summaryrefslogtreecommitdiffstats
path: root/ssh-add.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Change convtime() from returning long to returning int.dtucker@openbsd.org2021-01-111-5/+5
| | | | | | | | On platforms where sizeof(int) != sizeof(long), convtime could accept values >MAX_INT which subsequently truncate when stored in an int during config parsing. bz#3250, ok djm@ OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-18/+14
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: refuse to add verify-required (PINful) FIDO keys todjm@openbsd.org2020-08-311-7/+16
| | | | | | ssh-agent until the agent supports them properly OpenBSD-Commit-ID: 125bd55a8df32c87c3ec33c6ebe437673a3d037e
* upstream: allow "ssh-add -d -" to read keys to be deleted fromdjm@openbsd.org2020-06-261-17/+54
| | | | | | stdin bz#3180; ok dtucker@ OpenBSD-Commit-ID: 15c7f10289511eb19fce7905c9cae8954e3857ff
* upstream: Cast lifetime to u_long for comparison to prevent unsigneddtucker@openbsd.org2020-03-161-2/+2
| | | | | | comparison warning on 32bit arches. Spotted by deraadt, ok djm. OpenBSD-Commit-ID: 7a75b2540bff5ab4fa00b4d595db1df13bb0515a
* upstream: change explicit_bzero();free() to freezero()jsg@openbsd.org2020-02-281-7/+4
| | | | | | | | | | While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
* upstream: Ensure that the key lifetime provided fits within thedtucker@openbsd.org2020-02-181-6/+7
| | | | | | | values allowed by the wire format (u32). Prevents integer wraparound of the timeout values. bz#3119, ok markus@ djm@ OpenBSD-Commit-ID: 8afe6038b5cdfcf63360788f012a7ad81acc46a2
* upstream: Replace "security key" with "authenticator" in programnaddy@openbsd.org2020-02-061-4/+4
| | | | | | | | | | | messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@ OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
* upstream: factor out reading/writing sshbufs to dedicateddjm@openbsd.org2020-01-261-4/+2
| | | | | | functions; feedback and ok markus@ OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d
* upstream: Document loading of resident keys from a FIDOnaddy@openbsd.org2020-01-211-25/+15
| | | | | | | | | | | | authenticator. * Rename -O to -K to keep "-O option" available. * Document -K. * Trim usage() message down to synopsis, like all other commands. ok markus@ OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
* upstream: Extends the SK API to accept a set of key/value optionsdjm@openbsd.org2020-01-061-2/+3
| | | | | | | | | | | | | | | | | | | | for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each. At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier. feedback, fixes and ok markus@ OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
* upstream: implement loading resident keys in ssh-adddjm@openbsd.org2019-12-301-5/+63
| | | | | | | | | "ssh-add -O" will load resident keys from a FIDO2 token and add them to a ssh-agent. feedback and ok markus@ OpenBSD-Commit-ID: 608104ae957a7d65cb84e0a3a26c8f60e0df3290
* upstream: Add new structure for signature optionsdjm@openbsd.org2019-11-251-2/+2
| | | | | | | | | | | This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
* upstream: additional missing stdarg.h includes when built withoutnaddy@openbsd.org2019-11-191-1/+1
| | | | | | WITH_OPENSSL; ok djm@ OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b
* upstream: directly support U2F/FIDO2 security keys in OpenSSH bydjm@openbsd.org2019-11-141-1/+6
| | | | | | | | linking against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging. OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
* upstream: enable ed25519 support; ok djmmarkus@openbsd.org2019-11-121-2/+3
| | | | OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
* upstream: ssh-add support for U2F/FIDO keysdjm@openbsd.org2019-10-311-10/+27
| | | | OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644
* upstream: add new agent key constraint for U2F/FIDO providerdjm@openbsd.org2019-10-311-3/+3
| | | | | | feedback & ok markus@ OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
* upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@djm@openbsd.org2019-09-061-3/+5
| | | | OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-3/+3
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* upstream: Replace calls to ssh_malloc_init() by a static init ofotto@openbsd.org2019-06-071-2/+1
| | | | | | | malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@ OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
* upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn updjm@openbsd.org2019-01-211-2/+14
| | | | | | | | | | | | debug verbosity. Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run in debug mode ("ssh-agent -d"), so we get to see errors from the PKCS#11 code. ok markus@ OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
* upstream: add option to test whether keys in an agent are usable,djm@openbsd.org2019-01-211-3/+49
| | | | | | | | | by performing a signature and a verification using each key "ssh-add -T pubkey [...]" work by markus@, ok djm@ OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b
* refactor libcrypto initialisationDamien Miller2018-11-231-4/+0
| | | | | | | | | | Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually supports it. Move all libcrypto initialisation to a single function, and call that from seed_rng() that is called early in each tool's main(). Prompted by patch from Rosen Penev
* upstream: Make "ssh-add -q" do what it says on the tin: silencedjm@openbsd.org2018-09-201-23/+39
| | | | | | | | output from successful operations. Based on patch from Thijs van Dijk; ok dtucker@ deraadt@ OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1
* upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org2018-02-261-5/+69
| | | | | | | | | Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
* upstream commitdlg@openbsd.org2017-09-041-13/+23
| | | | | | | | | | | | add a -q option to ssh-add to make it quiet on success. if you want to silence ssh-add without this you generally redirect the output to /dev/null, but that can hide error output which you should see. ok djm@ Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c
* upstream commitdjm@openbsd.org2017-07-211-2/+1
| | | | | | | remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
* upstream commitmarkus@openbsd.org2017-05-311-2/+2
| | | | | | remove unused wrapper functions from key.[ch]; ok djm@ Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e
* upstream commitnaddy@openbsd.org2017-05-081-36/+26
| | | | | | | more simplification and removal of SSHv1-related code; ok djm@ Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55
* upstream commitdjm@openbsd.org2017-05-081-1/+6
| | | | | | | | since a couple of people have asked, leave a comment explaining why we retain SSH v.1 support in the "delete all keys from agent" path. Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4
* upstream commitdjm@openbsd.org2017-05-011-8/+1
| | | | | | unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
* upstream commitdtucker@openbsd.org2016-02-161-1/+2
| | | | | | | Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while. Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
* upstream commitmmcc@openbsd.org2015-12-181-5/+3
| | | | | | | | Remove NULL-checks before sshkey_free(). ok djm@ Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
* upstream commitdjm@openbsd.org2015-10-161-2/+2
| | | | | | | fix some signed/unsigned integer type mismatches in format strings; reported by Nicholas Lemonias Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
* upstream committim@openbsd.org2015-09-161-7/+6
| | | | | | | | | | - Fix error message: passphrase needs to be at least 5 characters, not 4. - Remove unused function argument. - Remove two unnecessary variables. OK djm@ Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
* upstream committim@openbsd.org2015-09-161-9/+8
| | | | | | | | | When adding keys to the agent, don't ignore the comment of keys for which the user is prompted for a passphrase. Tweak and OK djm@ Upstream-ID: dc737c620a5a8d282cc4f66e3b9b624e9abefbec
* upstream commitdjm@openbsd.org2015-07-151-3/+2
| | | | | | | delete support for legacy v00 certificates; "sure" markus@ dtucker@ Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
* upstream commitnaddy@openbsd.org2015-03-271-1/+3
| | | | | don't try to load .ssh/identity by default if SSH1 is disabled; ok markus@
* upstream commitmarkus@openbsd.org2015-03-271-7/+11
| | | | | ignore v1 errors on ssh-add -D; only try v2 keys on -l/-L (unless WITH_SSH1) ok djm@
* upstream commithalex@openbsd.org2015-02-211-4/+10
| | | | | | | make "ssh-add -d" properly remove a corresponding certificate, and also not whine and fail if there is none ok djm@
* upstream commithalex@openbsd.org2015-02-041-4/+5
| | | | | | | | slightly extend the passphrase prompt if running with -c in order to give the user a chance to notice if unintentionally running without it wording tweak and ok djm@
* upstream commitdjm@openbsd.org2015-01-291-2/+3
| | | | | update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
* upstream commitderaadt@openbsd.org2015-01-161-3/+3
| | | | | | | | | | Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* upstream commitdjm@openbsd.org2015-01-151-108/+151
| | | | | move authfd.c and its tentacles to the new buffer/key API; ok markus@
* support --without-openssl at configure timeDamien Miller2015-01-141-0/+4
| | | | | | | | Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
* upstream commitdjm@openbsd.org2014-12-211-13/+41
| | | | | | | | Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* upstream commitmillert@openbsd.org2014-12-041-2/+2
| | | | | Prefer setvbuf() to setlinebuf() for portability; ok deraadt@
* - OpenBSD CVS SyncDamien Miller2014-07-111-3/+3
| | | | | | | - benno@cvs.openbsd.org 2014/07/09 14:15:56 [ssh-add.c] fix ssh-add crash while loading more than one key ok markus@
* - djm@cvs.openbsd.org 2014/07/03 03:15:01Damien Miller2014-07-031-1/+3
| | | | | | | | [ssh-add.c] make stdout line-buffered; saves partial output getting lost when ssh-add fatal()s part-way through (e.g. when listing keys from an agent that supports key types that ssh-add doesn't); bz#2234, reported by Phil Pennock
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 19:58:22 +0100