSH and
refactors the remaining code to realise the benefit - primarily, we
no longer need to perform multiple parsing passes over KRL objects.
ok markus@
OpenBSD-Commit-ID: 517437bab3d8180f695c775410c052340e038804
fixes "no comment" not showing on when running `ssh-keygen -l` on multiple
keys where one has a comment and other following keys do not. Patch from
Markus Kuhn via GHPR407, bz3580
OpenBSD-Commit-ID: 3cce84456fdcd67dc6b84e369f92c6686d111d9b
If multiple -Ocheckpoint= options are passed, the earlier ones would
be overwritten and leaked. If we use an input file that wasn't stdin,
close that. From Coverity CIDs 291884 and 291894.
OpenBSD-Commit-ID: a4d9d15f572926f841788912e2b282485ad09e8b
-Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm
selection. bz3493 ok dtucker@
OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
times and authorized_keys expiry-time options to accept dates in the UTC time
zone in addition to the default of interpreting them in the system time zone.
YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if
suffixed with a 'Z' character.
Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow.
bz3468 ok dtucker
OpenBSD-Commit-ID: 454db1cdffa9fa346aea5211223a2ce0588dfe13
the credential, just let the enroll operating fail and we'll attempt to get a
PIN anyway. Might avoid some unneccessary PIN prompts.
Part of GHPR#302 from Corinna Vinschen; ok dtucker@
OpenBSD-Commit-ID: bd5342ffc353ee37d39617906867c305564d1ce2
if a credential with matching application and user ID strings already exists.
if so, prompt the user for confirmation before overwriting the credential.
patch from Pedro Martelletto via GHPR329
NB. cranks SSH_SK_VERSION_MAJOR, so any third-party FIDO middleware
implementations will need to adjust
OpenBSD-Commit-ID: e45e9f1bf2b2f32d9850669e7a8dbd64acc5fca4
This was already documented when support for user-verified FIDO
keys was added, but the ssh-keygen(1) code was missing.
ok djm@
OpenBSD-Commit-ID: f660f973391b593fea4b7b25913c9a15c3eb8a06
operations, where it will be interpreted to require that the private keys is
hosted in an agent; bz3429, suggested by Adam Szkoda; ok dtucker@
OpenBSD-Commit-ID: a7bc69873b99c32c42c7628ed9ea91565ba08c2f
already supported either sha512 (default) or sha256, but plumbing wasn't
there mostly by Linus Nordberg
OpenBSD-Commit-ID: 1b536404b9da74a84b3a1c8d0b05fd564cdc96cd
