Age | Commit message (Collapse) | Author |
|
[clientloop.c compat.c compat.h]
add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
|
|
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
sshconnect2.c sshd.c]
fix whitespace: unexpand + trailing spaces.
|
|
[version.h]
temporary version 2.5.4 (supports rekeying).
this is not an official release.
|
|
[compress.c compress.h packet.c]
reset compress state per direction when rekeying.
|
|
[compat.c]
2.3.x does old GEX, too; report jakob@
|
|
|
|
BROKEN_VHANGUP
|
|
[dh.c kex.c packet.c]
clear+free keys,iv for rekeying.
+ fix DH mem leaks. ok niels@
|
|
[kex.c kexgex.c serverloop.c]
parse full kexinit packet.
make server-side more robust, too.
|
|
[auth2.c]
we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
|
|
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
sshconnect2.c sshd.c]
more robust rekeying
don't send channel data after rekeying is started.
|
|
[compat.c]
f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
|
|
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
enable server side rekeying + some rekey related clientup.
todo: we should not send any non-KEX messages after we send KEXINIT
|
|
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
don't sent multiple kexinit-requests.
send newkeys, block while waiting for newkeys.
fix comments.
|
|
|
|
[clientloop.c sshconnect2.c]
enable client rekeying
(1) force rekeying with ~R, or
(2) if the server requests rekeying.
works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
|
|
[kex.c kex.h packet.c sshconnect2.c sshd.c]
undo parts of recent my changes: main part of keyexchange does not
need dispatch-callbacks, since application data is delayed until
the keyexchange completes (if i understand the drafts correctly).
add some infrastructure for re-keying.
|
|
[ssh_config]
id_rsa1/2 -> id_rsa; ok markus@
|
|
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
move kex to kex*.c, used dispatch_set() callbacks for kex. should
make rekeying easier.
|
|
[sftp-glob.c ssh-agent.c ssh-keygen.c]
free() -> xfree()
|
|
[ssh-agent.1]
grammar; slade@shore.net
|
|
shutdown(SHUT_RD) error() bypass for HP-UX.
|
|
[readconf.c servconf.c]
correct comment; ok markus@
|
|
[sshd.8]
typo; ok markus@
|
|
|
|
|
|
|
|
- djm@cvs.openbsd.org 2001/03/29 23:42:01
[sshd.c]
Protocol 1 key regeneration log => verbose, some KNF; ok markus@
|
|
- markus@cvs.openbsd.org 2001/03/29 21:17:40
[dh.c dh.h kex.c kex.h]
prepare for rekeying: move DH code to dh.c
|
|
- stevesk@cvs.openbsd.org 2001/03/29 21:06:21
[sshconnect2.c sshd.c]
need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
|
|
- provos@cvs.openbsd.org 2001/03/29 14:24:59
[sshconnect2.c]
use recommended defaults
|
|
- markus@cvs.openbsd.org 2001/03/28 22:43:31
[auth.h auth2.c auth2-chall.c]
check auth_root_allowed for kbd-int auth, too.
|
|
- provos@cvs.openbsd.org 2001/03/28 22:04:57
[dh.c]
more sanity checking on primes file
|
|
- provos@cvs.openbsd.org 2001/03/28 21:59:41
[kex.c kex.h sshconnect2.c sshd.c]
forgot to include min and max params in hash, okay markus@
|
|
|
|
[sshd.c]
call refuse() before close(); from olemx@ans.pl
|
|
[scp.c]
usage more like rcp and add missing -B to usage; ok markus@
|
|
[scp.c]
start to sync scp closer to rcp; ok markus@
|
|
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
make dh group exchange more flexible, allow min and max group size,
okay markus@, deraadt@
|
|
[compat.c compat.h ssh-rsa.c]
some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
signatures in SSH protocol 2, ok djm@
|
|
[ssh-rsa.c sshd.c]
use EVP_get_digestbynid, reorder some calls and fix missing free.
|
|
[rsa.c rsa.h ssh-agent.c ssh-keygen.c]
try to read private f-secure ssh v2 rsa keys.
|
|
[authfile.c]
KNF
|
|
[ssh.1]
document more defaults; misc. cleanup. ok markus@
|
|
|
|
doesn't work because of conflicts between krbIV's and OpenSSL's des.h
|
|
fix from Philippe Levan <levan@epix.net>
|
|
resolve linking conflicts with libcrypto. Report and suggested fix
from Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
|
|
memberships) after initgroups() blows them away. Report and suggested
fix from Nalin Dahyabhai <nalin@redhat.com>
|
|
|