| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-04-08 | let sshkey_try_load_public() load public keys from the unencrypted | Damien Miller | |
| envelope of private key files if not sidecar public key file is present. ok markus@ | |||
| 2020-04-08 | simplify sshkey_try_load_public() | Damien Miller | |
| ok markus@ | |||
| 2020-04-08 | add sshkey_parse_pubkey_from_private_fileblob_type() | Damien Miller | |
| Extracts a public key from the unencrypted envelope of a new-style OpenSSH private key. ok markus@ | |||
| 2020-04-08 | simplify sshkey_parse_private_fileblob_type() | Damien Miller | |
| Try new format parser for all key types first, fall back to PEM parser only for invalid format errors. ok markus@ | |||
| 2020-04-08 | check private key type against requested key type in new-style private | Damien Miller | |
| decoding; ok markus@ | |||
| 2020-04-08 | check that pubkey in private key envelope matches actual private key | Damien Miller | |
| (this public key is currently unusued) ok markus@ | |||
| 2020-04-08 | refactor private key parsing a little | Damien Miller | |
| Split out the base64 decoding and private section decryption steps in to separate functions. This will make the decryption step easier to fuzz as well as making it easier to write a "load public key from new-format private key" function. ok markus@ | |||
| 2020-04-03 | r1.522 deleted one too many lines; repair | Damien Miller | |
| 2020-04-03 | sort -N and add it to usage(); | Jason McIntyre | |
| 2020-04-03 | avoid another compiler warning spotted in -portable | Damien Miller | |
| 2020-04-03 | fix format string (use %llu for uint64, not %lld). spotted by Darren and | Damien Miller | |
| his tinderbox tests | |||
| 2020-04-03 | Add a flag to re-enable verbose output when in batch mode; | Damien Miller | |
| requested in bz3135; ok dtucker | |||
| 2020-04-03 | chacha20-poly1305 AEAD using libcrypto EVP_chacha20 | Damien Miller | |
| Based on patch from Yuriy M. Kaminskiy. ok + lots of assistance along the way at a2k20 tb@ | |||
| 2020-04-03 | make Chacha20-POLY1305 context struct opaque; ok tb@ as part of a larger | Damien Miller | |
| diff at a2k20 | |||
| 2020-04-03 | fix debug statement | Damien Miller | |
| 2020-04-03 | the tunnel-forwarding vs ExitOnForwardFailure fix that I committed | Damien Miller | |
| earlier had an off-by-one. Fix this and add some debugging that would have made it apparent sooner. | |||
| 2020-04-03 | %C expansion just added to Match Exec should include remote user not local | Darren Tucker | |
| user. | |||
| 2020-04-03 | make failures when establishing "Tunnel" forwarding terminate the | Damien Miller | |
| connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker | |||
| 2020-04-03 | Make with config keywords support which percent_expansions more consistent. | Darren Tucker | |
| - %C is moved into its own function and added to Match Exec. - move the common (global) options into a macro. This is ugly but it's the least-ugly way I could come up with. - move IdentityAgent and ForwardAgent percent expansion to before the config dump to make it regression-testable. - document all of the above ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest. | |||
| 2020-04-03 | give ssh-keygen the ability to dump the contents of a binary key | Damien Miller | |
| revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker | |||
| 2020-04-03 | add allocating variant of the safe utf8 printer; ok dtucker as part of | Damien Miller | |
| a larger diff | |||
| 2020-03-16 | Cast lifetime to u_long for comparison to prevent unsigned comparison | Darren Tucker | |
| warning on 32bit arches. Spotted by deraadt, ok djm. | |||
| 2020-03-13 | improve error messages for some common PKCS#11 C_Login failure cases; | Damien Miller | |
| based on patch from Jacob Hoffman-Andrews in bz3130; ok dtucker | |||
| 2020-03-13 | use sshpkt_fatal() for kex_exchange_identification() errors. | Damien Miller | |
| This ensures that the logged errors are consistent with other transport- layer errors and that the relevant IP addresses are logged. bz3129 ok dtucker@ | |||
| 2020-03-13 | Don't clear alarm timers in listening sshd. Previously these timers were | Darren Tucker | |
| used for regenerating the SSH1 ephemeral host keys but those are now gone so there's no need to clear the timers either. ok deraadt@ | |||
| 2020-03-13 | spelling errors in comments; no code change | Damien Miller | |
| from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html | |||
| 2020-03-13 | when downloading FIDO2 resident keys from a token, don't prompt for a PIN | Damien Miller | |
| until the token has told us that it needs one. Avoids double-prompting on devices that implement on-device authentication (e.g. a touchscreen PIN pad on the Trezor Model T). ok dtucker@ | |||
| 2020-03-06 | fix relative includes in sshd_config; ok djm | Markus Friedl | |
| 2020-03-06 | fix use-after-free in do_download_sk; ok djm | Markus Friedl | |
| 2020-03-06 | do not leak oprincipals; ok djm | Markus Friedl | |
| 2020-03-06 | initialize seconds for debug message; ok djm | Markus Friedl | |
| 2020-03-06 | correct return code; ok djm | Markus Friedl | |
| 2020-03-06 | principalsp is optional, pubkey required; ok djm | Markus Friedl | |
| 2020-03-06 | remove unused variables in ssh-pkcs11-helper; ok djm | Markus Friedl | |
| 2020-03-06 | return correct error in sshsk_ed25519_sig; ok djm | Markus Friedl | |
| 2020-03-06 | fix possible null-deref in check_key_not_revoked; ok djm | Markus Friedl | |
| 2020-03-06 | ssh_fetch_identitylist() returns the return value from | Markus Friedl | |
| ssh_request_reply() so we should also check against != 0 ok djm | |||
| 2020-03-06 | sshkey_cert_check_authority requires reason to be set; ok djm | Markus Friedl | |
| 2020-03-06 | passphrase depends on kdfname, not ciphername (possible null-deref); | Markus Friedl | |
| ok djm | |||
| 2020-03-06 | consistently check packet_timeout_ms against 0; ok djm | Markus Friedl | |
| 2020-03-06 | initialize cname in case ai_canonname is NULL or too long; ok djm | Markus Friedl | |
| 2020-03-06 | fix uninitialized pointers for forward_cancel; ok djm | Markus Friedl | |
| 2020-03-06 | exit on parse failures in input_service_request; ok djm | Markus Friedl | |
| 2020-03-06 | fix null-deref on calloc failure; ok djm | Markus Friedl | |
| 2020-03-06 | exit if ssh_krl_revoke_key_sha256 fails; ok djm | Markus Friedl | |
| 2020-03-06 | pkcs11_register_provider: return < 0 on error; ok djm | Markus Friedl | |
| 2020-03-06 | sshsig: return correct error, fix null-deref; ok djm | Markus Friedl | |
| 2020-03-06 | vasnmprintf allocates str and returns -1; ok djm | Markus Friedl | |
| 2020-03-06 | sshpkt_fatal() does not return; ok djm | Markus Friedl | |
| 2020-02-28 | no-touch-required certificate option should be an extension, not | Damien Miller | |
| a critical option. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |