[openssh-commits] [openssh] branch master updated (e2c0a21a -> 664deef9)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Nov 25 12:25:59 AEDT 2019 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  e2c0a21a  upstream: Wait for FD to be readable or writeable during a nonblocking
       new  d2b0f881  upstream: memleak in error path
       new  b7e74ea0  upstream: Add new structure for signature options
       new  0fddf296  upstream: Add a sshd_config PubkeyAuthOptions directive
       new  2e71263b  upstream: add a "no-touch-required" option for authorized_keys and
       new  daeaf413  upstream: allow "ssh-keygen -x no-touch-required" when generating a
       new  26cb128b  upstream: Print a key touch reminder when generating a security
       new  664deef9  upstream: document the "no-touch-required" certificate extension;

The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 664deef95a2e770812533439b8bdd3f3c291ae59
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Nov 25 00:57:51 2019 +0000

    upstream: document the "no-touch-required" certificate extension;
    
    ok markus, feedback deraadt
    
    OpenBSD-Commit-ID: 47640122b13f825e9c404ea99803b2372246579d

commit 26cb128b31efdd5395153f4943f5be3eddc07033
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Nov 25 00:57:27 2019 +0000

    upstream: Print a key touch reminder when generating a security
    
    key. Most keys require a touch to authorize the operation.
    
    OpenBSD-Commit-ID: 7fe8b23edbf33e1bb81741b9f25e9a63be5f6b68

commit daeaf4136927c2a82af1399022103d67ff03f74a
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Nov 25 00:55:58 2019 +0000

    upstream: allow "ssh-keygen -x no-touch-required" when generating a
    
    security key keypair to request one that does not require a touch for each
    authentication attempt. The default remains to require touch.
    
    feedback deraadt; ok markus@
    
    OpenBSD-Commit-ID: 887e7084b2e89c0c62d1598ac378aad8e434bcbd

commit 2e71263b80fec7ad977e098004fef7d122169d40
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Nov 25 00:54:23 2019 +0000

    upstream: add a "no-touch-required" option for authorized_keys and
    
    a similar extension for certificates. This option disables the default
    requirement that security key signatures attest that the user touched their
    key to authorize them.
    
    feedback deraadt, ok markus
    
    OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e

commit 0fddf2967ac51d518e300408a0d7e6adf4cd2634
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Nov 25 00:52:46 2019 +0000

    upstream: Add a sshd_config PubkeyAuthOptions directive
    
    This directive has a single valid option "no-touch-required" that
    causes sshd to skip checking whether user presence was tested before
    a security key signature was made (usually by the user touching the
    key).
    
    ok markus@
    
    OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de

commit b7e74ea072919b31391bc0f5ff653f80b9f5e84f
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Nov 25 00:51:37 2019 +0000

    upstream: Add new structure for signature options
    
    This is populated during signature verification with additional fields
    that are present in and covered by the signature. At the moment, it is
    only used to record security key-specific options, especially the flags
    field.
    
    with and ok markus@
    
    OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49

commit d2b0f88178ec9e3f11b606bf1004ac2fe541a2c3
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Nov 25 00:38:17 2019 +0000

    upstream: memleak in error path
    
    OpenBSD-Commit-ID: 93488431bf02dde85a854429362695d2d43d9112

Summary of changes:
 PROTOCOL.certkeys |  9 ++++++-
 auth-options.c    | 38 +++++++++++++++++++---------
 auth-options.h    |  5 +++-
 auth.c            |  7 ++---
 auth2-hostbased.c |  4 +--
 auth2-pubkey.c    | 30 +++++++++++++++++++---
 clientloop.c      |  5 ++--
 kexgen.c          |  4 +--
 kexgexc.c         |  4 +--
 krl.c             |  4 +--
 monitor.c         | 76 ++++++++++++++++++++++++++++++++++++-------------------
 monitor_wrap.c    | 23 ++++++++++++++---
 monitor_wrap.h    |  5 ++--
 servconf.c        | 33 ++++++++++++++++++++++--
 servconf.h        |  6 ++++-
 ssh-add.c         |  4 +--
 ssh-ecdsa-sk.c    | 27 ++++++++++++++++----
 ssh-ed25519-sk.c  | 20 +++++++++++++--
 ssh-keygen.1      | 21 +++++++++++++--
 ssh-keygen.c      | 67 ++++++++++++++++++++++++++++++++----------------
 sshd.8            | 13 ++++++++--
 sshd_config.5     | 27 ++++++++++++++++++--
 sshkey.c          | 19 ++++++++++----
 sshkey.h          | 18 ++++++++++---
 sshsig.c          | 22 ++++++++++------
 sshsig.h          |  6 +++--
 26 files changed, 376 insertions(+), 121 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list