| Age | Commit message (Collapse) | Author |
|---|
|
Allow passing a PIN via the SK API (API major crank) and let the
ssh-sk-helper API follow.
Also enhance the ssh-sk-helper API to support passing back an error
code instead of a complete reply. Will be used to signal "wrong PIN",
etc.
feedback and ok markus@
|
|
"ssh-add -O" will load resident keys from a FIDO2 token and add them
to a ssh-agent.
feedback and ok markus@
|
|
feedback and ok markus@
|
|
Adds a sk_load_resident_keys() function to the security key
API that accepts a security key provider and a PIN and returns
a list of keys.
Implement support for this in the usbhid middleware.
feedback and ok markus@
|
|
We'll reuse this for extracting resident keys from a device.
feedback and ok markus@
|
|
"ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a
device-resident key.
feedback and ok markus@
|
|
Move all moduli generation options to live under the -O flag.
Frees up seven single-letter flags.
NB. this change break existing ssh-keygen commandline syntax for moduli-
related operations. Very few people use these fortunately.
feedback and ok markus@
|
|
Move list of available certificate options in ssh-keygen.1 to the
CERTIFICATES section.
Collect options specified by -O but delay parsing/validation of
certificate options until we're sure that we're acting as a CA.
ok markus@
|
|
issue 2038.
|
|
|
|
|
|
of a conditional inside a .ce request block. Instead, abort the .ce
block just like when there is no conditional in between.
Bug found by espie@ working on the textproc/fstrcmp port.
|
|
|
|
window is present or active in. From Tyler Culp in GitHub issue 2034.
|
|
so get rid of cluttered duplicate logic
okay kn@
|
|
and the first thing job_attach_node does is... set the field to BUILDING.
probably remnants of code prior to refactoring
okay captain_obvious
|
|
|
|
- define OP_ZERO as zero, to make some function calls obvious
- split ParseDoOp into two functions: ParseDoOp that only deals with : :: !
and ParseDoSpecial that only deals with special nodes. This simplifies both
functions accordingly
- always initialize special_op
okay millert@
|
|
Rename to avoid ambiguity
- VAR_IS_SHELL (in var.c): the SHELL variable, which has specific
POSIX semantics
- VAR_SHELL (in parsevar.c): assign the result of running the command
to the variable.
no actual code change
|
|
comment in zsig without needing an extra copy
okay tedu@
|
|
okay millert@, tb@
|
|
The polysemous use of "key" was too confusing. Input from markus@.
ok jmc@
|
|
|
|
- rename context into localvars, which is more meaningful and less generic
- instantiate the random rumbling at the start of gnode.h with actual
variable names
- explain and group gnode.h variables better
- make some comments terser/more meaningful
okay millert@
|
|
make it obvious
okay millert@
|
|
adjust comments to be more meaningful
reorder predecessors/successors fields in an order that
makes more sense to me.
okay millert@
|
|
fold back BEINGMADE and BUILDING which mean the same thing
GC CYCLE/ENDCYCLE
okay millert@
|
|
- make BufExpand a real function, zap BufOverflow
- sprinkle assert that justify the arithmetic
- use unsigned constants
- fix a bug in the unlikely condition where Buf_printf would exactly
match the buffer boundary and Buf_Retrieve would be called right after
okay millert@
|
|
fix glaring omission
okay schwarze@, jmc@
|
|
$SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable
in addition to yes/no.
Patch by Eric Chiang, manpage by me; ok markus@
|
|
ok markus@
|
|
Move oSecurityProvider to match the order in the OpCodes enum.
Patch from openbsd@academicsolutions.ch, ok djm@
|
|
openbsd@academicsolutions.ch, ok djm@
|
|
openbsd@academicsolutions.ch, ok djm@
|
|
Update the list of default host key algorithms in ssh_config.5 and
sshd_config.5. Copy the description of the SecurityKeyProvider
option to sshd_config.5.
ok jmc@
|
|
insert after needs to be the last one added, not the first. Reported by
Jason Kim in GitHub issue 2023.
|
|
Add "MAC" since we use that acronym in other man pages. ok naddy@
|
|
Report and fix from Hiltjo Posthuma, input from and ok deraadt@
|
|
md, to hint that it might not always be the case (e.g. if dealing with
files from a different version of the tool). ok tb@
|
|
changed from md5 to sha256. Update manual to reflect that.
From Fabio Scotoni
ok jmc
|
|
|
|
ok markus@ jmc@
|
|
|
|
KERN_PROC_SHOW_THREADS and have been rendered superfluous by it.
Similarly, some P_SYSTEM tests can be deleted or pushed to the
kernel by using KERN_PROC_ALL instead of KERN_PROC_KTHREAD.
ok visa@ mpi@
|
|
ends up pointing to the wrong place before it is passed to the client.
The path is only used internally so there is no real need for
realpath(), remove it and move the get_path function to file.c where all
the callers are.
|
|
|
|
|
|
which fatals on allocation failures.
ok markus@
|
|
|
|
warnings from the cfgparse regress test
|
