| Age | Commit message (Collapse) | Author |
|---|
|
[auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
[sshconnect.c sshconnect2.c sshd.c]
refuse RSA keys from old proprietary clients/servers that use the
obsolete RSA+MD5 signature scheme. it will still be possible to connect
with these clients/servers but only DSA keys will be accepted, and we'll
deprecate them entirely in a future release. ok markus@
|
|
|
|
[sshconnect.c]
when showing other hostkeys, don't forget Ed25519 keys
|
|
[ssh.c]
don't forget to load Ed25519 certs too
|
|
[authfile.c]
don't refuse to load Ed25519 certificates
|
|
[authfd.c]
allow deletion of ed25519 keys from the agent
|
|
[key.c]
to make sure we don't omit any key types as valid CA keys again,
factor the valid key type check into a key_type_is_valid_ca()
function
|
|
[key.c]
correct comment for key_drop_cert()
|
|
[key.c]
correct comment for key_to_certified()
|
|
[key.c]
allow ed25519 keys to appear as certificate authorities
|
|
[ssh-rsa.c]
correct comment
|
|
[ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
make the original RSA and DSA signing/verification code look more like
the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
rather than tediously listing all variants, use __func__ for debug/
error messages
|
|
[ssh-keygen.1]
small typo
|
|
[poly1305.c poly1305.h]
use full name for author, with his permission
|
|
[ssh-agent.c]
bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
ok dtucker
|
|
[channels.c]
bz#2147: fix multiple remote forwardings with dynamically assigned
listen ports. In the s->c message to open the channel we were sending
zero (the magic number to request a dynamic port) instead of the actual
listen port. The client therefore had no way of discriminating between
them.
Diagnosis and fix by ronf AT timeheart.net
|
|
[auth-options.c]
simplify freeing of source-address certificate restriction
|
|
[serverloop.c]
Cast client_alive_interval to u_int64_t before assinging to
max_time_milliseconds to avoid potential integer overflow in the timeout.
bz#2170, patch from Loganaden Velvindron, ok djm@
|
|
[ssh-add.c]
skip requesting smartcard PIN when removing keys from agent; bz#2187
patch from jay AT slushpupie.com; ok dtucker
|
|
entries
|
|
- (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
|
|
Patch from Loganaden Velvindron.
|
|
greater than 11 either rather than just 11. Patch from Tomas Kuthan.
|
|
[crypto_api.h]
I've assempled the header file by cut&pasting from generated headers
and the source files.
|
|
[cipher-chachapoly.c]
add some comments and constify a constant
|
|
[ssh-add.c]
Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page.
ok markus@
|
|
[crypto_api.h]
remove unused defines
|
|
[blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
[ge25519_base.data hash.c sc25519.c sc25519.h verify.c]
Add Authors for the public domain ed25519/nacl code.
see also http://nacl.cr.yp.to/features.html
All of the NaCl software is in the public domain.
and http://ed25519.cr.yp.to/software.html
The Ed25519 software is in the public domain.
|
|
[sshd_config.5]
Use a literal for the default value of KEXAlgorithms. ok deraadt jmc
|
|
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
[ssh_config.5 sshd.8 sshd_config.5]
add missing mentions of ed25519; ok djm@
|
|
[ssh-keygen.1]
document -a and -o wrt new key format
|
|
[regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid
filesystem before running agent-ptrace.sh; ok dtucker
|
|
Vinschen
|
|
Loganaden Velvindron @ AfriNIC in bz#2179
|
|
|
|
[regress/Makefile regress/agent.sh regress/cert-hostkey.sh]
[regress/cert-userkey.sh regress/keytype.sh]
test ed25519 support; from djm@
|
|
[openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
Linux
|
|
[openbsd-compat/blf.h openbsd-compat/blowfish.c]
[openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
portable.
|
|
|
|
|
|
[key.c]
set k->cert = NULL after freeing it
|
|
[ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
|
|
[sshd.8]
missing comma;
|
|
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
[servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
[ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
[sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
[fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
support ed25519 keys (hostkeys and user identities) using the public
domain ed25519 reference code from SUPERCOP, see
http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@
|
|
[authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
[ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
default; details in PROTOCOL.key; feedback and lots help from djm;
ok djm@
|
|
[authfd.c key.c key.h ssh-agent.c]
move private key (de)serialization to key.c; ok djm
|
|
[ssh-keygen.c]
remove duplicated character ('g') in getopt() string;
document the (few) remaining option characters so we don't have to
rummage next time.
|
|
[sftp-client.c]
fix memory leak in error path in do_readdir(); pointed out by
Loganaden Velvindron @ AfriNIC in bz#2163
|
|
[servconf.c servconf.h]
bz#2161 - fix AuthorizedKeysCommand inside a Match block and
rearrange things so the same error is harder to make next time;
with and ok dtucker@
|
|
-L location for libedit. Patch from Serge van den Boom.
|
