summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-12-29 - dtucker@cvs.openbsd.org 2013/12/19 00:19:12Damien Miller
[serverloop.c] Cast client_alive_interval to u_int64_t before assinging to max_time_milliseconds to avoid potential integer overflow in the timeout. bz#2170, patch from Loganaden Velvindron, ok djm@
2013-12-29 - djm@cvs.openbsd.org 2013/12/19 00:10:30Damien Miller
[ssh-add.c] skip requesting smartcard PIN when removing keys from agent; bz#2187 patch from jay AT slushpupie.com; ok dtucker
2013-12-29 - (djm) [loginrec.c] Check for username truncation when looking up lastlogDamien Miller
entries
2013-12-2120131221Darren Tucker
- (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
2013-12-19 - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().Darren Tucker
Patch from Loganaden Velvindron.
2013-12-19 - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versionsDarren Tucker
greater than 11 either rather than just 11. Patch from Tomas Kuthan.
2013-12-18 - markus@cvs.openbsd.org 2013/12/17 10:36:38Damien Miller
[crypto_api.h] I've assempled the header file by cut&pasting from generated headers and the source files.
2013-12-18 - djm@cvs.openbsd.org 2013/12/15 21:42:35Damien Miller
[cipher-chachapoly.c] add some comments and constify a constant
2013-12-18 - pascal@cvs.openbsd.org 2013/12/15 18:17:26Damien Miller
[ssh-add.c] Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page. ok markus@
2013-12-18 - markus@cvs.openbsd.org 2013/12/09 11:08:17Damien Miller
[crypto_api.h] remove unused defines
2013-12-18 - markus@cvs.openbsd.org 2013/12/09 11:03:45Damien Miller
[blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h] [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Add Authors for the public domain ed25519/nacl code. see also http://nacl.cr.yp.to/features.html All of the NaCl software is in the public domain. and http://ed25519.cr.yp.to/software.html The Ed25519 software is in the public domain.
2013-12-18 - dtucker@cvs.openbsd.org 2013/12/08 09:53:27Damien Miller
[sshd_config.5] Use a literal for the default value of KEXAlgorithms. ok deraadt jmc
2013-12-18 - naddy@cvs.openbsd.org 2013/12/07 11:58:46Damien Miller
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] [ssh_config.5 sshd.8 sshd_config.5] add missing mentions of ed25519; ok djm@
2013-12-18 - djm@cvs.openbsd.org 2013/12/07 08:08:26Damien Miller
[ssh-keygen.1] document -a and -o wrt new key format
2013-12-08 - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh]Damien Miller
[regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid filesystem before running agent-ptrace.sh; ok dtucker
2013-12-08 - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from CorinnaDamien Miller
Vinschen
2013-12-07 - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; fromDamien Miller
Loganaden Velvindron @ AfriNIC in bz#2179
2013-12-07 - (djm) [regress/cert-hostkey.sh] Fix merge botchDamien Miller
2013-12-07 - markus@cvs.openbsd.org 2013/12/06 13:52:46Damien Miller
[regress/Makefile regress/agent.sh regress/cert-hostkey.sh] [regress/cert-userkey.sh regress/keytype.sh] test ed25519 support; from djm@
2013-12-07 - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]Damien Miller
[openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on Linux
2013-12-07 - [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]Damien Miller
[openbsd-compat/blf.h openbsd-compat/blowfish.c] [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in portable.
2013-12-07 - [authfile.c] Conditionalise inclusion of util.hDamien Miller
2013-12-07 - [Makefile.in] Add ed25519 sourcesDamien Miller
2013-12-07 - djm@cvs.openbsd.org 2013/12/07 00:19:15Damien Miller
[key.c] set k->cert = NULL after freeing it
2013-12-07 - [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]Damien Miller
[ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
2013-12-07 - jmc@cvs.openbsd.org 2013/12/06 15:29:07Damien Miller
[sshd.8] missing comma;
2013-12-07 - markus@cvs.openbsd.org 2013/12/06 13:39:49Damien Miller
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c] [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c] [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c] [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c] [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c] support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
2013-12-07 - markus@cvs.openbsd.org 2013/12/06 13:34:54Damien Miller
[authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c] [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
2013-12-07 - markus@cvs.openbsd.org 2013/12/06 13:30:08Damien Miller
[authfd.c key.c key.h ssh-agent.c] move private key (de)serialization to key.c; ok djm
2013-12-07 - djm@cvs.openbsd.org 2013/12/06 03:40:51Damien Miller
[ssh-keygen.c] remove duplicated character ('g') in getopt() string; document the (few) remaining option characters so we don't have to rummage next time.
2013-12-07 - djm@cvs.openbsd.org 2013/12/05 22:59:45Damien Miller
[sftp-client.c] fix memory leak in error path in do_readdir(); pointed out by Loganaden Velvindron @ AfriNIC in bz#2163
2013-12-05 - djm@cvs.openbsd.org 2013/12/05 01:16:41Damien Miller
[servconf.c servconf.h] bz#2161 - fix AuthorizedKeysCommand inside a Match block and rearrange things so the same error is harder to make next time; with and ok dtucker@
2013-12-05 - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correctDarren Tucker
-L location for libedit. Patch from Serge van den Boom.
2013-12-05 - djm@cvs.openbsd.org 2013/12/04 04:20:01Damien Miller
[sftp-client.c] bz#2171: don't leak local_fd on error; from Loganaden Velvindron @ AfriNIC
2013-12-05 - djm@cvs.openbsd.org 2013/12/02 03:13:14Damien Miller
[cipher.c] correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC Also make it a memset for consistency with the rest of cipher.c
2013-12-05 - djm@cvs.openbsd.org 2013/12/02 03:09:22Damien Miller
[key.c] make key_to_blob() return a NULL blob on failure; part of bz#2175 from Loganaden Velvindron @ AfriNIC
2013-12-05 - djm@cvs.openbsd.org 2013/12/02 02:56:17Damien Miller
[ssh-pkcs11-helper.c] use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
2013-12-05 - djm@cvs.openbsd.org 2013/12/02 02:50:27Damien Miller
[PROTOCOL.chacha20poly1305] typo; from Jon Cave
2013-12-05 - djm@cvs.openbsd.org 2013/12/01 23:19:05Damien Miller
[PROTOCOL] mention curve25519-sha256@libssh.org key exchange algorithm
2013-12-05 - deraadt@cvs.openbsd.org 2013/11/26 19:15:09Damien Miller
[pkcs11.h] cleanup 1 << 31 idioms. Resurrection of this issue pointed out by Eitan Adler ok markus for ssh, implies same change in kerberosV
2013-12-05 - jmc@cvs.openbsd.org 2013/11/26 12:14:54Damien Miller
[ssh.1 ssh.c] - put -Q in the right place - Ar was a poor choice for the arguments to -Q. i've chosen an admittedly equally poor Cm, at least consistent with the rest of the docs. also no need for multiple instances - zap a now redundant Nm - usage() sync
2013-12-05 - deraadt@cvs.openbsd.org 2013/11/25 18:04:21Damien Miller
[ssh.1 ssh.c] improve -Q usage and such. One usage change is that the option is now case-sensitive ok dtucker markus djm
2013-12-05 - jmc@cvs.openbsd.org 2013/11/21 08:05:09Damien Miller
[ssh_config.5 sshd_config.5] no need for .Pp before displays;
2013-11-21 - djm@cvs.openbsd.org 2013/11/21 03:18:51Damien Miller
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh] [regress/try-ciphers.sh] use new "ssh -Q cipher-auth" query to obtain lists of authenticated encryption ciphers instead of specifying them manually; ensures that the new chacha20poly1305@openssh.com mode is tested; ok markus@ and naddy@ as part of the diff to add chacha20poly1305@openssh.com
2013-11-21 - djm@cvs.openbsd.org 2013/11/21 03:16:47Damien Miller
[regress/modpipe.c] use unsigned long long instead of u_int64_t here to avoid warnings on some systems portable OpenSSH is built on.
2013-11-21 - djm@cvs.openbsd.org 2013/11/21 03:15:46Damien Miller
[regress/krl.sh] add some reminders for additional tests that I'd like to implement
2013-11-21 - naddy@cvs.openbsd.org 2013/11/18 05:09:32Damien Miller
[regress/forward-control.sh] bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164) to successfully run this; ok djm@ (ID sync only; our timeouts are already longer)
2013-11-21 - djm@cvs.openbsd.org 2013/11/21 00:45:44Damien Miller
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
2013-11-21 - deraadt@cvs.openbsd.org 2013/11/20 20:54:10Damien Miller
[canohost.c clientloop.c match.c readconf.c sftp.c] unsigned casts for ctype macros where neccessary ok guenther millert markus
2013-11-21 - deraadt@cvs.openbsd.org 2013/11/20 20:53:10Damien Miller
[scp.c] unsigned casts for ctype macros where neccessary ok guenther millert markus