| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-01-23 | rework grep_open to be more careful about directories. | Ted Unangst | |
| cleaner, but should be no functional change. from Lauri Tirkkonen | |||
| 2019-01-23 | Remove support for obsolete host/port syntax. | Darren Tucker | |
| host/port was added in 2001 as an alternative to host:port syntax for the benefit of IPv6 users. These days there are establised standards for this like [::1]:22 and the slash syntax is easily mistaken for CIDR notation, which OpenSSH now supports for some things. Remove the slash notation from ListenAddress and PermitOpen. bz#2335, patch from jjelen at redhat.com, ok markus@ | |||
| 2019-01-23 | Remove duplicate word. bz#2958, patch from jjelen at redhat.com | Darren Tucker | |
| 2019-01-23 | Remove 3 as a guess for possible generator during moduli generation. | Darren Tucker | |
| It's not mentioned in RFC4419 and it's not possible for Sophie-Germain primes greater than 5. bz#2330, from Christian Wittenhorst , ok djm@ tb@ | |||
| 2019-01-23 | Sanitize scp filenames via snmprintf. To do this we move the | Darren Tucker | |
| progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@ | |||
| 2019-01-23 | allow auto-incrementing certificate serial number for certs signed | Damien Miller | |
| in a single commandline. | |||
| 2019-01-23 | move a bunch of global flag variables to main(); make the rest static | Damien Miller | |
| 2019-01-23 | switch mainloop from select(2) to poll(2); ok deraadt@ | Damien Miller | |
| 2019-01-23 | pass most arguments to the KEX hash functions as sshbuf rather | Damien Miller | |
| than pointer+length; ok markus@ | |||
| 2019-01-22 | backoff reading messages from active connections when the input buffer | Damien Miller | |
| is too full to read one, or if the output buffer is too full to enqueue a response; feedback & ok dtucker@ | |||
| 2019-01-22 | add -m to usage(); reminded by jmc@ | Damien Miller | |
| 2019-01-22 | Correct some bugs in PKCS#11 token PIN handling at initial login, | Damien Miller | |
| the attempt at reading the PIN could be skipped in some cases especially on devices with integrated PIN readers. based on patch from Daniel Kucera in bz#2652; ok markus@ | |||
| 2019-01-22 | Support keys that set the CKA_ALWAYS_AUTHENTICATE by requring a | Damien Miller | |
| fresh login after the C_SignInit operation. based on patch from Jakub Jelen in bz#2638; ok markus | |||
| 2019-01-22 | Mention that configuration for the destination host is not applied | Damien Miller | |
| to any ProxyJump/-J hosts. This has confused a few people... | |||
| 2019-01-22 | Include -m in the synopsis for a few more commands that support it | Damien Miller | |
| Be more explicit in the description of -m about where it may be used Prompted by Jakub Jelen in bz2904 | |||
| 2019-01-22 | print the full pubkey being attempted at loglevel >= debug2; bz2939 | Damien Miller | |
| 2019-01-22 | clarify: ssh-keygen -e only writes public keys, never private | Damien Miller | |
| 2019-01-22 | mention the new vs. old key formats in the introduction and give some | Damien Miller | |
| hints on how keys may be converted or written in the old format. | |||
| 2019-01-22 | tweak previous; | Jason McIntyre | |
| 2019-01-21 | Forgot to add -J to the synopsis. | Theo Buehler | |
| 2019-01-21 | Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) | Theo Buehler | |
| to match ssh(1)'s interface. ok djm | |||
| 2019-01-21 | switch sntrup implementation source from supercop to libpqcrypto; | Damien Miller | |
| the latter is almost identical but doesn't rely on signed underflow to implement an optimised integer sort; from markus@ | |||
| 2019-01-21 | add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up debug | Damien Miller | |
| verbosity. Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run in debug mode ("ssh-agent -d"), so we get to see errors from the PKCS#11 code. ok markus@ | |||
| 2019-01-21 | fix reversed arguments to kex_load_hostkey(); manifested as errors in | Damien Miller | |
| cert-hostkey.sh regress failures. | |||
| 2019-01-21 | forgot to cvs add this file in previous series of commits; grrr | Damien Miller | |
| 2019-01-21 | nothing shall escape this purge | Damien Miller | |
| 2019-01-21 | rename kex->kem_client_pub -> kex->client_pub now that KEM has been renamed | Damien Miller | |
| to kexgen from markus@ ok djm@ | |||
| 2019-01-21 | merge kexkem[cs] into kexgen | Damien Miller | |
| from markus@ ok djm@ | |||
| 2019-01-21 | pass values used in KEX hash computation as sshbuf rather than | Damien Miller | |
| pointer+len suggested by me; implemented by markus@ ok me | |||
| 2019-01-21 | remove kex_derive_keys_bn wrapper; no unused since the DH-like KEX | Damien Miller | |
| methods have moved to KEM from markus@ ok djm@ | |||
| 2019-01-21 | use KEM API for vanilla ECDH | Damien Miller | |
| from markus@ ok djm@ | |||
| 2019-01-21 | use KEM API for vanilla DH KEX | Damien Miller | |
| from markus@ ok djm@ | |||
| 2019-01-21 | use KEM API for vanilla c25519 KEX | Damien Miller | |
| 2019-01-21 | Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org | Damien Miller | |
| using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ | |||
| 2019-01-21 | factor out kex_verify_hostkey() - again, duplicated almost exactly | Damien Miller | |
| across client and server for several KEX methods. from markus@ ok djm@ | |||
| 2019-01-21 | factor out kex_load_hostkey() - this is duplicated in both the client and | Damien Miller | |
| server implementations for most KEX methods. from markus@ ok djm@ | |||
| 2019-01-21 | factor out kex_dh_compute_key() - it's shared between plain DH KEX and | Damien Miller | |
| DH GEX in both the client and server implementations from markus@ ok djm@ | |||
| 2019-01-21 | factor out DH keygen; it's identical between the client and the server | Damien Miller | |
| from markus@ ok djm@ | |||
| 2019-01-21 | save the derived session id in kex_derive_keys() rather than making each | Damien Miller | |
| kex method implementation do it. from markus@ ok djm@ | |||
| 2019-01-21 | Make sshpkt_get_bignum2() allocate the bignum it is parsing rather | Damien Miller | |
| than make the caller do it. Saves a lot of boilerplate code. from markus@ ok djm@ | |||
| 2019-01-21 | remove obsolete (SSH v.1) sshbuf_get/put_bignum1 functions | Damien Miller | |
| from markus@ ok djm@ | |||
| 2019-01-21 | fix all-zero check in kexc25519_shared_key | Damien Miller | |
| from markus@ ok djm@ | |||
| 2019-01-21 | explicitly handle printing the AF_KEY socket type as "pfkey" | David Gwynne | |
| i was looking for it and had to think very hard and read /usr/include/sys/socket.h before i found it here. ok deraadt@ ok claudio@ who wanted it to look like AF_ROUTE output | |||
| 2019-01-21 | - -T was added to the first synopsis by mistake | Jason McIntyre | |
| - since "..." denotes optional, no need to surround it in [] ok djm | |||
| 2019-01-21 | always print the caller's error message in ossl_error(), even when there | Damien Miller | |
| are no libcrypto errors to report. | |||
| 2019-01-21 | get the ex_data (pkcs11_key object) back from the keys at the | Damien Miller | |
| index at which it was inserted, rather than assuming index 0 | |||
| 2019-01-21 | GSSAPI code got missed when converting to new packet API | Damien Miller | |
| 2019-01-21 | use ECDSA_SIG_set0() instead of poking signature values into | Damien Miller | |
| structure directly; the latter works on LibreSSL but not on OpenSSL. From portable. | |||
| 2019-01-20 | we use singleton pkcs#11 RSA_METHOD and EC_KEY_METHOD now, so there | Damien Miller | |
| is no need to keep a copy of each in the pkcs11_key object. work by markus@, ok djm@ | |||
| 2019-01-20 | KNF previous; from markus@ | Damien Miller | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |