Commit Graph

8 Commits

Author SHA1 Message Date
djm@openbsd.org 9a14c64c38 upstream: Refactor signing - use sshkey_sign for everything,
including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
2019-11-01 09:46:10 +11:00
djm@openbsd.org b5a89eec41 upstream: make signature format match PROTOCO
=?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?=
=?UTF-8?q?s=20Mikul=C4=97nas?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f
2019-10-02 18:08:17 +10:00
djm@openbsd.org 69159afe24 upstream: memleak on error path; found by libfuzzer
OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7
2019-09-05 15:44:19 +10:00
djm@openbsd.org bab6feb01f upstream: expose allowed_signers options parsing code in header for
fuzzing

rename to make more consistent with philosophically-similar auth
options parsing API.

OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
2019-09-05 14:56:51 +10:00
naddy@openbsd.org 0f44e5956c upstream: repair typo and editing mishap
OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e
2019-09-05 14:56:51 +10:00
Damien Miller 1a72c0dd89 portability fixes for sshsig 2019-09-03 18:44:10 +10:00
djm@openbsd.org d637c4aee6 upstream: sshsig tweaks and improvements from and suggested by
Markus

ok markus/me

OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9
2019-09-03 18:40:24 +10:00
djm@openbsd.org 2a9c9f7272 upstream: sshsig: lightweight signature and verification ability
for OpenSSH

This adds a simple manual signature scheme to OpenSSH.
Signatures can be made and verified using ssh-keygen -Y sign|verify

Signatures embed the key used to make them. At verification time, this
is matched via principal name against an authorized_keys-like list
of allowed signers.

Mostly by Sebastian Kinne w/ some tweaks by me

ok markus@

OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb
2019-09-03 18:40:23 +10:00