Commit Graph

12 Commits

Author SHA1 Message Date
djm@openbsd.org dbee4119b5 upstream commit
refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-09-12 17:37:02 +10:00
djm@openbsd.org a9c7460887 upstream commit
split allocation out of sshbuf_reserve() into a separate
sshbuf_allocate() function; ok markus@

Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2
2016-11-29 16:48:02 +11:00
djm@openbsd.org 1a31d02b24 upstream commit
fix signed/unsigned errors reported by clang-3.7; add
 sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
 better safety checking; feedback and ok markus@

Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
2016-05-02 20:35:04 +10:00
mmcc@openbsd.org 8e56dd46cb upstream commit
Fix a couple "the the" typos. ok dtucker@

Upstream-ID: ec364c5af32031f013001fd28d1bd3dfacfe9a72
2015-12-11 13:23:13 +11:00
djm@openbsd.org a7994b3f5a upstream commit
improve PEEK/POKE macros: better casts, don't multiply
 evaluate arguments; ok deraadt@

Upstream-ID: 9a1889e19647615ededbbabab89064843ba92d3e
2015-11-16 11:31:35 +11:00
Damien Miller b03ebe2c22 more --without-openssl
fix some regressions caused by upstream merges

enable KRLs now that they no longer require BIGNUMs
2015-01-15 03:08:58 +11:00
djm@openbsd.org a165bab605 upstream commit
avoid BIGNUM in KRL code by using a simple bitmap;
 feedback and ok markus
2015-01-15 02:22:18 +11:00
Damien Miller 8813790263 - (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC. 2014-08-19 11:28:11 +10:00
Damien Miller 8668706d0f - djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
2014-07-02 15:28:02 +10:00
Darren Tucker b9609fd86c - (dtucker) [sshbuf.h] Only declare ECC functions if building without
OpenSSL or if OpenSSL has ECC.
2014-06-11 08:04:02 +10:00
Darren Tucker a54a040f66 - dtucker@cvs.openbsd.org 2014/06/10 21:46:11
[sshbuf.h]
     Group ECC functions together to make things a little easier in -portable.
     "doesn't bother me" deraadt@
2014-06-11 07:58:35 +10:00
Damien Miller 05e82c3b96 - djm@cvs.openbsd.org 2014/04/30 05:29:56
[bufaux.c bufbn.c bufec.c buffer.c buffer.h sshbuf-getput-basic.c]
     [sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c sshbuf.h ssherr.c]
     [ssherr.h]
     New buffer API; the first installment of the conversion/replacement
     of OpenSSH's internals to make them usable as a standalone library.

     This includes a set of wrappers to make it compatible with the
     existing buffer API so replacement can occur incrementally.

     With and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review.
2014-05-15 14:33:43 +10:00