| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-01-14 | whitespace | Damien Miller | |
| 2015-01-14 | move authfd.c and its tentacles to the new buffer/key API; | Damien Miller | |
| ok markus@ | |||
| 2015-01-14 | fix small regression: ssh-agent would return a success message | Damien Miller | |
| but an empty signature if asked to sign using an unknown key; ok markus@ | |||
| 2015-01-14 | avoid BIGNUM in KRL code by using a simple bitmap; | Damien Miller | |
| feedback and ok markus | |||
| 2015-01-14 | update sftp client and server to new buffer API. | Damien Miller | |
| pretty much just mechanical changes; with & ok markus | |||
| 2015-01-14 | switch to sshbuf/sshkey; with & ok djm@ | Markus Friedl | |
| 2015-01-14 | avoid an warning for the !OPENSSL case | Damien Miller | |
| 2015-01-14 | swith auth-options to new sshbuf/sshkey; ok djm@ | Markus Friedl | |
| 2015-01-14 | make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@ | Damien Miller | |
| 2015-01-14 | remove unneeded includes, sync my copyright across files & whitespace; ok djm@ | Markus Friedl | |
| 2015-01-13 | adapt mac.c to ssherr.h return codes (de-fatal) and simplify dependencies | Markus Friedl | |
| ok djm@ | |||
| 2015-01-13 | sync changes from libopenssh; prepared by markus@ | Damien Miller | |
| mostly debug output tweaks, a couple of error return value changes and some other minor stuff | |||
| 2015-01-13 | sync changes from libopenssh; prepared by markus@ | Damien Miller | |
| mostly debug output tweaks, a couple of error return value changes and some other minor stuff | |||
| 2015-01-13 | add sshd_config HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes | Damien Miller | |
| options to allow sshd to control what public key types will be accepted. Currently defaults to all. Feedback & ok markus@ | |||
| 2015-01-12 | unbreak parsing of pubkey comments; with gerhard; ok djm/deraadt | Markus Friedl | |
| 2015-01-12 | missing error assigment on sshbuf_put_string() | Markus Friedl | |
| 2015-01-12 | apparently memcpy(x, NULL, 0) is undefined behaviour according to | Damien Miller | |
| C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls when length==0; ok markus@ | |||
| 2015-01-12 | free->sshkey_free; ok djm@ | Markus Friedl | |
| 2015-01-12 | allow WITH_OPENSSL w/o WITH_SSH1; ok djm@ | Markus Friedl | |
| 2015-01-08 | fix ssh_config FingerprintHash evaluation order; from Petr Lautrbach | Damien Miller | |
| 2015-01-08 | reorder hostbased key attempts to better match the default | Damien Miller | |
| hostkey algorithms order in myproposal.h; ok markus@ | |||
| 2015-01-08 | deprecate key_load_private_pem() and sshkey_load_private_pem() | Damien Miller | |
| interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@ | |||
| 2015-01-07 | workaround for the Meyer, et al, Bleichenbacher Side Channel Attack. | Ted Unangst | |
| fake up a bignum key before RSA decryption. discussed/ok djm markus | |||
| 2014-12-23 | KNF and add a little more debug() | Damien Miller | |
| 2014-12-22 | add fingerprinthash to the options list; | Jason McIntyre | |
| 2014-12-22 | tweak previous; | Jason McIntyre | |
| 2014-12-22 | mention ssh -Q feature to list supported { MAC, cipher, KEX, key } | Damien Miller | |
| algorithms in more places and include the query string used to list the relevant information; bz#2288 | |||
| 2014-12-22 | tweak previous; | Jason McIntyre | |
| 2014-12-22 | correct description of what will happen when a AuthorizedKeysCommand is | Damien Miller | |
| specified but AuthorizedKeysCommandUser is not (sshd will refuse to start) | |||
| 2014-12-22 | make internal handling of filename arguments of "none" more consistent | Damien Miller | |
| with ssh. "none" arguments are now replaced with NULL when the configuration is finalised. Simplifies checking later on (just need to test not-NULL rather than that + strcmp) and cleans up some inconsistencies. ok markus@ | |||
| 2014-12-22 | remember which public keys have been used for authentication and | Damien Miller | |
| refuse to accept previously-used keys. This allows AuthenticationMethods=publickey,publickey to require that users authenticate using two _different_ pubkeys. ok markus@ | |||
| 2014-12-22 | fix passing of wildcard forward bind addresses when connection | Damien Miller | |
| multiplexing is in use; patch from Sami Hartikainen via bz#2324; ok dtucker@ | |||
| 2014-12-21 | tweak previous; | Jason McIntyre | |
| 2014-12-21 | document FingerprintHash here too | Damien Miller | |
| 2014-12-21 | Add FingerprintHash option to control algorithm used for key | Damien Miller | |
| fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@ | |||
| 2014-12-18 | don't count partial authentication success as a failure against | Damien Miller | |
| MaxAuthTries; ok deraadt@ | |||
| 2014-12-12 | revert chunk I didn't mean to commit yet; via jmc@ | Damien Miller | |
| 2014-12-11 | explicitly include sys/param.h in files that use the howmany() macro; | Damien Miller | |
| from portable | |||
| 2014-12-11 | mention AuthorizedKeysCommandUser must be set for | Damien Miller | |
| AuthorizedKeysCommand to be run; bz#2287 | |||
| 2014-12-11 | show in debug output which hostkeys are being tried when attempting | Damien Miller | |
| hostbased auth; patch from Iain Morgan | |||
| 2014-12-11 | Make manual reflect reality: | Damien Miller | |
| sftp-server's -d option accepts a "%d" option, not a "%h" one. bz#2316; reported by Kirk Wolf | |||
| 2014-12-10 | better error value for invalid signature length | Damien Miller | |
| 2014-12-04 | key_in_file() wrapper is no longer used | Damien Miller | |
| 2014-12-04 | add RevokedHostKeys option for the client | Damien Miller | |
| Allow textfile or KRL-based revocation of hostkeys. | |||
| 2014-12-04 | convert KRL code to new buffer API | Damien Miller | |
| ok markus@ | |||
| 2014-11-26 | Prefer setvbuf() to setlinebuf() for portability; ok deraadt@ | Todd C. Miller | |
| 2014-11-24 | Fix crashes in the handling of the sshd config file found with the afl | Jonathan Gray | |
| fuzzer. ok deraadt@ djm@ | |||
| 2014-11-22 | restore word zapped in previous, and remove some useless "No" macros; | Jason McIntyre | |
| 2014-11-22 | /dev/random has created the same effect as /dev/arandom (and /dev/urandom) | Theo de Raadt | |
| for quite some time. Mop up the last few, by using /dev/random where we actually want it, or not even mentioning arandom where it is irrelevant. | |||
| 2014-11-21 | fix NULL pointer dereference crash on invalid timestamp | Damien Miller | |
| found using Michal Zalewski's afl fuzzer | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |