History log of /openssh-portable/ssh-add.c (Results 1 – 25 of 173)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: V_8_6_P1
# 31d8d231 03-Apr-2021 djm@openbsd.org

upstream: highly polished whitespace, mostly fixing spaces-for-tab

and bad indentation on continuation lines. Prompted by GHPR#185

OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9


Revision tags: V_8_5_P1
# 6d30673f 10-Jan-2021 dtucker@openbsd.org

upstream: Change convtime() from returning long to returning int.

On platforms where sizeof(int) != sizeof(long), convtime could accept values
>MAX_INT which subsequently truncate when stored in an

upstream: Change convtime() from returning long to returning int.

On platforms where sizeof(int) != sizeof(long), convtime could accept values
>MAX_INT which subsequently truncate when stored in an int during config
parsing. bz#3250, ok djm@

OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31

show more ...


# 816036f1 18-Oct-2020 djm@openbsd.org

upstream: use the new variant log macros instead of prepending

__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8


Revision tags: V_8_4_P1
# 785f0f31 31-Aug-2020 djm@openbsd.org

upstream: refuse to add verify-required (PINful) FIDO keys to

ssh-agent until the agent supports them properly

OpenBSD-Commit-ID: 125bd55a8df32c87c3ec33c6ebe437673a3d037e


# fe2ec0b9 26-Jun-2020 djm@openbsd.org

upstream: allow "ssh-add -d -" to read keys to be deleted from

stdin bz#3180; ok dtucker@

OpenBSD-Commit-ID: 15c7f10289511eb19fce7905c9cae8954e3857ff


Revision tags: V_8_3_P1
# d8ac9af6 15-Mar-2020 dtucker@openbsd.org

upstream: Cast lifetime to u_long for comparison to prevent unsigned

comparison warning on 32bit arches. Spotted by deraadt, ok djm.

OpenBSD-Commit-ID: 7a75b2540bff5ab4fa00b4d595db1df13bb0515a


# d5ba1c03 26-Feb-2020 jsg@openbsd.org

upstream: change explicit_bzero();free() to freezero()

While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised s

upstream: change explicit_bzero();free() to freezero()

While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.

ok deraadt@ djm@

OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a

show more ...


# 264a9662 18-Feb-2020 dtucker@openbsd.org

upstream: Ensure that the key lifetime provided fits within the

values allowed by the wire format (u32). Prevents integer wraparound of the
timeout values. bz#3119, ok markus@ djm@

OpenBSD-Commit-I

upstream: Ensure that the key lifetime provided fits within the

values allowed by the wire format (u32). Prevents integer wraparound of the
timeout values. bz#3119, ok markus@ djm@

OpenBSD-Commit-ID: 8afe6038b5cdfcf63360788f012a7ad81acc46a2

show more ...


Revision tags: V_8_2_P1
# a47f6a6c 06-Feb-2020 naddy@openbsd.org

upstream: Replace "security key" with "authenticator" in program

messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-

upstream: Replace "security key" with "authenticator" in program

messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".

ok djm@

OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e

show more ...


# 99aa8035 25-Jan-2020 djm@openbsd.org

upstream: factor out reading/writing sshbufs to dedicated

functions; feedback and ok markus@

OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d


# e8c06c4e 17-Jan-2020 naddy@openbsd.org

upstream: Document loading of resident keys from a FIDO

authenticator.

* Rename -O to -K to keep "-O option" available.
* Document -K.
* Trim usage() message down to synopsis, like all other comman

upstream: Document loading of resident keys from a FIDO

authenticator.

* Rename -O to -K to keep "-O option" available.
* Document -K.
* Trim usage() message down to synopsis, like all other commands.

ok markus@

OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a

show more ...


# c312ca07 05-Jan-2020 djm@openbsd.org

upstream: Extends the SK API to accept a set of key/value options

for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without

upstream: Extends the SK API to accept a set of key/value options

for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to change
the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc

show more ...


# 79fe22d9 30-Dec-2019 djm@openbsd.org

upstream: implement loading resident keys in ssh-add

"ssh-add -O" will load resident keys from a FIDO2 token and add them
to a ssh-agent.

feedback and ok markus@

OpenBSD-Commit-ID: 608104ae957a7d6

upstream: implement loading resident keys in ssh-add

"ssh-add -O" will load resident keys from a FIDO2 token and add them
to a ssh-agent.

feedback and ok markus@

OpenBSD-Commit-ID: 608104ae957a7d65cb84e0a3a26c8f60e0df3290

show more ...


# b7e74ea0 24-Nov-2019 djm@openbsd.org

upstream: Add new structure for signature options

This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only u

upstream: Add new structure for signature options

This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.

with and ok markus@

OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49

show more ...


# 189550f5 18-Nov-2019 naddy@openbsd.org

upstream: additional missing stdarg.h includes when built without

WITH_OPENSSL; ok djm@

OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b


# 6bff9521 14-Nov-2019 djm@openbsd.org

upstream: directly support U2F/FIDO2 security keys in OpenSSH by

linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. fo

upstream: directly support U2F/FIDO2 security keys in OpenSSH by

linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
and test/debugging.

OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069

show more ...


# 2c55744a 12-Nov-2019 markus@openbsd.org

upstream: enable ed25519 support; ok djm

OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e


# 486164d0 31-Oct-2019 djm@openbsd.org

upstream: ssh-add support for U2F/FIDO keys

OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644


# b9dd14d3 31-Oct-2019 djm@openbsd.org

upstream: add new agent key constraint for U2F/FIDO provider

feedback & ok markus@

OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172


Revision tags: V_8_1_P1
# 670104b9 06-Sep-2019 djm@openbsd.org

upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@

OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f


# 4d28fa78 28-Jun-2019 deraadt@openbsd.org

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and le

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075

show more ...


# 0323d9b6 06-Jun-2019 otto@openbsd.org

upstream: Replace calls to ssh_malloc_init() by a static init of

malloc_options. Prepares for changes in the way malloc is initialized. ok
guenther@ dtucker@

OpenBSD-Commit-ID: 154f4e3e174f614b09f

upstream: Replace calls to ssh_malloc_init() by a static init of

malloc_options. Prepares for changes in the way malloc is initialized. ok
guenther@ dtucker@

OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b

show more ...


Revision tags: V_8_0_P1
# c7670b09 21-Jan-2019 djm@openbsd.org

upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up

debug verbosity.

Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
in debug mode ("ssh-agent -d"), so we get t

upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up

debug verbosity.

Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
in debug mode ("ssh-agent -d"), so we get to see errors from the
PKCS#11 code.

ok markus@

OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d

show more ...


# aa22c20e 20-Jan-2019 djm@openbsd.org

upstream: add option to test whether keys in an agent are usable,

by performing a signature and a verification using each key "ssh-add -T
pubkey [...]"

work by markus@, ok djm@

OpenBSD-Commit-ID:

upstream: add option to test whether keys in an agent are usable,

by performing a signature and a verification using each key "ssh-add -T
pubkey [...]"

work by markus@, ok djm@

OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b

show more ...


# 42c5ec4b 22-Nov-2018 Damien Miller

refactor libcrypto initialisation

Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng()

refactor libcrypto initialisation

Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().

Prompted by patch from Rosen Penev

show more ...


1234567