tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,767 Commits 6 Branches 20 Tags 97 MiB
Commit Graph

6767 Commits

Author SHA1 Message Date
Damien Miller 18de9133c2 - dtucker@cvs.openbsd.org 2013/02/06 00:22:21 
[auth.c]
     Fix comment, from jfree.e1 at gmail
 2013-02-12 11:02:27 +11:00
Damien Miller 1f583df8c3 - dtucker@cvs.openbsd.org 2013/02/06 00:20:42 
[servconf.c sshd_config sshd_config.5]
     Change default of MaxStartups to 10:30:100 to start doing random early
     drop at 10 connections up to 100 connections.  This will make it harder
     to DoS as CPUs have come a long way since the original value was set
     back in 2000.  Prompted by nion at debian org, ok markus@
 2013-02-12 11:02:08 +11:00
Damien Miller 0cd2f8e5f8 - djm@cvs.openbsd.org 2013/01/27 10:06:12 
[krl.c]
     actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
 2013-02-12 11:01:39 +11:00
Damien Miller f0a8ded824 - djm@cvs.openbsd.org 2013/01/26 06:11:05 
[Makefile.in acss.c acss.h cipher-acss.c cipher.c]
     [openbsd-compat/openssl-compat.h]
     remove ACSS, now that it is gone from libcrypto too
 2013-02-12 11:00:34 +11:00
Damien Miller 60565bcb5c - djm@cvs.openbsd.org 2013/01/25 10:22:19 
[krl.c]
     redo last commit without the vi-vomit that snuck in:
     skip serial lookup when cert's serial number is zero
     (now with 100% better comment)
 2013-02-12 10:56:42 +11:00
Damien Miller 377d9a44f9 - krw@cvs.openbsd.org 2013/01/25 05:00:27 
[krl.c]
     Revert last. Breaks due to likely typo. Let djm@ fix later.
     ok djm@ via dlg@
 2013-02-12 10:55:16 +11:00
Damien Miller 6045f5d574 - djm@cvs.openbsd.org 2013/01/24 22:08:56 
[krl.c]
     skip serial lookup when cert's serial number is zero
 2013-02-12 10:54:54 +11:00
Damien Miller ea078462ea - (djm) OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2013/01/24 21:45:37
     [krl.c]
     fix handling of (unused) KRL signatures; skip string in correct buffer
 2013-02-12 10:54:37 +11:00
Damien Miller b6f73b3af6 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old 
libcrypto that lacks EVP_CIPHER_CTX_ctrl
 2013-02-11 10:39:12 +11:00
Darren Tucker 951b53b1be - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows 
__attribute__ on return values and work around if necessary.  ok djm@
 2013-02-08 11:50:09 +11:00
Damien Miller e7f50e1c18 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer; 
patch from Iain Morgan in bz#2059
 2013-02-08 10:49:37 +11:00
Damien Miller 5c3bbd76aa - (djm) [configure.ac] Don't probe seccomp capability of running kernel 
at configure time; the seccomp sandbox will fall back to rlimit at
       runtime anyway. Patch from plautrba AT redhat.com in bz#2011
 2013-02-07 10:11:05 +11:00
Damien Miller dc75d1fc04 - (djm) [regress/krl.sh] replacement for jot; most platforms lack it 2013-01-20 22:58:51 +11:00
Damien Miller d60b210830 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer 
version.
 2013-01-20 22:49:58 +11:00
Damien Miller a7522d9fc0 - markus@cvs.openbsd.org 2013/01/19 12:34:55 
[krl.c]
     RB_INSERT does not remove existing elments; ok djm@
 2013-01-20 22:35:31 +11:00
Damien Miller a0a7ee8bf4 - jmc@cvs.openbsd.org 2013/01/19 07:13:25 
[ssh-keygen.1]
     fix some formatting; ok djm
 2013-01-20 22:35:06 +11:00
Damien Miller 881a7a2c5d - jmc@cvs.openbsd.org 2013/01/18 21:48:43 
[ssh-keygen.1]
     command-line (adj.) -> command line (n.);
 2013-01-20 22:34:46 +11:00
Damien Miller 072fdcd198 - jmc@cvs.openbsd.org 2013/01/18 08:39:04 
[ssh-keygen.1]
     add -Q to the options list; ok djm
 2013-01-20 22:34:04 +11:00
Damien Miller 72abeb709e - jmc@cvs.openbsd.org 2013/01/18 08:00:49 
[sshd_config.5]
     tweak previous;
 2013-01-20 22:33:44 +11:00
Damien Miller 3d6d68b1e1 - jmc@cvs.openbsd.org 2013/01/18 07:59:46 
[ssh-keygen.c]
     -u before -V in usage();
 2013-01-20 22:33:23 +11:00
Damien Miller ac5542b6b8 - jmc@cvs.openbsd.org 2013/01/18 07:57:47 
[ssh-keygen.1]
     tweak previous;
 2013-01-20 22:33:02 +11:00
Damien Miller da5cc5d09a - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h] 
Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
   prototypes for openssl-1.0.0-fips.
 2013-01-20 22:31:29 +11:00
Damien Miller 13f5f768bc - djm@cvs.openbsd.org 2013/01/18 03:00:32 
[krl.c]
     fix KRL generation bug for list sections
 2013-01-18 15:32:03 +11:00
Damien Miller ebafebda85 - djm@cvs.openbsd.org 2013/01/18 00:45:29 
[regress/Makefile regress/cert-userkey.sh regress/krl.sh]
     Tests for Key Revocation Lists (KRLs)
 2013-01-18 11:51:56 +11:00
Damien Miller f3747bf401 - djm@cvs.openbsd.org 2013/01/17 23:00:01 
[auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
     [krl.c krl.h PROTOCOL.krl]
     add support for Key Revocation Lists (KRLs). These are a compact way to
     represent lists of revoked keys and certificates, taking as little as
     a single bit of incremental cost to revoke a certificate by serial number.
     KRLs are loaded via the existing RevokedKeys sshd_config option.
     feedback and ok markus@
 2013-01-18 11:44:04 +11:00
Damien Miller b26699bbad - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] 
check for GCM support before testing GCM ciphers.
 2013-01-17 14:31:57 +11:00
Damien Miller efa1c95092 - (djm) [regress/integrity.sh] repair botched merge 2013-01-12 23:10:47 +11:00
Damien Miller 846dc7f21c - djm@cvs.openbsd.org 2013/01/12 11:23:53 
[regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
     test AES-GCM modes; feedback markus@
 2013-01-12 22:46:26 +11:00
Damien Miller c20eb8b8ea - djm@cvs.openbsd.org 2013/01/12 11:22:04 
[cipher.c]
     improve error message for integrity failure in AES-GCM modes; ok markus@
 2013-01-12 22:41:26 +11:00
Damien Miller 1422c0887c - djm@cvs.openbsd.org 2013/01/09 05:40:17 
[ssh-keygen.c]
     correctly initialise fingerprint type for fingerprinting PKCS#11 keys
 2013-01-09 16:44:54 +11:00
Damien Miller d522c68872 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h] 
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
   cipher compat code to openssl-compat.h
 2013-01-09 16:42:47 +11:00
Damien Miller 1d75abfe23 - markus@cvs.openbsd.org 2013/01/08 18:49:04 
[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
     [myproposal.h packet.c ssh_config.5 sshd_config.5]
     support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
     ok and feedback djm@
 2013-01-09 16:12:19 +11:00
Damien Miller aa7ad3039c - jmc@cvs.openbsd.org 2013/01/04 19:26:38 
[sftp-server.8 sftp-server.c]
     sftp-server.8: add argument name to -d
     sftp-server.c: add -d to usage()
     ok djm
 2013-01-09 15:58:21 +11:00
Damien Miller ec77c954c8 - djm@cvs.openbsd.org 2013/01/03 23:22:58 
[ssh-keygen.c]
     allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
     ok markus@
 2013-01-09 15:58:00 +11:00
Damien Miller 502ab0eff1 - djm@cvs.openbsd.org 2013/01/03 12:54:49 
[sftp-server.8 sftp-server.c]
     allow specification of an alternate start directory for sftp-server(8)
     "I like this" markus@
 2013-01-09 15:57:36 +11:00
Damien Miller 3739c8f041 - djm@cvs.openbsd.org 2013/01/03 12:49:01 
[PROTOCOL]
     fix description of MAC calculation for EtM modes; ok markus@
 2013-01-09 15:57:16 +11:00
Damien Miller 441384453c - djm@cvs.openbsd.org 2013/01/03 05:49:36 
[servconf.h]
     add a couple of ServerOptions members that should be copied to the privsep
     child (for consistency, in this case they happen only to be accessed in
     the monitor); ok dtucker@
 2013-01-09 15:56:45 +11:00
Damien Miller 697485d50a - djm@cvs.openbsd.org 2013/01/02 00:33:49 
[PROTOCOL.agent]
     correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
     bz#2051 from david AT lechnology.com
 2013-01-09 15:56:13 +11:00
Damien Miller 73298f420e - djm@cvs.openbsd.org 2013/01/02 00:32:07 
[clientloop.c mux.c]
     channel_setup_local_fwd_listener() returns 0 on failure, not -ve
     bz#2055 reported by mathieu.lacage AT gmail.com
 2013-01-09 15:55:50 +11:00
Damien Miller 4e14a58f3f - dtucker@cvs.openbsd.org 2012/12/14 05:26:43 
[auth.c]
     use correct string in error message; from rustybsd at gmx.fr
 2013-01-09 15:54:48 +11:00
Darren Tucker 0fc77297e6 - (dtucker) [Makefile.in] Add some scaffolding so that the new regress 
tests will work with VPATH directories.
 2012-12-17 15:59:42 +11:00
Damien Miller 13cbff1e00 - (djm) [cipher.c] Fix missing prototype for compat code 2012-12-13 08:25:07 +11:00
Damien Miller 25a02b0c95 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our 
compat code for older OpenSSL
 2012-12-13 08:18:56 +11:00
Damien Miller 8c05da3326 - markus@cvs.openbsd.org 2012/12/12 16:45:52 
[packet.c]
     reset incoming_packet buffer for each new packet in EtM-case, too;
     this happens if packets are parsed only parially (e.g. ignore
     messages sent when su/sudo turn off echo); noted by sthen/millert
 2012-12-13 07:18:59 +11:00
Damien Miller faabeb6b36 - (djm) [regress/Makefile] fix t-exec rule 2012-12-12 12:51:54 +11:00
Damien Miller 37461d7391 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip 2012-12-12 12:37:32 +11:00
Damien Miller 9fec296b0a - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test 
work on platforms without 'jot'
 2012-12-12 12:10:10 +11:00
Damien Miller 37834afe7b - (djm) [mac.c] fix merge botch 2012-12-12 11:00:37 +11:00
Damien Miller ec7ce9ace4 - markus@cvs.openbsd.org 2012/12/11 23:12:13 
[try-ciphers.sh]
     add hmac-ripemd160-etm@openssh.com
 2012-12-12 10:55:32 +11:00
Damien Miller 1fb593a3f1 - markus@cvs.openbsd.org 2012/12/11 22:42:11 
[regress/Makefile regress/modpipe.c regress/integrity.sh]
     test the integrity of the packets; with djm@
 2012-12-12 10:54:37 +11:00