Age | Commit message (Expand) | Author |
2015-12-04 | implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) | Markus Friedl |
2015-07-03 | delete support for legacy v00 certificates; "sure" markus@ dtucker@ | Damien Miller |
2015-01-28 | update to new API (key_fingerprint => sshkey_fingerprint) | Damien Miller |
2015-01-20 | Reduce use of <sys/param.h> and transition to <limits.h> throughout. | Theo de Raadt |
2015-01-08 | deprecate key_load_private_pem() and sshkey_load_private_pem() | Damien Miller |
2014-12-21 | Add FingerprintHash option to control algorithm used for key | Damien Miller |
2014-12-04 | key_in_file() wrapper is no longer used | Damien Miller |
2014-07-22 | Prevent spam from key_load_private_pem during hostbased auth. ok djm@ | Darren Tucker |
2014-07-17 | silence "incorrect passphrase" error spam; reported and ok dtucker@ | Damien Miller |
2014-07-09 | downgrade more error() to debug() to better match what old authfile.c | Damien Miller |
2014-06-30 | suppress spurious error message when loading key with a passphrase; | Damien Miller |
2014-06-24 | New key API: refactor key-related functions to be more library-like, | Damien Miller |
2014-04-29 | make compiling against OpenSSL optional (make OPENSSL=no); | Markus Friedl |
2014-02-02 | convert memset of potentially-private data to explicit_bzero() | Damien Miller |
2014-01-09 | Introduce digest API and use it to perform all hashing operations | Damien Miller |
2013-12-29 | to make sure we don't omit any key types as valid CA keys again, | Damien Miller |
2013-12-29 | correct comment for key_drop_cert() | Damien Miller |
2013-12-29 | correct comment for key_to_certified() | Damien Miller |
2013-12-29 | allow ed25519 keys to appear as certificate authorities | Damien Miller |
2013-12-07 | set k->cert = NULL after freeing it | Damien Miller |
2013-12-06 | support ed25519 keys (hostkeys and user identities) using the public domain | Markus Friedl |
2013-12-06 | new private key format, bcrypt as KDF by default; details in PROTOCOL.key; | Markus Friedl |
2013-12-06 | move private key (de)serialization to key.c; ok djm | Markus Friedl |
2013-12-02 | make key_to_blob() return a NULL blob on failure; part of | Damien Miller |
2013-10-29 | fix potential stack exhaustion caused by nested certificates; | Damien Miller |
2013-05-19 | Standardise logging of supplemental information during userauth. Keys | Damien Miller |
2013-05-17 | bye, bye xfree(); ok markus@ | Damien Miller |
2013-05-10 | memleak in cert_free(), wasn't actually freeing the struct; | Damien Miller |
2013-04-19 | add the ability to query supported ciphers, MACs, key type and KEX | Damien Miller |
2013-01-17 | add support for Key Revocation Lists (KRLs). These are a compact way to | Damien Miller |
2012-05-23 | add support for RFC6594 SSHFP DNS records for ECDSA key types. | Damien Miller |
2011-10-18 | remove explict search for \0 in packet strings, this job is now done | Damien Miller |
2011-05-17 | fatal() if asked to generate a legacy ECDSA cert (these don't exist) | Damien Miller |
2011-02-04 | fix uninitialised nonce variable; reported by Mateusz Kocielski | Damien Miller |
2010-11-10 | use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. | Damien Miller |
2010-10-28 | fix a possible NULL deref on loading a corrupt ECDH key | Damien Miller |
2010-09-09 | ECDH/ECDSA compliance fix: these methods vary the hash function they use | Damien Miller |
2010-08-31 | Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and | Damien Miller |
2010-08-31 | Add buffer_get_cstring() and related functions that verify that the | Damien Miller |
2010-07-13 | s/timing_safe_cmp/timingsafe_bcmp/g | Damien Miller |
2010-07-13 | implement a timing_safe_cmp() function to compare memory without leaking | Damien Miller |
2010-05-07 | add some optional indirection to matching of principal names listed | Damien Miller |
2010-04-16 | revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the | Damien Miller |
2010-03-15 | also print certificate type (user or host) for ssh-keygen -L | Kevin Steves |
2010-03-04 | use buffer_get_string_ptr_ret() where we are checking the return | Damien Miller |
2010-03-03 | reject strings with embedded ASCII nul chars in certificate key IDs, | Damien Miller |
2010-02-26 | Add support for certificate key types for users and hosts. | Damien Miller |
2010-01-13 | Ignore and log any Protocol 1 keys where the claimed size is not equal to | Darren Tucker |
2009-12-11 | switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537 | Markus Friedl |
2008-10-10 | typo in error message; ok djm@ | Kevin Steves |