- 20ebb46 UPSTREAM: upstream: avoid possible NULL deref; from Pedro Martelletto by djm@openbsd.org · 4 years, 5 months ago
- d25d630 upstream: we have a sshkey_save_public() function to save public keys; by djm@openbsd.org · 4 years, 5 months ago
- 99ce9ce upstream: avoid NULL dereference when attempting to convert invalid by djm@openbsd.org · 4 years, 5 months ago
- a98d5ba upstream: fix a bug I introduced in r1.406: when printing private key by djm@openbsd.org · 4 years, 5 months ago
- 32f2d0a upstream: repair private key fingerprint printing to also print by djm@openbsd.org · 4 years, 6 months ago
- 6ec7457 upstream: give ssh-keygen the ability to dump the contents of a by djm@openbsd.org · 4 years, 6 months ago
- d081f01 upstream: spelling errors in comments; no code change from by djm@openbsd.org · 4 years, 7 months ago
- c084a2d upstream: when downloading FIDO2 resident keys from a token, don't by djm@openbsd.org · 4 years, 7 months ago
- e32ef97 upstream: fix use-after-free in do_download_sk; ok djm by markus@openbsd.org · 4 years, 7 months ago
- ff2acca upstream: exit if ssh_krl_revoke_key_sha256 fails; ok djm by markus@openbsd.org · 4 years, 7 months ago
- 9b47bd7 upstream: no-touch-required certificate option should be an by djm@openbsd.org · 4 years, 7 months ago
- d5ba1c0 upstream: change explicit_bzero();free() to freezero() by jsg@openbsd.org · 4 years, 7 months ago
- fd68dc2 upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more by djm@openbsd.org · 4 years, 8 months ago
- a47f6a6 upstream: Replace "security key" with "authenticator" in program by naddy@openbsd.org · 4 years, 8 months ago
- d596b1d upstream: require FIDO application strings to start with "ssh:"; ok by djm@openbsd.org · 4 years, 8 months ago
- 24c0f75 upstream: changes to support FIDO attestation by djm@openbsd.org · 4 years, 8 months ago
- 59d01f1 upstream: improve the error message for u2f enrollment errors by by djm@openbsd.org · 4 years, 8 months ago
- 99aa803 upstream: factor out reading/writing sshbufs to dedicated by djm@openbsd.org · 4 years, 8 months ago
- e16dfa9 Put EC key export inside OPENSSL_HAS_ECC. by Darren Tucker · 4 years, 8 months ago
- 89a8d45 upstream: expose PKCS#11 key labels/X.509 subjects as comments by djm@openbsd.org · 4 years, 8 months ago
- d15c8ad upstream: minor tweaks to ssh-keygen -Y find-principals: by djm@openbsd.org · 4 years, 8 months ago
- 4a41d24 upstream: when signing a certificate with an RSA key, default to by djm@openbsd.org · 4 years, 8 months ago
- 8dfb6a2 upstream: allow PEM export of DSA and ECDSA keys; bz3091, patch by djm@openbsd.org · 4 years, 8 months ago
- 72a8bea upstream: ssh-keygen -Y find-principals fixes based on feedback by djm@openbsd.org · 4 years, 8 months ago
- 69ac4e3 upstream: remove trailing period characters from pub/priv key by djm@openbsd.org · 4 years, 8 months ago
- 56cffcc upstream: add a new signature operations "find-principal" to look by djm@openbsd.org · 4 years, 8 months ago
- 4a32c0c upstream: For ssh-keygen -lF only add a space after key fingerprint by claudio@openbsd.org · 4 years, 8 months ago
- 80d3beb upstream: don't #ifdef out the KRL code when compiling without by djm@openbsd.org · 4 years, 8 months ago
- 0d005d6 upstream: sync ssh-keygen.1 and ssh-keygen's usage() with each by naddy@openbsd.org · 4 years, 9 months ago
- c312ca0 upstream: Extends the SK API to accept a set of key/value options by djm@openbsd.org · 4 years, 9 months ago
- 9039971 upstream: ability to download FIDO2 resident keys from a token via by djm@openbsd.org · 4 years, 9 months ago
- 3093d12 upstream: Remove the -x option currently used for by djm@openbsd.org · 4 years, 9 months ago
- 43ce964 upstream: translate and return error codes; retry on bad PIN by djm@openbsd.org · 4 years, 9 months ago
- c54cd18 upstream: SK API and sk-helper error/PIN passing by djm@openbsd.org · 4 years, 9 months ago
- 4532bd0 upstream: basic support for generating FIDO2 resident keys by djm@openbsd.org · 4 years, 9 months ago
- 3e60d18 upstream: remove single-letter flags for moduli options by djm@openbsd.org · 4 years, 9 months ago
- 1e645fe upstream: prepare for use of ssh-keygen -O flag beyond certs by djm@openbsd.org · 4 years, 9 months ago
- 9244990 remove a bunch of ENABLE_SK #ifdefs by Damien Miller · 4 years, 10 months ago
- 516605f upstream: when acting as a CA and using a security key as the CA by djm@openbsd.org · 4 years, 10 months ago
- 26cb128 upstream: Print a key touch reminder when generating a security by djm@openbsd.org · 4 years, 10 months ago
- daeaf41 upstream: allow "ssh-keygen -x no-touch-required" when generating a by djm@openbsd.org · 4 years, 10 months ago
- 2e71263 upstream: add a "no-touch-required" option for authorized_keys and by djm@openbsd.org · 4 years, 10 months ago
- b7e74ea upstream: Add new structure for signature options by djm@openbsd.org · 4 years, 10 months ago
- f0edda8 upstream: more missing mentions of ed25519-sk; ok djm@ by naddy@openbsd.org · 4 years, 11 months ago
- 189550f upstream: additional missing stdarg.h includes when built without by naddy@openbsd.org · 4 years, 11 months ago
- d882054 upstream: Fix incorrect error message when key certification fails by djm@openbsd.org · 4 years, 11 months ago
- 85409cb upstream: allow *-sk key types to be turned into certificates by djm@openbsd.org · 4 years, 11 months ago
- 103c51f upstream: missing break in getopt switch; spotted by Sebastian Kinne by djm@openbsd.org · 4 years, 11 months ago
- 6bff952 upstream: directly support U2F/FIDO2 security keys in OpenSSH by by djm@openbsd.org · 4 years, 11 months ago
- e44bb61 upstream: security keys typically need to be tapped/touched in by djm@openbsd.org · 4 years, 11 months ago
- 782093e Remove leftover if statement from sync. by Darren Tucker · 4 years, 11 months ago
- 2c55744 upstream: enable ed25519 support; ok djm by markus@openbsd.org · 4 years, 11 months ago
- aa1c9e3 upstream: duplicate 'x' character in getopt(3) optstring by djm@openbsd.org · 5 years ago
- aa4c640 upstream: Fill in missing man page bits for U2F security key support: by naddy@openbsd.org · 5 years ago
- 764d51e autoconf pieces for U2F support by Damien Miller · 5 years ago
- b923a90 upstream: fix -Wshadow warning by djm@openbsd.org · 5 years ago
- 9a14c64 upstream: Refactor signing - use sshkey_sign for everything, by djm@openbsd.org · 5 years ago
- 23f38c2 upstream: ssh-keygen support for generating U2F/FIDO keys by djm@openbsd.org · 5 years ago
- 6500c3b upstream: free buf before return; reported by krishnaiah bommu by djm@openbsd.org · 5 years ago
- cfc1897 wrap stdint.h include in HAVE_STDINT_H by Damien Miller · 5 years ago
- 6918974 upstream: use a more common options order in SYNOPSIS and sync by jmc@openbsd.org · 5 years ago
- feff96b upstream: thinko in previous; spotted by Mantas by djm@openbsd.org · 5 years ago
- dc6f81e upstream: ban empty namespace strings for s by djm@openbsd.org · 5 years ago
- 6c91d42 upstream: group and sort single letter options; ok deraadt by jmc@openbsd.org · 5 years ago
- 3e53ef2 upstream: identity_file[] should be PATH_MAX, not the arbitrary by deraadt@openbsd.org · 5 years ago
- 8aa2aa3 upstream: Allow testing signature syntax and validity without verifying by djm@openbsd.org · 5 years ago
- c8bdd2d upstream: key conversion should fail for !openssl builds, not fall by djm@openbsd.org · 5 years ago
- 670104b upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@ by djm@openbsd.org · 5 years ago
- be02d7c upstream: lots of things were relying on libcrypto headers to by djm@openbsd.org · 5 years ago
- 0f44e59 upstream: repair typo and editing mishap by naddy@openbsd.org · 5 years ago
- d637c4a upstream: sshsig tweaks and improvements from and suggested by by djm@openbsd.org · 5 years ago
- 2a9c9f7 upstream: sshsig: lightweight signature and verification ability by djm@openbsd.org · 5 years ago
- 85443f1 upstream: factor out confirm_overwrite(); ok markus@ by djm@openbsd.org · 5 years ago
- 9a396e3 upstream: constify an argument by djm@openbsd.org · 5 years ago
- 0713322 upstream: print comment when printing pubkey from private by djm@openbsd.org · 5 years ago
- 7afc45c upstream: Allow the maximimum uint32 value for the argument passed to by dtucker@openbsd.org · 5 years ago
- c31e4f5 upstream: Many key types are supported now, so take care to check by naddy@openbsd.org · 5 years ago
- bca0582 upstream: Accept the verbose flag when searching for host keys in known by djm@openbsd.org · 5 years ago
- 16dd8b2 upstream: remove mostly vestigal uuencode.[ch]; moving the only unique by djm@openbsd.org · 5 years ago
- eb0d8e7 upstream: support PKCS8 as an optional format for storage of by djm@openbsd.org · 5 years ago
- cec9ee5 upstream: revert header removal that snuck into previous by djm@openbsd.org · 5 years ago
- 569b650 upstream: add a local implementation of BSD realpath() for by djm@openbsd.org · 5 years ago
- 4d28fa7 upstream: When system calls indicate an error they return -1, not by deraadt@openbsd.org · 5 years ago
- 4f7a56d upstream: Add protection for private keys at rest in RAM against by djm@openbsd.org · 5 years ago
- 0323d9b upstream: Replace calls to ssh_malloc_init() by a static init of by otto@openbsd.org · 5 years ago
- 410b231 upstream: Make the standard output messages of both methods of by lum@openbsd.org · 5 years ago
- 26e0cef upstream: Expand comment to document rationale for default key by dtucker@openbsd.org · 6 years ago
- f47269e upstream: Increase the default RSA key size to 3072 bits. Based on by dtucker@openbsd.org · 6 years ago
- a8c807f upstream: ssh-keygen -D pkcs11.so needs to initialize pkcs11 by benno@openbsd.org · 6 years ago
- be06394 upstream: allow auto-incrementing certificate serial number for certs by djm@openbsd.org · 6 years ago
- 851f803 upstream: move a bunch of global flag variables to main(); make the by djm@openbsd.org · 6 years ago
- f99ef8d upstream: add -m to usage(); reminded by jmc@ by djm@openbsd.org · 6 years ago
- 42c5ec4 refactor libcrypto initialisation by Damien Miller · 6 years ago
- 9b47b08 Fix error message w/out nistp521. by Manoj Ampalam · 6 years ago
- a4fc253 upstream: when printing certificate contents "ssh-keygen -Lf by djm@openbsd.org · 6 years ago
- 6da046f upstream: garbage-collect moribund ssh_new_private() API. by djm@openbsd.org · 6 years ago
- 482d23b upstream: hold our collective noses and use the openssl-1.1.x API in by djm@openbsd.org · 6 years ago
- 9405c62 upstream: allow key revocation by SHA256 hash and allow ssh-keygen by djm@openbsd.org · 6 years ago
- ed7bd5d upstream: Use new private key format by default. This format is by djm@openbsd.org · 6 years ago
- 4d3b2f3 missing headers by Damien Miller · 6 years ago