Age | Commit message (Collapse) | Author |
|
libcrypto or libc SHA512 functions rather than calling ssh_digest_memory();
avoids many dependencies on ssh code that complicate standalone use of
ed25519, as we want to do in sk-dummy.so
OpenBSD-Commit-ID: 5a3c37593d3ba7add037b587cec44aaea088496d
|
|
djm
OpenBSD-Commit-ID: f9cdfb1d6dbb9887c4bf3bb25f9c7a94294c988d
|
|
djmc, and dtucker
OpenBSD-Commit-ID: a0b2aca2b67614dda3d6618ea097bf0610c35013
|
|
|
|
OpenBSD-Commit-ID: bd002ca1599b71331faca735ff5f6de29e32222e
|
|
|
|
|
|
from Michael Forney
OpenBSD-Commit-ID: fda95acb799bb160d15e205ee126117cf33da3a7
|
|
in many places for channel ids so the INT_MAX check still makes sense.
OpenBSD-Commit-ID: 532e4b644791b826956c3c61d6ac6da39bac84bf
|
|
|
|
cleanup handlers in child process; spotted via weird regress failures in
portable
OpenBSD-Commit-ID: 6902a9bb3987c7d347774444f7979b8a9ba7f412
|
|
and cast that were left over from the type conversion. Noted by
t-hashida@amiya.co.jp in bz#3098, ok markus@ djm@
OpenBSD-Commit-ID: 3ad105b6a905284e780b1fd7ff118e1c346e90b5
|
|
OpenBSD-Regress-ID: 367e06d5a260407619b4b113ea0bd7004a435474
|
|
markus@
This will allow us to test U2F/FIDO2 support in OpenSSH without
requiring real hardware.
ok markus@
OpenBSD-Regress-ID: 88b309464b8850c320cf7513f26d97ee1fdf9aae
|
|
OpenBSD-Commit-ID: a4c097364c75da320f1b291568db830fb1ee4883
|
|
OpenBSD-Commit-ID: a978896227118557505999ddefc1f4c839818b60
|
|
|
|
OpenBSD-Regress-ID: 2cdf2fcae9962ca4d711338f3ceec3c1391bdf95
|
|
OpenBSD-Regress-ID: 3ab578b0dbeb2aa6d9969b54a9c1bad329c0dcba
|
|
that was fixed in libcrypto/rsa/rsa_ameth.c r1.24.
ok dtucker inoguchi
OpenBSD-Regress-ID: c260edfac177daa8fcce90141587cf04a95c4f5f
|
|
OpenBSD-Commit-ID: 38fa7806c528a590d91ae560e67bd8b246c2d7a3
|
|
ok markus, feedback deraadt
OpenBSD-Commit-ID: 47640122b13f825e9c404ea99803b2372246579d
|
|
key. Most keys require a touch to authorize the operation.
OpenBSD-Commit-ID: 7fe8b23edbf33e1bb81741b9f25e9a63be5f6b68
|
|
security key keypair to request one that does not require a touch for each
authentication attempt. The default remains to require touch.
feedback deraadt; ok markus@
OpenBSD-Commit-ID: 887e7084b2e89c0c62d1598ac378aad8e434bcbd
|
|
a similar extension for certificates. This option disables the default
requirement that security key signatures attest that the user touched their
key to authorize them.
feedback deraadt, ok markus
OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
|
|
This directive has a single valid option "no-touch-required" that
causes sshd to skip checking whether user presence was tested before
a security key signature was made (usually by the user touching the
key).
ok markus@
OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de
|
|
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
|
|
OpenBSD-Commit-ID: 93488431bf02dde85a854429362695d2d43d9112
|
|
connect, not just readable. Prevents a timeout when the server doesn't
immediately send a banner (eg multiplexers like sslh) but is also slightly
quicker for other connections since, unlike ssh1, ssh2 doesn't specify
that the client should parse the server banner before sending its own.
Patch from mnissler@chromium.org, ok djm@
OpenBSD-Commit-ID: aba9cd8480d1d9dd31d0ca0422ea155c26c5df1d
|
|
Fixes warning for ECDSA_SIG_set0 on OpenSSL versions prior to 1.1.
|
|
better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne
NB. if you are depending on security keys (already?) then make sure you
update both your clients and servers.
OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
|
|
verification fails.
OpenBSD-Commit-ID: e6a30071e0518cac512f9e10be3dc3500e2003f3
|
|
happen. rethink needed...
OpenBSD-Commit-ID: fb0fede8123ea7f725fd65e00d49241c40bd3421
|
|
the main synopsis/usage; ok djm
OpenBSD-Commit-ID: f881ba253da015398ae8758d973e3390754869bc
|
|
SecurityKeyProvider; ok djm@
OpenBSD-Commit-ID: 76db507ebd336a573e1cd4146cc40019332c5799
|
|
OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff
|
|
WITH_OPENSSL; ok djm@
OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b
|
|
addition; ok djm@
OpenBSD-Commit-ID: a9545e1c273e506cf70e328cbb9d0129b6d62474
|
|
ok dtucker@
|
|
Remove ECC algorithms from the PUBKEY_DEFAULT_PK_ALG list when
compiling without ECC support in libcrypto.
|
|
"publicExponent" to "Exponent" so accept either. with djm.
OpenBSD-Regress-ID: b7e6c4bf700029a31c98be14600d4472fe0467e6
|
|
OpenBSD-Commit-ID: 066682b79333159cac04fcbe03ebd9c8dcc152a9
|
|
OpenBSD-Commit-ID: 7771bd77ee73f7116df37c734c41192943a73cee
|
|
OpenBSD-Commit-ID: 64c8cc6f5de2cdd0ee3a81c3a9dee8d862645996
|
|
OpenBSD-Commit-ID: cd365ee343934862286d0b011aa77fa739d2a945
|
|
jmc@
OpenBSD-Commit-ID: e281977e4a4f121f3470517cbd5e483eee37b818
|
|
prompted by jmc@
OpenBSD-Commit-ID: 076d386739ebe7336c2137e583bc7a5c9538a442
|
|
formats
OpenBSD-Commit-ID: 795a7c1c80315412e701bef90e31e376ea2f3c88
|
|
OpenBSD-Commit-ID: 4d4a0c13226a79f0080ce6cbe74f73b03ed8092e
|
|
missing curve name); spotted by Sebastian Kinne
OpenBSD-Commit-ID: 2a11340dc7ed16200342d384fb45ecd4fcce26e7
|