| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-11-18 | add the missing WITH_OPENSSL ifdefs after the ED25519-SK addition; ok djm@ | Christian Weisgerber | |
| 2019-11-18 | Remove typedef and check sk_push return value in openssl(1) cms | Kinichiro Inoguchi | |
| - Remove typedef and use 'struct cms_key_param' instead - Check return value of sk_X509_push and sk_OPENSSL_STRING_push - Add a blank line to separate variable declarations from code comments from jsing@ | |||
| 2019-11-18 | Add -keyopt opiton to openssl(1) cms subcommand | Kinichiro Inoguchi | |
| This provides rsa_padding_mode:oaep for cms -encrypt, and rsa_padding_mode:pss for cms -sign. ok jsing@ | |||
| 2019-11-18 | Add -f for full size to join-pane (like split-window), from Theo Buehler. | Nicholas Marriott | |
| 2019-11-18 | Keep modifiers on backspace when translating it. | Nicholas Marriott | |
| 2019-11-18 | fix a bug that prevented serialisation of ed25519-sk keys | Damien Miller | |
| 2019-11-18 | Fix incorrect error message when key certification fails | Damien Miller | |
| 2019-11-18 | fix bug that prevented certification of ed25519-sk keys | Damien Miller | |
| 2019-11-18 | allow *-sk key types to be turned into certificates | Damien Miller | |
| 2019-11-18 | mention ed25519-sk key/cert types here too; prompted by jmc@ | Damien Miller | |
| 2019-11-18 | mention ed25519-sk in places where it is accepted; prompted by jmc@ | Damien Miller | |
| 2019-11-18 | various knf and whitespace; ok jca | Theo de Raadt | |
| 2019-11-18 | document ed25519-sk pubkey, private key and certificate formats | Damien Miller | |
| 2019-11-18 | correct order or ecdsa-sk private key fields | Damien Miller | |
| 2019-11-18 | correct description of fields in pub/private keys (was missing curve | Damien Miller | |
| name); spotted by Sebastian Kinne | |||
| 2019-11-18 | missing break in getopt switch; spotted by Sebastian Kinne | Damien Miller | |
| 2019-11-17 | fail to usage if extra argv are present | Theo de Raadt | |
| noticed by jsing and beck, ok tedu | |||
| 2019-11-16 | tweak debug message | Damien Miller | |
| 2019-11-16 | a little debug() in the security key interface | Damien Miller | |
| 2019-11-16 | always use ssh-sk-helper, even for the internal USB HID support. | Damien Miller | |
| This avoid the need for a wpath pledge in ssh-agent. reported by jmc@ | |||
| 2019-11-15 | fix typos in sk_enroll | Markus Friedl | |
| 2019-11-15 | Do not add path if it is NULL, duh. | Nicholas Marriott | |
| 2019-11-15 | Handle OSC 7 (a VTE extension) and put the result in a new format (pane_path). | Nicholas Marriott | |
| 2019-11-15 | double word; | Jason McIntyre | |
| 2019-11-15 | remove most uses of BN_CTX | Damien Miller | |
| We weren't following the rules re BN_CTX_start/BN_CTX_end and the places we were using it didn't benefit from its use anyway. ok dtucker@ | |||
| 2019-11-15 | unshield security key privkey before attempting signature in | Damien Miller | |
| agent. spotted by dtucker@ | |||
| 2019-11-15 | rewrite c99-ism | Theo de Raadt | |
| 2019-11-15 | only clang understands those new -W options | Theo de Raadt | |
| 2019-11-15 | don't consult dlopen whitelist for internal security key provider; | Damien Miller | |
| spotted by dtucker@ | |||
| 2019-11-15 | U2F tokens may return FIDO_ERR_USER_PRESENCE_REQUIRED when probed to | Damien Miller | |
| see if they own a key handle. Handle this case so the find_device() look can work for them. Reported by Michael Forney | |||
| 2019-11-15 | show the "please touch your security key" notifier when using the | Damien Miller | |
| (default) build-in security key support. | |||
| 2019-11-15 | close the "touch your security key" notifier on the error path too | Damien Miller | |
| 2019-11-15 | correct function name in debug message | Damien Miller | |
| 2019-11-15 | follow existing askpass logic for security key notifier: fall back | Damien Miller | |
| to _PATH_SSH_ASKPASS_DEFAULT if no $SSH_ASKPASS environment variable is set. | |||
| 2019-11-15 | libusb was renamed to libusbhid in 2001 but the old DPADD var name was | Jonathan Gray | |
| kept. Rename LIBUSB to LIBUSBHID as there is only one LIBUSB use and many more attempts to refer to LIBUSBHID. | |||
| 2019-11-14 | HTTP/1.1 for ftp(1) | Jeremie Courreges-Anglas | |
| Some sites in ports start to reject HTTP/1.0 requests. Let's move on and implement HTTP/1.1. Should fit in ramdisks. ok sthen@ tb@ | |||
| 2019-11-14 | remove debugging goop that snuck in to last commit | Damien Miller | |
| 2019-11-14 | directly support U2F/FIDO2 security keys in OpenSSH by linking | Damien Miller | |
| against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging. | |||
| 2019-11-14 | Change window-size default from smallest to latest. | Nicholas Marriott | |
| 2019-11-14 | Fix parsing of DA with only one argument in the response and add 65 for VT520. | Nicholas Marriott | |
| 2019-11-14 | Change new-session -A without a session name (that is, no -s option | Nicholas Marriott | |
| also) to attach to the best existing session like attach-session rather than creating a new one. | |||
| 2019-11-14 | CUB and CUF are also limited by the margins so use CUP instead when | Nicholas Marriott | |
| margins are enabled (we already do this for linefeed). | |||
| 2019-11-14 | Add an option to set the key sent by backspace for those whose system | Nicholas Marriott | |
| uses ^H rather than ^?. GitHub issue 1969. | |||
| 2019-11-13 | in order to be able to figure out the number of signatures left on | Markus Friedl | |
| a shielded key, we need to transfer the number of signatures left from the private to the public key. ok djm@ | |||
| 2019-11-13 | fix check for sig_s; noted by qsa at qualys.com | Markus Friedl | |
| 2019-11-13 | When clients get denied by MaxStartups, send a noification prior to | Darren Tucker | |
| the SSH2 protocol banner according to RFC4253 section 4.2. ok djm@ deraadt@ markus@ | |||
| 2019-11-13 | fix shield/unshield for xmss keys: | Markus Friedl | |
| - in ssh-agent we need to delay the call to shield until we have received key specific options. - when serializing xmss keys for shield we need to deal with all optional components (e.g. state might not be loaded). ok djm@ | |||
| 2019-11-13 | remove size_t gl_pathc < 0 test, it is invalid. the return value from | Theo de Raadt | |
| glob() is sufficient. discussed with djm | |||
| 2019-11-13 | stdarg.h required more broadly; ok djm | Theo de Raadt | |
| 2019-11-13 | refactor the nc pool loop to not shut down the socket early, and | Bob Beck | |
| to handle tls_shutdown correctly if using TLS, doing tls_shutdown correctly if we are using the -N flag ok sthen@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |