[openssh-commits] [openssh] branch master updated (1bcd1169 -> 3420e046)

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Nov 1 09:47:09 AEDT 2019 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  1bcd1169  Add implementation of localtime_r.
       new  f4fdcd2b  Missing unit test files
       new  57ecc106  upstream: Protocol documentation for U2F/FIDO keys in OpenSSH
       new  02bb0768  upstream: Initial infrastructure for U2F/FIDO support
       new  ed3467c1  upstream: U2F/FIDO middleware interface
       new  23f38c2d  upstream: ssh-keygen support for generating U2F/FIDO keys
       new  01a0670f  upstream: Separate myproposal.h userauth pubkey types
       new  884416bd  upstream: ssh client support for U2F/FIDO keys
       new  b9dd14d3  upstream: add new agent key constraint for U2F/FIDO provider
       new  486164d0  upstream: ssh-add support for U2F/FIDO keys
       new  eebec620  upstream: ssh AddKeysToAgent support for U2F/FIDO keys
       new  07da39f7  upstream: ssh-agent support for U2F/FIDO keys
       new  9a14c64c  upstream: Refactor signing - use sshkey_sign for everything,
       new  b923a90a  upstream: fix -Wshadow warning
       new  3420e046  depend

The 14 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 3420e0464bd0e8fedcfa5fd20ad37bdc740ad5b4
Author: Damien Miller <djm at mindrot.org>
Date:   Fri Nov 1 09:24:58 2019 +1100

    depend

commit b923a90abc7bccb11a513dc8b5c0f13a0ea9682c
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Oct 31 21:28:27 2019 +0000

    upstream: fix -Wshadow warning
    
    OpenBSD-Commit-ID: 3441eb04f872a00c2483c11a5f1570dfe775103c

commit 9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Oct 31 21:23:19 2019 +0000

    upstream: Refactor signing - use sshkey_sign for everything,
    
    including the new U2F signatures.
    
    Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
    sshkey_sign() like all other signature operations. This means that
    we need to add a provider argument to sshkey_sign(), so most of this
    change is mechanically adding that.
    
    Suggested by / ok markus@
    
    OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c

commit 07da39f71d36fb547749a5b16aa8892e621a7e4a
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Oct 31 21:22:01 2019 +0000

    upstream: ssh-agent support for U2F/FIDO keys
    
    feedback & ok markus@
    
    OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb

commit eebec620c9519c4839d781c4d5b6082152998f82
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Oct 31 21:20:38 2019 +0000

    upstream: ssh AddKeysToAgent support for U2F/FIDO keys
    
    feedback & ok markus@
    
    OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91

commit 486164d060314a7f8bca2a00f53be9e900c5e74d
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Oct 31 21:19:56 2019 +0000

    upstream: ssh-add support for U2F/FIDO keys
    
    OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644

commit b9dd14d3091e31fb836f69873d3aa622eb7b4a1c
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Oct 31 21:19:14 2019 +0000

    upstream: add new agent key constraint for U2F/FIDO provider
    
    feedback & ok markus@
    
    OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172

commit 884416bdb10468f1252e4d7c13d51b43dccba7f6
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Oct 31 21:18:28 2019 +0000

    upstream: ssh client support for U2F/FIDO keys
    
    OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc

commit 01a0670f69c5b86e471e033b92145d6c7cc77c58
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Oct 31 21:17:49 2019 +0000

    upstream: Separate myproposal.h userauth pubkey types
    
    U2F/FIDO keys are not supported for host authentication, so we need
    a separate list for user keys.
    
    feedback & ok markus@
    
    OpenBSD-Commit-ID: 7fe2e6ab85f9f2338866e5af8ca2d312abbf0429

commit 23f38c2d8cda3fad24e214e1f0133c42435b54ee
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Oct 31 21:17:09 2019 +0000

    upstream: ssh-keygen support for generating U2F/FIDO keys
    
    OpenBSD-Commit-ID: 6ce04f2b497ac9dd8c327f76f1e6c724fb1d1b37

commit ed3467c1e16b7396ff7fcf12d2769261512935ec
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Oct 31 21:16:20 2019 +0000

    upstream: U2F/FIDO middleware interface
    
    Supports enrolling (generating) keys and signatures.
    
    feedback & ok markus@
    
    OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592

commit 02bb0768a937e50bbb236efc2bbdddb1991b1c85
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Oct 31 21:15:14 2019 +0000

    upstream: Initial infrastructure for U2F/FIDO support
    
    Key library support: including allocation, marshalling public/private
    keys and certificates, signature validation.
    
    feedback & ok markus@
    
    OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7

commit 57ecc10628b04c384cbba2fbc87d38b74cd1199d
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Oct 31 21:14:17 2019 +0000

    upstream: Protocol documentation for U2F/FIDO keys in OpenSSH
    
    OpenBSD-Commit-ID: 8f3247317c2909870593aeb306dff848bc427915

commit f4fdcd2b7a2bbf5d8770d44565173ca5158d4dcb
Author: Damien Miller <djm at mindrot.org>
Date:   Fri Nov 1 08:36:16 2019 +1100

    Missing unit test files

Summary of changes:
 .depend                         |  13 +-
 Makefile.in                     |  16 +-
 PROTOCOL.u2f                    | 224 ++++++++++++++++++++++++
 authfd.c                        |  25 ++-
 authfd.h                        |   6 +-
 krl.c                           |   4 +-
 monitor.c                       |   4 +-
 monitor_wrap.c                  |   8 +-
 monitor_wrap.h                  |   4 +-
 myproposal.h                    |  25 ++-
 pathnames.h                     |   8 +-
 readconf.c                      |  17 +-
 readconf.h                      |   3 +-
 regress/unittests/misc/Makefile |  16 ++
 regress/unittests/misc/tests.c  |  79 +++++++++
 servconf.c                      |   6 +-
 sk-api.h                        |  63 +++++++
 ssh-add.1                       |  13 +-
 ssh-add.c                       |  37 ++--
 ssh-agent.1                     |  20 ++-
 ssh-agent.c                     | 219 +++++++++++++++++++++--
 ssh-ecdsa.c => ssh-ecdsa-sk.c   | 150 +++++++---------
 ssh-keygen.c                    |  57 ++++--
 ssh-keysign.c                   |   6 +-
 ssh-sk-helper.c                 | 143 +++++++++++++++
 ssh-sk.c                        | 377 ++++++++++++++++++++++++++++++++++++++++
 ssh-sk.h                        |  52 ++++++
 ssh.c                           |  18 +-
 ssh_api.c                       |   9 +-
 sshconnect.c                    |   8 +-
 sshconnect2.c                   | 102 ++++++++---
 sshd.c                          |   8 +-
 sshkey.c                        | 229 ++++++++++++++++++++----
 sshkey.h                        |  28 ++-
 sshsig.c                        |  21 +--
 sshsig.h                        |  11 +-
 36 files changed, 1764 insertions(+), 265 deletions(-)
 create mode 100644 PROTOCOL.u2f
 create mode 100644 regress/unittests/misc/Makefile
 create mode 100644 regress/unittests/misc/tests.c
 create mode 100644 sk-api.h
 copy ssh-ecdsa.c => ssh-ecdsa-sk.c (56%)
 create mode 100644 ssh-sk-helper.c
 create mode 100644 ssh-sk.c
 create mode 100644 ssh-sk.h

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list