![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.35 / (download) - annotate - [select for diffs], Fri Mar 8 22:16:32 2024 UTC (2 months, 1 week ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
skip more whitespace, fixes find-principals on allowed_signers files with blank lines; reported by Wiktor Kwapisiewicz
Revision 1.34 / (download) - annotate - [select for diffs], Fri Dec 8 09:18:39 2023 UTC (5 months, 1 week ago) by markus
Branch: MAIN
Changes since 1.33: +3 -4 lines
Diff to previous 1.33 (colored)
prevent leak in sshsig_match_principals; ok djm@
Revision 1.33 / (download) - annotate - [select for diffs], Wed Sep 6 23:18:15 2023 UTC (8 months, 1 week ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.32: +19 -8 lines
Diff to previous 1.32 (colored)
handle cr+lf (instead of just cr) in sshsig signature files
Revision 1.32 / (download) - annotate - [select for diffs], Thu Apr 6 03:56:02 2023 UTC (13 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.31: +3 -4 lines
Diff to previous 1.31 (colored)
simplify sshsig_find_principals() similar to what happened to sshsig_check_allowed_keys() in r1.31, removing some dead code
Revision 1.31 / (download) - annotate - [select for diffs], Thu Mar 30 03:05:01 2023 UTC (13 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored)
return SSH_ERR_KEY_NOT_FOUND if the allowed_signers file is empty, not SSH_ERR_INTERNAL_ERROR. Also remove some dead code spotted by Coverity; with/ok dtucker@
Revision 1.30 / (download) - annotate - [select for diffs], Fri Aug 19 03:06:30 2022 UTC (20 months, 4 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.29: +4 -3 lines
Diff to previous 1.29 (colored)
double free() in error path; from Eusgor via GHPR333
Revision 1.29 / (download) - annotate - [select for diffs], Wed Mar 30 04:27:51 2022 UTC (2 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.28: +7 -2 lines
Diff to previous 1.28 (colored)
avoid NULL deref via ssh-keygen -Y find-principals. bz3409, reported by Mateusz Adamowski
Revision 1.28 / (download) - annotate - [select for diffs], Tue Feb 1 23:34:47 2022 UTC (2 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.27: +14 -12 lines
Diff to previous 1.27 (colored)
allow 'ssh-keygen -Y find-principals' to match wildcard principals in allowed_signers files; from Fabian Stelzer
Revision 1.27 / (download) - annotate - [select for diffs], Wed Jan 5 04:02:42 2022 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
NULL deref when using find-principals when matching an allowed_signers line that contains a namespace restriction, but no restriction specified on the command-line; report and fix from Fabian Stelzer
Revision 1.26 / (download) - annotate - [select for diffs], Sun Nov 28 07:21:26 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored)
sshsig: return "key not found" when searching empty files rather than "internal error"
Revision 1.25 / (download) - annotate - [select for diffs], Sun Nov 28 07:10:18 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
missing initialisation for oerrno
Revision 1.24 / (download) - annotate - [select for diffs], Sat Nov 27 07:14:46 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.23: +71 -1 lines
Diff to previous 1.23 (colored)
Add ssh-keygen -Y match-principals operation to perform matching of principals names against an allowed signers file. Requested by and mostly written by Fabian Stelzer, towards a TOFU model for SSH signatures in git. Some tweaks by me. "doesn't bother me" deraadt@
Revision 1.23 / (download) - annotate - [select for diffs], Thu Nov 18 03:50:41 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.22: +36 -65 lines
Diff to previous 1.22 (colored)
ssh-keygen -Y find-principals was verifying key validity when using ca certs but not with simple key lifetimes within the allowed signers file. Since it returns the first keys principal it finds this could result in a principal with an expired key even though a valid one is just below. patch from Fabian Stelzer; feedback/ok djm markus
Revision 1.22 / (download) - annotate - [select for diffs], Fri Nov 5 03:10:58 2021 UTC (2 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.21: +55 -55 lines
Diff to previous 1.21 (colored)
move cert_filter_principals() to earlier in the file for reuse; no code change
Revision 1.21 / (download) - annotate - [select for diffs], Fri Jul 23 04:00:59 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.20: +83 -27 lines
Diff to previous 1.20 (colored)
Add a StdinNull directive to ssh_config(5) that allows the config file to do the same thing as -n does on the ssh(1) commandline. Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
Revision 1.20 / (download) - annotate - [select for diffs], Sun Jan 31 10:50:10 2021 UTC (3 years, 3 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.19: +3 -1 lines
Diff to previous 1.19 (colored)
Set linesize returned by getline to zero when freeing and NULLing the returned string. OpenBSD's getline handles this just fine, but some implementations used by -portable do not. ok djm@
Revision 1.19 / (download) - annotate - [select for diffs], Tue Jan 26 00:49:30 2021 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 (colored)
move check_host_cert() from sshconnect,c to sshkey.c and refactor it to make it more generally usable and testable. ok markus@
Revision 1.18 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:02 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.17: +55 -59 lines
Diff to previous 1.17 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.17 / (download) - annotate - [select for diffs], Mon Aug 31 00:17:41 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.16: +1 -0 lines
Diff to previous 1.16 (colored)
Add RCS IDs to the few files that are missing them; from Pedro Martelletto
Revision 1.16 / (download) - annotate - [select for diffs], Thu Aug 27 01:06:19 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.15: +9 -7 lines
Diff to previous 1.15 (colored)
support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
Revision 1.15 / (download) - annotate - [select for diffs], Fri Mar 6 18:28:50 2020 UTC (4 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.14: +4 -2 lines
Diff to previous 1.14 (colored)
do not leak oprincipals; ok djm
Revision 1.14 / (download) - annotate - [select for diffs], Fri Mar 6 18:27:50 2020 UTC (4 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.13: +1 -1 lines
Diff to previous 1.13 (colored)
correct return code; ok djm
Revision 1.13 / (download) - annotate - [select for diffs], Fri Mar 6 18:27:15 2020 UTC (4 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)
principalsp is optional, pubkey required; ok djm
Revision 1.12 / (download) - annotate - [select for diffs], Fri Mar 6 18:13:29 2020 UTC (4 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.11: +7 -5 lines
Diff to previous 1.11 (colored)
sshsig: return correct error, fix null-deref; ok djm
Revision 1.11 / (download) - annotate - [select for diffs], Thu Jan 23 23:31:52 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.10: +63 -11 lines
Diff to previous 1.10 (colored)
ssh-keygen -Y find-principals fixes based on feedback from Markus: use "principals" instead of principal, as allowed_signers lines may list multiple. When the signing key is a certificate, emit only principals that match the certificate principal list. NB. the command -Y name changes: "find-principal" => "find-principals" ok markus@
Revision 1.10 / (download) - annotate - [select for diffs], Thu Jan 23 02:43:48 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.9: +117 -0 lines
Diff to previous 1.9 (colored)
add a new signature operations "find-principal" to look up the principal associated with a signature from an allowed-signers file. Work by Sebastian Kinne; ok dtucker@
Revision 1.9 / (download) - annotate - [select for diffs], Wed Jan 22 02:25:21 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.8: +87 -27 lines
Diff to previous 1.8 (colored)
factor out parsing of allowed-signers lines
Revision 1.8 / (download) - annotate - [select for diffs], Mon Nov 25 00:51:37 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.7: +14 -8 lines
Diff to previous 1.7 (colored)
Add new structure for signature options This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@
Revision 1.7 / (download) - annotate - [select for diffs], Thu Oct 31 21:23:19 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.6: +11 -10 lines
Diff to previous 1.6 (colored)
Refactor signing - use sshkey_sign for everything, including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
Revision 1.6 / (download) - annotate - [select for diffs], Wed Oct 2 08:07:13 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
make signature format match PROTOCOL.sshsig file: the message hash should be written as a string, not raw bytes. Spotted by Mantas Mikulėnas
Revision 1.5 / (download) - annotate - [select for diffs], Thu Sep 5 05:42:59 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.4: +1 -1 lines
Diff to previous 1.4 (colored)
memleak on error path; found by libfuzzer
Revision 1.4 / (download) - annotate - [select for diffs], Thu Sep 5 04:55:32 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.3: +9 -9 lines
Diff to previous 1.3 (colored)
expose allowed_signers options parsing code in header for fuzzing rename to make more consistent with philosophically-similar auth options parsing API.
Revision 1.3 / (download) - annotate - [select for diffs], Tue Sep 3 20:51:49 2019 UTC (4 years, 8 months ago) by naddy
Branch: MAIN
Changes since 1.2: +1 -1 lines
Diff to previous 1.2 (colored)
repair typo and editing mishap
Revision 1.2 / (download) - annotate - [select for diffs], Tue Sep 3 08:35:27 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.1: +96 -84 lines
Diff to previous 1.1 (colored)
sshsig tweaks and improvements from and suggested by Markus ok markus/me
Revision 1.1 / (download) - annotate - [select for diffs], Tue Sep 3 08:34:20 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
sshsig: lightweight signature and verification ability for OpenSSH This adds a simple manual signature scheme to OpenSSH. Signatures can be made and verified using ssh-keygen -Y sign|verify Signatures embed the key used to make them. At verification time, this is matched via principal name against an authorized_keys-like list of allowed signers. Mostly by Sebastian Kinne w/ some tweaks by me ok markus@