| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
OpenBSD-Commit-ID: 44d3223902fbce5276422bdc8063ab72a4078489
|
|
|
|
|
|
| |
based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker
OpenBSD-Commit-ID: 0ef414cc363a832f9fab92a5da0234448bce2eba
|
|
|
|
|
|
|
|
| |
If multiple -Ocheckpoint= options are passed, the earlier ones would
be overwritten and leaked. If we use an input file that wasn't stdin,
close that. From Coverity CIDs 291884 and 291894.
OpenBSD-Commit-ID: a4d9d15f572926f841788912e2b282485ad09e8b
|
|
|
|
|
|
| |
From Coverity CID 291894.
OpenBSD-Commit-ID: 9b1aba2d049741ae21c8dc4560a7e29ab17310f4
|
|
|
|
|
|
| |
similar to other calls to prevent warning.
OpenBSD-Commit-ID: fdc5287dcee0860b5a493186414226c655b0eb0a
|
|
|
|
|
|
|
| |
-Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm
selection. bz3493 ok dtucker@
OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
|
|
|
|
|
|
|
|
| |
start time began with "0x", not the expiry time.
from Ed Maste
OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
times and authorized_keys expiry-time options to accept dates in the UTC time
zone in addition to the default of interpreting them in the system time zone.
YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if
suffixed with a 'Z' character.
Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow.
bz3468 ok dtucker
OpenBSD-Commit-ID: 454db1cdffa9fa346aea5211223a2ce0588dfe13
|
|
|
|
|
|
|
|
|
| |
the credential, just let the enroll operating fail and we'll attempt to get a
PIN anyway. Might avoid some unneccessary PIN prompts.
Part of GHPR#302 from Corinna Vinschen; ok dtucker@
OpenBSD-Commit-ID: bd5342ffc353ee37d39617906867c305564d1ce2
|
|
|
|
|
|
| |
part of GHPR329 from Pedro Martelletto
OpenBSD-Commit-ID: 75d1005bd2ef8f29fa834c90d2684e73556fffe8
|
|
|
|
|
|
|
|
|
|
|
|
| |
if a credential with matching application and user ID strings already exists.
if so, prompt the user for confirmation before overwriting the credential.
patch from Pedro Martelletto via GHPR329
NB. cranks SSH_SK_VERSION_MAJOR, so any third-party FIDO middleware
implementations will need to adjust
OpenBSD-Commit-ID: e45e9f1bf2b2f32d9850669e7a8dbd64acc5fca4
|
|
|
|
|
|
| |
function so it can be used for FIDO2 PINs; no functional change
OpenBSD-Commit-ID: bf34f76b8283cc1d3f54633e0d4f13613d87bb2f
|
|
|
|
|
|
|
| |
Based on github PR#303 from jsegitz with man page text from jmc@, ok markus@
djm@
OpenBSD-Commit-ID: 5c4c57bdd7063ff03381cfb6696659dd3f9f5b9f
|
|
|
|
|
|
|
|
|
| |
This was already documented when support for user-verified FIDO
keys was added, but the ssh-keygen(1) code was missing.
ok djm@
OpenBSD-Commit-ID: f660f973391b593fea4b7b25913c9a15c3eb8a06
|
|
|
|
|
|
|
| |
operations, where it will be interpreted to require that the private keys is
hosted in an agent; bz3429, suggested by Adam Szkoda; ok dtucker@
OpenBSD-Commit-ID: a7bc69873b99c32c42c7628ed9ea91565ba08c2f
|
|
|
|
|
|
| |
load a private key; bz3429, reported by Adam Szkoda ok dtucker@
OpenBSD-Commit-ID: bb57b285e67bea536ef81b1055467be2fc380e74
|
|
|
|
| |
OpenBSD-Commit-ID: e3315a45cb04e7feeb614d76ec80a9fe4ca0e8c7
|
|
|
|
|
|
| |
will ensue. Patch from Mateusz Adamowski via GHPR#307
OpenBSD-Commit-ID: 99e8ec38f9feb38bce6de240335be34aedeba5fd
|
|
|
|
|
|
| |
const char *array => static const char * const array from Mike Frysinger
OpenBSD-Commit-ID: a664e31ea6a795d7c81153274a5f47b22bdc9bc1
|
|
|
|
| |
OpenBSD-Commit-ID: 69c7f2362f9de913bb29b6318580c5a1b52c921e
|
|
|
|
| |
OpenBSD-Commit-ID: 4cc5c619e4b456cd2e9bb760d17e3a9c84659198
|
|
|
|
|
|
|
| |
already supported either sha512 (default) or sha256, but plumbing wasn't
there mostly by Linus Nordberg
OpenBSD-Commit-ID: 1b536404b9da74a84b3a1c8d0b05fd564cdc96cd
|
|
|
|
|
|
| |
from Linus Nordberg
OpenBSD-Commit-ID: 4e78feb4aa830727ab76bb2e3d940440ae1d7af0
|
|
|
|
|
|
| |
functional code change
OpenBSD-Commit-ID: da02d61f5464f72b4e8b299f83e93c3b657932f9
|
|
|
|
| |
OpenBSD-Commit-ID: 8b9ba989815d0dec1fdf5427a4a4b58eb9cac4d2
|
|
|
|
|
|
|
|
|
|
|
| |
matching of principals names against an allowed signers file.
Requested by and mostly written by Fabian Stelzer, towards a TOFU
model for SSH signatures in git. Some tweaks by me.
"doesn't bother me" deraadt@
OpenBSD-Commit-ID: 8d1b71f5a4127bc5e10a880c8ea6053394465247
|
|
|
|
|
|
| |
From Fabian Stelzer
OpenBSD-Commit-ID: 1ff35e4c366a45a073663df90381be6a8ef4d370
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
back the user ID that was used when the key was created and append it to the
filename the key is written to (if it is not the default).
Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different
user IDs.
feedback Pedro Martelletto; ok markus
NB. increments SSH_SK_VERSION_MAJOR
OpenBSD-Commit-ID: dbd658b5950f583106d945641a634bc6562dd3a3
|
|
|
|
|
|
|
|
|
| |
appropriate. Saves 1k of static storage and prevents snprintf "possible
truncation" warnings from newer compilers (although in this case it's false
positive since the actual sizes are limited by the output size of the SHA1).
ok djm@
OpenBSD-Commit-ID: e254ae723f7e3dce352c7d5abc4b6d87faf61bf4
|
|
|
|
| |
OpenBSD-Commit-ID: 3cc62d92e3f70006bf02468fc146bfc36fffa183
|
|
|
|
|
|
|
|
|
| |
from Carlo Marcelo Arenas Belón
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: 6238486f8ecc888d6ccafcd9ad99e621bb41f1e0
|
|
|
|
|
|
|
| |
(-Oprint-pubkey) to dump the full public key to stdout; based on patch from
Fabian Stelzer; ok markus@
OpenBSD-Commit-ID: 0598000e5b9adfb45d42afa76ff80daaa12fc3e2
|
|
|
|
|
|
| |
OpenSSL. It is actually available, albeit only for ed25519 keys.
OpenBSD-Commit-ID: 7a254c33d0e6a55c30c6b016a8d298d3cb7a7674
|
|
|
|
|
|
|
|
| |
without OpenSSL since those are not available, similar to what we currently
do with the moduli screening options. We can also use this to skip the
conversion regression tests in this case.
OpenBSD-Commit-ID: 3c82caa398cf99cd4518c23bba5a2fc66b16bafe
|
|
|
|
|
|
|
|
| |
signatures support key lifetimes, and allow the verification mode to specify
a signature time to check at. This is intended for use by git to support
signing objects using ssh keys. ok dtucker@
OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
|
|
|
|
| |
OpenBSD-Commit-ID: 9349a703016579a60557dafd03af2fe1d44e6aa2
|
|
|
|
|
|
| |
these so this removes a handful of diffs between the two.
OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77
|
|
|
|
|
|
| |
and bad indentation on continuation lines. Prompted by GHPR#185
OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
|
|
|
|
|
|
| |
bunch of library calls; bz3273 ok dtucker@
OpenBSD-Commit-ID: b6eafa977b2e44607b1b121f5de855107809b762
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
FILE* argument instead of opening the file directly.
Original load_hostkeys() and hostkeys_foreach() are implemented using
these new interfaces.
Add a u_int note field to the hostkey_entry and hostkey_foreach_line
structs that is passed directly from the load_hostkeys() and
hostkeys_foreach() call. This is a lightweight way to annotate results
between different invocations of load_hostkeys().
ok markus@
OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
|
|
|
|
| |
OpenBSD-Commit-ID: ddfebbca03ca0e14e00bbad9d35f94b99655d032
|
|
|
|
|
|
|
| |
provide a better error message if it's not correct. Prompted by bz#2879, ok
djm@ jmc@
OpenBSD-Commit-ID: 484178a173e92230fb1803fb4f206d61f7b58005
|
|
|
|
|
|
| |
user once the touch has been recorded; requested by claudio@ ok markus@
OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233
|
|
|
|
|
|
| |
Preprocessor directives inside macro calls, such as the new log macros,
are undefined behaviour and do not work with, eg old GCCs. Put the
entire log call inside the ifdef for OPENSSL_HAS_NISTP521.
|
|
|
|
|
|
| |
github user thingsconnected
OpenBSD-Commit-ID: 769d2b040dec7ab32d323daf54b854dd5dcb5485
|
|
|
|
| |
OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79
|
|
|
|
|
|
| |
__func__ and appending ssh_err(r) manually; ok markus@
OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
|
|
|
|
|
|
|
|
|
|
| |
the data needed to verify the attestation. Previously we were missing the
"authenticator data" that is included in the signature.
spotted by Ian Haken
feedback Pedro Martelletto and Ian Haken; ok markus@
OpenBSD-Commit-ID: 8439896e63792b2db99c6065dd9a45eabbdb7e0a
|
|
|
|
|
|
| |
fields via "ssh-keygen -vyf /path/key"
OpenBSD-Commit-ID: cf315c4fe77db43947d111b00155165cb6b577cf
|