![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.62 / (download) - annotate - [select for diffs], Tue Apr 2 12:22:38 2024 UTC (6 weeks, 2 days ago) by deraadt
Branch: MAIN
CVS Tags: HEAD
Changes since 1.61: +4 -5 lines
Diff to previous 1.61 (colored)
Oops, incorrect hex conversion spotted by claudio. While here try to improve how it reads a bit better. Surprising the regression tests didn't spot this error, maybe it fails to roundtrip the values.
Revision 1.61 / (download) - annotate - [select for diffs], Tue Apr 2 09:48:24 2024 UTC (6 weeks, 2 days ago) by claudio
Branch: MAIN
Changes since 1.60: +1 -3 lines
Diff to previous 1.60 (colored)
Remove unused ptr[3] char array in pkcs11_decode_hex. OK deraadt@
Revision 1.60 / (download) - annotate - [select for diffs], Tue Apr 2 09:32:28 2024 UTC (6 weeks, 2 days ago) by deraadt
Branch: MAIN
Changes since 1.59: +21 -5 lines
Diff to previous 1.59 (colored)
Replace non-idiomatic strtoul(, 16) to parse a region of 2-character hex sequences with a low-level replacement designed just for the task. ok djm
Revision 1.59 / (download) - annotate - [select for diffs], Thu Jul 27 22:26:49 2023 UTC (9 months, 2 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.58: +19 -20 lines
Diff to previous 1.58 (colored)
don't incorrectly truncate logged strings retrieved from PKCS#11 modules; based on GHPR406 by Jakub Jelen; ok markus
Revision 1.55.6.1 / (download) - annotate - [select for diffs], Wed Jul 19 14:08:59 2023 UTC (9 months, 4 weeks ago) by bluhm
Branch: OPENBSD_7_2
Changes since 1.55: +3 -5 lines
Diff to previous 1.55 (colored) next main 1.56 (colored)
Disallow remote addition of FIDO/PKCS11 provider libraries to ssh-agent by default. The old behaviour of allowing remote clients from loading providers can be restored using `ssh-agent -O allow-remote-pkcs11`. Detection of local/remote clients requires a ssh(1) that supports the `session-bind@openssh.com` extension. Forwarding access to a ssh-agent socket using non-OpenSSH tools may circumvent this control. from djm@; ok markus@ terminate process if requested to load a PKCS#11 provider that isn't a PKCS#11 provider; from / ok markus@ from djm@ this is errata/7.2/032_ssh_agent.patch.sig
Revision 1.56.4.1 / (download) - annotate - [select for diffs], Wed Jul 19 14:07:53 2023 UTC (9 months, 4 weeks ago) by bluhm
Branch: OPENBSD_7_3
Changes since 1.56: +3 -5 lines
Diff to previous 1.56 (colored) next main 1.57 (colored)
Disallow remote addition of FIDO/PKCS11 provider libraries to ssh-agent by default. The old behaviour of allowing remote clients from loading providers can be restored using `ssh-agent -O allow-remote-pkcs11`. Detection of local/remote clients requires a ssh(1) that supports the `session-bind@openssh.com` extension. Forwarding access to a ssh-agent socket using non-OpenSSH tools may circumvent this control. from djm@; ok markus@ terminate process if requested to load a PKCS#11 provider that isn't a PKCS#11 provider; from / ok markus@ from djm@ this is errata/7.3/010_ssh_agent.patch.sig
Revision 1.58 / (download) - annotate - [select for diffs], Wed Jul 19 14:02:27 2023 UTC (9 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.57: +5 -1 lines
Diff to previous 1.57 (colored)
Ensure FIDO/PKCS11 libraries contain expected symbols This checks via nlist(3) that candidate provider libraries contain one of the symbols that we will require prior to dlopen(), which can cause a number of side effects, including execution of constructors. Feedback deraadt; ok markus
Revision 1.57 / (download) - annotate - [select for diffs], Wed Jul 19 13:55:53 2023 UTC (9 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.56: +3 -5 lines
Diff to previous 1.56 (colored)
terminate process if requested to load a PKCS#11 provider that isn't a PKCS#11 provider; from / ok markus@
Revision 1.56 / (download) - annotate - [select for diffs], Wed Mar 8 05:33:53 2023 UTC (14 months, 1 week ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE
Branch point for: OPENBSD_7_3
Changes since 1.55: +4 -4 lines
Diff to previous 1.55 (colored)
ssh-pkcs11: synchronize error messages with errors A handful of error messages contained incorrect function names or otherwise inaccurate descriptions. Fix them to match reality. input/ok djm
Revision 1.55 / (download) - annotate - [select for diffs], Thu Nov 18 21:11:01 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Branch point for: OPENBSD_7_2
Changes since 1.54: +5 -4 lines
Diff to previous 1.54 (colored)
avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we already did this for RSA keys). Avoids fatal errors for PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364
Revision 1.54 / (download) - annotate - [select for diffs], Wed Aug 11 05:20:17 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.53: +9 -9 lines
Diff to previous 1.53 (colored)
remove a bunch of %p in format strings; leftovers of debuggings past. prompted by Michael Forney, ok dtucker@
Revision 1.53 / (download) - annotate - [select for diffs], Fri Jun 25 06:30:22 2021 UTC (2 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.52: +2 -2 lines
Diff to previous 1.52 (colored)
fix decoding of X.509 subject name; from Leif Thuresson via bz3327 ok markus@
Revision 1.52 / (download) - annotate - [select for diffs], Sun Nov 22 22:38:26 2020 UTC (3 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.51: +22 -3 lines
Diff to previous 1.51 (colored)
when loading PKCS#11 keys, include the key fingerprints and provider/slot information in debug output.
Revision 1.51 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:02 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.50: +35 -42 lines
Diff to previous 1.50 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.50 / (download) - annotate - [select for diffs], Fri May 29 03:14:02 2020 UTC (3 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.49: +3 -2 lines
Diff to previous 1.49 (colored)
fix compilation on !HAVE_DLOPEN platforms; stub function was not updated to match API change. From Dale Rahn via beck@ ok markus@
Revision 1.49 / (download) - annotate - [select for diffs], Fri Mar 13 04:16:27 2020 UTC (4 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.48: +19 -4 lines
Diff to previous 1.48 (colored)
improve error messages for some common PKCS#11 C_Login failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok dtucker
Revision 1.48 / (download) - annotate - [select for diffs], Fri Mar 6 18:14:13 2020 UTC (4 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.47: +3 -1 lines
Diff to previous 1.47 (colored)
pkcs11_register_provider: return < 0 on error; ok djm
Revision 1.47 / (download) - annotate - [select for diffs], Sat Jan 25 00:03:36 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.46: +89 -53 lines
Diff to previous 1.46 (colored)
expose PKCS#11 key labels/X.509 subjects as comments Extract the key label or X.509 subject string when PKCS#11 keys are retrieved from the token and plumb this through to places where it may be used as a comment. based on https://github.com/openssh/openssh-portable/pull/138 by Danielle Church feedback and ok markus@
Revision 1.46 / (download) - annotate - [select for diffs], Tue Oct 1 10:22:53 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.45: +5 -26 lines
Diff to previous 1.45 (colored)
revert unconditional forced login implemented in r1.41 of ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the token returns no objects and this is less disruptive for users of tokens directly in ssh (rather than via ssh-agent) and in ssh-keygen bz3006, patch from Jakub Jelen; ok markus
Revision 1.45 / (download) - annotate - [select for diffs], Thu Sep 5 10:05:51 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.44: +33 -11 lines
Diff to previous 1.44 (colored)
if a PKCS#11 token returns no keys then try to login and refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@
Revision 1.44 / (download) - annotate - [select for diffs], Mon Sep 2 00:19:25 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)
downgrade PKCS#11 "provider returned no slots" warning from log level error to debug. This is common when attempting to enumerate keys on smartcard readers with no cards plugged in. bz#3058 ok dtucker@
Revision 1.43 / (download) - annotate - [select for diffs], Fri Mar 8 17:24:43 2019 UTC (5 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.42: +3 -1 lines
Diff to previous 1.42 (colored)
fix use-after-free in ssh-pkcs11; found by hshoexer w/AFL
Revision 1.42 / (download) - annotate - [select for diffs], Mon Feb 4 23:37:54 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.41: +17 -2 lines
Diff to previous 1.41 (colored)
fix NULL-deref crash in PKCS#11 code when attempting login to a token requiring a PIN; reported by benno@ fix mostly by markus@
Revision 1.41 / (download) - annotate - [select for diffs], Tue Jan 22 12:03:58 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.40: +22 -12 lines
Diff to previous 1.40 (colored)
Correct some bugs in PKCS#11 token PIN handling at initial login, the attempt at reading the PIN could be skipped in some cases especially on devices with integrated PIN readers. based on patch from Daniel Kucera in bz#2652; ok markus@
Revision 1.40 / (download) - annotate - [select for diffs], Tue Jan 22 12:00:50 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.39: +95 -26 lines
Diff to previous 1.39 (colored)
Support keys that set the CKA_ALWAYS_AUTHENTICATE by requring a fresh login after the C_SignInit operation. based on patch from Jakub Jelen in bz#2638; ok markus
Revision 1.39 / (download) - annotate - [select for diffs], Mon Jan 21 02:05:38 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.38: +3 -2 lines
Diff to previous 1.38 (colored)
always print the caller's error message in ossl_error(), even when there are no libcrypto errors to report.
Revision 1.38 / (download) - annotate - [select for diffs], Mon Jan 21 02:01:03 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.37: +8 -9 lines
Diff to previous 1.37 (colored)
get the ex_data (pkcs11_key object) back from the keys at the index at which it was inserted, rather than assuming index 0
Revision 1.37 / (download) - annotate - [select for diffs], Mon Jan 21 00:47:34 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.36: +14 -3 lines
Diff to previous 1.36 (colored)
use ECDSA_SIG_set0() instead of poking signature values into structure directly; the latter works on LibreSSL but not on OpenSSL. From portable.
Revision 1.36 / (download) - annotate - [select for diffs], Sun Jan 20 23:12:35 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.35: +3 -7 lines
Diff to previous 1.35 (colored)
we use singleton pkcs#11 RSA_METHOD and EC_KEY_METHOD now, so there is no need to keep a copy of each in the pkcs11_key object. work by markus@, ok djm@
Revision 1.35 / (download) - annotate - [select for diffs], Sun Jan 20 23:11:11 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.34: +6 -6 lines
Diff to previous 1.34 (colored)
KNF previous; from markus@
Revision 1.34 / (download) - annotate - [select for diffs], Sun Jan 20 23:10:33 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.33: +20 -34 lines
Diff to previous 1.33 (colored)
use OpenSSL's RSA reference counting hooks to implicitly clean up pkcs11_key objects when their owning RSA object's reference count drops to zero. Simplifies the cleanup path and makes it more like ECDSA's work by markus@, ok djm@
Revision 1.33 / (download) - annotate - [select for diffs], Sun Jan 20 23:08:24 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.32: +29 -16 lines
Diff to previous 1.32 (colored)
make the PKCS#11 RSA code more like the new PKCS#11 ECDSA code: use a single custom RSA_METHOD instead of a method per key suggested by me, but markus@ did all the work. ok djm@
Revision 1.32 / (download) - annotate - [select for diffs], Sun Jan 20 23:05:52 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.31: +21 -2 lines
Diff to previous 1.31 (colored)
fix leak of ECDSA pkcs11_key objects work by markus, ok djm@
Revision 1.31 / (download) - annotate - [select for diffs], Sun Jan 20 23:03:26 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.30: +3 -4 lines
Diff to previous 1.30 (colored)
use EVP_PKEY_get0_EC_KEY() instead of direct access of EC_KEY internals as that won't work on OpenSSL work by markus@, feedback and ok djm@
Revision 1.30 / (download) - annotate - [select for diffs], Sun Jan 20 23:01:59 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.29: +14 -10 lines
Diff to previous 1.29 (colored)
cleanup PKCS#11 ECDSA pubkey loading: the returned object should never have a DER header work by markus; feedback and ok djm@
Revision 1.29 / (download) - annotate - [select for diffs], Sun Jan 20 23:00:12 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.28: +16 -25 lines
Diff to previous 1.28 (colored)
cleanup unnecessary code in ECDSA pkcs#11 signature support: the sign operation does not return DER, but a concatenation of r|s work by markus@, feedback and ok djm@
Revision 1.28 / (download) - annotate - [select for diffs], Sun Jan 20 22:51:37 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.27: +1148 -203 lines
Diff to previous 1.27 (colored)
add support for ECDSA keys in PKCS#11 tokens Work by markus@ and Pedro Martelletto, feedback and ok me@
Revision 1.27 / (download) - annotate - [select for diffs], Thu Sep 13 02:08:33 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.26: +41 -16 lines
Diff to previous 1.26 (colored)
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
Revision 1.26 / (download) - annotate - [select for diffs], Wed Feb 7 02:06:51 2018 UTC (6 years, 3 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.25: +2 -3 lines
Diff to previous 1.25 (colored)
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@
Revision 1.25 / (download) - annotate - [select for diffs], Wed May 31 09:15:42 2017 UTC (6 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.24: +3 -3 lines
Diff to previous 1.24 (colored)
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
Revision 1.24 / (download) - annotate - [select for diffs], Tue May 30 14:15:17 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.23: +3 -2 lines
Diff to previous 1.23 (colored)
sshkey_new() might return NULL (pkcs#11 code only); ok djm@
Revision 1.23 / (download) - annotate - [select for diffs], Fri Oct 28 03:33:52 2016 UTC (7 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.22: +26 -15 lines
Diff to previous 1.22 (colored)
Improve pkcs11_add_provider() logging: demote some excessively verbose error()s to debug()s, include PKCS#11 provider name and slot in log messages where possible. bz#2610, based on patch from Jakub Jelen
Revision 1.22 / (download) - annotate - [select for diffs], Fri Feb 12 00:20:30 2016 UTC (8 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.21: +5 -3 lines
Diff to previous 1.21 (colored)
avoid fatal() for PKCS11 tokens that present empty key IDs bz#1773, ok markus@
Revision 1.21 / (download) - annotate - [select for diffs], Sat Jul 18 08:02:17 2015 UTC (8 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.20: +14 -6 lines
Diff to previous 1.20 (colored)
don't ignore PKCS#11 hosted keys that return empty CKA_ID; patch by Jakub Jelen via bz#2429; ok markus
Revision 1.20 / (download) - annotate - [select for diffs], Sat Jul 18 08:00:21 2015 UTC (8 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.19: +6 -1 lines
Diff to previous 1.19 (colored)
skip uninitialised PKCS#11 slots; patch from Jakub Jelen in bz#2427 ok markus@
Revision 1.19 / (download) - annotate - [select for diffs], Wed May 27 05:15:02 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.18: +20 -12 lines
Diff to previous 1.18 (colored)
support PKCS#11 devices with external PIN entry devices bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker@
Revision 1.18 / (download) - annotate - [select for diffs], Fri Apr 24 01:36:01 2015 UTC (9 years ago) by deraadt
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
rename xrealloc() to xreallocarray() since it follows that form. ok djm
Revision 1.17 / (download) - annotate - [select for diffs], Tue Feb 3 08:07:20 2015 UTC (9 years, 3 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
missing ; djm and mlarkin really having great interactions recently
Revision 1.16 / (download) - annotate - [select for diffs], Mon Feb 2 22:48:53 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.15: +7 -5 lines
Diff to previous 1.15 (colored)
handle PKCS#11 C_Login returning CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@
Revision 1.15 / (download) - annotate - [select for diffs], Thu Jan 15 09:40:00 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.14: +13 -13 lines
Diff to previous 1.14 (colored)
sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
Revision 1.14 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
Revision 1.13 / (download) - annotate - [select for diffs], Fri May 2 03:27:54 2014 UTC (10 years ago) by djm
Branch: MAIN
Changes since 1.12: +1 -1 lines
Diff to previous 1.12 (colored)
revert __bounded change; it causes way more problems for portable than it solves; pointed out by dtucker@
Revision 1.12 / (download) - annotate - [select for diffs], Wed Mar 26 04:55:35 2014 UTC (10 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
use __bounded(...) attribute recently added to sys/cdefs.h instead of longform __attribute__(__bounded(...)); for brevity and a warning free compilation with llvm/clan
Revision 1.11 / (download) - annotate - [select for diffs], Wed Nov 13 13:48:20 2013 UTC (10 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
add missing braces found by pedro
Revision 1.10 / (download) - annotate - [select for diffs], Wed Nov 6 23:05:59 2013 UTC (10 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored)
from portable: s/true/true_val/ to avoid name collisions on dump platforms
Revision 1.9 / (download) - annotate - [select for diffs], Sat Nov 2 20:03:54 2013 UTC (10 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.8: +98 -28 lines
Diff to previous 1.8 (colored)
support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys; fixes bz#1908; based on patch from Laurent Barbe; ok djm
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jul 12 00:20:00 2013 UTC (10 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.7: +6 -6 lines
Diff to previous 1.7 (colored)
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
Revision 1.7 / (download) - annotate - [select for diffs], Fri May 17 00:13:14 2013 UTC (11 years ago) by djm
Branch: MAIN
Changes since 1.6: +12 -15 lines
Diff to previous 1.6 (colored)
bye, bye xfree(); ok markus@
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jun 8 21:32:19 2010 UTC (13 years, 11 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.5: +8 -2 lines
Diff to previous 1.5 (colored)
check length of value returned C_GetAttributValue for != 0 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
Revision 1.5 / (download) - annotate - [select for diffs], Thu Apr 15 20:32:55 2010 UTC (14 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.4: +34 -11 lines
Diff to previous 1.4 (colored)
retry lookup for private key if there's no matching key with CKA_SIGN attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) ok djm@
Revision 1.4 / (download) - annotate - [select for diffs], Wed Feb 24 06:12:53 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.3: +1 -0 lines
Diff to previous 1.3 (colored)
Add $OpenBSD$ tags in comments, our portable-syncing scripts use these
Revision 1.3 / (download) - annotate - [select for diffs], Sun Feb 21 06:19:08 2010 UTC (14 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +2 -0 lines
Diff to previous 1.2 (colored)
dlclose() call should also be #ifdef HAVE_DLOPEN
Revision 1.2 / (download) - annotate - [select for diffs], Sat Feb 20 20:28:11 2010 UTC (14 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.1: +9 -0 lines
Diff to previous 1.1 (colored)
unbreak build for NOPIC systems; noticed, help and ok deraadt@
Revision 1.1 / (download) - annotate - [select for diffs], Mon Feb 8 10:50:20 2010 UTC (14 years, 3 months ago) by markus
Branch: MAIN
replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev