similar to: [Bug 2472] New: Add support to load additional certificates

https://bugzilla.mindrot.org/show_bug.cgi?id=2817 Bug ID: 2817 Summary: Add support for PKCS#11 URIs (RFC 7512) Product: Portable OpenSSH Version: 7.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Smartcard Assignee: unassigned-bugs at

Add support to load additional certificates for already loaded private keys. Useful if the private key is on a PKCS#11 hardware token. The private keys inside ssh-agent are now using a refcount to share the private parts between "Identities". The reason for this change was that the PKCS#11 code might have redirected ("wrap") the RSA functions to a hardware token. We don't

https://bugzilla.mindrot.org/show_bug.cgi?id=2474 Bug ID: 2474 Summary: Enabling ECDSA in PKCS#11 support for ssh-agent Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent Assignee: unassigned-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3613 Bug ID: 3613 Summary: Unable to sign using certificates and PKCS#11 Product: Portable OpenSSH Version: 8.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2305 Bug ID: 2305 Summary: sshd does not accept @cert-authority when doing host based authentication. Product: Portable OpenSSH Version: 6.5p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component:

Hello together, attached is a small compile fix for nut 2.2.2, again it's my friend "struct timeval" which was undefined without the #include statement. Cheers, Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: nut-fix-compile.patch Type: text/x-diff Size: 318 bytes Desc: not available Url :

https://bugzilla.mindrot.org/show_bug.cgi?id=2808 Bug ID: 2808 Summary: Unable to add certificates to agent when using PKCS#11 backed keys. Product: Portable OpenSSH Version: 7.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

Credit goes to "cppcheck". Signed-off-by: Thomas Jarosch <thomas.jarosch at intra2net.com> --- drivers/mge-utalk.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/drivers/mge-utalk.c b/drivers/mge-utalk.c index c6114c7..616e2ad 100644 --- a/drivers/mge-utalk.c +++ b/drivers/mge-utalk.c @@ -465,7 +465,8 @@ void upsdrv_shutdown(void) { char

Credit goess to "cppcheck" Signed-off-by: Thomas Jarosch <thomas.jarosch at intra2net.com> --- drivers/usb-common.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/drivers/usb-common.c b/drivers/usb-common.c index e51f3cf..e459872 100644 --- a/drivers/usb-common.c +++ b/drivers/usb-common.c @@ -116,7 +116,7 @@ int USBNewExactMatcher(USBDeviceMatcher_t

Credit goes to "cppcheck" Signed-off-by: Thomas Jarosch <thomas.jarosch at intra2net.com> --- common/common.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/common/common.c b/common/common.c index f443cb7..e8004d7 100644 --- a/common/common.c +++ b/common/common.c @@ -244,6 +244,7 @@ int sendsignalfn(const char *pidfn, int sig) if (fgets(buf,

The if() statement always evaluated to true. Detected by "cppcheck", not tested on real hardware. Signed-off-by: Thomas Jarosch <thomas.jarosch at intra2net.com> --- drivers/rhino.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/drivers/rhino.c b/drivers/rhino.c index ca66169..e478bcb 100644 --- a/drivers/rhino.c +++ b/drivers/rhino.c @@ -187,7 +187,7

Hello everyone, as you could have noticed over the years, there are several bugs for PKCS#11 improvement and integration which are slipping under the radar for several releases, but the most painful ones are constantly updated by community to build, work and make our lives better. I wrote some of the patches, provided feedback to others, or offered other help here on mailing list, but did not

https://bugzilla.mindrot.org/show_bug.cgi?id=2691 Bug ID: 2691 Summary: Add ability to disable escape char forward menu Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: security Priority: P5 Component: ssh Assignee: unassigned-bugs at

Hello together, after upgrading from nut 2.2.1 to nut 2.2.2, I noticed there's a (new?) libupsclient.so library. On my Redhat based system, f.e. the "upsc" binary links against it and is unhappy as the library is not included in the current RPM file. If you look at the .spec file for Redhat, the libupsclient.* stuff is included in the "nut-devel" package only. The SuSE

Hello, I'm currently try to get newhidups running with the newhidups driver from nut 2.0.2. After some USB issues (usb_claim_interface() works only as root so far) newhidups is recognizing the device. Though it doesn't detect any state changes, meaning when I run the battery test mode it's not recognized. I wanted to try the CVS version but it seems anonymous CVS is broken. The

https://bugzilla.mindrot.org/show_bug.cgi?id=2319 Bug ID: 2319 Summary: [PATCH REVIEW] U2F authentication Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at

On Thu, 26 Oct 2017, James Bottomley wrote: > Engine keys are keys whose file format is understood by a specific > engine rather than by openssl itself. Since these keys are file > based, the pkcs11 interface isn't appropriate for them because they > don't actually represent tokens. What sort of keys do you have in mind here that can't be represented via PKCS#11? -d

Hi all, Thanks for all your hard work! I was particularly excited to see FIDO/U2F support in the latest release. I'd like to make the following bug report in ssh-agent's PKCS#11 support: Steps to reproduce: 1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key. 2. Add that key to ssh-agent. 3. Remove that key from ssh-agent. 4. Add that key to ssh-agent. Expected results:

On 10/8/2015 4:49 AM, Simon Josefsson wrote: > Mathias Brossard <mathias at brossard.org> writes: > >> Hi, >> >> I have made a patch for enabling the use of ECDSA keys in the PKCS#11 >> support of ssh-agent which will be of interest to other users. > > Nice! What would it take to add support for Ed25519 too? Do we need to > allocate any new PKCS#11

Hello all, as PKCS#11 URI became standard (RFC 7512), it would be good to be able to specify the keys using this notation in openssh. So far I implemented the minimal subset of this standard allowing to specify the URI for the ssh tool, in ssh_config and to work with ssh-agent. It does not bring any new dependency, provides unit and regress tests (while fixing agent-pkcs11 regress test). The