History log of /openssh-portable/ssh-sk-client.c (Results 1 – 11 of 11)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: V_8_6_P1
# 31d8d231 03-Apr-2021 djm@openbsd.org

upstream: highly polished whitespace, mostly fixing spaces-for-tab

and bad indentation on continuation lines. Prompted by GHPR#185

OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9


Revision tags: V_8_5_P1
# 816036f1 18-Oct-2020 djm@openbsd.org

upstream: use the new variant log macros instead of prepending

__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8


Revision tags: V_8_4_P1, V_8_3_P1, V_8_2_P1
# 3bf2a6ac 23-Jan-2020 dtucker@openbsd.org

upstream: Replace all calls to signal(2) with a wrapper around

sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which sho

upstream: Replace all calls to signal(2) with a wrapper around

sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.

OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519

show more ...


# b5fcb0ac 21-Jan-2020 djm@openbsd.org

upstream: check access(ssh-sk-helper, X_OK) to provide friendly

error message for misconfigured helper paths

OpenBSD-Commit-ID: 061bcc262155d12e726305c91394ac0aaf1f8341


# 57b181ea 10-Jan-2020 djm@openbsd.org

upstream: pass the log-on-stderr flag and log level through to

ssh-sk-helper, making debugging a bit easier. ok markus@

OpenBSD-Commit-ID: 2e7aea6bf5770d3f38b7c7bba891069256c5a49a


# c312ca07 05-Jan-2020 djm@openbsd.org

upstream: Extends the SK API to accept a set of key/value options

for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without

upstream: Extends the SK API to accept a set of key/value options

for all operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to change
the API version for each.

At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O

This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.

feedback, fixes and ok markus@

OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc

show more ...


# c54cd189 30-Dec-2019 djm@openbsd.org

upstream: SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing bac

upstream: SK API and sk-helper error/PIN passing

Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.

Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.

feedback and ok markus@

OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71

show more ...


# 27753a8e 30-Dec-2019 djm@openbsd.org

upstream: implement loading of resident keys in ssh-sk-helper

feedback and ok markus@

OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a


# 9244990e 13-Dec-2019 Damien Miller

remove a bunch of ENABLE_SK #ifdefs

The ssh-sk-helper client API gives us a nice place to disable
security key support when it is wasn't enabled at compile time,
so we don't need to check everywere.

remove a bunch of ENABLE_SK #ifdefs

The ssh-sk-helper client API gives us a nice place to disable
security key support when it is wasn't enabled at compile time,
so we don't need to check everywere.

Also, verification of security key signatures can remain enabled
all the time - it has no additional dependencies. So sshd can
accept security key pubkeys in authorized_keys, etc regardless of
the host's support for dlopen, etc.

show more ...


# a33ab168 13-Dec-2019 Damien Miller

ssh-sk-client.c needs includes.h


# d2143476 13-Dec-2019 djm@openbsd.org

upstream: actually commit the ssh-sk-helper client code; ok markus

OpenBSD-Commit-ID: fd2ea776a5bbbf4d452989d3c3054cf25a5e0589