wireguard-openbsd/usr.bin/ssh/ssh-agent.c, branch jd/queueboostsWireGuard implementation for the OpenBSD kernelhttps://git.zx2c4.com/wireguard-openbsd/atom/usr.bin/ssh/ssh-agent.c?h=jd%2Fqueueboosts2020-06-22T06:37:38Zupdated argument name for -P in first synopsis was missed in previous;2020-06-22T06:37:38Zjmcjmc@openbsd.org2020-06-22T06:37:38Zurn:sha1:c8e8385e7105356eba67c8fbfa24dd89c72ea306better terminology for permissions; feedback & ok markus@2020-06-22T05:52:05Zdjmdjm@openbsd.org2020-06-22T05:52:05Zurn:sha1:4c17521eeabd9ee5ac30e8074e0a714f01150b59Correct synopsis and usage for the options accepted when passing a command2020-06-19T07:21:42Zdtuckerdtucker@openbsd.org2020-06-19T07:21:42Zurn:sha1:4b70128590f5c349bbbe799dc3878c6225c01359
to ssh-agent. ok jmc@
Restrict ssh-agent from signing web challenges for FIDO keys.2020-05-26T01:26:58Zdjmdjm@openbsd.org2020-05-26T01:26:58Zurn:sha1:1e8bbe726a0fe70350e16a348ad5a5e88bb6a036
When signing messages in ssh-agent using a FIDO key that has an
application string that does not start with "ssh:", ensure that the
message being signed is one of the forms expected for the SSH protocol
(currently pubkey authentication and sshsig signatures).
This prevents ssh-agent forwarding on a host that has FIDO keys
attached granting the ability for the remote side to sign challenges
for web authentication using those keys too.
Note that the converse case of web browsers signing SSH challenges is
already precluded because no web RP can have the "ssh:" prefix in the
application string that we require.
ok markus@
initialize seconds for debug message; ok djm2020-03-06T18:28:27Zmarkusmarkus@openbsd.org2020-03-06T18:28:27Zurn:sha1:78e193183adb0b34b0b0c2b3645d3931f3163867change explicit_bzero();free() to freezero()2020-02-26T13:40:09Zjsgjsg@openbsd.org2020-02-26T13:40:09Zurn:sha1:c9831b39c7f05cf54db0775dea423b6be448db6e
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
Replace "security key" with "authenticator" in program messages.2020-02-06T22:30:54Znaddynaddy@openbsd.org2020-02-06T22:30:54Zurn:sha1:5f47a66000ea6cb181f93ec6eec42d947fb45006
This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".
ok djm@
process security key provider via realpath() in agent, avoids2020-01-25T00:06:48Zdjmdjm@openbsd.org2020-01-25T00:06:48Zurn:sha1:cc45af21f5761519d4e67250fdebdc112cd80044
malicious client from being able to cause agent to load arbitrary
libraries into ssh-sk-helper.
reported by puck AT puckipedia.com; ok markus
expose PKCS#11 key labels/X.509 subjects as comments2020-01-25T00:03:36Zdjmdjm@openbsd.org2020-01-25T00:03:36Zurn:sha1:44e54ccb31e3bda5c68b2bc2df1c3b4d67797ec2
Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.
based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church
feedback and ok markus@
Replace all calls to signal(2) with a wrapper around sigaction(2).2020-01-23T07:10:22Zdtuckerdtucker@openbsd.org2020-01-23T07:10:22Zurn:sha1:e9716d4d0197fd363c1f073b60440e4d04eab018
This wrapper blocks all other signals during the handler preventing
races between handlers, and sets SA_RESTART which should reduce the
potential for short read/write operations.