[openssh-commits] [openssh] branch master updated (0328a081 -> f3c34df8)

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Nov 3 10:08:18 AEDT 2021

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  0328a081  upstream: sshsig: add tests for signing key validity and
       new  f3c34df8  upstream: Better handle FIDO keys on tokens that provide user

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.

Detailed log of new commits:

commit f3c34df860c4c1ebddacb973954e58167d9dbade
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Nov 2 22:56:40 2021 +0000

    upstream: Better handle FIDO keys on tokens that provide user
    verification (UV) on the device itself, including biometric keys.
    Query the token during key creation to determine whether it supports
    on-token UV and, if so, clear the SSH_SK_USER_VERIFICATION_REQD flag
    in the key so that ssh(1) doesn't automatically prompty for PIN later.
    When making signatures with the key, query the token's capabilities
    again and check whether the token is able (right now) to perform user-
    verification without a PIN. If it is then the PIN prompt is bypassed
    and user verification delegated to the token. If not (e.g. the token
    is biometric capable, but no biometric are enrolled), then fall back
    to user verification via the usual PIN prompt.
    Work by Pedro Martelletto; ok myself and markus@
    OpenBSD-Commit-ID: e318a8c258d9833a0b7eb0236cdb68b5143b2f27

Summary of changes:
 sk-api.h    |  5 ++--
 sk-usbhid.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
 ssh-sk.c    |  4 +--
 3 files changed, 83 insertions(+), 13 deletions(-)

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list