History log of /openssh-portable/ssh-keygen.c (Results 1 - 25 of 789)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 224418cf 28-May-2020 djm@openbsd.org

upstream: fix exit status for downloading of FIDO resident keys;

from Pedro Martelletto, ok markus@

OpenBSD-Commit-ID: 0da77dc24a1084798eedd83c39a002a9d231faef


Revision tags: V_8_3_P1
# 2a63ce5c 18-May-2020 djm@openbsd.org

upstream: avoid possible NULL deref; from Pedro Martelletto

OpenBSD-Commit-ID: e6099c3fbb70aa67eb106e84d8b43f1fa919b721


# f2d84f1b 13-May-2020 djm@openbsd.org

upstream: preserve group/world read permission on known_hosts

file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove
all rights for group/other. bz#3146 ok dtucker@

upstream: preserve group/world read permission on known_hosts

file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove
all rights for group/other. bz#3146 ok dtucker@

OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a

show more ...


# d25d630d 02-May-2020 djm@openbsd.org

upstream: we have a sshkey_save_public() function to save public keys;

use it and save a bunch of redundant code.

Patch from loic AT venez.fr; ok markus@ djm@

OpenBSD-Commi

upstream: we have a sshkey_save_public() function to save public keys;

use it and save a bunch of redundant code.

Patch from loic AT venez.fr; ok markus@ djm@

OpenBSD-Commit-ID: f93e030a0ebcd0fd9054ab30db501ec63454ea5f

show more ...


# 99ce9cef 01-May-2020 djm@openbsd.org

upstream: avoid NULL dereference when attempting to convert invalid

ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney

OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56

upstream: avoid NULL dereference when attempting to convert invalid

ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney

OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298

show more ...


# a98d5ba3 20-Apr-2020 djm@openbsd.org

upstream: fix a bug I introduced in r1.406: when printing private key

fingerprint of old-format key, key comments were not being displayed. Spotted
by loic AT venez.fr, ok dtucker

upstream: fix a bug I introduced in r1.406: when printing private key

fingerprint of old-format key, key comments were not being displayed. Spotted
by loic AT venez.fr, ok dtucker

OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533

show more ...


# 32f2d0aa 17-Apr-2020 djm@openbsd.org

upstream: repair private key fingerprint printing to also print

comment after regression caused by my recent pubkey loading refactor.
Reported by loic AT venez.fr, ok dtucker@

O

upstream: repair private key fingerprint printing to also print

comment after regression caused by my recent pubkey loading refactor.
Reported by loic AT venez.fr, ok dtucker@

OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e

show more ...


# 6ec74571 02-Apr-2020 djm@openbsd.org

upstream: give ssh-keygen the ability to dump the contents of a

binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker

OpenBSD-Commit-ID: b76afc4e3b74ab735dbde4e5f0cf

upstream: give ssh-keygen the ability to dump the contents of a

binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker

OpenBSD-Commit-ID: b76afc4e3b74ab735dbde4e5f0cfa1f02356033b

show more ...


# d081f017 12-Mar-2020 djm@openbsd.org

upstream: spelling errors in comments; no code change from

OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924


# c084a2d0 12-Mar-2020 djm@openbsd.org

upstream: when downloading FIDO2 resident keys from a token, don't

prompt for a PIN until the token has told us that it needs one. Avoids
double-prompting on devices that implement on-de

upstream: when downloading FIDO2 resident keys from a token, don't

prompt for a PIN until the token has told us that it needs one. Avoids
double-prompting on devices that implement on-device authentication (e.g. a
touchscreen PIN pad on the Trezor Model T). ok dtucker@

OpenBSD-Commit-ID: 38b78903dd4422d7d3204095a31692fb69130817

show more ...


# e32ef97a 06-Mar-2020 markus@openbsd.org

upstream: fix use-after-free in do_download_sk; ok djm

OpenBSD-Commit-ID: 96b49623d297797d4fc069f1f09e13c8811f8863


# ff2acca0 06-Mar-2020 markus@openbsd.org

upstream: exit if ssh_krl_revoke_key_sha256 fails; ok djm

OpenBSD-Commit-ID: 0864ad4fe8bf28ab21fd1df766e0365c11bbc0dc


# 9b47bd7b 27-Feb-2020 djm@openbsd.org

upstream: no-touch-required certificate option should be an

extension, not a critical option.

OpenBSD-Commit-ID: 626b22c5feb7be8a645e4b9a9bef89893b88600d


# d5ba1c03 26-Feb-2020 jsg@openbsd.org

upstream: change explicit_bzero();free() to freezero()

While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an

upstream: change explicit_bzero();free() to freezero()

While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.

ok deraadt@ djm@

OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a

show more ...


Revision tags: V_8_2_P1
# fd68dc27 06-Feb-2020 djm@openbsd.org

upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more

than the intended number of prompts (3) and 2) it would SEGV too many
incorrect PINs were entered; based on patch

upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more

than the intended number of prompts (3) and 2) it would SEGV too many
incorrect PINs were entered; based on patch by Gabriel Kihlman

OpenBSD-Commit-ID: 9c0011f28ba8bd8adf2014424b64960333da1718

show more ...


# a47f6a6c 06-Feb-2020 naddy@openbsd.org

upstream: Replace "security key" with "authenticator" in program

messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator"

upstream: Replace "security key" with "authenticator" in program

messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".

ok djm@

OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e

show more ...


# d596b1d3 04-Feb-2020 djm@openbsd.org

upstream: require FIDO application strings to start with "ssh:"; ok

markus@

OpenBSD-Commit-ID: 94e9c1c066d42b76f035a3d58250a32b14000afb


# 24c0f752 28-Jan-2020 djm@openbsd.org

upstream: changes to support FIDO attestation

Allow writing to disk the attestation certificate that is generated by
the FIDO token at key enrollment time. These certificates may be used

upstream: changes to support FIDO attestation

Allow writing to disk the attestation certificate that is generated by
the FIDO token at key enrollment time. These certificates may be used
by an out-of-band workflow to prove that a particular key is held in
trustworthy hardware.

Allow passing in a challenge that will be sent to the card during
key enrollment. These are needed to build an attestation workflow
that resists replay attacks.

ok markus@

OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6

show more ...


# 59d01f1d 25-Jan-2020 djm@openbsd.org

upstream: improve the error message for u2f enrollment errors by

making ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses fr

upstream: improve the error message for u2f enrollment errors by

making ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to a useful
ssherr.h status code. more detail remains visible via -v of course.

also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.

feedback & ok markus@

OpenBSD-Commit-ID: a4a8ffa870d9a3e0cfd76544bcdeef5c9fb1f1bb

show more ...


# 99aa8035 25-Jan-2020 djm@openbsd.org

upstream: factor out reading/writing sshbufs to dedicated

functions; feedback and ok markus@

OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d


# e16dfa94 24-Jan-2020 Darren Tucker

Put EC key export inside OPENSSL_HAS_ECC.

Fixes link error when building against an OpenSSL that does not have
ECC.


# 89a8d452 24-Jan-2020 djm@openbsd.org

upstream: expose PKCS#11 key labels/X.509 subjects as comments

Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to plac

upstream: expose PKCS#11 key labels/X.509 subjects as comments

Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.

based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church

feedback and ok markus@

OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35

show more ...


# d15c8adf 24-Jan-2020 djm@openbsd.org

upstream: minor tweaks to ssh-keygen -Y find-principals:

emit matched principals one per line to stdout rather than as comma-
separated and with a free-text preamble (easy confusion oppo

upstream: minor tweaks to ssh-keygen -Y find-principals:

emit matched principals one per line to stdout rather than as comma-
separated and with a free-text preamble (easy confusion opportunity)

emit "not found" error to stderr

fix up argument testing for -Y operations and improve error message for
unsupported operations

OpenBSD-Commit-ID: 3d9c9a671ab07fc04a48f543edfa85eae77da69c

show more ...


# 4a41d245 23-Jan-2020 djm@openbsd.org

upstream: when signing a certificate with an RSA key, default to

a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
the user; ok markus@

OpenBSD-Commit-I

upstream: when signing a certificate with an RSA key, default to

a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
the user; ok markus@

OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9

show more ...


# 8dfb6a20 23-Jan-2020 djm@openbsd.org

upstream: allow PEM export of DSA and ECDSA keys; bz3091, patch

from Jakub Jelen ok markus@

OpenBSD-Commit-ID: a58edec8b9f07acab4b962a71a5125830d321b51


12345678910>>...32