1. 13 Sep, 2018 2 commits
  2. 07 Feb, 2018 1 commit
    • jsing@openbsd.org's avatar
      upstream commit · 7cd31632
      jsing@openbsd.org authored
      Remove all guards for calls to OpenSSL free functions -
      all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
      Prompted by dtucker@ asking about guards for RSA_free(), when looking at
      openssh-portable pr#84 on github.
      ok deraadt@ dtucker@
      OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
  3. 01 Jun, 2017 1 commit
    • deraadt@openbsd.org's avatar
      upstream commit · 9e509d4e
      deraadt@openbsd.org authored
      Switch to recallocarray() for a few operations.  Both
      growth and shrinkage are handled safely, and there also is no need for
      preallocation dances. Future changes in this area will be less error prone.
      Review and one bug found by markus
      Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
  4. 31 May, 2017 1 commit
    • markus@openbsd.org's avatar
      upstream commit · ff7371af
      markus@openbsd.org authored
      sshkey_new() might return NULL (pkcs#11 code only); ok
      Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd
  5. 06 Nov, 2016 1 commit
    • djm@openbsd.org's avatar
      upstream commit · efb494e8
      djm@openbsd.org authored
      Improve pkcs11_add_provider() logging: demote some
      excessively verbose error()s to debug()s, include PKCS#11 provider name and
      slot in log messages where possible. bz#2610, based on patch from Jakub Jelen
      Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d
  6. 12 Feb, 2016 1 commit
    • djm@openbsd.org's avatar
      upstream commit · d2d772f5
      djm@openbsd.org authored
      avoid fatal() for PKCS11 tokens that present empty key IDs
       bz#1773, ok markus@
      Upstream-ID: 044a764fee526f2c4a9d530bd10695422d01fc54
  7. 20 Jul, 2015 2 commits
    • djm@openbsd.org's avatar
      upstream commit · 63ebcd00
      djm@openbsd.org authored
      don't ignore PKCS#11 hosted keys that return empty
       CKA_ID; patch by Jakub Jelen via bz#2429; ok markus
      Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485
    • djm@openbsd.org's avatar
      upstream commit · b15fd989
      djm@openbsd.org authored
      skip uninitialised PKCS#11 slots; patch from Jakub Jelen
       in bz#2427 ok markus@
      Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29
  8. 27 May, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · a71ba58a
      djm@openbsd.org authored
      support PKCS#11 devices with external PIN entry devices
       bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker@
      Upstream-ID: 504568992b55a8fc984375242b1bd505ced61b0d
  9. 29 Apr, 2015 1 commit
  10. 04 Feb, 2015 1 commit
  11. 03 Feb, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · cb3bde37
      djm@openbsd.org authored
      handle PKCS#11 C_Login returning
       CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@
  12. 15 Jan, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 1129dcfc
      djm@openbsd.org authored
      sync ssh-keysign, ssh-keygen and some dependencies to the
       new buffer/key API; mostly mechanical, ok markus@
  13. 02 Jul, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/06/24 01:13:21 · 8668706d
      Damien Miller authored
           [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
           [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
           [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
           [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
           [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
           [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
           [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
           [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
           [sshconnect2.c sshd.c sshkey.c sshkey.h
           [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
           New key API: refactor key-related functions to be more library-like,
           existing API is offered as a set of wrappers.
           with and ok markus@
           Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
           Dempsky and Ron Bowes for a detailed review a few months ago.
           NB. This commit also removes portable OpenSSH support for OpenSSL
  14. 15 May, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/05/02 03:27:54 · 686c7d9e
      Damien Miller authored
           [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c]
           [misc.h poly1305.h ssh-pkcs11.c defines.h]
           revert __bounded change; it causes way more problems for portable than
           it solves; pointed out by dtucker@
  15. 20 Apr, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/03/26 04:55:35 · 4f40209a
      Damien Miller authored
           [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c
           [misc.h poly1305.h ssh-pkcs11.c]
           use __bounded(...) attribute recently added to sys/cdefs.h instead of
           longform __attribute__(__bounded(...));
           for brevity and a warning free compilation with llvm/clang
  16. 21 Nov, 2013 1 commit
  17. 07 Nov, 2013 2 commits
  18. 03 Nov, 2013 1 commit
  19. 18 Jul, 2013 1 commit
  20. 01 Jun, 2013 1 commit
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/17 00:13:13 · a627d42e
      Darren Tucker authored
           [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
           ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
           gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
           auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
           servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
           auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
           sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
           kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
           kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
           monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
           ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
           sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
           ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
           dns.c packet.c readpass.c authfd.c moduli.c]
           bye, bye xfree(); ok markus@
  21. 04 Sep, 2011 1 commit
  22. 25 Jun, 2010 1 commit
  23. 16 Apr, 2010 1 commit
  24. 04 Mar, 2010 1 commit
  25. 24 Feb, 2010 1 commit
  26. 11 Feb, 2010 3 commits