[openssh-commits] [openssh] branch master updated (de37ca90 -> d70d0618)
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Sep 12 16:52:11 AEST 2018
This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch master
in repository openssh.
from de37ca90 upstream: Add FALLTHROUGH comments where appropriate. Patch from
new 50e2687e upstream: log certificate fingerprint in authentication
new 9405c621 upstream: allow key revocation by SHA256 hash and allow ssh-keygen
new 357128ac upstream: Add "ssh -Q sig" to allow listing supported signature
new a70fd4ad upstream: add cert->signature_type field and keep it in sync with
new ba9e7883 upstream: add sshkey_check_cert_sigtype() that checks a
new 4cc259ba upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of
new f0fcd7e6 upstream: fix edit mistake; spotted by jmc@
new 41c115a5 delete the correct thing; kexfuzz binary
new 2de78bc7 upstream: s/sshkey_demote/sshkey_from_private/g
new f803b268 upstream: test revocation by explicit hash and by fingerprint
new d70d0618 upstream: Include certs with multiple RSA signature variants in
The 11 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit d70d061828730a56636ab6f1f24fe4a8ccefcfc1
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Sep 12 01:36:45 2018 +0000
upstream: Include certs with multiple RSA signature variants in
test data Ensure that cert->signature_key is populated correctly
OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a
commit f803b2682992cfededd40c91818b653b5d923ef5
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Sep 12 01:23:48 2018 +0000
upstream: test revocation by explicit hash and by fingerprint
OpenBSD-Regress-ID: 079c18a9ab9663f4af419327c759fc1e2bc78fd8
commit 2de78bc7da70e1338b32feeefcc6045cf49efcd4
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Sep 12 01:22:43 2018 +0000
upstream: s/sshkey_demote/sshkey_from_private/g
OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4
commit 41c115a5ea1cb79a6a3182773c58a23f760e8076
Author: Damien Miller <djm at mindrot.org>
Date: Wed Sep 12 16:50:01 2018 +1000
delete the correct thing; kexfuzz binary
commit f0fcd7e65087db8c2496f13ed39d772f8e38b088
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Sep 12 06:18:59 2018 +0000
upstream: fix edit mistake; spotted by jmc@
OpenBSD-Commit-ID: dd724e1c52c9d6084f4cd260ec7e1b2b138261c6
commit 4cc259bac699f4d2a5c52b92230f9e488c88a223
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Sep 12 01:34:02 2018 +0000
upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of
signature algorithms that are allowed for CA signatures. Notably excludes
ssh-dsa.
ok markus@
OpenBSD-Commit-ID: 1628e4181dc8ab71909378eafe5d06159a22deb4
commit ba9e788315b1f6a350f910cb2a9e95b2ce584e89
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Sep 12 01:32:54 2018 +0000
upstream: add sshkey_check_cert_sigtype() that checks a
cert->signature_type against a supplied whitelist; ok markus
OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
commit a70fd4ad7bd9f2ed223ff635a3d41e483057f23b
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Sep 12 01:31:30 2018 +0000
upstream: add cert->signature_type field and keep it in sync with
certificate signature wrt loading and certification operations; ok markus@
OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3
commit 357128ac48630a9970e3af0e6ff820300a28da47
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Sep 12 01:30:10 2018 +0000
upstream: Add "ssh -Q sig" to allow listing supported signature
algorithms ok markus@
OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b
commit 9405c6214f667be604a820c6823b27d0ea77937d
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Sep 12 01:21:34 2018 +0000
upstream: allow key revocation by SHA256 hash and allow ssh-keygen
to create KRLs using SHA256/base64 key fingerprints; ok markus@
OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
commit 50e2687ee0941c0ea216d6ffea370ffd2c1f14b9
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Sep 12 01:19:12 2018 +0000
upstream: log certificate fingerprint in authentication
success/failure message (previously we logged only key ID and CA key
fingerprint).
ok markus@
OpenBSD-Commit-ID: a8ef2d172b7f1ddbcce26d6434b2de6d94f6c05d
Summary of changes:
Makefile.in | 2 +-
PROTOCOL.krl | 16 +--
auth.c | 22 ++--
krl.c | 126 ++++++++++++++++-----
krl.h | 6 +-
myproposal.h | 14 ++-
regress/krl.sh | 49 +++++---
regress/unittests/sshkey/test_sshkey.c | 10 +-
.../sshkey/testdata/{rsa_1 => rsa_1_sha1} | 0
.../unittests/sshkey/testdata/rsa_1_sha1-cert.pub | 1 +
.../sshkey/testdata/{rsa_1.pub => rsa_1_sha1.pub} | 0
.../sshkey/testdata/{rsa_1 => rsa_1_sha512} | 0
.../sshkey/testdata/rsa_1_sha512-cert.pub | 1 +
.../testdata/{rsa_1.pub => rsa_1_sha512.pub} | 0
ssh-keygen.1 | 19 +++-
ssh-keygen.c | 75 ++++++++++--
ssh.1 | 14 ++-
ssh.c | 11 +-
sshkey.c | 114 ++++++++++++++-----
sshkey.h | 4 +-
20 files changed, 371 insertions(+), 113 deletions(-)
copy regress/unittests/sshkey/testdata/{rsa_1 => rsa_1_sha1} (100%)
create mode 100644 regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub
copy regress/unittests/sshkey/testdata/{rsa_1.pub => rsa_1_sha1.pub} (100%)
copy regress/unittests/sshkey/testdata/{rsa_1 => rsa_1_sha512} (100%)
create mode 100644 regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub
copy regress/unittests/sshkey/testdata/{rsa_1.pub => rsa_1_sha512.pub} (100%)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list