![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.19 / (download) - annotate - [select for diffs], Mon Dec 18 14:46:56 2023 UTC (4 months, 4 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.18: +55 -1 lines
Diff to previous 1.18 (colored)
Make it possible to load certs from PKCS#11 tokens Adds a protocol extension to allow grafting certificates supplied by ssh-add to keys loaded from PKCS#11 tokens in the agent. feedback/ok markus@
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jul 19 14:03:45 2023 UTC (9 months, 4 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.17: +282 -81 lines
Diff to previous 1.17 (colored)
Separate ssh-pkcs11-helpers for each p11 module Make ssh-pkcs11-client start an independent helper for each provider, providing better isolation between modules and reliability if a single module misbehaves. This also implements reference counting of PKCS#11-hosted keys, allowing ssh-pkcs11-helper subprocesses to be automatically reaped when no remaining keys reference them. This fixes some bugs we have that make PKCS11 keys unusable after they have been deleted, e.g. https://bugzilla.mindrot.org/show_bug.cgi?id=3125 ok markus@
Revision 1.17 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:02 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.16: +26 -27 lines
Diff to previous 1.16 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.16 / (download) - annotate - [select for diffs], Sat Jan 25 00:03:36 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.15: +11 -3 lines
Diff to previous 1.15 (colored)
expose PKCS#11 key labels/X.509 subjects as comments Extract the key label or X.509 subject string when PKCS#11 keys are retrieved from the token and plumb this through to places where it may be used as a comment. based on https://github.com/openssh/openssh-portable/pull/138 by Danielle Church feedback and ok markus@
Revision 1.15 / (download) - annotate - [select for diffs], Mon Jan 21 12:53:35 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.14: +10 -5 lines
Diff to previous 1.14 (colored)
add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up debug
verbosity.
Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
in debug mode ("ssh-agent -d"), so we get to see errors from the
PKCS#11 code.
ok markus@
Revision 1.14 / (download) - annotate - [select for diffs], Sun Jan 20 22:57:45 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.13: +42 -23 lines
Diff to previous 1.13 (colored)
cleanup pkcs#11 client code: use sshkey_new in instead of stack- allocating a sshkey work by markus@, ok djm@
Revision 1.13 / (download) - annotate - [select for diffs], Sun Jan 20 22:54:30 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.12: +7 -5 lines
Diff to previous 1.12 (colored)
allow override of the pkcs#11 helper binary via $SSH_PKCS11_HELPER; needed for regress tests. work by markus@, ok me
Revision 1.12 / (download) - annotate - [select for diffs], Sun Jan 20 22:51:37 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.11: +92 -11 lines
Diff to previous 1.11 (colored)
add support for ECDSA keys in PKCS#11 tokens Work by markus@ and Pedro Martelletto, feedback and ok me@
Revision 1.11 / (download) - annotate - [select for diffs], Thu Sep 13 02:08:33 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.10: +8 -6 lines
Diff to previous 1.10 (colored)
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
Revision 1.10 / (download) - annotate - [select for diffs], Mon Jul 9 21:59:10 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
replace cast with call to sshbuf_mutable_ptr(); ok djm@
Revision 1.9 / (download) - annotate - [select for diffs], Mon Jul 9 20:39:28 2018 UTC (5 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.8: +80 -58 lines
Diff to previous 1.8 (colored)
pkcs11: switch to sshbuf API; ok djm@
Revision 1.8 / (download) - annotate - [select for diffs], Mon Feb 5 05:37:46 2018 UTC (6 years, 3 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.7: +3 -2 lines
Diff to previous 1.7 (colored)
Add a couple of non-negativity checks to avoid close(-1). ok djm
Revision 1.7 / (download) - annotate - [select for diffs], Tue May 30 08:52:19 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)
switch from Key typedef with struct sshkey; ok djm@
Revision 1.6 / (download) - annotate - [select for diffs], Fri Dec 11 00:20:04 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
Pass (char *)NULL rather than (char *)0 to execl and execlp. ok dtucker@
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.4: +3 -1 lines
Diff to previous 1.4 (colored)
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
Revision 1.4 / (download) - annotate - [select for diffs], Fri May 17 00:13:14 2013 UTC (11 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.3: +5 -5 lines
Diff to previous 1.3 (colored)
bye, bye xfree(); ok markus@
Revision 1.3 / (download) - annotate - [select for diffs], Mon Jan 16 20:34:09 2012 UTC (12 years, 4 months ago) by miod
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.2: +3 -1 lines
Diff to previous 1.2 (colored)
Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. While there, be sure to buffer_clear() between send_msg() and recv_msg(). ok markus@
Revision 1.2 / (download) - annotate - [select for diffs], Wed Feb 24 06:12:53 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.1: +1 -0 lines
Diff to previous 1.1 (colored)
Add $OpenBSD$ tags in comments, our portable-syncing scripts use these
Revision 1.1 / (download) - annotate - [select for diffs], Mon Feb 8 10:50:20 2010 UTC (14 years, 3 months ago) by markus
Branch: MAIN
replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev