tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,711 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

6711 Commits

Author SHA1 Message Date
Damien Miller 6045f5d574 - djm@cvs.openbsd.org 2013/01/24 22:08:56 
[krl.c]
     skip serial lookup when cert's serial number is zero
 2013-02-12 10:54:54 +11:00
Damien Miller ea078462ea - (djm) OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2013/01/24 21:45:37
     [krl.c]
     fix handling of (unused) KRL signatures; skip string in correct buffer
 2013-02-12 10:54:37 +11:00
Damien Miller b6f73b3af6 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old 
libcrypto that lacks EVP_CIPHER_CTX_ctrl
 2013-02-11 10:39:12 +11:00
Darren Tucker 951b53b1be - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows 
__attribute__ on return values and work around if necessary.  ok djm@
 2013-02-08 11:50:09 +11:00
Damien Miller e7f50e1c18 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer; 
patch from Iain Morgan in bz#2059
 2013-02-08 10:49:37 +11:00
Damien Miller 5c3bbd76aa - (djm) [configure.ac] Don't probe seccomp capability of running kernel 
at configure time; the seccomp sandbox will fall back to rlimit at
       runtime anyway. Patch from plautrba AT redhat.com in bz#2011
 2013-02-07 10:11:05 +11:00
Damien Miller dc75d1fc04 - (djm) [regress/krl.sh] replacement for jot; most platforms lack it 2013-01-20 22:58:51 +11:00
Damien Miller d60b210830 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer 
version.
 2013-01-20 22:49:58 +11:00
Damien Miller a7522d9fc0 - markus@cvs.openbsd.org 2013/01/19 12:34:55 
[krl.c]
     RB_INSERT does not remove existing elments; ok djm@
 2013-01-20 22:35:31 +11:00
Damien Miller a0a7ee8bf4 - jmc@cvs.openbsd.org 2013/01/19 07:13:25 
[ssh-keygen.1]
     fix some formatting; ok djm
 2013-01-20 22:35:06 +11:00
Damien Miller 881a7a2c5d - jmc@cvs.openbsd.org 2013/01/18 21:48:43 
[ssh-keygen.1]
     command-line (adj.) -> command line (n.);
 2013-01-20 22:34:46 +11:00
Damien Miller 072fdcd198 - jmc@cvs.openbsd.org 2013/01/18 08:39:04 
[ssh-keygen.1]
     add -Q to the options list; ok djm
 2013-01-20 22:34:04 +11:00
Damien Miller 72abeb709e - jmc@cvs.openbsd.org 2013/01/18 08:00:49 
[sshd_config.5]
     tweak previous;
 2013-01-20 22:33:44 +11:00
Damien Miller 3d6d68b1e1 - jmc@cvs.openbsd.org 2013/01/18 07:59:46 
[ssh-keygen.c]
     -u before -V in usage();
 2013-01-20 22:33:23 +11:00
Damien Miller ac5542b6b8 - jmc@cvs.openbsd.org 2013/01/18 07:57:47 
[ssh-keygen.1]
     tweak previous;
 2013-01-20 22:33:02 +11:00
Damien Miller da5cc5d09a - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h] 
Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
   prototypes for openssl-1.0.0-fips.
 2013-01-20 22:31:29 +11:00
Damien Miller 13f5f768bc - djm@cvs.openbsd.org 2013/01/18 03:00:32 
[krl.c]
     fix KRL generation bug for list sections
 2013-01-18 15:32:03 +11:00
Damien Miller ebafebda85 - djm@cvs.openbsd.org 2013/01/18 00:45:29 
[regress/Makefile regress/cert-userkey.sh regress/krl.sh]
     Tests for Key Revocation Lists (KRLs)
 2013-01-18 11:51:56 +11:00
Damien Miller f3747bf401 - djm@cvs.openbsd.org 2013/01/17 23:00:01 
[auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
     [krl.c krl.h PROTOCOL.krl]
     add support for Key Revocation Lists (KRLs). These are a compact way to
     represent lists of revoked keys and certificates, taking as little as
     a single bit of incremental cost to revoke a certificate by serial number.
     KRLs are loaded via the existing RevokedKeys sshd_config option.
     feedback and ok markus@
 2013-01-18 11:44:04 +11:00
Damien Miller b26699bbad - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] 
check for GCM support before testing GCM ciphers.
 2013-01-17 14:31:57 +11:00
Damien Miller efa1c95092 - (djm) [regress/integrity.sh] repair botched merge 2013-01-12 23:10:47 +11:00
Damien Miller 846dc7f21c - djm@cvs.openbsd.org 2013/01/12 11:23:53 
[regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
     test AES-GCM modes; feedback markus@
 2013-01-12 22:46:26 +11:00
Damien Miller c20eb8b8ea - djm@cvs.openbsd.org 2013/01/12 11:22:04 
[cipher.c]
     improve error message for integrity failure in AES-GCM modes; ok markus@
 2013-01-12 22:41:26 +11:00
Damien Miller 1422c0887c - djm@cvs.openbsd.org 2013/01/09 05:40:17 
[ssh-keygen.c]
     correctly initialise fingerprint type for fingerprinting PKCS#11 keys
 2013-01-09 16:44:54 +11:00
Damien Miller d522c68872 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h] 
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
   cipher compat code to openssl-compat.h
 2013-01-09 16:42:47 +11:00
Damien Miller 1d75abfe23 - markus@cvs.openbsd.org 2013/01/08 18:49:04 
[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
     [myproposal.h packet.c ssh_config.5 sshd_config.5]
     support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
     ok and feedback djm@
 2013-01-09 16:12:19 +11:00
Damien Miller aa7ad3039c - jmc@cvs.openbsd.org 2013/01/04 19:26:38 
[sftp-server.8 sftp-server.c]
     sftp-server.8: add argument name to -d
     sftp-server.c: add -d to usage()
     ok djm
 2013-01-09 15:58:21 +11:00
Damien Miller ec77c954c8 - djm@cvs.openbsd.org 2013/01/03 23:22:58 
[ssh-keygen.c]
     allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
     ok markus@
 2013-01-09 15:58:00 +11:00
Damien Miller 502ab0eff1 - djm@cvs.openbsd.org 2013/01/03 12:54:49 
[sftp-server.8 sftp-server.c]
     allow specification of an alternate start directory for sftp-server(8)
     "I like this" markus@
 2013-01-09 15:57:36 +11:00
Damien Miller 3739c8f041 - djm@cvs.openbsd.org 2013/01/03 12:49:01 
[PROTOCOL]
     fix description of MAC calculation for EtM modes; ok markus@
 2013-01-09 15:57:16 +11:00
Damien Miller 441384453c - djm@cvs.openbsd.org 2013/01/03 05:49:36 
[servconf.h]
     add a couple of ServerOptions members that should be copied to the privsep
     child (for consistency, in this case they happen only to be accessed in
     the monitor); ok dtucker@
 2013-01-09 15:56:45 +11:00
Damien Miller 697485d50a - djm@cvs.openbsd.org 2013/01/02 00:33:49 
[PROTOCOL.agent]
     correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
     bz#2051 from david AT lechnology.com
 2013-01-09 15:56:13 +11:00
Damien Miller 73298f420e - djm@cvs.openbsd.org 2013/01/02 00:32:07 
[clientloop.c mux.c]
     channel_setup_local_fwd_listener() returns 0 on failure, not -ve
     bz#2055 reported by mathieu.lacage AT gmail.com
 2013-01-09 15:55:50 +11:00
Damien Miller 4e14a58f3f - dtucker@cvs.openbsd.org 2012/12/14 05:26:43 
[auth.c]
     use correct string in error message; from rustybsd at gmx.fr
 2013-01-09 15:54:48 +11:00
Darren Tucker 0fc77297e6 - (dtucker) [Makefile.in] Add some scaffolding so that the new regress 
tests will work with VPATH directories.
 2012-12-17 15:59:42 +11:00
Damien Miller 13cbff1e00 - (djm) [cipher.c] Fix missing prototype for compat code 2012-12-13 08:25:07 +11:00
Damien Miller 25a02b0c95 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our 
compat code for older OpenSSL
 2012-12-13 08:18:56 +11:00
Damien Miller 8c05da3326 - markus@cvs.openbsd.org 2012/12/12 16:45:52 
[packet.c]
     reset incoming_packet buffer for each new packet in EtM-case, too;
     this happens if packets are parsed only parially (e.g. ignore
     messages sent when su/sudo turn off echo); noted by sthen/millert
 2012-12-13 07:18:59 +11:00
Damien Miller faabeb6b36 - (djm) [regress/Makefile] fix t-exec rule 2012-12-12 12:51:54 +11:00
Damien Miller 37461d7391 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip 2012-12-12 12:37:32 +11:00
Damien Miller 9fec296b0a - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test 
work on platforms without 'jot'
 2012-12-12 12:10:10 +11:00
Damien Miller 37834afe7b - (djm) [mac.c] fix merge botch 2012-12-12 11:00:37 +11:00
Damien Miller ec7ce9ace4 - markus@cvs.openbsd.org 2012/12/11 23:12:13 
[try-ciphers.sh]
     add hmac-ripemd160-etm@openssh.com
 2012-12-12 10:55:32 +11:00
Damien Miller 1fb593a3f1 - markus@cvs.openbsd.org 2012/12/11 22:42:11 
[regress/Makefile regress/modpipe.c regress/integrity.sh]
     test the integrity of the packets; with djm@
 2012-12-12 10:54:37 +11:00
Damien Miller 1a45b63d7b - markus@cvs.openbsd.org 2012/12/11 22:32:56 
[regress/try-ciphers.sh]
     add etm modes
 2012-12-12 10:52:07 +11:00
Damien Miller 74f13bdf26 - sthen@cvs.openbsd.org 2012/12/11 22:51:45 
[mac.c]
     fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@
 2012-12-12 10:46:53 +11:00
Damien Miller af43a7ac2d - markus@cvs.openbsd.org 2012/12/11 22:31:18 
[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
     [packet.c ssh_config.5 sshd_config.5]
     add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
     that change the packet format and compute the MAC over the encrypted
     message (including the packet size) instead of the plaintext data;
     these EtM modes are considered more secure and used by default.
     feedback and ok djm@
 2012-12-12 10:46:31 +11:00
Damien Miller 6a1937eac5 - markus@cvs.openbsd.org 2012/12/11 22:16:21 
[monitor.c]
     drain the log messages after receiving the keystate from the unpriv
     child. otherwise it might block while sending. ok djm@
 2012-12-12 10:44:38 +11:00
Darren Tucker 3e1027cd1f - dtucker@cvs.openbsd.org 2012/12/07 01:51:35 
[serverloop.c]
     Cast signal to int for logging.  A no-op on openbsd (they're always ints)
     but will prevent warnings in portable.  ok djm@
 2012-12-07 13:07:46 +11:00
Darren Tucker 8a96522482 - markus@cvs.openbsd.org 2012/12/05 15:42:52 
[ssh-add.c]
     prevent double-free of comment; ok djm@
 2012-12-07 13:07:02 +11:00