tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,720 Commits 7 Branches 18 Tags 96 MiB
Commit Graph

94 Commits

Author SHA1 Message Date
Damien Miller f0a8ded824 - djm@cvs.openbsd.org 2013/01/26 06:11:05 
[Makefile.in acss.c acss.h cipher-acss.c cipher.c]
     [openbsd-compat/openssl-compat.h]
     remove ACSS, now that it is gone from libcrypto too
 2013-02-12 11:00:34 +11:00
Damien Miller c20eb8b8ea - djm@cvs.openbsd.org 2013/01/12 11:22:04 
[cipher.c]
     improve error message for integrity failure in AES-GCM modes; ok markus@
 2013-01-12 22:41:26 +11:00
Damien Miller d522c68872 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h] 
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
   cipher compat code to openssl-compat.h
 2013-01-09 16:42:47 +11:00
Damien Miller 1d75abfe23 - markus@cvs.openbsd.org 2013/01/08 18:49:04 
[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
     [myproposal.h packet.c ssh_config.5 sshd_config.5]
     support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
     ok and feedback djm@
 2013-01-09 16:12:19 +11:00
Damien Miller 13cbff1e00 - (djm) [cipher.c] Fix missing prototype for compat code 2012-12-13 08:25:07 +11:00
Damien Miller 25a02b0c95 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our 
compat code for older OpenSSL
 2012-12-13 08:18:56 +11:00
Damien Miller af43a7ac2d - markus@cvs.openbsd.org 2012/12/11 22:31:18 
[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
     [packet.c ssh_config.5 sshd_config.5]
     add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
     that change the packet format and compute the MAC over the encrypted
     message (including the packet size) instead of the plaintext data;
     these EtM modes are considered more secure and used by default.
     feedback and ok djm@
 2012-12-12 10:46:31 +11:00
Damien Miller 13ae44ce58 - markus@cvs.openbsd.org 2009/01/26 09:58:15 
[cipher.c cipher.h packet.c]
     Work around the CPNI-957037 Plaintext Recovery Attack by always
     reading 256K of data on packet size or HMAC errors (in CBC mode only).
     Help, feedback and ok djm@
     Feedback from Martin Albrecht and Paterson Kenny
 2009-01-28 16:38:41 +11:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
 2006-08-05 12:39:39 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
 2006-07-24 14:13:33 +10:00
Damien Miller 57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03 
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
 2006-03-26 14:24:48 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
 2006-03-26 00:03:21 +11:00
Darren Tucker 129d0bb6a6 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac 
openbsd-compat/openssl-compat.h] Check for and work around broken AES
   ciphers >128bit on (some) Solaris 10 systems.  ok djm@
 2005-12-19 17:40:40 +11:00
Damien Miller 46d38de48b - djm@cvs.openbsd.org 2005/07/16 01:35:24 
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
     [sshconnect.c]
     spacing
 2005-07-17 17:02:09 +10:00
Darren Tucker f0bd352429 - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h 
openbsd-compat/openssl-compat.c] only include openssl compat stuff where
   it's needed as it can cause conflicts elsewhere (eg xcrypt.c).  Found by
   and ok tim@
----------------------------------------------------------------------
automatically CVS: CVS: Committing in .  CVS: CVS: Modified Files:
----------------------------------------------------------------------
 2005-06-17 21:15:20 +10:00
Damien Miller eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33 
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
 2005-06-17 12:59:34 +10:00
Damien Miller 46f55d3665 - dtucker@cvs.openbsd.org 2005/06/09 13:43:49 
[cipher.c]
     Correctly initialize end of array sentinel; ok djm@
     (Id sync only, change already in portable)
 2005-06-16 13:21:17 +10:00
Darren Tucker a55ec77013 - (dtucker) [cipher.c openbsd-compat/Makefile.in 
openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h]
   Move compatibility code for supporting older OpenSSL versions to the
   compat layer.  Suggested by and "no objection" djm@
 2005-06-09 21:45:10 +10:00
Damien Miller 3710f278ae - djm@cvs.openbsd.org 2005/05/23 23:32:46 
[cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5]
     add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes;
     ok markus@
 2005-05-26 12:19:17 +10:00
Darren Tucker 660db78af2 - djm@cvs.openbsd.org 2005/01/23 10:18:12 
[cipher.c]
     config option "Ciphers" should be case-sensitive; ok dtucker@
 2005-01-24 21:57:11 +11:00
Darren Tucker d231186fd0 - djm@cvs.openbsd.org 2004/12/22 02:13:19 
[cipher-ctr.c cipher.c]
     remove fallback AES support for old OpenSSL, as OpenBSD has had it for
     many years now; ok deraadt@
     (Id sync only: Portable will continue to support older OpenSSLs)
 2005-01-20 13:27:56 +11:00
Darren Tucker 5cb30ad2ec - markus@cvs.openbsd.org 2004/07/28 09:40:29 
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
     sshconnect1.c]
     more s/illegal/invalid/
 2004-08-12 22:40:24 +10:00
Darren Tucker fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
 2004-07-17 16:12:08 +10:00
Darren Tucker e5a604fdd4 - (dtucker) [cipher.c] encrypt->do_encrypt inside SSH_OLD_EVP to match 
-Wshadow change.
 2004-06-23 12:28:31 +10:00
Darren Tucker 3f9fdc7121 - avsm@cvs.openbsd.org 2004/06/21 17:36:31 
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
     cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
     monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
     ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
     sshpty.c]
     make ssh -Wshadow clean, no functional changes
     markus@ ok

There are also some portable-specific -Wshadow warnings to be fixed in
monitor.c and montior_wrap.c.
 2004-06-22 12:56:01 +10:00
Darren Tucker 693f8a8aae - (dtucker) [cipher.c] enable AES counter modes with OpenSSL 0.9.5. 
ok djm@, markus@
 2004-02-07 12:29:39 +11:00
Darren Tucker 6977fe742b - (dtucker) [cipher-acss.c cipher.c] Enable acss only if building with 
OpenSSL >= 0.9.7.  ok djm@
 2004-02-06 15:26:10 +11:00
Damien Miller b2d1c2b3b8 - hshoexer@cvs.openbsd.org 2004/01/23 19:26:33 
[cipher.c]
     rename acss@opebsd.org to acss@openssh.org
     ok deraadt@
 2004-01-27 21:20:59 +11:00
Damien Miller 4f0fe684da - (djm) OpenBSD CVS Sync 
- hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
     [cipher.c]
     enable acss for ssh
     ok deraadt@ markus@
 - (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS
   if libcrypto lacks it
 2004-01-27 21:19:21 +11:00
Damien Miller f58b58ced1 - jakob@cvs.openbsd.org 2003/11/10 16:23:41 
[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
     [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
     [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
     constify. ok markus@ & djm@
 2003-11-17 21:18:23 +11:00
Damien Miller 5c3a55846a - (djm) Sync with V_3_7 branch: 
- (djm) Fix SSH1 challenge kludge
   - (djm) Bug #671: Fix builds on OpenBSD
   - (djm) Bug #676: Fix PAM stack corruption
   - (djm) Fix bad free() in PAM code
   - (djm) Don't call pam_end before pam_init
   - (djm) Enable build with old OpenSSL again
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 2003-09-23 22:12:38 +10:00
Damien Miller f5399c24dc - markus@cvs.openbsd.org 2003/05/17 04:27:52 
[cipher.c cipher-ctr.c myproposal.h]
     experimental support for aes-ctr modes from
     http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt
     ok djm@
 2003-05-18 20:53:59 +10:00
Damien Miller 3a3261ff99 - markus@cvs.openbsd.org 2003/05/15 03:08:29 
[cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c]
     split out custom EVP ciphers
 2003-05-15 13:37:19 +10:00
Damien Miller a201bb3f8a - markus@cvs.openbsd.org 2003/04/12 10:13:57 
[cipher.c]
     hide cipher details; ok djm@
 2003-05-14 13:41:23 +10:00
Ben Lindstrom 064496feaa - markus@cvs.openbsd.org 2002/11/21 22:45:31 
[cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
     debug->debug2, unify debug messages
 2002-12-23 02:04:22 +00:00
Damien Miller c34e03e471 - (djm) Bug #138: Make protocol 1 blowfish work with old OpenSSL. 
Patch from Robert Halubek <rob@adso.com.pl>
 2002-09-10 22:26:17 +10:00
Ben Lindstrom c491b0def1 - markus@cvs.openbsd.org 2002/07/12 15:50:17 
[cipher.c]
     EVP_CIPH_CUSTOM_IV for our own rijndael
 2002-07-15 17:52:49 +00:00
Ben Lindstrom 836f0e9d9a - deraadt@cvs.openbsd.org 2002/06/23 03:26:19 
[cipher.c key.c]
     KNF
 2002-06-23 21:21:30 +00:00
Ben Lindstrom 402c6cc681 - markus@cvs.openbsd.org 2002/06/19 18:01:00 
[cipher.c monitor.c monitor_wrap.c packet.c packet.h]
     make the monitor sync the transfer ssh1 session key;
     transfer keycontext only for RC4 (this is still depends on EVP
     implementation details and is broken).
 2002-06-21 00:43:42 +00:00
Ben Lindstrom 7d9c38f37a - markus@cvs.openbsd.org 2002/06/04 23:05:49 
[cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
     __FUNCTION__ -> __func__

NOTE: This includes all portable references also.
 2002-06-06 21:40:51 +00:00
Ben Lindstrom f088f4374a - markus@cvs.openbsd.org 2002/05/30 08:07:31 
[cipher.c]
     use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
     our own implementation. allow use of AES hardware via libcrypto,
     ok deraadt@
 2002-06-06 20:50:07 +00:00
Ben Lindstrom 6a24641365 - markus@cvs.openbsd.org 2002/05/16 22:02:50 
[cipher.c kex.h mac.c]
     fix warnings (openssl 0.9.7 requires const)
 2002-06-06 19:48:16 +00:00
Ben Lindstrom 8a725a843d - markus@cvs.openbsd.org 2002/04/03 09:26:11 
[cipher.c myproposal.h]
     re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
 2002-04-04 22:10:38 +00:00
Tim Rice f29a6539c0 [cipher.c] fix problem with OpenBSD sync 2002-03-22 13:27:40 -08:00
Ben Lindstrom 6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35 
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
 2002-03-22 02:54:23 +00:00
Ben Lindstrom 212facacde - markus@cvs.openbsd.org 2002/03/18 17:13:15 
[cipher.c cipher.h]
     export/import cipher states; needed by ssh-privsep
 2002-03-22 01:39:44 +00:00
Damien Miller 3a5b023330 Stupid djm commits experimental code to head instead of branch 
revert
 2002-03-13 13:19:42 +11:00
Damien Miller 646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff 
PAM, Cygwin and OSF SIA will not work for sure
 2002-03-13 12:47:54 +11:00
Damien Miller c7375ac466 - (djm) Add Markus' patch for compat wih OpenSSL < 0.9.6. 
Known issue: Blowfish for SSH1 does not work
 2002-03-11 10:51:17 +11:00
Damien Miller ff8f94c3e6 - (djm) Revert bits of Markus' OpenSSL compat patch which was accidentally 
committed.
 2002-03-11 10:48:53 +11:00