src - OpenBSD base system

Age	Commit message (Collapse)	Author
2015-12-11	use SSH_MAX_PUBKEY_BYTES consistently as buffer size when reading key	Damien Miller
	files. Increase it to match the size of the buffers already being used.
2015-12-11	Remove NULL-checks before sshkey_free().	mmcc
	ok djm@
2015-12-04	implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)	Markus Friedl
	based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
2015-11-28	do not leak temp file if there is no known_hosts file	Theo de Raadt
	from craig leres, ok djm
2015-11-20	allow comment change for all supported formats	Alexander Hall
	ok djm@
2015-11-19	trailing whitespace	Damien Miller

2015-11-19	move the certificate validity formatting code to sshkey.[ch]	Damien Miller

2015-11-18	fix "ssh-keygen -l" of private key, broken in support for	Damien Miller
	multiple plain keys on stdin
2015-11-16	Allow fingerprinting from standard input "ssh-keygen -lf -"	Damien Miller
	Support fingerprinting multiple plain keys in a file and authorized_keys files too (bz#1319) ok markus@
2015-11-13	support multiple certificates (one per line) and reading from	Damien Miller
	standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@
2015-08-19	fixed unlink([uninitialised memory]) reported by Mateusz Kocielski;	Damien Miller
	ok markus@
2015-07-03	refuse to generate or accept RSA keys smaller than 1024 bits;	Damien Miller
	feedback and ok dtucker@
2015-07-03	delete support for legacy v00 certificates; "sure" markus@ dtucker@	Damien Miller

2015-05-28	wrap all moduli-related code in #ifdef WITH_OPENSSL.	Damien Miller
	based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@
2015-05-28	make ssh-keygen default to ed25519 keys when compiled without	Damien Miller
	OpenSSL; bz#2388, ok dtucker@
2015-05-21	Support "ssh-keygen -lF hostname" to find search known_hosts and	Damien Miller
	print key hashes. Already advertised by ssh-keygen(1), but not delivered by code; ok dtucker@
2015-04-27	fix compilation with OPENSSL=no; ok dtucker@	Damien Miller

2015-04-24	rename xrealloc() to xreallocarray() since it follows that form.	Theo de Raadt
	ok djm
2015-04-17	use error/logit/fatal instead of fprintf(stderr, ...) and exit(0),	Damien Miller
	fix a few errors that were being printed to stdout instead of stderr and a few non-errors that were going to stderr instead of stdout bz#2325; ok dtucker
2015-03-31	Comments are only supported for RSA1 keys. If a user tried to add one and	Tobias Stoeckmann
	entered his passphrase, explicitly clear it before exit. This is done in all other error paths, too. ok djm
2015-03-23	for ssh-keygen -A, don't try (and fail) to generate	Damien Miller
	ssh v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled without OpenSSL based on patch by Mike Frysinger; bz#2369
2015-02-26	don't printf NULL key comments; reported by Tom Christensen	Damien Miller

2015-02-24	add -v (show ASCII art) to -l's synopsis; ok djm@	Christian Weisgerber

2015-02-23	further silence spurious error message even when -v is specified	Damien Miller
	(e.g. to get visual host keys); reported by naddy@
2015-02-23	silence a spurious error message when listing fingerprints for	Damien Miller
	known_hosts; bz#2342
2015-02-16	Refactor hostkeys_foreach() and dependent code	Damien Miller
	Deal with IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing changed ok markus@ as part of larger commit
2015-01-30	permit KRLs that revoke certificates by serial number or key ID	Damien Miller
	without scoping to a particular CA; ok markus@
2015-01-30	missing parentheses after if in do_convert_from() broke	Damien Miller
	private key conversion from other formats some time in 2010; bz#2345 reported by jjelen AT redhat.com
2015-01-28	update to new API (key_fingerprint => sshkey_fingerprint)	Damien Miller
	check sshkey_fingerprint return values; ok markus
2015-01-19	djm, your /usr/include tree is old	Theo de Raadt

2015-01-18	some feedback from markus@: comment hostkeys_foreach()	Damien Miller
	context and avoid a member in it.
2015-01-18	make ssh-keygen use hostkeys_foreach(). Removes some	Damien Miller
	horrendous code; ok markus@
2015-01-18	infer key length correctly when user specified a fully-	Damien Miller
	qualified key name instead of using the -b bits option; ok markus@
2015-01-16	regression: incorrect error message on otherwise-successful	Damien Miller
	ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
2015-01-16	Replace <sys/param.h> with <limits.h> and other less dirty headers where	Theo de Raadt
	possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2015-01-15	sync ssh-keysign, ssh-keygen and some dependencies to the new	Damien Miller
	buffer/key API; mostly mechanical, ok markus@
2014-12-21	Add FingerprintHash option to control algorithm used for key	Damien Miller
	fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
2014-08-21	Free resources on error in mkstemp and fdopen	doug
	ok djm@
2014-07-03	When hashing or removing hosts using ssh-keygen, don't choke on	Damien Miller
	@revoked markers and don't remove @cert-authority markers; bz#2241, reported by mlindgren AT runelind.net
2014-07-03	standardise on NI_MAXHOST for gethostname() string lengths; about	Damien Miller
	1/2 the cases were using it already. Fixes bz#2239 en passant
2014-06-24	New key API: refactor key-related functions to be more library-like,	Damien Miller
	existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
2014-04-29	make compiling against OpenSSL optional (make OPENSSL=no);	Markus Friedl
	reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
2014-04-28	buffer_get_string_ptr's return should be const to remind	Damien Miller
	callers that futzing with it will futz with the actual buffer contents
2014-04-20	Add support for SSHFP DNS records for ED25519 key types.	logan
	OK from djm@
2014-03-15	Improve usage() and documentation towards the standard form. In particular,	Theo de Raadt
	this line saves a lot of man page reading time. usage: ssh-keygen [-q] [-b bits] [-t dsa \| ecdsa \| ed25519 \| rsa \| rsa1] [-N new_passphrase] [-C comment] [-f output_keyfile] ok schwarze jmc
2014-03-12	don't count on things that accept arguments by reference to clear	Damien Miller
	things for us on error; most things do, but it's unsafe form.
2014-02-05	tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@	Christian Weisgerber
	while here, fix ordering in usage(); requested by jmc@
2014-02-02	convert memset of potentially-private data to explicit_bzero()	Damien Miller

2014-01-31	replace most bzero with explicit_bzero, except a few that cna be memset	Ted Unangst
	ok djm dtucker
2013-12-06	support ed25519 keys (hostkeys and user identities) using the public domain	Markus Friedl
	ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@