| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-12-07 | better error message for FIDO keys when we can't match them to a token | Damien Miller | |
| 2021-12-05 | fix unintended sizeof pointer in debug path | Jonathan Gray | |
| ok markus@ | |||
| 2021-12-04 | RSA/SHA-1 is not used by default anymore on the server | Christian Weisgerber | |
| 2021-12-02 | hash full host:port when asked to hash output, fixes hashes for non- | Damien Miller | |
| default ports. bz3367 ok dtucker@ | |||
| 2021-12-02 | improve the testing of credentials against inserted FIDO keys a little | Damien Miller | |
| more: ask the token whether a particular key belongs to it in cases where the token support on-token user- verification (e.g. biometrics) rather than just assuming that it will accept it. Will reduce spurious "Confirm user presence" notifications for key handles that relate to FIDO keys that are not currently inserted in at least some cases. Motivated by bz3366; by Pedro Martelletto | |||
| 2021-12-02 | move check_sk_options() up so we can use it earlier | Damien Miller | |
| 2021-12-02 | ssh-rsa is no longer in the default for PubkeyAcceptedAlgorithms. | Darren Tucker | |
| 2021-12-02 | don't put the tty into raw mode when SessionType=none, avoids ^c being | Damien Miller | |
| unable to kill such a session. bz3360; ok dtucker@ | |||
| 2021-11-28 | sshsig: return "key not found" when searching empty files rather than | Damien Miller | |
| "internal error" | |||
| 2021-11-28 | ssh-keygen -Y match-principals doesn't accept any -O options | Damien Miller | |
| at present, so don't say otherwise in SYNOPSIS; spotted jmc@ | |||
| 2021-11-28 | fix indenting in last commit | Damien Miller | |
| 2021-11-28 | missing initialisation for oerrno | Damien Miller | |
| 2021-11-27 | Add ssh-keygen -Y match-principals operation to perform matching of | Damien Miller | |
| principals names against an allowed signers file. Requested by and mostly written by Fabian Stelzer, towards a TOFU model for SSH signatures in git. Some tweaks by me. "doesn't bother me" deraadt@ | |||
| 2021-11-25 | debug("func: ...") -> debug_f("...") | Damien Miller | |
| 2021-11-18 | less confusing debug message; bz#3365 | Damien Miller | |
| 2021-11-18 | avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we already did this | Damien Miller | |
| for RSA keys). Avoids fatal errors for PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364 | |||
| 2021-11-18 | ssh-keygen -Y find-principals was verifying key validity when using | Damien Miller | |
| ca certs but not with simple key lifetimes within the allowed signers file. Since it returns the first keys principal it finds this could result in a principal with an expired key even though a valid one is just below. patch from Fabian Stelzer; feedback/ok djm markus | |||
| 2021-11-18 | check for POLLHUP wherever we check for POLLIN | Damien Miller | |
| 2021-11-18 | fd leak in sshd listen loop error path; from Gleb Smirnoff | Damien Miller | |
| 2021-11-18 | check for POLLHUP as well as POLLIN in sshd listen loop; | Damien Miller | |
| ok deraadt millert | |||
| 2021-11-18 | check for POLLHUP as well as POLLIN, handle transient IO errors as well | Damien Miller | |
| as half-close on the output side; ok deraadt millert | |||
| 2021-11-17 | set num_listen_socks to 0 on close-all instead of -1, which | Damien Miller | |
| interferes with the new poll()-based listen loop; spotted and debugged by anton@+deraadt@ | |||
| 2021-11-14 | use ppoll() instead of pselect() | Theo de Raadt | |
| with djm | |||
| 2021-11-14 | match .events with .fd better | Theo de Raadt | |
| 2021-11-14 | convert select() to poll() | Theo de Raadt | |
| ok djm | |||
| 2021-11-13 | replace select() with ppoll(), including converting timeval's to timespec's | Theo de Raadt | |
| to make things easier. back and forth and ok; djm | |||
| 2021-11-13 | It really looks like pledge "stdio dns" is possible earlier. | Theo de Raadt | |
| Discussed with mestre | |||
| 2021-11-12 | aggressively pre-fill the pollfd array with fd=-1 | Theo de Raadt | |
| 2021-11-11 | Convert from select() to ppoll(). Along the way, I observed that the | Theo de Raadt | |
| select() code was using exceptfds incorrectly.. ok millert | |||
| 2021-11-10 | add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + | Damien Miller | |
| Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). ok markus@ | |||
| 2021-11-10 | fix ssh-keysign for KEX algorithms that use SHA384/512 exchange hashes; | Damien Miller | |
| feedback/ok markus@ | |||
| 2021-11-08 | improve error message when trying to expand a ~user path for a | Damien Miller | |
| user that doesn't exist; better matches what the shell does ok deraadt@ | |||
| 2021-11-06 | Plug a couple of minor mem leaks. From beldmit at gmail.com via github | Darren Tucker | |
| PR#283, ok markus@ | |||
| 2021-11-05 | move cert_filter_principals() to earlier in the file for reuse; | Damien Miller | |
| no code change | |||
| 2021-11-03 | Many downstreams expect ssh to compile as non-C99... | Theo de Raadt | |
| 2021-11-02 | Better handle FIDO keys on tokens that provide user verification (UV) | Damien Miller | |
| on the device itself, including biometric keys. Query the token during key creation to determine whether it supports on-token UV and, if so, clear the SSH_SK_USER_VERIFICATION_REQD flag in the key so that ssh(1) doesn't automatically prompty for PIN later. When making signatures with the key, query the token's capabilities again and check whether the token is able (right now) to perform user- verification without a PIN. If it is then the PIN prompt is bypassed and user verification delegated to the token. If not (e.g. the token is biometric capable, but no biometric are enrolled), then fall back to user verification via the usual PIN prompt. Work by Pedro Martelletto; ok myself and markus@ NB. cranks SSH_SK_VERSION_MAJOR | |||
| 2021-10-29 | ssh-keygen: make verify-time argument parsing optional | Damien Miller | |
| From Fabian Stelzer | |||
| 2021-10-28 | When downloading resident keys from a FIDO token, pass back the | Damien Miller | |
| user ID that was used when the key was created and append it to the filename the key is written to (if it is not the default). Avoids keys being clobbered if the user created multiple resident keys with the same application string but different user IDs. feedback Pedro Martelletto; ok markus NB. increments SSH_SK_VERSION_MAJOR | |||
| 2021-10-24 | For open/openat, if the flags parameter does not contain O_CREAT, the | Theo de Raadt | |
| 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert | |||
| 2021-10-22 | Prevent mem leaks in the (unlikely) event that getaddrinfo returns | Darren Tucker | |
| no addresses. ALso, remove an unneeded NULL check in addr_ntop. From khaleesicodes via github PR#281, ok deraadt@ | |||
| 2021-10-22 | Remove unnecessary semicolons in case statements. From khaleesicodes | Darren Tucker | |
| via github PR#280. | |||
| 2021-10-22 | Fix typos in comments. From khaleesicodes via github PR#280. | Darren Tucker | |
| 2021-10-15 | openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP | Theo de Raadt | |
| protocol for copying. Let's get back to testing the SFTP protocol. | |||
| 2021-10-09 | Document that CASignatureAlgorithms, ExposeAuthInfo and PubkeyAuthOptions | Darren Tucker | |
| can be used in a Match block. Patch from eehakkin via github PR#277. | |||
| 2021-10-02 | Dynamically allocate encoded HashKnownHosts and free as appropriate. | Darren Tucker | |
| Saves 1k of static storage and prevents snprintf "possible truncation" warnings from newer compilers (although in this case it's false positive since the actual sizes are limited by the output size of the SHA1). ok djm@ | |||
| 2021-10-01 | unbreak FIDO sk-ed25519 key enrollment for OPENSSL=no builds; | Damien Miller | |
| ok dtucker@ | |||
| 2021-09-29 | add some debug output showing how many key file/command lines | Damien Miller | |
| were processed. Useful to see whether a file or command actually has keys present | |||
| 2021-09-28 | Make prototype for rijndaelEncrypt match function including the bounds. | Darren Tucker | |
| Fixes error in portable where GCC>=11 takes notice of the bounds. ok deraadt@ | |||
| 2021-09-28 | Import regenerated moduli. | Darren Tucker | |
| 2021-09-26 | openssh-8.8 | Damien Miller | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |