| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
ok miod@ millert@
OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
|
|
|
|
|
|
| |
feedback/ok markus@
OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
|
|
|
|
|
|
| |
feedback/ok markus@
OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
|
|
|
|
|
|
| |
feedback/ok markus@
OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
|
|
|
|
|
|
| |
feedback/ok markus@
OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
|
|
|
|
|
|
| |
feedback/ok markus@
OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
|
|
|
|
|
|
| |
feedback/ok markus@
OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
|
|
|
|
|
|
| |
feedback/ok markus@
OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
|
|
|
|
|
|
| |
feedback/ok markus@
OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
|
|
|
|
|
|
|
|
|
|
|
| |
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.
lots of feedback + ok markus@
OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
|
|
|
|
| |
OpenBSD-Commit-ID: 5268479000fd97bfa30ab819f3517139daa054a2
|
|
|
|
|
|
|
|
| |
webauthn is a standard for using FIDO keys in web browsers. webauthn
signatures are a slightly different format to plain FIDO signatures - this
support allows verification of these. Feedback and ok markus@
OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
|
|
|
|
|
|
| |
support for FIDO webauthn signature verification support; ok markus@
OpenBSD-Commit-ID: c9f478fd8e0c1bd17e511ce8694f010d8e32043e
|
|
|
|
|
| |
This fixes the following when there are no openssl headers on the system:
ssh-ecdsa-sk.c:34:10: fatal error: 'openssl/bn.h' file not found
|
|
|
|
| |
Fixes build when linking against OpenSSLs built with no-ec.
|
|
|
|
|
|
|
|
|
|
|
| |
The ssh-sk-helper client API gives us a nice place to disable
security key support when it is wasn't enabled at compile time,
so we don't need to check everywere.
Also, verification of security key signatures can remain enabled
all the time - it has no additional dependencies. So sshd can
accept security key pubkeys in authorized_keys, etc regardless of
the host's support for dlopen, etc.
|
|
|
|
| |
OpenBSD-Commit-ID: a978896227118557505999ddefc1f4c839818b60
|
|
|
|
|
|
|
|
|
|
|
| |
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
|
|
|
|
| |
OpenBSD-Commit-ID: 93488431bf02dde85a854429362695d2d43d9112
|
|
|
|
| |
Fixes warning for ECDSA_SIG_set0 on OpenSSL versions prior to 1.1.
|
|
|
|
|
|
|
|
|
| |
better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne
NB. if you are depending on security keys (already?) then make sure you
update both your clients and servers.
OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
|
|
|
|
|
| |
Mostly following existing logic for PKCS#11 - turning off support
when either libcrypto or dlopen(3) are unavailable.
|
|
Key library support: including allocation, marshalling public/private
keys and certificates, signature validation.
feedback & ok markus@
OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
|