Age | Commit message (Collapse) | Author |
|
infer key length correctly when user specified a fully-
qualified key name instead of using the -b bits option; ok markus@
|
|
fix hostkeys on ssh agent; found by unit test I'm about
to commit
|
|
garbage collect empty .No macros mandoc warns about
|
|
regression: incorrect error message on
otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
|
|
when hostname canonicalisation is enabled, try to parse
hostnames as addresses before looking them up for canonicalisation. fixes
bz#2074 and avoids needless DNS lookups in some cases; ok markus
|
|
Replace <sys/param.h> with <limits.h> and other less
dirty headers where possible. Annotate <sys/param.h> lines with their
current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of
MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
These are the files confirmed through binary verification. ok guenther,
millert, doug (helped with the verification protocol)
|
|
remove xmalloc, switch to sshbuf
|
|
switch to sshbuf
|
|
handle UMAC128 initialization like UMAC; ok djm@ markus@
|
|
fix regression reported by brad@ for passworded keys without
agent present
|
|
|
|
unit tests for KRL bitmap
|
|
re-add comment about full path
|
|
don't reset to the installed sshd; connect before
reconfigure, too
|
|
implement a SIGINFO handler so we can discern a stuck
fuzz test from a merely glacial one; prompted by and ok markus
|
|
use $SSH instead of installed ssh to allow override;
spotted by markus@
|
|
regress test for PubkeyAcceptedKeyTypes; ok markus@
|
|
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
|
|
fatal if soft-PKCS11 library is missing rather (rather
than continue and fail with a more cryptic error)
|
|
let this test all supporte key types; pointed out/ok
markus@
|
|
sync ssh-keysign, ssh-keygen and some dependencies to the
new buffer/key API; mostly mechanical, ok markus@
|
|
remove commented-out test code now that it has moved to a
proper unit test
|
|
whitespace
|
|
move authfd.c and its tentacles to the new buffer/key
API; ok markus@
|
|
fix small regression: ssh-agent would return a success
message but an empty signature if asked to sign using an unknown key; ok
markus@
|
|
fix some regressions caused by upstream merges
enable KRLs now that they no longer require BIGNUMs
|
|
|
|
|
|
|
|
|
|
|
|
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
|
|
|
|
avoid BIGNUM in KRL code by using a simple bitmap;
feedback and ok markus
|
|
update sftp client and server to new buffer API. pretty
much just mechanical changes; with & ok markus
|
|
switch to sshbuf/sshkey; with & ok djm@
|
|
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
|
|
avoid an warning for the !OPENSSL case
|
|
swith auth-options to new sshbuf/sshkey; ok djm@
|
|
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok
markus@
|
|
remove unneeded includes, sync my copyright across files
& whitespace; ok djm@
|
|
adapt mac.c to ssherr.h return codes (de-fatal) and
simplify dependencies ok djm@
|
|
sync changes from libopenssh; prepared by markus@ mostly
debug output tweaks, a couple of error return value changes and some other
minor stuff
|
|
Allows disabling support for SSH protocol 1.
|
|
add sshd_config HostbasedAcceptedKeyTypes and
PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
will be accepted. Currently defaults to all. Feedback & ok markus@
|
|
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
|
|
missing error assigment on sshbuf_put_string()
|
|
apparently memcpy(x, NULL, 0) is undefined behaviour
according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls
when length==0; ok markus@
|
|
free->sshkey_free; ok djm@
|
|
allow WITH_OPENSSL w/o WITH_SSH1; ok djm@
|