openssh.git -

Age	Commit message (Collapse)	Author
2020-03-13	upstream: do not leak oprincipals; ok djm	markus@openbsd.org
	OpenBSD-Commit-ID: 4691d9387eab36f8fda48f5d8009756ed13a7c4c
2020-03-13	upstream: correct return code; ok djm	markus@openbsd.org
	OpenBSD-Commit-ID: 319d09e3b7f4b2bc920c67244d9ff6426b744810
2020-03-13	upstream: principalsp is optional, pubkey required; ok djm	markus@openbsd.org
	OpenBSD-Commit-ID: 2cc3ea5018c28ed97edaccd7f17d2cc796f01024
2020-03-13	upstream: sshsig: return correct error, fix null-deref; ok djm	markus@openbsd.org
	OpenBSD-Commit-ID: 1d1af7cd538b8b23e621cf7ab84f11e7a923edcd
2020-01-25	upstream: ssh-keygen -Y find-principals fixes based on feedback	djm@openbsd.org
	from Markus: use "principals" instead of principal, as allowed_signers lines may list multiple. When the signing key is a certificate, emit only principals that match the certificate principal list. NB. the command -Y name changes: "find-principal" => "find-principals" ok markus@ OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf
2020-01-23	upstream: add a new signature operations "find-principal" to look	djm@openbsd.org
	up the principal associated with a signature from an allowed-signers file. Work by Sebastian Kinne; ok dtucker@ OpenBSD-Commit-ID: 6f782cc7e18e38fcfafa62af53246a1dcfe74e5d
2020-01-22	upstream: factor out parsing of allowed-signers lines	djm@openbsd.org
	OpenBSD-Commit-ID: 85ee6aeff608371826019ea85e55bfa87f79d06e
2019-11-25	upstream: Add new structure for signature options	djm@openbsd.org
	This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
2019-11-01	upstream: Refactor signing - use sshkey_sign for everything,	djm@openbsd.org
	including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
2019-10-02	upstream: make signature format match PROTOCO	djm@openbsd.org
	=?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?= =?UTF-8?q?s=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f
2019-09-05	upstream: memleak on error path; found by libfuzzer	djm@openbsd.org
	OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7
2019-09-05	upstream: expose allowed_signers options parsing code in header for	djm@openbsd.org
	fuzzing rename to make more consistent with philosophically-similar auth options parsing API. OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
2019-09-05	upstream: repair typo and editing mishap	naddy@openbsd.org
	OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e
2019-09-03	portability fixes for sshsig	Damien Miller

2019-09-03	upstream: sshsig tweaks and improvements from and suggested by	djm@openbsd.org
	Markus ok markus/me OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9
2019-09-03	upstream: sshsig: lightweight signature and verification ability	djm@openbsd.org
	for OpenSSH This adds a simple manual signature scheme to OpenSSH. Signatures can be made and verified using ssh-keygen -Y sign\|verify Signatures embed the key used to make them. At verification time, this is matched via principal name against an authorized_keys-like list of allowed signers. Mostly by Sebastian Kinne w/ some tweaks by me ok markus@ OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb