History log of /openssh-portable/ssh-keygen.c (Results 1 – 25 of 466)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: V_8_6_P1
# 31d8d231 03-Apr-2021 djm@openbsd.org

upstream: highly polished whitespace, mostly fixing spaces-for-tab

and bad indentation on continuation lines. Prompted by GHPR#185

OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9


# f07519a2 11-Mar-2021 djm@openbsd.org

upstream: pwcopy() struct passwd that we're going to reuse across a

bunch of library calls; bz3273 ok dtucker@

OpenBSD-Commit-ID: b6eafa977b2e44607b1b121f5de855107809b762


Revision tags: V_8_5_P1
# b4c7cd11 20-Dec-2020 djm@openbsd.org

upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*

Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
FILE* argument instead of opening the file directly.

Original load

upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*

Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
FILE* argument instead of opening the file directly.

Original load_hostkeys() and hostkeys_foreach() are implemented using
these new interfaces.

Add a u_int note field to the hostkey_entry and hostkey_foreach_line
structs that is passed directly from the load_hostkeys() and
hostkeys_foreach() call. This is a lightweight way to annotate results
between different invocations of load_hostkeys().

ok markus@

OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20

show more ...


# b755264e 28-Nov-2020 dtucker@openbsd.org

upstream: Include cipher.h for declaration of cipher_by_name.

OpenBSD-Commit-ID: ddfebbca03ca0e14e00bbad9d35f94b99655d032


# 57bf03f0 27-Nov-2020 dtucker@openbsd.org

upstream: Document ssh-keygen -Z, sanity check its argument earlier and

provide a better error message if it's not correct. Prompted by bz#2879, ok
djm@ jmc@

OpenBSD-Commit-ID: 484178a173e92230fb1

upstream: Document ssh-keygen -Z, sanity check its argument earlier and

provide a better error message if it's not correct. Prompted by bz#2879, ok
djm@ jmc@

OpenBSD-Commit-ID: 484178a173e92230fb1803fb4f206d61f7b58005

show more ...


# d5a0cd4f 08-Nov-2020 djm@openbsd.org

upstream: when requesting a security key touch on stderr, inform the

user once the touch has been recorded; requested by claudio@ ok markus@

OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256

upstream: when requesting a security key touch on stderr, inform the

user once the touch has been recorded; requested by claudio@ ok markus@

OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233

show more ...


# 292bcb24 08-Nov-2020 Darren Tucker

Remove preprocessor directive from log macro calls.

Preprocessor directives inside macro calls, such as the new log macros,
are undefined behaviour and do not work with, eg old GCCs. Put the
entire

Remove preprocessor directive from log macro calls.

Preprocessor directives inside macro calls, such as the new log macros,
are undefined behaviour and do not work with, eg old GCCs. Put the
entire log call inside the ifdef for OPENSSL_HAS_NISTP521.

show more ...


# b12b835d 28-Oct-2020 djm@openbsd.org

upstream: fix type of nid in type_bits_valid(); github PR#202 from

github user thingsconnected

OpenBSD-Commit-ID: 769d2b040dec7ab32d323daf54b854dd5dcb5485


# 1a14c131 28-Oct-2020 djm@openbsd.org

upstream: whitespace; no code change

OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79


# 816036f1 18-Oct-2020 djm@openbsd.org

upstream: use the new variant log macros instead of prepending

__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8


Revision tags: V_8_4_P1
# c7677352 08-Sep-2020 djm@openbsd.org

upstream: when writing an attestation blob for a FIDO key, record all

the data needed to verify the attestation. Previously we were missing the
"authenticator data" that is included in the signature

upstream: when writing an attestation blob for a FIDO key, record all

the data needed to verify the attestation. Previously we were missing the
"authenticator data" that is included in the signature.

spotted by Ian Haken
feedback Pedro Martelletto and Ian Haken; ok markus@

OpenBSD-Commit-ID: 8439896e63792b2db99c6065dd9a45eabbdb7e0a

show more ...


# d6f45cdd 27-Aug-2020 djm@openbsd.org

upstream: debug()-print a little info about FIDO-specific key

fields via "ssh-keygen -vyf /path/key"

OpenBSD-Commit-ID: cf315c4fe77db43947d111b00155165cb6b577cf


# 0caff053 26-Aug-2020 djm@openbsd.org

upstream: Request PIN ahead of time for certain FIDO actions

When we know that a particular action will require a PIN, such as
downloading resident keys or generating a verify-required key, request

upstream: Request PIN ahead of time for certain FIDO actions

When we know that a particular action will require a PIN, such as
downloading resident keys or generating a verify-required key, request
the PIN before attempting it.

joint work with Pedro Martelletto; ok markus@

OpenBSD-Commit-ID: 863182d38ef075bad1f7d20ca485752a05edb727

show more ...


# 642e06d0 26-Aug-2020 djm@openbsd.org

upstream: major rework of FIDO token selection logic

When PINs are in use and multiple FIDO tokens are attached to a host, we
cannot just blast requests at all attached tokens with the PIN specified

upstream: major rework of FIDO token selection logic

When PINs are in use and multiple FIDO tokens are attached to a host, we
cannot just blast requests at all attached tokens with the PIN specified
as this will cause the per-token PIN failure counter to increment. If
this retry counter hits the token's limit (usually 3 attempts), then the
token will lock itself and render all (web and SSH) of its keys invalid.
We don't want this.

So this reworks the key selection logic for the specific case of
multiple keys being attached. When multiple keys are attached and the
operation requires a PIN, then the user must touch the key that they
wish to use first in order to identify it.

This may require multiple touches, but only if there are multiple keys
attached AND (usually) the operation requires a PIN. The usual case of a
single key attached should be unaffected.

Work by Pedro Martelletto; ok myself and markus@

OpenBSD-Commit-ID: 637d3049ced61b7a9ee796914bbc4843d999a864

show more ...


# 9b8ad938 26-Aug-2020 djm@openbsd.org

upstream: support for user-verified FIDO keys

FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g.

upstream: support for user-verified FIDO keys

FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.

This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.

feedback markus@ and Pedro Martelletto; ok markus@

OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15

show more ...


# 2d8a3b7e 02-Aug-2020 djm@openbsd.org

upstream: ensure that certificate extensions are lexically sorted.

Previously if the user specified a custom extension then the everything would
be in order except the custom ones. bz3198 ok dtucker

upstream: ensure that certificate extensions are lexically sorted.

Previously if the user specified a custom extension then the everything would
be in order except the custom ones. bz3198 ok dtucker markus

OpenBSD-Commit-ID: d97deb90587b06cb227c66ffebb2d9667bf886f0

show more ...


# dbaaa01d 15-Jul-2020 solene@openbsd.org

upstream: - Add [-a rounds] in ssh-keygen man page and usage() -

Reorder parameters list in the first usage() case - Sentence rewording

ok dtucker@
jmc@ noticed usage() missed -a flag too

OpenBSD-

upstream: - Add [-a rounds] in ssh-keygen man page and usage() -

Reorder parameters list in the first usage() case - Sentence rewording

ok dtucker@
jmc@ noticed usage() missed -a flag too

OpenBSD-Commit-ID: f06b9afe91cc96f260b929a56e9930caecbde246

show more ...


# 74344c3c 26-Jun-2020 dtucker@openbsd.org

upstream: Defer creation of ~/.ssh by ssh(1) until we attempt to

write to it so we don't leave an empty .ssh directory when it's not needed.
Use the same function to replace the code in ssh-keygen t

upstream: Defer creation of ~/.ssh by ssh(1) until we attempt to

write to it so we don't leave an empty .ssh directory when it's not needed.
Use the same function to replace the code in ssh-keygen that does the same
thing. bz#3156, ok djm@

OpenBSD-Commit-ID: 59c073b569be1a60f4de36f491a4339bc4ae870f

show more ...


# 224418cf 28-May-2020 djm@openbsd.org

upstream: fix exit status for downloading of FIDO resident keys;

from Pedro Martelletto, ok markus@

OpenBSD-Commit-ID: 0da77dc24a1084798eedd83c39a002a9d231faef


Revision tags: V_8_3_P1
# 2a63ce5c 18-May-2020 djm@openbsd.org

upstream: avoid possible NULL deref; from Pedro Martelletto

OpenBSD-Commit-ID: e6099c3fbb70aa67eb106e84d8b43f1fa919b721


# f2d84f1b 13-May-2020 djm@openbsd.org

upstream: preserve group/world read permission on known_hosts

file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove
all rights for group/other. bz#3146 ok dtucker@

OpenBSD-Com

upstream: preserve group/world read permission on known_hosts

file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove
all rights for group/other. bz#3146 ok dtucker@

OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a

show more ...


# d25d630d 02-May-2020 djm@openbsd.org

upstream: we have a sshkey_save_public() function to save public keys;

use it and save a bunch of redundant code.

Patch from loic AT venez.fr; ok markus@ djm@

OpenBSD-Commit-ID: f93e030a0ebcd0fd90

upstream: we have a sshkey_save_public() function to save public keys;

use it and save a bunch of redundant code.

Patch from loic AT venez.fr; ok markus@ djm@

OpenBSD-Commit-ID: f93e030a0ebcd0fd9054ab30db501ec63454ea5f

show more ...


# 99ce9cef 01-May-2020 djm@openbsd.org

upstream: avoid NULL dereference when attempting to convert invalid

ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney

OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298


# a98d5ba3 20-Apr-2020 djm@openbsd.org

upstream: fix a bug I introduced in r1.406: when printing private key

fingerprint of old-format key, key comments were not being displayed. Spotted
by loic AT venez.fr, ok dtucker

OpenBSD-Commit-ID

upstream: fix a bug I introduced in r1.406: when printing private key

fingerprint of old-format key, key comments were not being displayed. Spotted
by loic AT venez.fr, ok dtucker

OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533

show more ...


# 32f2d0aa 17-Apr-2020 djm@openbsd.org

upstream: repair private key fingerprint printing to also print

comment after regression caused by my recent pubkey loading refactor.
Reported by loic AT venez.fr, ok dtucker@

OpenBSD-Commit-ID: f8

upstream: repair private key fingerprint printing to also print

comment after regression caused by my recent pubkey loading refactor.
Reported by loic AT venez.fr, ok dtucker@

OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e

show more ...


12345678910>>...19