Mailing List Archive

[openssh] branch master updated (d902d728 -> 97f9b6e6)
This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

from d902d728 Correct calculation of tv_nsec in poll().
new c74aa0eb upstream: ssh-keygen -Y find-principals was verifying key validity
new 97f9b6e6 upstream: avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 97f9b6e61316c97a32dad94b7a37daa9b5f6b836
Author: djm@openbsd.org <djm@openbsd.org>
Date: Thu Nov 18 21:11:01 2021 +0000

upstream: avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we

already did this for RSA keys). Avoids fatal errors for PKCS#11 libraries
that return empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364

OpenBSD-Commit-ID: 054d4dc1d6a99a2e6f8eebc48207b534057c154d

commit c74aa0eb73bd1edf79947d92d9c618fc3424c4a6
Author: djm@openbsd.org <djm@openbsd.org>
Date: Thu Nov 18 03:50:41 2021 +0000

upstream: ssh-keygen -Y find-principals was verifying key validity

when using ca certs but not with simple key lifetimes within the allowed
signers file.

Since it returns the first keys principal it finds this could
result in a principal with an expired key even though a valid
one is just below.

patch from Fabian Stelzer; feedback/ok djm markus

OpenBSD-Commit-ID: b108ed0a76b813226baf683ab468dc1cc79e0905

Summary of changes:
ssh-pkcs11.c | 9 +++---
sshsig.c | 101 +++++++++++++++++++++--------------------------------------
2 files changed, 41 insertions(+), 69 deletions(-)

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits