Age | Commit message (Collapse) | Author |
|
[bufaux.c bufaux.h packet.c]
buffer_get_bignum: int -> void
|
|
[auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
packet_get_bignum* no longer returns a size
|
|
- markus@cvs.openbsd.org 2001/12/28 12:14:27
[auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
s/packet_done/packet_check_eom/ (end-of-message); ok djm@
with 47 more patchsets to go, I am not going to back out all the files for
the sake of a commit message...
|
|
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
|
|
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
|
|
[auth1.c auth.h auth-rh-rsa.c]
auth_rhosts_rsa now accept generic keys.
|
|
[dh.c kexdh.c kexgex.c]
always use BN_clear_free instead of BN_free
|
|
[authfile.c]
missing include
|
|
[sshd.8]
clarify -p; ok markus@
|
|
[auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
call fatal() for openssl allocation failures
|
|
[ssh-keygen.c]
-t is only needed for key generation (unbreaks -i, -e, etc).
|
|
[auth1.c]
be more carefull on allocation
|
|
[key.c]
be more careful on allocation
|
|
[ssh-add.c]
try all listed keys.. how did this get broken?
(oops - that was me)
|
|
[serverloop.c]
remove ifdef for USE_PIPES since fdin != fdout; ok djm@
|
|
[ssh-add.1 ssh-add.c]
Try all standard key files (id_rsa, id_dsa, identity) when invoked with
no arguments; ok markus@
|
|
[readpass.c]
Avoid interruptable passphrase read; ok markus@
|
|
[ssh-keygen.1 ssh-keygen.c]
Remove default (rsa1) key type; ok markus@
|
|
|
|
- Add OpenSSL sanity check: verify that header version matches version
reported by library
|
|
|
|
- We don't support --without-zlib currently, so don't allow it.
- Rework cryptographic random number support detection. We now detect
whether OpenSSL seeds itself. If it does, then we don't bother with
the ssh-rand-helper program. You can force the use of ssh-rand-helper
using the --with-rand-helper configure argument
- Simplify and clean up ssh-rand-helper configuration
|
|
- Reduce quantity of ifdef code, in preparation for ssh_rand_conf
- Always seed from system calls, even when doing PRNGd seeding
- Tidy and comment #define knobs
- Remove unused facility for multiple runs through command list
- KNF, cleanup, update copyright
|
|
|
|
not depend on transition links. from Lutz Jaenicke.
|
|
fixed env var size limit in the process. Report from Corinna Vinschen
<vinschen@redhat.com>
|
|
for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u".
|
|
|
|
|
|
Roger Cornelius <rac@tenzing.org>
|
|
|
|
|
|
|
|
<vinschen@redhat.com>
|
|
<vinschen@redhat.com> Could be abused to guess valid usernames
|
|
make programs.
|
|
portable lib and __progname support for ssh-rand-helper; ok djm@
|
|
|
|
was not being maintained.
|
|
solar@openwall.com
- (djm) Rework entropy code. If the OpenSSL PRNG is has not been
internally seeded, execute a subprogram "ssh-rand-helper" to obtain
some entropy for us. Rewrite the old in-process entropy collecter as
an example ssh-rand-helper.
- (djm) Always perform ssh_prng_cmds path lookups in configure, even if
we don't end up using ssh_prng_cmds (so we always get a valid file)
|
|
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
[dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
[sshconnect2.c]
Conformance fix: we should send failing packet sequence number when
responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
yakk@yakk.dot.net; ok markus@
|
|
[channels.c channels.h session.c]
setup x11 listen socket for just one connect if the client requests so.
(v2 only, but the openssh client does not support this feature).
|
|
[authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c]
change the buffer/packet interface to use void* vs. char*; ok markus@
|
|
[serverloop.c]
fix race between SIGCHLD and select with an additional pipe. writing
to the pipe on SIGCHLD wakes up select(). using pselect() is not
portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
initial idea by pmenage@ensim.com; ok deraadt@, djm@
|
|
|
|
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
|
|
[auth-rsa.c]
log fingerprint on successful public key authentication, simplify usage of key structs; ok markus@
|
|
[auth2.c]
log fingerprint on successful public key authentication; ok markus@
|
|
[auth.h hostfile.c hostfile.h]
remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@
|
|
[ssh-keyscan.c]
check that server supports v1 for -t rsa1, report from wirth@dfki.de
|