| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | update to new API (key_fingerprint => sshkey_fingerprint) |   djm | 2015-01-28 | 1 | -18/+1 |
| * | Reduce use of <sys/param.h> and transition to <limits.h> throughout. |   deraadt | 2015-01-20 | 1 | -2/+2 |
| * | deprecate key_load_private_pem() and sshkey_load_private_pem() | djm | 2015-01-08 | 1 | -23/+2 |
| * | Add FingerprintHash option to control algorithm used for key | djm | 2014-12-21 | 1 | -4/+3 |
| * | key_in_file() wrapper is no longer used | djm | 2014-12-04 | 1 | -15/+1 |
| * | Prevent spam from key_load_private_pem during hostbased auth. ok djm@ |   dtucker | 2014-07-22 | 1 | -2/+5 |
| * | silence "incorrect passphrase" error spam; reported and ok dtucker@ | djm | 2014-07-17 | 1 | -3/+5 |
| * | downgrade more error() to debug() to better match what old authfile.c | djm | 2014-07-09 | 1 | -6/+11 |
| * | suppress spurious error message when loading key with a passphrase; | djm | 2014-06-30 | 1 | -2/+3 |
| * | New key API: refactor key-related functions to be more library-like, | djm | 2014-06-24 | 1 | -2437/+289 |
| * | make compiling against OpenSSL optional (make OPENSSL=no); |   markus | 2014-04-29 | 1 | -23/+97 |
| * | convert memset of potentially-private data to explicit_bzero() | djm | 2014-02-02 | 1 | -6/+6 |
| * | Introduce digest API and use it to perform all hashing operations | djm | 2014-01-09 | 1 | -20/+20 |
| * | to make sure we don't omit any key types as valid CA keys again, | djm | 2013-12-29 | 1 | -7/+17 |
| * | correct comment for key_drop_cert() | djm | 2013-12-29 | 1 | -2/+2 |
| * | correct comment for key_to_certified() | djm | 2013-12-29 | 1 | -2/+2 |
| * | allow ed25519 keys to appear as certificate authorities | djm | 2013-12-29 | 1 | -2/+3 |
| * | set k->cert = NULL after freeing it | djm | 2013-12-07 | 1 | -1/+2 |
| * | support ed25519 keys (hostkeys and user identities) using the public domain | markus | 2013-12-06 | 1 | -25/+169 |
| * | new private key format, bcrypt as KDF by default; details in PROTOCOL.key; | markus | 2013-12-06 | 1 | -1/+2 |
| * | move private key (de)serialization to key.c; ok djm | markus | 2013-12-06 | 1 | -1/+184 |
| * | make key_to_blob() return a NULL blob on failure; part of | djm | 2013-12-02 | 1 | -1/+5 |
| * | fix potential stack exhaustion caused by nested certificates; | djm | 2013-10-29 | 1 | -16/+29 |
| * | Standardise logging of supplemental information during userauth. Keys | djm | 2013-05-19 | 1 | -2/+2 |
| * | bye, bye xfree(); ok markus@ | djm | 2013-05-17 | 1 | -33/+24 |
| * | memleak in cert_free(), wasn't actually freeing the struct; | djm | 2013-05-10 | 1 | -1/+2 |
| * | add the ability to query supported ciphers, MACs, key type and KEX | djm | 2013-04-19 | 1 | -116/+97 |
| * | add support for Key Revocation Lists (KRLs). These are a compact way to | djm | 2013-01-17 | 1 | -15/+25 |
| * | add support for RFC6594 SSHFP DNS records for ECDSA key types. | djm | 2012-05-23 | 1 | -1/+4 |
| * | remove explict search for \0 in packet strings, this job is now done | djm | 2011-10-18 | 1 | -6/+1 |
| * | fatal() if asked to generate a legacy ECDSA cert (these don't exist) | djm | 2011-05-17 | 1 | -1/+4 |
| * | fix uninitialised nonce variable; reported by Mateusz Kocielski | djm | 2011-02-04 | 1 | -4/+3 |
| * | use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. | djm | 2010-11-10 | 1 | -9/+17 |
| * | fix a possible NULL deref on loading a corrupt ECDH key | djm | 2010-10-28 | 1 | -9/+22 |
| * | ECDH/ECDSA compliance fix: these methods vary the hash function they use | djm | 2010-09-09 | 1 | -12/+35 |
| * | Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and | djm | 2010-08-31 | 1 | -15/+526 |
| * | Add buffer_get_cstring() and related functions that verify that the | djm | 2010-08-31 | 1 | -9/+4 |
| * | s/timing_safe_cmp/timingsafe_bcmp/g | djm | 2010-07-13 | 1 | -2/+2 |
| * | implement a timing_safe_cmp() function to compare memory without leaking | djm | 2010-07-13 | 1 | -2/+3 |
| * | add some optional indirection to matching of principal names listed | djm | 2010-05-07 | 1 | -2/+2 |
| * | revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the | djm | 2010-04-16 | 1 | -31/+146 |
| * | also print certificate type (user or host) for ssh-keygen -L |   stevesk | 2010-03-15 | 1 | -1/+14 |
| * | use buffer_get_string_ptr_ret() where we are checking the return | djm | 2010-03-04 | 1 | -3/+3 |
| * | reject strings with embedded ASCII nul chars in certificate key IDs, | djm | 2010-03-03 | 1 | -13/+23 |
| * | Add support for certificate key types for users and hosts. | djm | 2010-02-26 | 1 | -34/+561 |
| * | Ignore and log any Protocol 1 keys where the claimed size is not equal to | dtucker | 2010-01-13 | 1 | -1/+7 |
| * | switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537 | markus | 2009-12-11 | 1 | -2/+2 |
| * | typo in error message; ok djm@ | stevesk | 2008-10-10 | 1 | -2/+2 |
| * | In random art visualization, make sure to use the end marker only at the |   grunk | 2008-07-25 | 1 | -2/+3 |
| * | /*NOTREACHED*/ for lint warning: | stevesk | 2008-07-07 | 1 | -1/+2 |
