Darren Tucker
08998c5fb9
- dtucker@cvs.openbsd.org 2013/11/08 01:06:14
...
[regress/rekey.sh]
Rekey less frequently during tests to speed them up
2013-11-08 12:11:46 +11:00
Darren Tucker
4bf7e50e53
- (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
...
variable. It's no longer used now that we get the supported MACs from
ssh -Q.
2013-11-07 22:33:48 +11:00
Darren Tucker
6e9d6f4112
- dtucker@cvs.openbsd.org 2013/11/07 04:26:56
...
[regress/kextype.sh]
trailing space
2013-11-07 15:32:37 +11:00
Darren Tucker
74cbc22529
- dtucker@cvs.openbsd.org 2013/11/07 03:55:41
...
[regress/kextype.sh]
Use ssh -Q to get kex types instead of a static list.
2013-11-07 15:26:12 +11:00
Darren Tucker
a955041c93
- dtucker@cvs.openbsd.org 2013/11/07 02:48:38
...
[regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
Use ssh -Q instead of hardcoding lists of ciphers or MACs.
2013-11-07 15:21:19 +11:00
Darren Tucker
06595d6395
- dtucker@cvs.openbsd.org 2013/11/07 01:12:51
...
[regress/rekey.sh]
Factor out the data transfer rekey tests
2013-11-07 15:08:02 +11:00
Darren Tucker
651dc8b259
- dtucker@cvs.openbsd.org 2013/11/07 00:12:05
...
[regress/rekey.sh]
Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
the GCM ciphers.
2013-11-07 15:04:44 +11:00
Darren Tucker
234557762b
- dtucker@cvs.openbsd.org 2013/11/04 12:27:42
...
[regress/rekey.sh]
Test rekeying with all KexAlgorithms.
2013-11-07 15:00:51 +11:00
Darren Tucker
bbfb9b0f38
- markus@cvs.openbsd.org 2013/11/02 22:39:53
...
[regress/kextype.sh]
add curve25519-sha256@libssh.org
2013-11-07 14:56:43 +11:00
Darren Tucker
aa19548a98
- djm@cvs.openbsd.org 2013/10/09 23:44:14
...
[regress/Makefile] (ID sync only)
regression test for sftp request white/blacklisting and readonly mode.
2013-11-07 14:50:09 +11:00
Damien Miller
c8908aabff
- djm@cvs.openbsd.org 2013/11/06 23:05:59
...
[ssh-pkcs11.c]
from portable: s/true/true_val/ to avoid name collisions on dump platforms
RCSID sync only
2013-11-07 13:38:35 +11:00
Damien Miller
49c145c5e8
- markus@cvs.openbsd.org 2013/11/06 16:52:11
...
[monitor_wrap.c]
fix rekeying for AES-GCM modes; ok deraadt
2013-11-07 13:35:39 +11:00
Damien Miller
67a8800f29
- markus@cvs.openbsd.org 2013/11/04 11:51:16
...
[monitor.c]
fix rekeying for KEX_C25519_SHA256; noted by dtucker@
RCSID sync only; I thought this was a merge botch and fixed it already
2013-11-07 13:32:51 +11:00
Damien Miller
df8b030b15
- (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
...
that lack it but have arc4random_uniform()
2013-11-07 13:28:16 +11:00
Damien Miller
a6fd1d3c38
- (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these
2013-11-07 12:03:26 +11:00
Damien Miller
c98319750b
- (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff
2013-11-07 12:00:23 +11:00
Damien Miller
61c5c2319e
- (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5)
...
that got lost in recent merge.
2013-11-07 11:34:14 +11:00
Damien Miller
094003f545
- (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from
...
KEX/curve25519 change
2013-11-04 22:59:27 +11:00
Damien Miller
ca67a7eaf8
- djm@cvs.openbsd.org 2013/11/03 10:37:19
...
[roaming_common.c]
fix a couple of function definitions foo() -> foo(void)
(-Wold-style-definition)
2013-11-04 09:05:17 +11:00
Damien Miller
0bd8f1519d
- markus@cvs.openbsd.org 2013/11/02 22:39:19
...
[ssh_config.5 sshd_config.5]
the default kex is now curve25519-sha256@libssh.org
2013-11-04 08:55:43 +11:00
Damien Miller
4c3ba0767f
- markus@cvs.openbsd.org 2013/11/02 22:34:01
...
[auth-options.c]
no need to include monitor_wrap.h and ssh-gss.h
2013-11-04 08:40:13 +11:00
Damien Miller
660621b210
- markus@cvs.openbsd.org 2013/11/02 22:24:24
...
[kexdhs.c kexecdhs.c]
no need to include ssh-gss.h
2013-11-04 08:37:51 +11:00
Damien Miller
abdca986de
- markus@cvs.openbsd.org 2013/11/02 22:10:15
...
[kexdhs.c kexecdhs.c]
no need to include monitor_wrap.h
2013-11-04 08:30:05 +11:00
Damien Miller
1e1242604e
- markus@cvs.openbsd.org 2013/11/02 21:59:15
...
[kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
use curve25519 for default key exchange (curve25519-sha256@libssh.org );
initial patch from Aris Adamantiadis; ok djm@
2013-11-04 08:26:52 +11:00
Damien Miller
d2252c7919
- markus@cvs.openbsd.org 2013/11/02 20:03:54
...
[ssh-pkcs11.c]
support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;
fixes bz#1908; based on patch from Laurent Barbe; ok djm
2013-11-04 07:41:48 +11:00
Darren Tucker
007e3b357e
- (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t
...
for platforms that don't have them.
2013-11-03 18:43:55 +11:00
Darren Tucker
710f374735
- (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd
...
vsnprintf. From eric at openbsd via chl@.
2013-11-03 17:20:34 +11:00
Darren Tucker
d527704523
- (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep.
...
From OpenSMTPD where it prevents "implicit declaration" warnings (it's
a no-op in OpenSSH). From chl at openbsd.
2013-11-03 16:30:46 +11:00
Damien Miller
63857c9340
- jmc@cvs.openbsd.org 2013/10/29 18:49:32
...
[sshd_config.5]
pty(4), not pty(7);
2013-10-30 22:31:06 +11:00
Damien Miller
5ff30c6b68
- djm@cvs.openbsd.org 2013/10/29 09:48:02
...
[servconf.c servconf.h session.c sshd_config sshd_config.5]
shd_config PermitTTY to disallow TTY allocation, mirroring the
longstanding no-pty authorized_keys option;
bz#2070, patch from Teran McKinney; ok markus@
2013-10-30 22:21:50 +11:00
Damien Miller
4a3a9d4bbf
- djm@cvs.openbsd.org 2013/10/29 09:42:11
...
[key.c key.h]
fix potential stack exhaustion caused by nested certificates;
report by Mateusz Kocielski; ok dtucker@ markus@
2013-10-30 22:19:47 +11:00
Damien Miller
28631ceaa7
- djm@cvs.openbsd.org 2013/10/25 23:04:51
...
[ssh.c]
fix crash when using ProxyCommand caused by previous commit - was calling
freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
2013-10-26 10:07:56 +11:00
Damien Miller
26506ad293
- (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove
...
unnecessary arc4random_stir() calls. The only ones left are to ensure
that the PRNG gets a different state after fork() for platforms that
have broken the API.
2013-10-26 10:05:46 +11:00
Tim Rice
bd43e88723
- (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd"
2013-10-24 12:22:49 -07:00
Damien Miller
a90c033808
- djm@cvs.openbsd.org 2013/10/24 08:19:36
...
[ssh.c]
fix bug introduced in hostname canonicalisation commit: don't try to
resolve hostnames when a ProxyCommand is set unless the user has forced
canonicalisation; spotted by Iain Morgan
2013-10-24 21:03:17 +11:00
Damien Miller
cf31f38634
- dtucker@cvs.openbsd.org 2013/10/24 00:51:48
...
[readconf.c servconf.c ssh_config.5 sshd_config.5]
Disallow empty Match statements and add "Match all" which matches
everything. ok djm, man page help jmc@
2013-10-24 21:02:56 +11:00
Damien Miller
4bedd4032a
- dtucker@cvs.openbsd.org 2013/10/24 00:49:49
...
[moduli.c]
Periodically print progress and, if possible, expected time to completion
when screening moduli for DH groups. ok deraadt djm
2013-10-24 21:02:26 +11:00
Damien Miller
5ecb416298
- djm@cvs.openbsd.org 2013/10/23 23:35:32
...
[sshd.c]
include local address and port in "Connection from ..." message (only
shown at loglevel>=verbose)
2013-10-24 21:02:02 +11:00
Damien Miller
03bf2e61ad
- dtucker@cvs.openbsd.org 2013/10/23 05:40:58
...
[servconf.c]
fix comment
2013-10-24 21:01:26 +11:00
Damien Miller
8f18731914
- (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
...
rather than full client name which may be of form user@REALM;
patch from Miguel Sanders; ok dtucker@
2013-10-24 10:53:02 +11:00
Damien Miller
5b01b0dcb4
- djm@cvs.openbsd.org 2013/10/23 04:16:22
...
[ssh-keygen.c]
Make code match documentation: relative-specified certificate expiry time
should be relative to current time and not the validity start time.
Reported by Petr Lautrbach; ok deraadt@
2013-10-23 16:31:31 +11:00
Damien Miller
eff5cada58
- djm@cvs.openbsd.org 2013/10/23 03:05:19
...
[readconf.c ssh.c]
comment
2013-10-23 16:31:10 +11:00
Damien Miller
084bcd24e9
- djm@cvs.openbsd.org 2013/10/23 03:03:07
...
[readconf.c]
Hostname may have %h sequences that should be expanded prior to Match
evaluation; spotted by Iain Morgan
2013-10-23 16:30:51 +11:00
Damien Miller
8e5a67f469
- jmc@cvs.openbsd.org 2013/10/20 18:00:13
...
[ssh_config.5]
tweak the "exec" description, as worded by djm;
2013-10-23 16:30:25 +11:00
Damien Miller
c0049bd0bc
- djm@cvs.openbsd.org 2013/10/20 09:51:26
...
[scp.1 sftp.1]
add canonicalisation options to -o lists
2013-10-23 16:29:59 +11:00
Damien Miller
8a04be795f
- djm@cvs.openbsd.org 2013/10/20 06:19:28
...
[readconf.c ssh_config.5]
rename "command" subclause of the recently-added "Match" keyword to
"exec"; it's shorter, clearer in intent and we might want to add the
ability to match against the command being executed at the remote end in
the future.
2013-10-23 16:29:40 +11:00
Damien Miller
5c86ebdf83
- djm@cvs.openbsd.org 2013/10/20 04:39:28
...
[ssh_config.5]
document % expansions performed by "Match command ..."
2013-10-23 16:29:12 +11:00
Damien Miller
4502f88774
- djm@cvs.openbsd.org 2013/10/17 22:08:04
...
[sshd.c]
include remote port in bad banner message; bz#2162
2013-10-18 10:17:36 +11:00
Damien Miller
1edcbf65eb
- jmc@cvs.openbsd.org 2013/10/17 07:35:48
...
[sftp.1 sftp.c]
tweak previous;
2013-10-18 10:17:17 +11:00
Damien Miller
a176e18230
- djm@cvs.openbsd.org 2013/10/09 23:44:14
...
[regress/Makefile regress/sftp-perm.sh]
regression test for sftp request white/blacklisting and readonly mode.
2013-10-18 09:05:41 +11:00