[openssh-commits] [openssh] branch master updated (0328a081 -> f3c34df8)
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Nov 3 10:08:18 AEDT 2021
This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch master
in repository openssh.
from 0328a081 upstream: sshsig: add tests for signing key validity and
new f3c34df8 upstream: Better handle FIDO keys on tokens that provide user
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit f3c34df860c4c1ebddacb973954e58167d9dbade
Author: djm at openbsd.org <djm at openbsd.org>
Date: Tue Nov 2 22:56:40 2021 +0000
upstream: Better handle FIDO keys on tokens that provide user
verification (UV) on the device itself, including biometric keys.
Query the token during key creation to determine whether it supports
on-token UV and, if so, clear the SSH_SK_USER_VERIFICATION_REQD flag
in the key so that ssh(1) doesn't automatically prompty for PIN later.
When making signatures with the key, query the token's capabilities
again and check whether the token is able (right now) to perform user-
verification without a PIN. If it is then the PIN prompt is bypassed
and user verification delegated to the token. If not (e.g. the token
is biometric capable, but no biometric are enrolled), then fall back
to user verification via the usual PIN prompt.
Work by Pedro Martelletto; ok myself and markus@
NB. cranks SSH_SK_VERSION_MAJOR
OpenBSD-Commit-ID: e318a8c258d9833a0b7eb0236cdb68b5143b2f27
Summary of changes:
sk-api.h | 5 ++--
sk-usbhid.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
ssh-sk.c | 4 +--
3 files changed, 83 insertions(+), 13 deletions(-)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list