History log of /openssh-portable/sshkey.c (Results 1 - 25 of 184)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 7b4f70dd 06-Mar-2020 markus@openbsd.org

upstream: sshkey_cert_check_authority requires reason to be set;

ok djm

OpenBSD-Commit-ID: 6f7a6f19540ed5749763c2f9530c0897c94aa552


# 05efe270 06-Mar-2020 markus@openbsd.org

upstream: passphrase depends on kdfname, not ciphername (possible

null-deref); ok djm

OpenBSD-Commit-ID: 0d39668edf5e790b5837df4926ee1141cec5471c


# d5ba1c03 26-Feb-2020 jsg@openbsd.org

upstream: change explicit_bzero();free() to freezero()

While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an

upstream: change explicit_bzero();free() to freezero()

While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.

ok deraadt@ djm@

OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a

show more ...


Revision tags: V_8_2_P1
# 4a05d789 21-Jan-2020 djm@openbsd.org

upstream: fix ssh-keygen not displaying authenticator touch

prompt; reported by jmc@

OpenBSD-Commit-ID: 04d4f582fc194eb3897ebcbfe286c49958ba2859


# c54cd189 30-Dec-2019 djm@openbsd.org

upstream: SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to

upstream: SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71

show more ...


# 9244990e 13-Dec-2019 Damien Miller

remove a bunch of ENABLE_SK #ifdefs

The ssh-sk-helper client API gives us a nice place to disable
security key support when it is wasn't enabled at compile time,
so we don't need to

remove a bunch of ENABLE_SK #ifdefs

The ssh-sk-helper client API gives us a nice place to disable
security key support when it is wasn't enabled at compile time,
so we don't need to check everywere.

Also, verification of security key signatures can remain enabled
all the time - it has no additional dependencies. So sshd can
accept security key pubkeys in authorized_keys, etc regardless of
the host's support for dlopen, etc.

show more ...


# b52ec0ba 13-Dec-2019 djm@openbsd.org

upstream: use ssh-sk-helper for all security key signing operations

This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the ot

upstream: use ssh-sk-helper for all security key signing operations

This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*

requested by, feedback and ok markus@

OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f

show more ...


# b7e74ea0 24-Nov-2019 djm@openbsd.org

upstream: Add new structure for signature options

This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment,

upstream: Add new structure for signature options

This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.

with and ok markus@

OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49

show more ...


# 4bfc0503 18-Nov-2019 djm@openbsd.org

upstream: fix a bug that prevented serialisation of ed25519-sk keys

OpenBSD-Commit-ID: 066682b79333159cac04fcbe03ebd9c8dcc152a9


# 740c4bc9 18-Nov-2019 djm@openbsd.org

upstream: fix bug that prevented certification of ed25519-sk keys

OpenBSD-Commit-ID: 64c8cc6f5de2cdd0ee3a81c3a9dee8d862645996


# 857f49e9 17-Nov-2019 Darren Tucker

Move ifdef OPENSSL_HAS_ECC.

Found by -Wimplicit-fallthrough: one ECC case was not inside the ifdef.
ok djm@


# fd1a9649 15-Nov-2019 djm@openbsd.org

upstream: remove most uses of BN_CTX

We weren't following the rules re BN_CTX_start/BN_CTX_end and the places
we were using it didn't benefit from its use anyway. ok dtucker@

Op

upstream: remove most uses of BN_CTX

We weren't following the rules re BN_CTX_start/BN_CTX_end and the places
we were using it didn't benefit from its use anyway. ok dtucker@

OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a

show more ...


# 4f5e331c 13-Nov-2019 markus@openbsd.org

upstream: in order to be able to figure out the number of

signatures left on a shielded key, we need to transfer the number of
signatures left from the private to the public key. ok djm@

upstream: in order to be able to figure out the number of

signatures left on a shielded key, we need to transfer the number of
signatures left from the private to the public key. ok djm@

OpenBSD-Commit-ID: 8a5d0d260aeace47d372695fdae383ce9b962574

show more ...


# bf219920 13-Nov-2019 markus@openbsd.org

upstream: fix shield/unshield for xmss keys: - in ssh-agent we need

to delay the call to shield until we have received key specific options. -
when serializing xmss keys for shield we

upstream: fix shield/unshield for xmss keys: - in ssh-agent we need

to delay the call to shield until we have received key specific options. -
when serializing xmss keys for shield we need to deal with all optional
components (e.g. state might not be loaded). ok djm@

OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f

show more ...


# 1e0b248d 14-Nov-2019 Darren Tucker

Put sshsk_sign call inside ifdef ENABLE_SK.

Fixes build against OpenSSL configured without ECC.


# 2c55744a 12-Nov-2019 markus@openbsd.org

upstream: enable ed25519 support; ok djm

OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e


# fe05a36d 12-Nov-2019 markus@openbsd.org

upstream: implement sshsk_ed25519_inner_sig(); ok djm

OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910


# e03a29e6 12-Nov-2019 markus@openbsd.org

upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm

OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19


# 7c096c45 12-Nov-2019 markus@openbsd.org

upstream: implement ssh-ed25519-sk verification; ok djm@

OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6


# 03f9205f 31-Oct-2019 Damien Miller

conditionalise SK sign/verify on ENABLE_SK

Spotted by Darren and his faux-Vax


# 9a14c64c 31-Oct-2019 djm@openbsd.org

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign()

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c

show more ...


# 02bb0768 31-Oct-2019 djm@openbsd.org

upstream: Initial infrastructure for U2F/FIDO support

Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.

feedback

upstream: Initial infrastructure for U2F/FIDO support

Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.

feedback & ok markus@

OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7

show more ...


Revision tags: V_8_1_P1
# 29e0ecd9 08-Oct-2019 djm@openbsd.org

upstream: fix an unreachable integer overflow similar to the XMSS

case, and some other NULL dereferences found by fuzzing.

fix with and ok markus@

OpenBSD-Commit-ID: 0f81ad

upstream: fix an unreachable integer overflow similar to the XMSS

case, and some other NULL dereferences found by fuzzing.

fix with and ok markus@

OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b

show more ...


# 6a710d3e 08-Sep-2019 Damien Miller

needs time.h for --without-openssl


# 670104b9 06-Sep-2019 djm@openbsd.org

upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@

OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f


12345678