| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Fix occurrences of "r = func() != 0" which result in the wrong error |   jsg | 2015-09-02 | 1 | -2/+2 |
| | | | | | | | codes being returned due to != having higher precedence than =. ok deraadt@ markus@ | ||||
| * | delete support for legacy v00 certificates; "sure" markus@ dtucker@ |   djm | 2015-07-03 | 1 | -5/+5 |
| | | |||||
| * | correct test to sshkey_sign(); spotted by Albert S. | djm | 2015-06-24 | 1 | -2/+2 |
| | | |||||
| * | permit KRLs that revoke certificates by serial number or key ID | djm | 2015-01-30 | 1 | -38/+64 |
| | | | | | without scoping to a particular CA; ok markus@ | ||||
| * | small refactor and add some convenience functions; | djm | 2015-01-26 | 1 | -12/+5 |
| | | | | | ok markus | ||||
| * | Reduce use of <sys/param.h> and transition to <limits.h> throughout. |   deraadt | 2015-01-20 | 1 | -2/+2 |
| | | | | | ok djm markus | ||||
| * | fix format strings in (disabled) debugging | djm | 2015-01-19 | 1 | -4/+4 |
| | | |||||
| * | string truncation due to sizeof(size) | deraadt | 2015-01-18 | 1 | -2/+2 |
| | | | | | ok djm markus | ||||
| * | avoid BIGNUM in KRL code by using a simple bitmap; | djm | 2015-01-14 | 1 | -21/+41 |
| | | | | | feedback and ok markus | ||||
| * | sync changes from libopenssh; prepared by markus@ | djm | 2015-01-13 | 1 | -50/+48 |
| | | | | | | mostly debug output tweaks, a couple of error return value changes and some other minor stuff | ||||
| * | missing error assigment on sshbuf_put_string() |   markus | 2015-01-12 | 1 | -3/+3 |
| | | |||||
| * | free->sshkey_free; ok djm@ | markus | 2015-01-12 | 1 | -2/+2 |
| | | |||||
| * | deprecate key_load_private_pem() and sshkey_load_private_pem() | djm | 2015-01-08 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@ | ||||
| * | Add FingerprintHash option to control algorithm used for key | djm | 2014-12-21 | 1 | -3/+5 |
| | | | | | | | | fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@ | ||||
| * | convert KRL code to new buffer API | djm | 2014-12-04 | 1 | -316/+335 |
| | | | | | ok markus@ | ||||
| * | fix NULL pointer dereference crash on invalid timestamp | djm | 2014-11-21 | 1 | -3/+7 |
| | | | | | found using Michal Zalewski's afl fuzzer | ||||
| * | fix KRL generation when multiple CAs are in use | djm | 2014-11-17 | 1 | -1/+2 |
| | | | | | | | | | | | | We would generate an invalid KRL when revoking certs by serial number for multiple CA keys due to a section being written out twice. Also extend the regress test to catch this case by having it produce a multi-CA KRL. Reported by peter AT pean.org | ||||
| * | New key API: refactor key-related functions to be more library-like, | djm | 2014-06-24 | 1 | -4/+4 |
| | | | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. | ||||
| * | fix bug in KRL generation: multiple consecutive revoked certificate | djm | 2014-06-24 | 1 | -1/+2 |
| | | | | | | | | serial number ranges could be serialised to an invalid format. Readers of a broken KRL caused by this bug will fail closed, so no should-have-been-revoked key will be accepted. | ||||
| * | buffer_get_string_ptr's return should be const to remind | djm | 2014-04-28 | 1 | -3/+5 |
| | | | | | | callers that futzing with it will futz with the actual buffer contents | ||||
| * | replace most bzero with explicit_bzero, except a few that cna be memset |   tedu | 2014-01-31 | 1 | -6/+6 |
| | | | | | ok djm dtucker | ||||
| * | fix verification error in (as-yet usused) KRL signature checking path | djm | 2013-07-20 | 1 | -2/+2 |
| | | |||||
| * | don't leak the rdata blob on errors; ok djm@ | markus | 2013-06-20 | 1 | -8/+11 |
| | | |||||
| * | hush some {unused, printf type} warnings | djm | 2013-04-05 | 1 | -6/+11 |
| | | |||||
| * | Remove bogus include. ok djm |   dtucker | 2013-02-19 | 1 | -2/+1 |
| | | |||||
| * | actually use the xrealloc() return value; spotted by xi.wang AT gmail.com | djm | 2013-01-27 | 1 | -2/+2 |
| | | |||||
| * | redo last commit without the vi-vomit that snuck in: | djm | 2013-01-25 | 1 | -3/+6 |
| | | | | | | | skip serial lookup when cert's serial number is zero (now with 100% better comment) | ||||
| * | Revert last. Breaks due to likely typo. Let djm@ fix later. |   krw | 2013-01-25 | 1 | -2/+2 |
| | | | | | ok djm@ via dlg@ | ||||
| * | skip serial lookup when cert's serial number is zero | djm | 2013-01-24 | 1 | -2/+2 |
| | | |||||
| * | fix handling of (unused) KRL signatures; skip string in correct buffer | djm | 2013-01-24 | 1 | -2/+2 |
| | | |||||
| * | RB_INSERT does not remove existing elments; ok djm@ | markus | 2013-01-19 | 1 | -2/+2 |
| | | |||||
| * | fix KRL generation bug for list sections | djm | 2013-01-18 | 1 | -2/+2 |
| | | |||||
| * | RCD IDs help us keep portable in synch | djm | 2013-01-18 | 1 | -0/+2 |
| | | |||||
| * | add support for Key Revocation Lists (KRLs). These are a compact way to | djm | 2013-01-17 | 1 | -0/+1223 |
| represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@ | |||||
 |
index : wireguard-openbsd | |
| WireGuard implementation for the OpenBSD kernel | Matt Dunwoodie |
| summaryrefslogtreecommitdiffstats |