delta/openssh-git.git - anongit.mindrot.org: openssh.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	upstream: some clarifying comments	djm@openbsd.org	2020-06-26	1	-2/+9
\| \| \| \|	OpenBSD-Commit-ID: 5268479000fd97bfa30ab819f3517139daa054a2
*	upstream: Add support for FIDO webauthn (verification only).	djm@openbsd.org	2020-06-22	1	-9/+115
\| \| \| \| \| \| \| \|	webauthn is a standard for using FIDO keys in web browsers. webauthn signatures are a slightly different format to plain FIDO signatures - this support allows verification of these. Feedback and ok markus@ OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
*	upstream: refactor ECDSA-SK verification a little ahead of adding	djm@openbsd.org	2020-06-22	1	-21/+23
\| \| \| \| \| \|	support for FIDO webauthn signature verification support; ok markus@ OpenBSD-Commit-ID: c9f478fd8e0c1bd17e511ce8694f010d8e32043e
*	Fix building without openssl.	Ruben Kerkhof	2020-01-20	1	-0/+2
\| \| \| \| \|	This fixes the following when there are no openssl headers on the system: ssh-ecdsa-sk.c:34:10: fatal error: 'openssl/bn.h' file not found
*	Put SK ECDSA bits inside ifdef OPENSSL_HAS_ECC.	Darren Tucker	2019-12-15	1	-0/+4
\| \| \| \|	Fixes build when linking against OpenSSLs built with no-ec.
*	remove a bunch of ENABLE_SK #ifdefs	Damien Miller	2019-12-14	1	-3/+0
\| \| \| \| \| \| \| \| \| \| \|	The ssh-sk-helper client API gives us a nice place to disable security key support when it is wasn't enabled at compile time, so we don't need to check everywere. Also, verification of security key signatures can remain enabled all the time - it has no additional dependencies. So sshd can accept security key pubkeys in authorized_keys, etc regardless of the host's support for dlopen, etc.
*	upstream: more debugging; behind DEBUG_SK	djm@openbsd.org	2019-11-27	1	-1/+5
\| \| \| \|	OpenBSD-Commit-ID: a978896227118557505999ddefc1f4c839818b60
*	upstream: Add new structure for signature options	djm@openbsd.org	2019-11-25	1	-3/+18
\| \| \| \| \| \| \| \| \| \| \|	This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
*	upstream: memleak in error path	djm@openbsd.org	2019-11-25	1	-3/+5
\| \| \| \|	OpenBSD-Commit-ID: 93488431bf02dde85a854429362695d2d43d9112
*	Include openssl compat header.	Darren Tucker	2019-11-20	1	-0/+2
\| \| \| \|	Fixes warning for ECDSA_SIG_set0 on OpenSSL versions prior to 1.1.
*	upstream: adjust on-wire signature encoding for ecdsa-sk keys to	djm@openbsd.org	2019-11-20	1	-5/+5
\| \| \| \| \| \| \| \| \|	better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne NB. if you are depending on security keys (already?) then make sure you update both your clients and servers. OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
*	autoconf pieces for U2F support	Damien Miller	2019-11-01	1	-0/+3
\| \| \| \| \|	Mostly following existing logic for PKCS#11 - turning off support when either libcrypto or dlopen(3) are unavailable.
*	upstream: Initial infrastructure for U2F/FIDO support	djm@openbsd.org	2019-11-01	1	-0/+180
	Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7