summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-12-07 - djm@cvs.openbsd.org 2013/12/05 22:59:45Damien Miller
[sftp-client.c] fix memory leak in error path in do_readdir(); pointed out by Loganaden Velvindron @ AfriNIC in bz#2163
2013-12-05 - djm@cvs.openbsd.org 2013/12/05 01:16:41Damien Miller
[servconf.c servconf.h] bz#2161 - fix AuthorizedKeysCommand inside a Match block and rearrange things so the same error is harder to make next time; with and ok dtucker@
2013-12-05 - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correctDarren Tucker
-L location for libedit. Patch from Serge van den Boom.
2013-12-05 - djm@cvs.openbsd.org 2013/12/04 04:20:01Damien Miller
[sftp-client.c] bz#2171: don't leak local_fd on error; from Loganaden Velvindron @ AfriNIC
2013-12-05 - djm@cvs.openbsd.org 2013/12/02 03:13:14Damien Miller
[cipher.c] correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC Also make it a memset for consistency with the rest of cipher.c
2013-12-05 - djm@cvs.openbsd.org 2013/12/02 03:09:22Damien Miller
[key.c] make key_to_blob() return a NULL blob on failure; part of bz#2175 from Loganaden Velvindron @ AfriNIC
2013-12-05 - djm@cvs.openbsd.org 2013/12/02 02:56:17Damien Miller
[ssh-pkcs11-helper.c] use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
2013-12-05 - djm@cvs.openbsd.org 2013/12/02 02:50:27Damien Miller
[PROTOCOL.chacha20poly1305] typo; from Jon Cave
2013-12-05 - djm@cvs.openbsd.org 2013/12/01 23:19:05Damien Miller
[PROTOCOL] mention curve25519-sha256@libssh.org key exchange algorithm
2013-12-05 - deraadt@cvs.openbsd.org 2013/11/26 19:15:09Damien Miller
[pkcs11.h] cleanup 1 << 31 idioms. Resurrection of this issue pointed out by Eitan Adler ok markus for ssh, implies same change in kerberosV
2013-12-05 - jmc@cvs.openbsd.org 2013/11/26 12:14:54Damien Miller
[ssh.1 ssh.c] - put -Q in the right place - Ar was a poor choice for the arguments to -Q. i've chosen an admittedly equally poor Cm, at least consistent with the rest of the docs. also no need for multiple instances - zap a now redundant Nm - usage() sync
2013-12-05 - deraadt@cvs.openbsd.org 2013/11/25 18:04:21Damien Miller
[ssh.1 ssh.c] improve -Q usage and such. One usage change is that the option is now case-sensitive ok dtucker markus djm
2013-12-05 - jmc@cvs.openbsd.org 2013/11/21 08:05:09Damien Miller
[ssh_config.5 sshd_config.5] no need for .Pp before displays;
2013-11-21 - djm@cvs.openbsd.org 2013/11/21 03:18:51Damien Miller
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh] [regress/try-ciphers.sh] use new "ssh -Q cipher-auth" query to obtain lists of authenticated encryption ciphers instead of specifying them manually; ensures that the new chacha20poly1305@openssh.com mode is tested; ok markus@ and naddy@ as part of the diff to add chacha20poly1305@openssh.com
2013-11-21 - djm@cvs.openbsd.org 2013/11/21 03:16:47Damien Miller
[regress/modpipe.c] use unsigned long long instead of u_int64_t here to avoid warnings on some systems portable OpenSSH is built on.
2013-11-21 - djm@cvs.openbsd.org 2013/11/21 03:15:46Damien Miller
[regress/krl.sh] add some reminders for additional tests that I'd like to implement
2013-11-21 - naddy@cvs.openbsd.org 2013/11/18 05:09:32Damien Miller
[regress/forward-control.sh] bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164) to successfully run this; ok djm@ (ID sync only; our timeouts are already longer)
2013-11-21 - djm@cvs.openbsd.org 2013/11/21 00:45:44Damien Miller
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
2013-11-21 - deraadt@cvs.openbsd.org 2013/11/20 20:54:10Damien Miller
[canohost.c clientloop.c match.c readconf.c sftp.c] unsigned casts for ctype macros where neccessary ok guenther millert markus
2013-11-21 - deraadt@cvs.openbsd.org 2013/11/20 20:53:10Damien Miller
[scp.c] unsigned casts for ctype macros where neccessary ok guenther millert markus
2013-11-21 - djm@cvs.openbsd.org 2013/11/20 02:19:01Damien Miller
[sshd.c] delay closure of in/out fds until after "Bad protocol version identification..." message, as get_remote_ipaddr/get_remote_port require them open.
2013-11-21 - markus@cvs.openbsd.org 2013/11/13 13:48:20Damien Miller
[ssh-pkcs11.c] add missing braces found by pedro
2013-11-21 - dtucker@cvs.openbsd.org 2013/11/08 11:15:19Damien Miller
[bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c] [uidswap.c] Include stdlib.h for free() as per the man page.
2013-11-10 - (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested byDarren Tucker
querying the ones that are compiled in.
2013-11-10 - (dtucker) [key.c] Check for the correct defines for NID_secp521r1.Darren Tucker
2013-11-09 - (dtucker) [configure.ac] Add missing "test".Darren Tucker
2013-11-09 - (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.Darren Tucker
2013-11-09 - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence ofDarren Tucker
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the latter actually works before using it. Fedora (at least) has NID_secp521r1 that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
2013-11-09 - dtucker@cvs.openbsd.org 2013/11/09 05:41:34Darren Tucker
[regress/test-exec.sh regress/rekey.sh] Use smaller test data files to speed up tests. Grow test datafiles where necessary for a specific test.
2013-11-09 - (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation:Darren Tucker
rather than testing and generating each key, call ssh-keygen -A. Patch from vinschen at redhat.com.
2013-11-09 - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platformDarren Tucker
and pass in TEST_ENV. Unknown options cause stderr to get polluted and the stderr-data test to fail.
2013-11-08 - (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compileDarren Tucker
warnings.
2013-11-08 - (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256.Darren Tucker
2013-11-08 - (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually haveDarren Tucker
EVP_sha256.
2013-11-08 - (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation ofDarren Tucker
arc4random_stir for platforms that have arc4random but don't have arc4random_stir (right now this is only OpenBSD -current).
2013-11-08 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Update version numbers following release.
2013-11-08 - djm@cvs.openbsd.org 2013/11/08 01:38:11Damien Miller
[version.h] openssh-6.4
2013-11-08 - djm@cvs.openbsd.org 2013/11/08 00:39:15Damien Miller
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c] [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c] [sftp-client.c sftp-glob.c] use calloc for all structure allocations; from markus@
2013-11-08 - dtucker@cvs.openbsd.org 2013/11/07 11:58:27Damien Miller
[cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c] Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
2013-11-08 - dtucker@cvs.openbsd.org 2013/11/08 01:06:14Darren Tucker
[regress/rekey.sh] Rekey less frequently during tests to speed them up
2013-11-07 - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environmentDarren Tucker
variable. It's no longer used now that we get the supported MACs from ssh -Q.
2013-11-07 - dtucker@cvs.openbsd.org 2013/11/07 04:26:56Darren Tucker
[regress/kextype.sh] trailing space
2013-11-07 - dtucker@cvs.openbsd.org 2013/11/07 03:55:41Darren Tucker
[regress/kextype.sh] Use ssh -Q to get kex types instead of a static list.
2013-11-07 - dtucker@cvs.openbsd.org 2013/11/07 02:48:38Darren Tucker
[regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh] Use ssh -Q instead of hardcoding lists of ciphers or MACs.
2013-11-07 - dtucker@cvs.openbsd.org 2013/11/07 01:12:51Darren Tucker
[regress/rekey.sh] Factor out the data transfer rekey tests
2013-11-07 - dtucker@cvs.openbsd.org 2013/11/07 00:12:05Darren Tucker
[regress/rekey.sh] Test rekeying for every Cipher, MAC and KEX, plus test every KEX with the GCM ciphers.
2013-11-07 - dtucker@cvs.openbsd.org 2013/11/04 12:27:42Darren Tucker
[regress/rekey.sh] Test rekeying with all KexAlgorithms.
2013-11-07 - markus@cvs.openbsd.org 2013/11/02 22:39:53Darren Tucker
[regress/kextype.sh] add curve25519-sha256@libssh.org
2013-11-07 - djm@cvs.openbsd.org 2013/10/09 23:44:14Darren Tucker
[regress/Makefile] (ID sync only) regression test for sftp request white/blacklisting and readonly mode.
2013-11-07 - djm@cvs.openbsd.org 2013/11/06 23:05:59Damien Miller
[ssh-pkcs11.c] from portable: s/true/true_val/ to avoid name collisions on dump platforms RCSID sync only