src - OpenBSD base system

Age	Commit message (Collapse)	Author
2015-07-03	refuse to generate or accept RSA keys smaller than 1024 bits;	Damien Miller
	feedback and ok dtucker@
2015-07-03	delete support for legacy v00 certificates; "sure" markus@ dtucker@	Damien Miller

2015-05-28	wrap all moduli-related code in #ifdef WITH_OPENSSL.	Damien Miller
	based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@
2015-05-28	make ssh-keygen default to ed25519 keys when compiled without	Damien Miller
	OpenSSL; bz#2388, ok dtucker@
2015-05-21	Support "ssh-keygen -lF hostname" to find search known_hosts and	Damien Miller
	print key hashes. Already advertised by ssh-keygen(1), but not delivered by code; ok dtucker@
2015-04-27	fix compilation with OPENSSL=no; ok dtucker@	Damien Miller

2015-04-24	rename xrealloc() to xreallocarray() since it follows that form.	Theo de Raadt
	ok djm
2015-04-17	use error/logit/fatal instead of fprintf(stderr, ...) and exit(0),	Damien Miller
	fix a few errors that were being printed to stdout instead of stderr and a few non-errors that were going to stderr instead of stdout bz#2325; ok dtucker
2015-03-31	Comments are only supported for RSA1 keys. If a user tried to add one and	Tobias Stoeckmann
	entered his passphrase, explicitly clear it before exit. This is done in all other error paths, too. ok djm
2015-03-23	for ssh-keygen -A, don't try (and fail) to generate	Damien Miller
	ssh v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled without OpenSSL based on patch by Mike Frysinger; bz#2369
2015-02-26	don't printf NULL key comments; reported by Tom Christensen	Damien Miller

2015-02-24	add -v (show ASCII art) to -l's synopsis; ok djm@	Christian Weisgerber

2015-02-23	further silence spurious error message even when -v is specified	Damien Miller
	(e.g. to get visual host keys); reported by naddy@
2015-02-23	silence a spurious error message when listing fingerprints for	Damien Miller
	known_hosts; bz#2342
2015-02-16	Refactor hostkeys_foreach() and dependent code	Damien Miller
	Deal with IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing changed ok markus@ as part of larger commit
2015-01-30	permit KRLs that revoke certificates by serial number or key ID	Damien Miller
	without scoping to a particular CA; ok markus@
2015-01-30	missing parentheses after if in do_convert_from() broke	Damien Miller
	private key conversion from other formats some time in 2010; bz#2345 reported by jjelen AT redhat.com
2015-01-28	update to new API (key_fingerprint => sshkey_fingerprint)	Damien Miller
	check sshkey_fingerprint return values; ok markus
2015-01-19	djm, your /usr/include tree is old	Theo de Raadt

2015-01-18	some feedback from markus@: comment hostkeys_foreach()	Damien Miller
	context and avoid a member in it.
2015-01-18	make ssh-keygen use hostkeys_foreach(). Removes some	Damien Miller
	horrendous code; ok markus@
2015-01-18	infer key length correctly when user specified a fully-	Damien Miller
	qualified key name instead of using the -b bits option; ok markus@
2015-01-16	regression: incorrect error message on otherwise-successful	Damien Miller
	ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
2015-01-16	Replace <sys/param.h> with <limits.h> and other less dirty headers where	Theo de Raadt
	possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2015-01-15	sync ssh-keysign, ssh-keygen and some dependencies to the new	Damien Miller
	buffer/key API; mostly mechanical, ok markus@
2014-12-21	Add FingerprintHash option to control algorithm used for key	Damien Miller
	fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
2014-08-21	Free resources on error in mkstemp and fdopen	doug
	ok djm@
2014-07-03	When hashing or removing hosts using ssh-keygen, don't choke on	Damien Miller
	@revoked markers and don't remove @cert-authority markers; bz#2241, reported by mlindgren AT runelind.net
2014-07-03	standardise on NI_MAXHOST for gethostname() string lengths; about	Damien Miller
	1/2 the cases were using it already. Fixes bz#2239 en passant
2014-06-24	New key API: refactor key-related functions to be more library-like,	Damien Miller
	existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
2014-04-29	make compiling against OpenSSL optional (make OPENSSL=no);	Markus Friedl
	reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
2014-04-28	buffer_get_string_ptr's return should be const to remind	Damien Miller
	callers that futzing with it will futz with the actual buffer contents
2014-04-20	Add support for SSHFP DNS records for ED25519 key types.	logan
	OK from djm@
2014-03-15	Improve usage() and documentation towards the standard form. In particular,	Theo de Raadt
	this line saves a lot of man page reading time. usage: ssh-keygen [-q] [-b bits] [-t dsa \| ecdsa \| ed25519 \| rsa \| rsa1] [-N new_passphrase] [-C comment] [-f output_keyfile] ok schwarze jmc
2014-03-12	don't count on things that accept arguments by reference to clear	Damien Miller
	things for us on error; most things do, but it's unsafe form.
2014-02-05	tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@	Christian Weisgerber
	while here, fix ordering in usage(); requested by jmc@
2014-02-02	convert memset of potentially-private data to explicit_bzero()	Damien Miller

2014-01-31	replace most bzero with explicit_bzero, except a few that cna be memset	Ted Unangst
	ok djm dtucker
2013-12-06	support ed25519 keys (hostkeys and user identities) using the public domain	Markus Friedl
	ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
2013-12-06	new private key format, bcrypt as KDF by default; details in PROTOCOL.key;	Markus Friedl
	feedback and lots help from djm; ok djm@
2013-12-06	remove duplicated character ('g') in getopt() string;	Damien Miller
	document the (few) remaining option characters so we don't have to rummage next time.
2013-10-23	Make code match documentation: relative-specified certificate expiry time	Damien Miller
	should be relative to current time and not the validity start time. Reported by Petr Lautrbach; ok deraadt@
2013-09-02	All the instances of arc4random_stir() are bogus, since arc4random()	Theo de Raadt
	does this itself, inside itself, and has for a very long time.. Actually, this was probably reducing the entropy available. ok djm
2013-08-28	improve batch processing a bit by making use of the quite flag a bit	Mike Belopuhov
	more often and exit with a non zero code if asked to find a hostname in a known_hosts file and it wasn't there; originally from reyk@, ok djm
2013-08-13	another of the same typo	Damien Miller

2013-08-13	typo in error message; from Stephan Rickauer	Damien Miller

2013-07-20	More useful error message on missing current user in /etc/passwd	Damien Miller

2013-07-12	do_print_resource_record() can never be called with a NULL filename, so	Damien Miller
	don't attempt (and bungle) asking for one if it has not been specified bz#2127 ok dtucker@
2013-07-12	fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@	Damien Miller

2013-05-17	bye, bye xfree(); ok markus@	Damien Miller