summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-keysign.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* if passed a bad fd, log what it wasdjm2019-06-141-2/+2
|
* Replace calls to ssh_malloc_init() by a static init of malloc_options.otto2019-06-061-2/+1
| | | | Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
* add a ssh_config "Match final" predicatedjm2018-11-231-2/+3
| | | | | Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus
* Now that ssh can't be setuid, remove the original_real_uid anddtucker2018-07-271-6/+2
| | | | | original_effective_uid globals and replace with calls to plain getuid(). ok djm@
* Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)markus2018-02-231-2/+3
| | | | | | | The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
* ssh_free checks for and handles NULL args, remove NULL checks from remainingdtucker2018-02-071-2/+2
| | | | callers. ok djm@
* Add a function to enable security-related malloc_options. With and okdtucker2016-02-151-1/+2
| | | | deraadt@, something similar has been in the snaps for a while.
* implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)markus2015-12-041-2/+3
| | | | | based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
* pledge, better fatal() messages; feedback deraadt@djm2015-11-291-7/+16
|
* add an XXX reminder for getting correct key paths from sshd_configdjm2015-07-031-1/+2
|
* consistent check for NULL as noted by Nicholas Lemonias; ok djm@markus2015-03-241-2/+2
|
* update to new API (key_fingerprint => sshkey_fingerprint)djm2015-01-281-3/+4
| | | | | check sshkey_fingerprint return values; ok markus
* sync ssh-keysign, ssh-keygen and some dependencies to the newdjm2015-01-151-52/+68
| | | | buffer/key API; mostly mechanical, ok markus@
* deprecate key_load_private_pem() and sshkey_load_private_pem()djm2015-01-081-8/+13
| | | | | | | | | | | | | | | interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@
* Add FingerprintHash option to control algorithm used for keydjm2014-12-211-2/+3
| | | | | | | fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* Tweak config reparsing with host canonicalisationdjm2014-10-081-2/+2
| | | | | | | | | | | | | | | | Make the second pass through the config files always run when hostname canonicalisation is enabled. Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T" Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored). bz#2267 bz#2286; ok markus
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-1/+4
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* Delete futile calls to RAND_seed. ok djmtedu2014-04-191-5/+1
|
* include fingerprint of key not founddjm2014-04-011-6/+8
| | | | use arc4random_buf() instead of loop+arc4random()
* support ed25519 keys (hostkeys and user identities) using the public domainmarkus2013-12-061-2/+3
| | | | | ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
* add a "Match" keyword to ssh_config that allows matching on hostname,djm2013-10-141-2/+2
| | | | user and result of arbitrary commands. "nice work" markus@
* bye, bye xfree(); ok markus@djm2013-05-171-10/+10
|
* make hostbased auth with ECDSA keys work correctly. Based on patchdjm2011-02-161-8/+15
| | | | by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
* reintroduce commit from tedu@, which I pulled out for release engineering:djm2010-08-311-2/+2
| | | | | OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
* backout previous temporarily; discussed with deraadt@djm2010-08-161-2/+2
|
* OpenSSL_add_all_algorithms is the name of the function we have a man pagetedu2010-08-121-2/+2
| | | | for, so use that. ok djm
* clean for -Wuninitializeddjm2010-08-041-2/+2
|
* enable certificates for hostbased authentication, from Iain Morgan;djm2010-08-041-2/+2
| | | | "looks ok" markus@
* Make HostBased authentication work with a ProxyCommand. bz #1569, patchdtucker2010-01-131-2/+2
| | | | from imorgan at nas nasa gov, ok djm@
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-4/+2
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* move #include <unistd.h> out of includes.hstevesk2006-07-171-1/+2
|
* move #include <fcntl.h> out of includes.hstevesk2006-07-091-1/+2
|
* move #include <pwd.h> out of includes.h; ok markus@stevesk2006-07-061-2/+5
|
* sessionid can be 32 bytes now too when sha256 kex is used; ok djm@dtucker2006-04-021-3/+3
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* RCSID() can diederaadt2006-03-191-1/+0
|
* move #include <paths.h> out of includes.h; ok markus@stevesk2006-02-081-1/+3
|
* ensure that stdio fds are attached; ok deraadt@djm2005-09-131-1/+8
|
* Remove duplicate getuid(), suggested by & ok markus@dtucker2004-08-231-3/+3
|
* Use permanently_set_uid() in ssh and ssh-keysign for consistency, matchesdtucker2004-08-231-7/+7
| | | | change in Portable; ok markus@
* perform strict ownership and modes checks for ~/.ssh/config files, as thesedjm2004-04-181-2/+2
| | | | | | can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions
* fix mem leaks; some fixes from Pete Flugstad; tested dtucker@markus2004-01-191-1/+2
|
* return error on msg send/receive failure (rather than fatal); ok markus@djm2003-11-171-2/+3
|
* fix AddressFamily option in config file, from brent@graveland.net; ok markus@djm2003-07-031-2/+1
|
* add AddressFamily option to ssh_config (like -4, -6 on commandline).djm2003-05-161-2/+4
| | | | Portable bug #534; ok markus@
* potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526markus2003-04-021-2/+2
|
* move RSA_blinding_on to generic key load methodmarkus2003-03-131-8/+1
|
* s/msg_send/ssh_msg_send/ to avoid namespace clashes in portable; ok markus@djm2002-12-191-4/+4
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.