| Age | Commit message (Collapse) | Author |
|---|
|
ban all-zero curve25519 keys as recommended by latest
CFRG curves draft; ok markus
|
|
relax bits needed check to allow
diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was
selected as symmetric cipher; ok markus
|
|
ignore v1 errors on ssh-add -D; only try v2 keys on
-l/-L (unless WITH_SSH1) ok djm@
|
|
unbreak ssh_agent_sign (lenp vs *lenp)
|
|
don't leak 'setp' on error; noted by Nicholas Lemonias;
ok djm@
|
|
consistent check for NULL as noted by Nicholas
Lemonias; ok djm@
|
|
correct fmt-string for size_t as noted by Nicholas
Lemonias; ok djm@
|
|
promote chacha20-poly1305@openssh.com to be the default
cipher; ok markus
|
|
Compile-time disable SSH protocol 1. You can turn it
back on using the Makefile.inc knob if you need it to talk to ancient
devices.
|
|
fix double-negative error message "ssh1 is not
unsupported"
|
|
for ssh-keygen -A, don't try (and fail) to generate ssh
v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled
without OpenSSL based on patch by Mike Frysinger; bz#2369
|
|
KRL support doesn't need OpenSSL anymore, remove #ifdefs
from around call
|
|
#if 0 some more arrays used only for decrypting (we don't
use since we only need encrypt for AES-CTR)
|
|
add back the changes from rev 1.206, djm reverted this by
mistake in rev 1.207
|
|
pointed out by Christian Hesse
|
|
|
|
|
|
|
|
unbreak for w/SSH1 (default) case; ok markus@ deraadt@
|
|
|
|
fix sshkey_certify() return value for unsupported key types;
ok markus@ deraadt@
|
|
|
|
make these work with !SSH1; ok markus@ deraadt@
|
|
make ssh-add -D work with !SSH1 agent
|
|
|
|
make it possible to run tests w/o ssh1 support; ok djm@
|
|
crank; ok markus, deraadt
|
|
|
|
|
|
add SSH1 Makefile knob to make it easier to build without
SSH1 support; ok markus@
|
|
expand __unused to full __attribute__ for better portability
|
|
|
|
This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908.
Some system headers have objects named __unused
|
|
fixes builds on systems that use DES_crypt; based on patch
from Roumen Petrov
|
|
fixes builds on BSD/OS
|
|
reorder logic for better portability; patch from Roumen
Petrov
|
|
Allow "ssh -Q protocol-version" to list supported SSH
protocol versions. Useful for detecting builds without SSH v.1 support; idea
and ok markus@
|
|
Make sure we only call getnameinfo() for AF_INET or AF_INET6
sockets. getpeername() of a Unix domain socket may return without error on
some systems without actually setting ss_family so getnameinfo() was getting
called with ss_family set to AF_UNSPEC. OK djm@
|
|
Mostly avoiding "err(1, NULL)"
|
|
from Tom G. Christensen
|
|
|
|
|
|
|
|
|
|
don't printf NULL key comments; reported by Tom Christensen
|
|
zero cmsgbuf before use; we initialise the bits we use
but valgrind still spams warning on it
|
|
fix small memory leak when UpdateHostkeys=no
|
|
This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b.
No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3
|
|
don't leak validity of user in "too many authentication
failures" disconnect message; reported by Sebastian Reitenbach
|
|
add -v (show ASCII art) to -l's synopsis; ok djm@
|
