Bugzilla – Attachment 3335 Details for
Bug 3082
Add support for deterministically derived keys
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 8.0p1 to support derived keys
add-derived-keys.patch (text/plain), 3.26 KB, created by
Nils Rennebarth
on 2019-10-11 22:46:00 AEDT
(
hide
)
Description:
patch for 8.0p1 to support derived keys
Filename:
MIME Type:
Creator:
Nils Rennebarth
Created:
2019-10-11 22:46:00 AEDT
Size:
3.26 KB
patch
obsolete
>Index: openssh-8.0p1/openbsd-compat/arc4random.c >=================================================================== >--- openssh-8.0p1.orig/openbsd-compat/arc4random.c >+++ openssh-8.0p1/openbsd-compat/arc4random.c >@@ -232,6 +232,15 @@ arc4random_addrandom(u_char *dat, int da > _ARC4_UNLOCK(); > } > >+void >+arc4random_set(void *buf, size_t n) >+{ >+ _rs_init(buf, n); >+ rs_have = 0; >+ memset(rs_buf, 0, RSBUFSZ); >+ rs_count = 1600000; >+} >+ > u_int32_t > arc4random(void) > { >Index: openssh-8.0p1/ssh-keygen.c >=================================================================== >--- openssh-8.0p1.orig/ssh-keygen.c >+++ openssh-8.0p1/ssh-keygen.c >@@ -60,7 +60,7 @@ > #include "digest.h" > #include "utf8.h" > #include "authfd.h" >- >+#include "crypto_api.h" > #ifdef WITH_OPENSSL > # define DEFAULT_KEY_TYPE_NAME "rsa" > #else >@@ -2419,6 +2419,7 @@ main(int argc, char **argv) > { > char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; > char *rr_hostname = NULL, *ep, *fp, *ra; >+ char *derive_from = NULL; > struct sshkey *private, *public; > struct passwd *pw; > struct stat st; >@@ -2465,10 +2466,10 @@ main(int argc, char **argv) > if (gethostname(hostname, sizeof(hostname)) < 0) > fatal("gethostname: %s", strerror(errno)); > >- /* Remaining characters: Ydw */ >+ /* Remaining characters: Yw */ > while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy" > "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:" >- "a:b:f:g:j:m:n:r:s:t:z:")) != -1) { >+ "a:b:d:f:g:j:m:n:r:s:t:z:")) != -1) { > switch (opt) { > case 'A': > gen_all_hostkeys = 1; >@@ -2479,6 +2480,9 @@ main(int argc, char **argv) > fatal("Bits has bad value %s (%s)", > optarg, errstr); > break; >+ case 'd': >+ derive_from = optarg; >+ break; > case 'E': > fingerprint_hash = ssh_digest_alg_by_name(optarg); > if (fingerprint_hash == -1) >@@ -2773,6 +2777,11 @@ main(int argc, char **argv) > exit(0); > } > } >+ if (derive_from) { >+ unsigned char hbuf[64]; >+ crypto_hash_sha512(hbuf, derive_from, strlen(derive_from)); >+ arc4random_set(hbuf, sizeof(hbuf)); >+ } > > #ifdef WITH_OPENSSL > if (do_gen_candidates) { >Index: openssh-8.0p1/openbsd-compat/openbsd-compat.h >=================================================================== >--- openssh-8.0p1.orig/openbsd-compat/openbsd-compat.h >+++ openssh-8.0p1/openbsd-compat/openbsd-compat.h >@@ -218,6 +218,10 @@ void arc4random_buf(void *, size_t); > u_int32_t arc4random_uniform(u_int32_t); > #endif > >+#ifndef HAVE_ARC4RANDOM_SET >+void arc4random_set(void *buf, size_t n); >+#endif >+ > #ifndef HAVE_ASPRINTF > int asprintf(char **, const char *, ...); > #endif >Index: openssh-8.0p1/ssh-keygen.1 >=================================================================== >--- openssh-8.0p1.orig/ssh-keygen.1 >+++ openssh-8.0p1/ssh-keygen.1 >@@ -51,6 +51,7 @@ > .Op Fl C Ar comment > .Op Fl f Ar output_keyfile > .Op Fl m Ar format >+.Op Fl d Ar data > .Nm ssh-keygen > .Fl p > .Op Fl P Ar old_passphrase >@@ -274,6 +275,8 @@ Provides a new comment. > Requests changing the comment in the private and public key files. > The program will prompt for the file containing the private keys, for > the passphrase if the key has one, and for the new comment. >+.It Fl d Ar data >+Derive the generated key from the given data deterministically. > .It Fl D Ar pkcs11 > Download the public keys provided by the PKCS#11 shared library > .Ar pkcs11 .
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3082
: 3335 |
3336
|
3393