| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-01-18 | avoid trailing ',' in host key algorithms | Damien Miller | |
| 2015-01-18 | infer key length correctly when user specified a fully- | Damien Miller | |
| qualified key name instead of using the -b bits option; ok markus@ | |||
| 2015-01-17 | fix hostkeys on ssh agent; found by unit test I'm about to commit | Damien Miller | |
| 2015-01-16 | garbage collect empty .No macros mandoc warns about | Ingo Schwarze | |
| 2015-01-16 | regression: incorrect error message on otherwise-successful | Damien Miller | |
| ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@ | |||
| 2015-01-16 | when hostname canonicalisation is enabled, try to parse hostnames | Damien Miller | |
| as addresses before looking them up for canonicalisation. fixes bz#2074 and avoids needless DNS lookups in some cases; ok markus | |||
| 2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt | |
| possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol) | |||
| 2015-01-15 | remove xmalloc, switch to sshbuf | Markus Friedl | |
| 2015-01-15 | switch to sshbuf | Markus Friedl | |
| 2015-01-15 | handle UMAC128 initialization like UMAC; ok djm@ markus@ | Christian Weisgerber | |
| 2015-01-15 | fix regression reported by brad@ for passworded keys without | Damien Miller | |
| agent present | |||
| 2015-01-15 | sync ssh-keysign, ssh-keygen and some dependencies to the new | Damien Miller | |
| buffer/key API; mostly mechanical, ok markus@ | |||
| 2015-01-15 | remove commented-out test code now that it has moved to a | Damien Miller | |
| proper unit test | |||
| 2015-01-14 | whitespace | Damien Miller | |
| 2015-01-14 | move authfd.c and its tentacles to the new buffer/key API; | Damien Miller | |
| ok markus@ | |||
| 2015-01-14 | fix small regression: ssh-agent would return a success message | Damien Miller | |
| but an empty signature if asked to sign using an unknown key; ok markus@ | |||
| 2015-01-14 | avoid BIGNUM in KRL code by using a simple bitmap; | Damien Miller | |
| feedback and ok markus | |||
| 2015-01-14 | update sftp client and server to new buffer API. | Damien Miller | |
| pretty much just mechanical changes; with & ok markus | |||
| 2015-01-14 | switch to sshbuf/sshkey; with & ok djm@ | Markus Friedl | |
| 2015-01-14 | avoid an warning for the !OPENSSL case | Damien Miller | |
| 2015-01-14 | swith auth-options to new sshbuf/sshkey; ok djm@ | Markus Friedl | |
| 2015-01-14 | make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@ | Damien Miller | |
| 2015-01-14 | remove unneeded includes, sync my copyright across files & whitespace; ok djm@ | Markus Friedl | |
| 2015-01-13 | adapt mac.c to ssherr.h return codes (de-fatal) and simplify dependencies | Markus Friedl | |
| ok djm@ | |||
| 2015-01-13 | sync changes from libopenssh; prepared by markus@ | Damien Miller | |
| mostly debug output tweaks, a couple of error return value changes and some other minor stuff | |||
| 2015-01-13 | sync changes from libopenssh; prepared by markus@ | Damien Miller | |
| mostly debug output tweaks, a couple of error return value changes and some other minor stuff | |||
| 2015-01-13 | add sshd_config HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes | Damien Miller | |
| options to allow sshd to control what public key types will be accepted. Currently defaults to all. Feedback & ok markus@ | |||
| 2015-01-12 | unbreak parsing of pubkey comments; with gerhard; ok djm/deraadt | Markus Friedl | |
| 2015-01-12 | missing error assigment on sshbuf_put_string() | Markus Friedl | |
| 2015-01-12 | apparently memcpy(x, NULL, 0) is undefined behaviour according to | Damien Miller | |
| C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls when length==0; ok markus@ | |||
| 2015-01-12 | free->sshkey_free; ok djm@ | Markus Friedl | |
| 2015-01-12 | allow WITH_OPENSSL w/o WITH_SSH1; ok djm@ | Markus Friedl | |
| 2015-01-08 | fix ssh_config FingerprintHash evaluation order; from Petr Lautrbach | Damien Miller | |
| 2015-01-08 | reorder hostbased key attempts to better match the default | Damien Miller | |
| hostkey algorithms order in myproposal.h; ok markus@ | |||
| 2015-01-08 | deprecate key_load_private_pem() and sshkey_load_private_pem() | Damien Miller | |
| interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@ | |||
| 2015-01-07 | workaround for the Meyer, et al, Bleichenbacher Side Channel Attack. | Ted Unangst | |
| fake up a bignum key before RSA decryption. discussed/ok djm markus | |||
| 2014-12-23 | KNF and add a little more debug() | Damien Miller | |
| 2014-12-22 | add fingerprinthash to the options list; | Jason McIntyre | |
| 2014-12-22 | tweak previous; | Jason McIntyre | |
| 2014-12-22 | mention ssh -Q feature to list supported { MAC, cipher, KEX, key } | Damien Miller | |
| algorithms in more places and include the query string used to list the relevant information; bz#2288 | |||
| 2014-12-22 | tweak previous; | Jason McIntyre | |
| 2014-12-22 | correct description of what will happen when a AuthorizedKeysCommand is | Damien Miller | |
| specified but AuthorizedKeysCommandUser is not (sshd will refuse to start) | |||
| 2014-12-22 | make internal handling of filename arguments of "none" more consistent | Damien Miller | |
| with ssh. "none" arguments are now replaced with NULL when the configuration is finalised. Simplifies checking later on (just need to test not-NULL rather than that + strcmp) and cleans up some inconsistencies. ok markus@ | |||
| 2014-12-22 | remember which public keys have been used for authentication and | Damien Miller | |
| refuse to accept previously-used keys. This allows AuthenticationMethods=publickey,publickey to require that users authenticate using two _different_ pubkeys. ok markus@ | |||
| 2014-12-22 | fix passing of wildcard forward bind addresses when connection | Damien Miller | |
| multiplexing is in use; patch from Sami Hartikainen via bz#2324; ok dtucker@ | |||
| 2014-12-21 | tweak previous; | Jason McIntyre | |
| 2014-12-21 | document FingerprintHash here too | Damien Miller | |
| 2014-12-21 | Add FingerprintHash option to control algorithm used for key | Damien Miller | |
| fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@ | |||
| 2014-12-18 | don't count partial authentication success as a failure against | Damien Miller | |
| MaxAuthTries; ok deraadt@ | |||
| 2014-12-12 | revert chunk I didn't mean to commit yet; via jmc@ | Damien Miller | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |