search for: ssh_agent_constrain_maxsign

...ed to report: First, it looks like the value of SSH_AGENT_CONSTRAIN_EXTENSION has changed from the value 3 defined at https://tools.ietf.org/html/draft-miller-ssh-agent-02 <https://tools.ietf.org/html/draft-miller-ssh-agent-02> to the value 255 now, and somewhere along the way the constraint SSH_AGENT_CONSTRAIN_MAXSIGN was defined to use the value 3. Second, https://raw.githubusercontent.com/openssh/openssh-portable/master/PROTOCOL.u2f <https://raw.githubusercontent.com/openssh/openssh-portable/master/PROTOCOL.u2f> documents the new extension for loading SK keys as: byte SSH_AGENT_CONSTRAIN_EXTENSION st...

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

...#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 #define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26 +/* engine keys */ +#define SSH_AGENTC_ADD_ENGINE_KEY 27 +#define SSH_AGENTC_ADD_ENGINE_KEY_CONSTRAINED 28 + #define SSH_AGENT_CONSTRAIN_LIFETIME 1 #define SSH_AGENT_CONSTRAIN_CONFIRM 2 #define SSH_AGENT_CONSTRAIN_MAXSIGN 3 diff --git a/ssh-add.c b/ssh-add.c index f3b666c93..e988023a7 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -111,6 +111,29 @@ clear_pass(void) } } +static int +add_engine_key(int agent_fd, const char *file, const char *engine) +{ + int ret; + char *pin = NULL; + + ret = ssh_add_engine_key(agent...