1. 13 Sep, 2018 2 commits
  2. 07 Feb, 2018 1 commit
    • jsing@openbsd.org's avatar
      upstream commit · 7cd31632
      jsing@openbsd.org authored
      Remove all guards for calls to OpenSSL free functions -
      all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
      
      Prompted by dtucker@ asking about guards for RSA_free(), when looking at
      openssh-portable pr#84 on github.
      
      ok deraadt@ dtucker@
      
      OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
      7cd31632
  3. 01 Jun, 2017 1 commit
    • deraadt@openbsd.org's avatar
      upstream commit · 9e509d4e
      deraadt@openbsd.org authored
      Switch to recallocarray() for a few operations.  Both
      growth and shrinkage are handled safely, and there also is no need for
      preallocation dances. Future changes in this area will be less error prone.
      Review and one bug found by markus
      
      Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
      9e509d4e
  4. 31 May, 2017 1 commit
    • markus@openbsd.org's avatar
      upstream commit · ff7371af
      markus@openbsd.org authored
      sshkey_new() might return NULL (pkcs#11 code only); ok
      djm@
      
      Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd
      ff7371af
  5. 06 Nov, 2016 1 commit
    • djm@openbsd.org's avatar
      upstream commit · efb494e8
      djm@openbsd.org authored
      Improve pkcs11_add_provider() logging: demote some
      excessively verbose error()s to debug()s, include PKCS#11 provider name and
      slot in log messages where possible. bz#2610, based on patch from Jakub Jelen
      
      Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d
      efb494e8
  6. 12 Feb, 2016 1 commit
    • djm@openbsd.org's avatar
      upstream commit · d2d772f5
      djm@openbsd.org authored
      avoid fatal() for PKCS11 tokens that present empty key IDs
       bz#1773, ok markus@
      
      Upstream-ID: 044a764fee526f2c4a9d530bd10695422d01fc54
      d2d772f5
  7. 20 Jul, 2015 2 commits
    • djm@openbsd.org's avatar
      upstream commit · 63ebcd00
      djm@openbsd.org authored
      don't ignore PKCS#11 hosted keys that return empty
       CKA_ID; patch by Jakub Jelen via bz#2429; ok markus
      
      Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485
      63ebcd00
    • djm@openbsd.org's avatar
      upstream commit · b15fd989
      djm@openbsd.org authored
      skip uninitialised PKCS#11 slots; patch from Jakub Jelen
       in bz#2427 ok markus@
      
      Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29
      b15fd989
  8. 27 May, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · a71ba58a
      djm@openbsd.org authored
      support PKCS#11 devices with external PIN entry devices
       bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker@
      
      Upstream-ID: 504568992b55a8fc984375242b1bd505ced61b0d
      a71ba58a
  9. 29 Apr, 2015 1 commit
  10. 04 Feb, 2015 1 commit
  11. 03 Feb, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · cb3bde37
      djm@openbsd.org authored
      handle PKCS#11 C_Login returning
       CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@
      cb3bde37
  12. 15 Jan, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 1129dcfc
      djm@openbsd.org authored
      sync ssh-keysign, ssh-keygen and some dependencies to the
       new buffer/key API; mostly mechanical, ok markus@
      1129dcfc
  13. 02 Jul, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/06/24 01:13:21 · 8668706d
      Damien Miller authored
           [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
           [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
           [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
           [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
           [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
           [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
           [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
           [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
           [sshconnect2.c sshd.c sshkey.c sshkey.h
           [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
           New key API: refactor key-related functions to be more library-like,
           existing API is offered as a set of wrappers.
      
           with and ok markus@
      
           Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
           Dempsky and Ron Bowes for a detailed review a few months ago.
      
           NB. This commit also removes portable OpenSSH support for OpenSSL
           <0.9.8e.
      8668706d
  14. 15 May, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/05/02 03:27:54 · 686c7d9e
      Damien Miller authored
           [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c]
           [misc.h poly1305.h ssh-pkcs11.c defines.h]
           revert __bounded change; it causes way more problems for portable than
           it solves; pointed out by dtucker@
      686c7d9e
  15. 20 Apr, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/03/26 04:55:35 · 4f40209a
      Damien Miller authored
           [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c
           [misc.h poly1305.h ssh-pkcs11.c]
           use __bounded(...) attribute recently added to sys/cdefs.h instead of
           longform __attribute__(__bounded(...));
      
           for brevity and a warning free compilation with llvm/clang
      4f40209a
  16. 21 Nov, 2013 1 commit
  17. 07 Nov, 2013 2 commits
  18. 03 Nov, 2013 1 commit
  19. 18 Jul, 2013 1 commit
  20. 01 Jun, 2013 1 commit
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/17 00:13:13 · a627d42e
      Darren Tucker authored
           [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
           ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
           gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
           auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
           servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
           auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
           sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
           kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
           kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
           monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
           ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
           sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
           ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
           dns.c packet.c readpass.c authfd.c moduli.c]
           bye, bye xfree(); ok markus@
      a627d42e
  21. 04 Sep, 2011 1 commit
  22. 25 Jun, 2010 1 commit
  23. 16 Apr, 2010 1 commit
  24. 04 Mar, 2010 1 commit
  25. 24 Feb, 2010 1 commit
  26. 11 Feb, 2010 3 commits