1. 20 Oct, 2018 15 commits
  2. 19 Oct, 2018 1 commit
  3. 17 Oct, 2018 1 commit
  4. 16 Oct, 2018 2 commits
  5. 15 Oct, 2018 1 commit
  6. 12 Oct, 2018 2 commits
  7. 11 Oct, 2018 10 commits
  8. 10 Oct, 2018 2 commits
    • Damien Miller's avatar
      supply callback to PEM_read_bio_PrivateKey · 12731158
      Damien Miller authored
      OpenSSL 1.1.0i has changed the behaviour of their PEM APIs,
      so that empty passphrases are interpreted differently. This
      probabalistically breaks loading some keys, because the PEM format
      is terrible and doesn't include a proper MAC.
      
      Avoid this by providing a basic callback to avoid passing empty
      passphrases to OpenSSL in cases where one is required.
      
      Based on patch from Jakub Jelen in bz#2913; ok dtucker@
      12731158
    • Damien Miller's avatar
      in pick_salt() avoid dereference of NULL passwords · d1d301a1
      Damien Miller authored
      Apparently some NIS implementations can leave pw->pw_passwd (or the
      shadow equivalent) NULL.
      
      bz#2909; based on patch from Todd Eigenschink
      d1d301a1
  9. 09 Oct, 2018 1 commit
    • djm@openbsd.org's avatar
      upstream: Treat all PEM_read_bio_PrivateKey() errors when a passphrase · edbb6feb
      djm@openbsd.org authored
      is specified as "incorrect passphrase" instead of trying to choose between
      that and "invalid format".
      
      libcrypto can return ASN1 parsing errors rather than the expected
      decrypt error in certain infrequent cases when trying to decrypt/parse
      PEM private keys when supplied with an invalid passphrase.
      
      Report and repro recipe from Thomas Deutschmann in bz#2901
      
      ok markus@
      
      OpenBSD-Commit-ID: b1d4cd92395f9743f81c0d23aab2524109580870
      edbb6feb
  10. 07 Oct, 2018 1 commit
    • naddy@openbsd.org's avatar
      upstream: Support using service names for port numbers. · 2581333d
      naddy@openbsd.org authored
      * Try to resolve a port specification with getservbyname(3) if a
       numeric conversion fails.
      * Make the "Port" option in ssh_config handle its argument as a
       port rather than a plain integer.
      
      ok dtucker@ deraadt@
      
      OpenBSD-Commit-ID: e7f03633133205ab3dfbc67f9df7475fabae660d
      2581333d
  11. 04 Oct, 2018 4 commits