Damien Miller
e4870c0906
- djm@cvs.openbsd.org 2013/12/01 23:19:05
...
[PROTOCOL]
mention curve25519-sha256@libssh.org key exchange algorithm
2013-12-05 10:22:39 +11:00
Damien Miller
1d2f8804a6
- deraadt@cvs.openbsd.org 2013/11/26 19:15:09
...
[pkcs11.h]
cleanup 1 << 31 idioms. Resurrection of this issue pointed out by
Eitan Adler ok markus for ssh, implies same change in kerberosV
2013-12-05 10:22:03 +11:00
Damien Miller
bdb352a54f
- jmc@cvs.openbsd.org 2013/11/26 12:14:54
...
[ssh.1 ssh.c]
- put -Q in the right place
- Ar was a poor choice for the arguments to -Q. i've chosen an
admittedly equally poor Cm, at least consistent with the rest
of the docs. also no need for multiple instances
- zap a now redundant Nm
- usage() sync
2013-12-05 10:20:52 +11:00
Damien Miller
d937dc084a
- deraadt@cvs.openbsd.org 2013/11/25 18:04:21
...
[ssh.1 ssh.c]
improve -Q usage and such. One usage change is that the option is now
case-sensitive
ok dtucker markus djm
2013-12-05 10:19:54 +11:00
Damien Miller
dec0393f7e
- jmc@cvs.openbsd.org 2013/11/21 08:05:09
...
[ssh_config.5 sshd_config.5]
no need for .Pp before displays;
2013-12-05 10:18:43 +11:00
Damien Miller
8a073cf579
- djm@cvs.openbsd.org 2013/11/21 03:18:51
...
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
[regress/try-ciphers.sh]
use new "ssh -Q cipher-auth" query to obtain lists of authenticated
encryption ciphers instead of specifying them manually; ensures that
the new chacha20poly1305@openssh.com mode is tested;
ok markus@ and naddy@ as part of the diff to add
chacha20poly1305@openssh.com
2013-11-21 14:26:18 +11:00
Damien Miller
ea61b2179f
- djm@cvs.openbsd.org 2013/11/21 03:16:47
...
[regress/modpipe.c]
use unsigned long long instead of u_int64_t here to avoid warnings
on some systems portable OpenSSH is built on.
2013-11-21 14:25:15 +11:00
Damien Miller
36aba25b04
- djm@cvs.openbsd.org 2013/11/21 03:15:46
...
[regress/krl.sh]
add some reminders for additional tests that I'd like to implement
2013-11-21 14:24:42 +11:00
Damien Miller
fa7a20bc28
- naddy@cvs.openbsd.org 2013/11/18 05:09:32
...
[regress/forward-control.sh]
bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164)
to successfully run this; ok djm@
(ID sync only; our timeouts are already longer)
2013-11-21 14:24:08 +11:00
Damien Miller
0fde8acdad
- djm@cvs.openbsd.org 2013/11/21 00:45:44
...
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
[chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
[dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
[ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
cipher "chacha20-poly1305@openssh.com" that combines Daniel
Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS:
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
but differs in layout used for the MAC calculation and the use of a
second ChaCha20 instance to separately encrypt packet lengths.
Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
ok markus@ naddy@
2013-11-21 14:12:23 +11:00
Damien Miller
fdb2306acd
- deraadt@cvs.openbsd.org 2013/11/20 20:54:10
...
[canohost.c clientloop.c match.c readconf.c sftp.c]
unsigned casts for ctype macros where neccessary
ok guenther millert markus
2013-11-21 13:57:15 +11:00
Damien Miller
e00167307e
- deraadt@cvs.openbsd.org 2013/11/20 20:53:10
...
[scp.c]
unsigned casts for ctype macros where neccessary
ok guenther millert markus
2013-11-21 13:56:49 +11:00
Damien Miller
23e00aa6ba
- djm@cvs.openbsd.org 2013/11/20 02:19:01
...
[sshd.c]
delay closure of in/out fds until after "Bad protocol version
identification..." message, as get_remote_ipaddr/get_remote_port
require them open.
2013-11-21 13:56:28 +11:00
Damien Miller
867e6934be
- markus@cvs.openbsd.org 2013/11/13 13:48:20
...
[ssh-pkcs11.c]
add missing braces found by pedro
2013-11-21 13:56:06 +11:00
Damien Miller
0600c7020f
- dtucker@cvs.openbsd.org 2013/11/08 11:15:19
...
[bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
[uidswap.c] Include stdlib.h for free() as per the man page.
2013-11-21 13:55:43 +11:00
Darren Tucker
b6a75b0b93
- (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by
...
querying the ones that are compiled in.
2013-11-10 20:25:22 +11:00
Darren Tucker
2c89430119
- (dtucker) [key.c] Check for the correct defines for NID_secp521r1.
2013-11-10 12:38:42 +11:00
Darren Tucker
dd5264db5f
- (dtucker) [configure.ac] Add missing "test".
2013-11-09 22:32:51 +11:00
Darren Tucker
95cb2d4eb0
- (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.
2013-11-09 22:02:31 +11:00
Darren Tucker
37bcef51b3
- (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
...
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
latter actually works before using it. Fedora (at least) has NID_secp521r1
that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897 ).
2013-11-09 18:39:25 +11:00
Darren Tucker
6e2fe81f92
- dtucker@cvs.openbsd.org 2013/11/09 05:41:34
...
[regress/test-exec.sh regress/rekey.sh]
Use smaller test data files to speed up tests. Grow test datafiles
where necessary for a specific test.
2013-11-09 16:55:03 +11:00
Darren Tucker
aff7ef1bb8
- (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation:
...
rather than testing and generating each key, call ssh-keygen -A.
Patch from vinschen at redhat.com.
2013-11-09 00:19:22 +11:00
Darren Tucker
882abfd3fb
- (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
...
and pass in TEST_ENV. Unknown options cause stderr to get polluted
and the stderr-data test to fail.
2013-11-09 00:17:41 +11:00
Darren Tucker
8c333ec23b
- (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile
...
warnings.
2013-11-08 21:12:58 +11:00
Darren Tucker
d94240b2f6
- (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256.
2013-11-08 21:10:04 +11:00
Darren Tucker
1c8ce34909
- (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have
...
EVP_sha256.
2013-11-08 19:50:32 +11:00
Darren Tucker
ccdb9bec46
- (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of
...
arc4random_stir for platforms that have arc4random but don't have
arc4random_stir (right now this is only OpenBSD -current).
2013-11-08 18:54:38 +11:00
Damien Miller
3420a50169
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Update version numbers following release.
2013-11-08 16:48:13 +11:00
Damien Miller
3ac4a234df
- djm@cvs.openbsd.org 2013/11/08 01:38:11
...
[version.h]
openssh-6.4
2013-11-08 12:39:49 +11:00
Damien Miller
6c81fee693
- djm@cvs.openbsd.org 2013/11/08 00:39:15
...
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
[clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
[sftp-client.c sftp-glob.c]
use calloc for all structure allocations; from markus@
2013-11-08 12:19:55 +11:00
Damien Miller
690d989008
- dtucker@cvs.openbsd.org 2013/11/07 11:58:27
...
[cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
Output the effective values of Ciphers, MACs and KexAlgorithms when
the default has not been overridden. ok markus@
2013-11-08 12:16:49 +11:00
Darren Tucker
08998c5fb9
- dtucker@cvs.openbsd.org 2013/11/08 01:06:14
...
[regress/rekey.sh]
Rekey less frequently during tests to speed them up
2013-11-08 12:11:46 +11:00
Darren Tucker
4bf7e50e53
- (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
...
variable. It's no longer used now that we get the supported MACs from
ssh -Q.
2013-11-07 22:33:48 +11:00
Darren Tucker
6e9d6f4112
- dtucker@cvs.openbsd.org 2013/11/07 04:26:56
...
[regress/kextype.sh]
trailing space
2013-11-07 15:32:37 +11:00
Darren Tucker
74cbc22529
- dtucker@cvs.openbsd.org 2013/11/07 03:55:41
...
[regress/kextype.sh]
Use ssh -Q to get kex types instead of a static list.
2013-11-07 15:26:12 +11:00
Darren Tucker
a955041c93
- dtucker@cvs.openbsd.org 2013/11/07 02:48:38
...
[regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
Use ssh -Q instead of hardcoding lists of ciphers or MACs.
2013-11-07 15:21:19 +11:00
Darren Tucker
06595d6395
- dtucker@cvs.openbsd.org 2013/11/07 01:12:51
...
[regress/rekey.sh]
Factor out the data transfer rekey tests
2013-11-07 15:08:02 +11:00
Darren Tucker
651dc8b259
- dtucker@cvs.openbsd.org 2013/11/07 00:12:05
...
[regress/rekey.sh]
Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
the GCM ciphers.
2013-11-07 15:04:44 +11:00
Darren Tucker
234557762b
- dtucker@cvs.openbsd.org 2013/11/04 12:27:42
...
[regress/rekey.sh]
Test rekeying with all KexAlgorithms.
2013-11-07 15:00:51 +11:00
Darren Tucker
bbfb9b0f38
- markus@cvs.openbsd.org 2013/11/02 22:39:53
...
[regress/kextype.sh]
add curve25519-sha256@libssh.org
2013-11-07 14:56:43 +11:00
Darren Tucker
aa19548a98
- djm@cvs.openbsd.org 2013/10/09 23:44:14
...
[regress/Makefile] (ID sync only)
regression test for sftp request white/blacklisting and readonly mode.
2013-11-07 14:50:09 +11:00
Damien Miller
c8908aabff
- djm@cvs.openbsd.org 2013/11/06 23:05:59
...
[ssh-pkcs11.c]
from portable: s/true/true_val/ to avoid name collisions on dump platforms
RCSID sync only
2013-11-07 13:38:35 +11:00
Damien Miller
49c145c5e8
- markus@cvs.openbsd.org 2013/11/06 16:52:11
...
[monitor_wrap.c]
fix rekeying for AES-GCM modes; ok deraadt
2013-11-07 13:35:39 +11:00
Damien Miller
67a8800f29
- markus@cvs.openbsd.org 2013/11/04 11:51:16
...
[monitor.c]
fix rekeying for KEX_C25519_SHA256; noted by dtucker@
RCSID sync only; I thought this was a merge botch and fixed it already
2013-11-07 13:32:51 +11:00
Damien Miller
df8b030b15
- (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
...
that lack it but have arc4random_uniform()
2013-11-07 13:28:16 +11:00
Damien Miller
a6fd1d3c38
- (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these
2013-11-07 12:03:26 +11:00
Damien Miller
c98319750b
- (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff
2013-11-07 12:00:23 +11:00
Damien Miller
61c5c2319e
- (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5)
...
that got lost in recent merge.
2013-11-07 11:34:14 +11:00
Damien Miller
094003f545
- (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from
...
KEX/curve25519 change
2013-11-04 22:59:27 +11:00
Damien Miller
ca67a7eaf8
- djm@cvs.openbsd.org 2013/11/03 10:37:19
...
[roaming_common.c]
fix a couple of function definitions foo() -> foo(void)
(-Wold-style-definition)
2013-11-04 09:05:17 +11:00