tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,357 Commits 6 Branches 20 Tags 97 MiB
Commit Graph

7357 Commits

Author SHA1 Message Date
Damien Miller af5d4481f4 - djm@cvs.openbsd.org 2014/01/10 05:59:19 
[sshd_config]
     the /etc/ssh/ssh_host_ed25519_key is loaded by default too
 2014-01-12 19:20:47 +11:00
Damien Miller 58cd63bc63 - djm@cvs.openbsd.org 2014/01/09 23:26:48 
[sshconnect.c sshd.c]
     ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
     deranged and might make some attacks on KEX easier; ok markus@
 2014-01-10 10:59:24 +11:00
Damien Miller b3051d01e5 - djm@cvs.openbsd.org 2014/01/09 23:20:00 
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
     [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
     [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
     [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
     Introduce digest API and use it to perform all hashing operations
     rather than calling OpenSSL EVP_Digest* directly. Will make it easier
     to build a reduced-feature OpenSSH without OpenSSL in future;
     feedback, ok markus@
 2014-01-10 10:58:53 +11:00
Damien Miller e00e413dd1 - guenther@cvs.openbsd.org 2014/01/09 03:26:00 
[sftp-common.c]
     When formating the time for "ls -l"-style output, show dates in the future
     with the year, and rearrange a comparison to avoid a potentional signed
     arithmetic overflow that would give the wrong result.

     ok djm@
 2014-01-10 10:40:45 +11:00
Damien Miller 3e49853650 - tedu@cvs.openbsd.org 2014/01/04 17:50:55 
[mac.c monitor_mm.c monitor_mm.h xmalloc.c]
     use standard types and formats for size_t like variables. ok dtucker
 2014-01-10 10:37:05 +11:00
Damien Miller a9c1e500ef - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@ 2014-01-08 16:13:12 +11:00
Damien Miller 324541e526 - djm@cvs.openbsd.org 2013/12/30 23:52:28 
[auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
     [sshconnect.c sshconnect2.c sshd.c]
     refuse RSA keys from old proprietary clients/servers that use the
     obsolete RSA+MD5 signature scheme. it will still be possible to connect
     with these clients/servers but only DSA keys will be accepted, and we'll
     deprecate them entirely in a future release. ok markus@
 2013-12-31 12:25:40 +11:00
Damien Miller 9f4c8e797e - (djm) [regress/Makefile] Add some generated files for cleaning 2013-12-29 17:57:46 +11:00
Damien Miller 106bf1ca3c - djm@cvs.openbsd.org 2013/12/29 05:57:02 
[sshconnect.c]
     when showing other hostkeys, don't forget Ed25519 keys
 2013-12-29 17:54:03 +11:00
Damien Miller 0fa47cfb32 - djm@cvs.openbsd.org 2013/12/29 05:42:16 
[ssh.c]
     don't forget to load Ed25519 certs too
 2013-12-29 17:53:39 +11:00
Damien Miller b9a95490da - djm@cvs.openbsd.org 2013/12/29 04:35:50 
[authfile.c]
     don't refuse to load Ed25519 certificates
 2013-12-29 17:50:15 +11:00
Damien Miller f72cdde6e6 - djm@cvs.openbsd.org 2013/12/29 04:29:25 
[authfd.c]
     allow deletion of ed25519 keys from the agent
 2013-12-29 17:49:55 +11:00
Damien Miller 29ace1cb68 - djm@cvs.openbsd.org 2013/12/29 04:20:04 
[key.c]
     to make sure we don't omit any key types as valid CA keys again,
     factor the valid key type check into a key_type_is_valid_ca()
     function
 2013-12-29 17:49:31 +11:00
Damien Miller 9de4fcdc5a - djm@cvs.openbsd.org 2013/12/29 02:49:52 
[key.c]
     correct comment for key_drop_cert()
 2013-12-29 17:49:13 +11:00
Damien Miller 5baeacf8a8 - djm@cvs.openbsd.org 2013/12/29 02:37:04 
[key.c]
     correct comment for key_to_certified()
 2013-12-29 17:48:55 +11:00
Damien Miller 83f2fe26cb - djm@cvs.openbsd.org 2013/12/29 02:28:10 
[key.c]
     allow ed25519 keys to appear as certificate authorities
 2013-12-29 17:48:38 +11:00
Damien Miller 06122e9a74 - djm@cvs.openbsd.org 2013/12/27 22:37:18 
[ssh-rsa.c]
     correct comment
 2013-12-29 17:48:15 +11:00
Damien Miller 3e19295c3a - djm@cvs.openbsd.org 2013/12/27 22:30:17 
[ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
     make the original RSA and DSA signing/verification code look more like
     the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
     rather than tediously listing all variants, use __func__ for debug/
     error messages
 2013-12-29 17:47:50 +11:00
Damien Miller 137977180b - tedu@cvs.openbsd.org 2013/12/21 07:10:47 
[ssh-keygen.1]
     small typo
 2013-12-29 17:47:14 +11:00
Damien Miller 339a48fe7f - djm@cvs.openbsd.org 2013/12/19 22:57:13 
[poly1305.c poly1305.h]
     use full name for author, with his permission
 2013-12-29 17:46:49 +11:00
Damien Miller 0b36c83148 - djm@cvs.openbsd.org 2013/12/19 01:19:41 
[ssh-agent.c]
     bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
     that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
     ok dtucker
 2013-12-29 17:45:51 +11:00
Damien Miller 4def184e9b - djm@cvs.openbsd.org 2013/12/19 01:04:36 
[channels.c]
     bz#2147: fix multiple remote forwardings with dynamically assigned
     listen ports. In the s->c message to open the channel we were sending
     zero (the magic number to request a dynamic port) instead of the actual
     listen port. The client therefore had no way of discriminating between
     them.

     Diagnosis and fix by ronf AT timeheart.net
 2013-12-29 17:45:26 +11:00
Damien Miller bf25d114e2 - djm@cvs.openbsd.org 2013/12/19 00:27:57 
[auth-options.c]
     simplify freeing of source-address certificate restriction
 2013-12-29 17:44:56 +11:00
Damien Miller bb3dafe702 - dtucker@cvs.openbsd.org 2013/12/19 00:19:12 
[serverloop.c]
     Cast client_alive_interval to u_int64_t before assinging to
     max_time_milliseconds to avoid potential integer overflow in the timeout.
     bz#2170, patch from Loganaden Velvindron, ok djm@
 2013-12-29 17:44:29 +11:00
Damien Miller ef275ead3d - djm@cvs.openbsd.org 2013/12/19 00:10:30 
[ssh-add.c]
     skip requesting smartcard PIN when removing keys from agent; bz#2187
     patch from jay AT slushpupie.com; ok dtucker
 2013-12-29 17:44:07 +11:00
Damien Miller 7d97fd9a1c - (djm) [loginrec.c] Check for username truncation when looking up lastlog 
entries
 2013-12-29 17:40:18 +11:00
Darren Tucker 77244afe3b 20131221 
- (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
 2013-12-21 17:02:39 +11:00
Darren Tucker 53f8e784dc - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item(). 
Patch from Loganaden Velvindron.
 2013-12-19 11:31:44 +11:00
Darren Tucker 1fcec9d4f2 - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions 
greater than 11 either rather than just 11.  Patch from Tomas Kuthan.
 2013-12-19 11:00:12 +11:00
Damien Miller 6674eb9683 - markus@cvs.openbsd.org 2013/12/17 10:36:38 
[crypto_api.h]
     I've assempled the header file by cut&pasting from generated headers
     and the source files.
 2013-12-18 17:50:39 +11:00
Damien Miller d58a596442 - djm@cvs.openbsd.org 2013/12/15 21:42:35 
[cipher-chachapoly.c]
     add some comments and constify a constant
 2013-12-18 17:50:13 +11:00
Damien Miller 059321d19a - pascal@cvs.openbsd.org 2013/12/15 18:17:26 
[ssh-add.c]
     Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page.
     ok markus@
 2013-12-18 17:49:48 +11:00
Damien Miller 155b5a5bf1 - markus@cvs.openbsd.org 2013/12/09 11:08:17 
[crypto_api.h]
     remove unused defines
 2013-12-18 17:48:32 +11:00
Damien Miller 8a56dc2b6b - markus@cvs.openbsd.org 2013/12/09 11:03:45 
[blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
     [ge25519_base.data hash.c sc25519.c sc25519.h verify.c]
     Add Authors for the public domain ed25519/nacl code.
     see also http://nacl.cr.yp.to/features.html
        All of the NaCl software is in the public domain.
     and http://ed25519.cr.yp.to/software.html
        The Ed25519 software is in the public domain.
 2013-12-18 17:48:11 +11:00
Damien Miller 6575c3acf3 - dtucker@cvs.openbsd.org 2013/12/08 09:53:27 
[sshd_config.5]
     Use a literal for the default value of KEXAlgorithms.  ok deraadt jmc
 2013-12-18 17:47:02 +11:00
Damien Miller 8ba0ead698 - naddy@cvs.openbsd.org 2013/12/07 11:58:46 
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
     [ssh_config.5 sshd.8 sshd_config.5]
     add missing mentions of ed25519; ok djm@
 2013-12-18 17:46:27 +11:00
Damien Miller 4f752cf71c - djm@cvs.openbsd.org 2013/12/07 08:08:26 
[ssh-keygen.1]
     document -a and -o wrt new key format
 2013-12-18 17:45:35 +11:00
Damien Miller 6d6fcd14e2 - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh] 
[regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid
   filesystem before running agent-ptrace.sh; ok dtucker
 2013-12-08 15:53:28 +11:00
Damien Miller 7e6e42fb53 - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna 
Vinschen
 2013-12-08 08:23:08 +11:00
Damien Miller da3ca351b4 - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from 
Loganaden Velvindron @ AfriNIC in bz#2179
 2013-12-07 21:43:46 +11:00
Damien Miller eb401585bb - (djm) [regress/cert-hostkey.sh] Fix merge botch 2013-12-07 17:07:15 +11:00
Damien Miller f54542af3a - markus@cvs.openbsd.org 2013/12/06 13:52:46 
[regress/Makefile regress/agent.sh regress/cert-hostkey.sh]
     [regress/cert-userkey.sh regress/keytype.sh]
     test ed25519 support; from djm@
 2013-12-07 16:32:44 +11:00
Damien Miller f104da263d - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in] 
[openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
       Linux
 2013-12-07 12:37:53 +11:00
Damien Miller 1ff130dac9 - [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c] 
[openbsd-compat/blf.h openbsd-compat/blowfish.c]
   [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
   portable.
 2013-12-07 11:51:51 +11:00
Damien Miller 4260828a29 - [authfile.c] Conditionalise inclusion of util.h 2013-12-07 11:38:03 +11:00
Damien Miller a913442bac - [Makefile.in] Add ed25519 sources 2013-12-07 11:35:36 +11:00
Damien Miller ca570a519c - djm@cvs.openbsd.org 2013/12/07 00:19:15 
[key.c]
     set k->cert = NULL after freeing it
 2013-12-07 11:29:09 +11:00
Damien Miller 3cccc0e155 - [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h] 
[ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
 2013-12-07 11:27:47 +11:00
Damien Miller a7827c11b3 - jmc@cvs.openbsd.org 2013/12/06 15:29:07 
[sshd.8]
     missing comma;
 2013-12-07 11:24:30 +11:00
Damien Miller 5be9d9e3cb - markus@cvs.openbsd.org 2013/12/06 13:39:49 
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
     [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
     [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
     [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
     [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
     support ed25519 keys (hostkeys and user identities) using the public
     domain ed25519 reference code from SUPERCOP, see
     http://ed25519.cr.yp.to/software.html
     feedback, help & ok djm@
 2013-12-07 11:24:01 +11:00