History log of /openssh-portable/sshsig.c (Results 1 - 16 of 16)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 5732d580 06-Mar-2020 markus@openbsd.org

upstream: do not leak oprincipals; ok djm

OpenBSD-Commit-ID: 4691d9387eab36f8fda48f5d8009756ed13a7c4c


# 46e5c4c8 06-Mar-2020 markus@openbsd.org

upstream: correct return code; ok djm

OpenBSD-Commit-ID: 319d09e3b7f4b2bc920c67244d9ff6426b744810


# 31c39e78 06-Mar-2020 markus@openbsd.org

upstream: principalsp is optional, pubkey required; ok djm

OpenBSD-Commit-ID: 2cc3ea5018c28ed97edaccd7f17d2cc796f01024


# 15be29e1 06-Mar-2020 markus@openbsd.org

upstream: sshsig: return correct error, fix null-deref; ok djm

OpenBSD-Commit-ID: 1d1af7cd538b8b23e621cf7ab84f11e7a923edcd


Revision tags: V_8_2_P1
# 72a8bea2 23-Jan-2020 djm@openbsd.org

upstream: ssh-keygen -Y find-principals fixes based on feedback

from Markus:

use "principals" instead of principal, as allowed_signers lines may list
multiple.

When the

upstream: ssh-keygen -Y find-principals fixes based on feedback

from Markus:

use "principals" instead of principal, as allowed_signers lines may list
multiple.

When the signing key is a certificate, emit only principals that match
the certificate principal list.

NB. the command -Y name changes: "find-principal" => "find-principals"

ok markus@

OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf

show more ...


# 56cffcc0 22-Jan-2020 djm@openbsd.org

upstream: add a new signature operations "find-principal" to look

up the principal associated with a signature from an allowed-signers file.
Work by Sebastian Kinne; ok dtucker@

upstream: add a new signature operations "find-principal" to look

up the principal associated with a signature from an allowed-signers file.
Work by Sebastian Kinne; ok dtucker@

OpenBSD-Commit-ID: 6f782cc7e18e38fcfafa62af53246a1dcfe74e5d

show more ...


# e2031b05 21-Jan-2020 djm@openbsd.org

upstream: factor out parsing of allowed-signers lines

OpenBSD-Commit-ID: 85ee6aeff608371826019ea85e55bfa87f79d06e


# b7e74ea0 24-Nov-2019 djm@openbsd.org

upstream: Add new structure for signature options

This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment,

upstream: Add new structure for signature options

This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.

with and ok markus@

OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49

show more ...


# 9a14c64c 31-Oct-2019 djm@openbsd.org

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign()

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c

show more ...


Revision tags: V_8_1_P1
# b5a89eec 02-Oct-2019 djm@openbsd.org

upstream: make signature format match PROTOCO

=?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?=
=?UTF-8?q?s=20Mikul=C4=97nas?=
MIME-Version: 1.0
Content

upstream: make signature format match PROTOCO

=?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?=
=?UTF-8?q?s=20Mikul=C4=97nas?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f

show more ...


# 69159afe 05-Sep-2019 djm@openbsd.org

upstream: memleak on error path; found by libfuzzer

OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7


# bab6feb0 05-Sep-2019 djm@openbsd.org

upstream: expose allowed_signers options parsing code in header for

fuzzing

rename to make more consistent with philosophically-similar auth
options parsing API.

OpenBS

upstream: expose allowed_signers options parsing code in header for

fuzzing

rename to make more consistent with philosophically-similar auth
options parsing API.

OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c

show more ...


# 0f44e595 03-Sep-2019 naddy@openbsd.org

upstream: repair typo and editing mishap

OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e


# 1a72c0dd 03-Sep-2019 Damien Miller

portability fixes for sshsig


# d637c4ae 03-Sep-2019 djm@openbsd.org

upstream: sshsig tweaks and improvements from and suggested by

Markus

ok markus/me

OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9


# 2a9c9f72 03-Sep-2019 djm@openbsd.org

upstream: sshsig: lightweight signature and verification ability

for OpenSSH

This adds a simple manual signature scheme to OpenSSH.
Signatures can be made and verified using ssh

upstream: sshsig: lightweight signature and verification ability

for OpenSSH

This adds a simple manual signature scheme to OpenSSH.
Signatures can be made and verified using ssh-keygen -Y sign|verify

Signatures embed the key used to make them. At verification time, this
is matched via principal name against an authorized_keys-like list
of allowed signers.

Mostly by Sebastian Kinne w/ some tweaks by me

ok markus@

OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb

show more ...