| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | U2F tokens may return FIDO_ERR_USER_PRESENCE_REQUIRED when probed to |   djm | 2019-11-15 | 1 | -0/+4 | |
| | | | | | | see if they own a key handle. Handle this case so the find_device() look can work for them. Reported by Michael Forney | |||||
| * | show the "please touch your security key" notifier when using the | djm | 2019-11-15 | 1 | -9/+15 | |
| | | | | | (default) build-in security key support. | |||||
| * | close the "touch your security key" notifier on the error path too | djm | 2019-11-15 | 1 | -2/+2 | |
| | | ||||||
| * | correct function name in debug message | djm | 2019-11-15 | 1 | -1/+1 | |
| | | ||||||
| * | follow existing askpass logic for security key notifier: fall back | djm | 2019-11-15 | 1 | -3/+4 | |
| | | | | | | to _PATH_SSH_ASKPASS_DEFAULT if no $SSH_ASKPASS environment variable is set. | |||||
| * | remove debugging goop that snuck in to last commit | djm | 2019-11-14 | 1 | -5/+5 | |
| | | ||||||
| * | directly support U2F/FIDO2 security keys in OpenSSH by linking | djm | 2019-11-14 | 20 | -41/+779 | |
| | | | | | | | against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging. | |||||
| * | in order to be able to figure out the number of signatures left on |   markus | 2019-11-13 | 1 | -1/+6 | |
| | | | | | | a shielded key, we need to transfer the number of signatures left from the private to the public key. ok djm@ | |||||
| * | fix check for sig_s; noted by qsa at qualys.com | markus | 2019-11-13 | 1 | -2/+2 | |
| | | ||||||
| * | When clients get denied by MaxStartups, send a noification prior to |   dtucker | 2019-11-13 | 1 | -1/+4 | |
| | | | | | | the SSH2 protocol banner according to RFC4253 section 4.2. ok djm@ deraadt@ markus@ | |||||
| * | fix shield/unshield for xmss keys: | markus | 2019-11-13 | 4 | -15/+64 | |
| | | | | | | | | | - in ssh-agent we need to delay the call to shield until we have received key specific options. - when serializing xmss keys for shield we need to deal with all optional components (e.g. state might not be loaded). ok djm@ | |||||
| * | remove size_t gl_pathc < 0 test, it is invalid. the return value from |   deraadt | 2019-11-13 | 1 | -3/+3 | |
| | | | | | | glob() is sufficient. discussed with djm | |||||
| * | stdarg.h required more broadly; ok djm | deraadt | 2019-11-13 | 11 | -11/+22 | |
| | | ||||||
| * | allow an empty attestation certificate returned by a security key | djm | 2019-11-12 | 1 | -2/+3 | |
| | | | | | | | | enrollment - these are possible for tokens that only offer self- attestation. This also needs support from the middleware. ok markus@ | |||||
| * | security keys typically need to be tapped/touched in order to perform | djm | 2019-11-12 | 3 | -6/+38 | |
| | | | | | | | | a signature operation. Notify the user when this is expected via the TTY (if available) or $SSH_ASKPASS if we can. ok markus@ | |||||
| * | pass SSH_ASKPASS_PROMPT hint to y/n key confirm too | djm | 2019-11-12 | 1 | -1/+2 | |
| | | ||||||
| * | dd API for performing one-shot notifications via tty or SSH_ASKPASS | djm | 2019-11-12 | 2 | -2/+91 | |
| | | ||||||
| * | add xvasprintf() | djm | 2019-11-12 | 2 | -8/+17 | |
| | | ||||||
| * | remove extra layer for ed25519 signature; ok djm@ | markus | 2019-11-12 | 3 | -45/+39 | |
| | | ||||||
| * | check sig_r and sig_s for ssh-sk keys; ok djm | markus | 2019-11-12 | 1 | -1/+13 | |
| | | ||||||
| * | enable ed25519 support; ok djm | markus | 2019-11-12 | 12 | -29/+197 | |
| | | ||||||
| * | update sk-api to version 2 for ed25519 support; ok djm | markus | 2019-11-12 | 3 | -14/+29 | |
| | | ||||||
| * | implement sshsk_ed25519_assemble(); ok djm | markus | 2019-11-12 | 2 | -8/+58 | |
| | | ||||||
| * | implement sshsk_ed25519_inner_sig(); ok djm | markus | 2019-11-12 | 3 | -9/+61 | |
| | | ||||||
| * | rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm | markus | 2019-11-12 | 4 | -11/+11 | |
| | | ||||||
| * | factor out sshsk_ecdsa_inner_sig(); ok djm@ | markus | 2019-11-12 | 1 | -20/+43 | |
| | | ||||||
| * | factor out sshsk_ecdsa_assemble(); ok djm@ | markus | 2019-11-12 | 1 | -37/+59 | |
| | | ||||||
| * | implement ssh-ed25519-sk verification; ok djm@ | markus | 2019-11-12 | 4 | -3/+143 | |
| | | ||||||
| * | skip demanding -fstack-protector-all on hppa. we never wrote a stack protector | deraadt | 2019-11-11 | 1 | -1/+3 | |
| | | | | | | for reverse-stack architectures, and i don't think anyone else did either. a warning per compiled file is just annoying. | |||||
| * | duplicate 'x' character in getopt(3) optstring | djm | 2019-11-08 | 1 | -2/+2 | |
| | | ||||||
| * | Fill in missing man page bits for U2F security key support: |   naddy | 2019-11-07 | 9 | -44/+177 | |
| | | | | | | | | | | | | Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@ | |||||
| * | fix miscellaneous text problems; ok djm@ | naddy | 2019-11-01 | 1 | -8/+8 | |
| | | ||||||
| * | fix a race condition in the SIGCHILD handler that could turn in | djm | 2019-11-01 | 1 | -4/+7 | |
| | | | | | to a kill(-1); bz3084, reported by Gao Rui, ok dtucker@ | |||||
| * | remove duplicate PUBKEY_DEFAULT_PK_ALG on !WITH_OPENSSL path | djm | 2019-11-01 | 1 | -5/+1 | |
| | | ||||||
| * | sort; |   jmc | 2019-11-01 | 1 | -6/+6 | |
| | | ||||||
| * | undo debugging bits that shouldn't have been committed | djm | 2019-10-31 | 1 | -3/+3 | |
| | | ||||||
| * | fix -Wshadow warning | djm | 2019-10-31 | 1 | -2/+2 | |
| | | ||||||
| * | Refactor signing - use sshkey_sign for everything, including the new | djm | 2019-10-31 | 20 | -86/+94 | |
| | | | | | | | | | | | | U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ | |||||
| * | ssh-agent support for U2F/FIDO keys | djm | 2019-10-31 | 8 | -35/+384 | |
| | | | | | feedback & ok markus@ | |||||
| * | ssh AddKeysToAgent support for U2F/FIDO keys | djm | 2019-10-31 | 1 | -3/+5 | |
| | | | | | feedback & ok markus@ | |||||
| * | ssh-add support for U2F/FIDO keys | djm | 2019-10-31 | 3 | -14/+40 | |
| | | ||||||
| * | add new agent key constraint for U2F/FIDO provider | djm | 2019-10-31 | 4 | -13/+28 | |
| | | | | | feedback & ok markus@ | |||||
| * | ssh client support for U2F/FIDO keys | djm | 2019-10-31 | 5 | -31/+123 | |
| | | ||||||
| * | Separate myproposal.h userauth pubkey types | djm | 2019-10-31 | 2 | -4/+27 | |
| | | | | | | | | U2F/FIDO keys are not supported for host authentication, so we need a separate list for user keys. feedback & ok markus@ | |||||
| * | ssh-keygen support for generating U2F/FIDO keys | djm | 2019-10-31 | 2 | -8/+37 | |
| | | ||||||
| * | U2F/FIDO middleware interface | djm | 2019-10-31 | 4 | -1/+490 | |
| | | | | | | | Supports enrolling (generating) keys and signatures. feedback & ok markus@ | |||||
| * | Initial infrastructure for U2F/FIDO support | djm | 2019-10-31 | 5 | -31/+381 | |
| | | | | | | | | Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ | |||||
| * | Protocol documentation for U2F/FIDO keys in OpenSSH | djm | 2019-10-31 | 1 | -0/+224 | |
| | | ||||||
| * | Signal handler cleanup: remove leftover support for unreliable signals | dtucker | 2019-10-29 | 2 | -7/+2 | |
| | | | | | and now-unneeded save and restore of errno. ok deraadt@ markus@ | |||||
| * | fixes from lucas; | jmc | 2019-10-22 | 1 | -4/+5 | |
| | | ||||||
 |
index : wireguard-openbsd | |
| WireGuard implementation for the OpenBSD kernel | Matt Dunwoodie |
| summaryrefslogtreecommitdiffstats |