History log of /openssh-portable/ssh-add.c (Results 1 - 25 of 315)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# d8ac9af6 15-Mar-2020 dtucker@openbsd.org

upstream: Cast lifetime to u_long for comparison to prevent unsigned

comparison warning on 32bit arches. Spotted by deraadt, ok djm.

OpenBSD-Commit-ID: 7a75b2540bff5ab4fa00b4d595db

upstream: Cast lifetime to u_long for comparison to prevent unsigned

comparison warning on 32bit arches. Spotted by deraadt, ok djm.

OpenBSD-Commit-ID: 7a75b2540bff5ab4fa00b4d595db1df13bb0515a

show more ...


# d5ba1c03 26-Feb-2020 jsg@openbsd.org

upstream: change explicit_bzero();free() to freezero()

While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an

upstream: change explicit_bzero();free() to freezero()

While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.

ok deraadt@ djm@

OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a

show more ...


# 264a9662 18-Feb-2020 dtucker@openbsd.org

upstream: Ensure that the key lifetime provided fits within the

values allowed by the wire format (u32). Prevents integer wraparound of the
timeout values. bz#3119, ok markus@ djm@

upstream: Ensure that the key lifetime provided fits within the

values allowed by the wire format (u32). Prevents integer wraparound of the
timeout values. bz#3119, ok markus@ djm@

OpenBSD-Commit-ID: 8afe6038b5cdfcf63360788f012a7ad81acc46a2

show more ...


Revision tags: V_8_2_P1
# a47f6a6c 06-Feb-2020 naddy@openbsd.org

upstream: Replace "security key" with "authenticator" in program

messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator"

upstream: Replace "security key" with "authenticator" in program

messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".

ok djm@

OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e

show more ...


# 99aa8035 25-Jan-2020 djm@openbsd.org

upstream: factor out reading/writing sshbufs to dedicated

functions; feedback and ok markus@

OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d


# e8c06c4e 17-Jan-2020 naddy@openbsd.org

upstream: Document loading of resident keys from a FIDO

authenticator.

* Rename -O to -K to keep "-O option" available.
* Document -K.
* Trim usage() message down to synopsi

upstream: Document loading of resident keys from a FIDO

authenticator.

* Rename -O to -K to keep "-O option" available.
* Document -K.
* Trim usage() message down to synopsis, like all other commands.

ok markus@

OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a

show more ...


# c312ca07 05-Jan-2020 djm@openbsd.org

upstream: Extends the SK API to accept a set of key/value options

for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields

upstream: Extends the SK API to accept a set of key/value options

for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to change
the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc

show more ...


# 79fe22d9 30-Dec-2019 djm@openbsd.org

upstream: implement loading resident keys in ssh-add

"ssh-add -O" will load resident keys from a FIDO2 token and add them
to a ssh-agent.

feedback and ok markus@

OpenBS

upstream: implement loading resident keys in ssh-add

"ssh-add -O" will load resident keys from a FIDO2 token and add them
to a ssh-agent.

feedback and ok markus@

OpenBSD-Commit-ID: 608104ae957a7d65cb84e0a3a26c8f60e0df3290

show more ...


# b7e74ea0 24-Nov-2019 djm@openbsd.org

upstream: Add new structure for signature options

This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment,

upstream: Add new structure for signature options

This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.

with and ok markus@

OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49

show more ...


# 189550f5 18-Nov-2019 naddy@openbsd.org

upstream: additional missing stdarg.h includes when built without

WITH_OPENSSL; ok djm@

OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b


# 6bff9521 14-Nov-2019 djm@openbsd.org

upstream: directly support U2F/FIDO2 security keys in OpenSSH by

linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewa

upstream: directly support U2F/FIDO2 security keys in OpenSSH by

linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
and test/debugging.

OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069

show more ...


# 2c55744a 12-Nov-2019 markus@openbsd.org

upstream: enable ed25519 support; ok djm

OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e


# 486164d0 31-Oct-2019 djm@openbsd.org

upstream: ssh-add support for U2F/FIDO keys

OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644


# b9dd14d3 31-Oct-2019 djm@openbsd.org

upstream: add new agent key constraint for U2F/FIDO provider

feedback & ok markus@

OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172


Revision tags: V_8_1_P1
# 670104b9 06-Sep-2019 djm@openbsd.org

upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@

OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f


# 4d28fa78 28-Jun-2019 deraadt@openbsd.org

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this be

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075

show more ...


# 0323d9b6 06-Jun-2019 otto@openbsd.org

upstream: Replace calls to ssh_malloc_init() by a static init of

malloc_options. Prepares for changes in the way malloc is initialized. ok
guenther@ dtucker@

OpenBSD-Commit-ID:

upstream: Replace calls to ssh_malloc_init() by a static init of

malloc_options. Prepares for changes in the way malloc is initialized. ok
guenther@ dtucker@

OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b

show more ...


Revision tags: V_8_0_P1
# c7670b09 21-Jan-2019 djm@openbsd.org

upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up

debug verbosity.

Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
in debug mode ("ssh-age

upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up

debug verbosity.

Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
in debug mode ("ssh-agent -d"), so we get to see errors from the
PKCS#11 code.

ok markus@

OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d

show more ...


# aa22c20e 20-Jan-2019 djm@openbsd.org

upstream: add option to test whether keys in an agent are usable,

by performing a signature and a verification using each key "ssh-add -T
pubkey [...]"

work by markus@, ok djm@

upstream: add option to test whether keys in an agent are usable,

by performing a signature and a verification using each key "ssh-add -T
pubkey [...]"

work by markus@, ok djm@

OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b

show more ...


# 42c5ec4b 22-Nov-2018 Damien Miller

refactor libcrypto initialisation

Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call t

refactor libcrypto initialisation

Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().

Prompted by patch from Rosen Penev

show more ...


Revision tags: V_7_9_P1
# f80e68ea 18-Sep-2018 djm@openbsd.org

upstream: Make "ssh-add -q" do what it says on the tin: silence

output from successful operations.

Based on patch from Thijs van Dijk; ok dtucker@ deraadt@

OpenBSD-Commit-I

upstream: Make "ssh-add -q" do what it says on the tin: silence

output from successful operations.

Based on patch from Thijs van Dijk; ok dtucker@ deraadt@

OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1

show more ...


Revision tags: V_7_8_P1, V_7_7_P1
# 1b11ea7c 23-Feb-2018 markus@openbsd.org

upstream: Add experimental support for PQC XMSS keys (Extended

Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_

upstream: Add experimental support for PQC XMSS keys (Extended

Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@

OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac

show more ...


Revision tags: V_7_6_P1
# 530591a5 29-Aug-2017 dlg@openbsd.org

upstream commit

add a -q option to ssh-add to make it quiet on success.

if you want to silence ssh-add without this you generally redirect
the output to /dev/null, but that can

upstream commit

add a -q option to ssh-add to make it quiet on success.

if you want to silence ssh-add without this you generally redirect
the output to /dev/null, but that can hide error output which you
should see.

ok djm@

Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c

show more ...


# 83fa3a04 01-Jul-2017 djm@openbsd.org

upstream commit

remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus

Upstream-ID: ac8a048d24dcd89594b0052ea5e3

upstream commit

remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus

Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f

show more ...


# 7da5df11 30-May-2017 markus@openbsd.org

upstream commit

remove unused wrapper functions from key.[ch]; ok djm@

Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e


12345678910>>...13