summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-02-12 - djm@cvs.openbsd.org 2013/02/08 00:41:12Damien Miller
[sftp.c] fix NULL deref when built without libedit and control characters entered as command; debugging and patch from Iain Morgan an Loganaden Velvindron in bz#1956
2013-02-12 - dtucker@cvs.openbsd.org 2013/02/06 00:22:21Damien Miller
[auth.c] Fix comment, from jfree.e1 at gmail
2013-02-12 - dtucker@cvs.openbsd.org 2013/02/06 00:20:42Damien Miller
[servconf.c sshd_config sshd_config.5] Change default of MaxStartups to 10:30:100 to start doing random early drop at 10 connections up to 100 connections. This will make it harder to DoS as CPUs have come a long way since the original value was set back in 2000. Prompted by nion at debian org, ok markus@
2013-02-12 - djm@cvs.openbsd.org 2013/01/27 10:06:12Damien Miller
[krl.c] actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
2013-02-12 - djm@cvs.openbsd.org 2013/01/26 06:11:05Damien Miller
[Makefile.in acss.c acss.h cipher-acss.c cipher.c] [openbsd-compat/openssl-compat.h] remove ACSS, now that it is gone from libcrypto too
2013-02-12 - djm@cvs.openbsd.org 2013/01/25 10:22:19Damien Miller
[krl.c] redo last commit without the vi-vomit that snuck in: skip serial lookup when cert's serial number is zero (now with 100% better comment)
2013-02-12 - krw@cvs.openbsd.org 2013/01/25 05:00:27Damien Miller
[krl.c] Revert last. Breaks due to likely typo. Let djm@ fix later. ok djm@ via dlg@
2013-02-12 - djm@cvs.openbsd.org 2013/01/24 22:08:56Damien Miller
[krl.c] skip serial lookup when cert's serial number is zero
2013-02-12 - (djm) OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2013/01/24 21:45:37 [krl.c] fix handling of (unused) KRL signatures; skip string in correct buffer
2013-02-11 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on oldDamien Miller
libcrypto that lacks EVP_CIPHER_CTX_ctrl
2013-02-08 - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allowsDarren Tucker
__attribute__ on return values and work around if necessary. ok djm@
2013-02-08 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer;Damien Miller
patch from Iain Morgan in bz#2059
2013-02-07 - (djm) [configure.ac] Don't probe seccomp capability of running kernelDamien Miller
at configure time; the seccomp sandbox will fall back to rlimit at runtime anyway. Patch from plautrba AT redhat.com in bz#2011
2013-01-20 - (djm) [regress/krl.sh] replacement for jot; most platforms lack itDamien Miller
2013-01-20 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newerDamien Miller
version.
2013-01-20 - markus@cvs.openbsd.org 2013/01/19 12:34:55Damien Miller
[krl.c] RB_INSERT does not remove existing elments; ok djm@
2013-01-20 - jmc@cvs.openbsd.org 2013/01/19 07:13:25Damien Miller
[ssh-keygen.1] fix some formatting; ok djm
2013-01-20 - jmc@cvs.openbsd.org 2013/01/18 21:48:43Damien Miller
[ssh-keygen.1] command-line (adj.) -> command line (n.);
2013-01-20 - jmc@cvs.openbsd.org 2013/01/18 08:39:04Damien Miller
[ssh-keygen.1] add -Q to the options list; ok djm
2013-01-20 - jmc@cvs.openbsd.org 2013/01/18 08:00:49Damien Miller
[sshd_config.5] tweak previous;
2013-01-20 - jmc@cvs.openbsd.org 2013/01/18 07:59:46Damien Miller
[ssh-keygen.c] -u before -V in usage();
2013-01-20 - jmc@cvs.openbsd.org 2013/01/18 07:57:47Damien Miller
[ssh-keygen.1] tweak previous;
2013-01-20 - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h]Damien Miller
Move prototypes for replacement ciphers to openssl-compat.h; fix EVP prototypes for openssl-1.0.0-fips.
2013-01-18 - djm@cvs.openbsd.org 2013/01/18 03:00:32Damien Miller
[krl.c] fix KRL generation bug for list sections
2013-01-18 - djm@cvs.openbsd.org 2013/01/18 00:45:29Damien Miller
[regress/Makefile regress/cert-userkey.sh regress/krl.sh] Tests for Key Revocation Lists (KRLs)
2013-01-18 - djm@cvs.openbsd.org 2013/01/17 23:00:01Damien Miller
[auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5] [krl.c krl.h PROTOCOL.krl] add support for Key Revocation Lists (KRLs). These are a compact way to represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@
2013-01-17 - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]Damien Miller
check for GCM support before testing GCM ciphers.
2013-01-12 - (djm) [regress/integrity.sh] repair botched mergeDamien Miller
2013-01-12 - djm@cvs.openbsd.org 2013/01/12 11:23:53Damien Miller
[regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] test AES-GCM modes; feedback markus@
2013-01-12 - djm@cvs.openbsd.org 2013/01/12 11:22:04Damien Miller
[cipher.c] improve error message for integrity failure in AES-GCM modes; ok markus@
2013-01-09 - djm@cvs.openbsd.org 2013/01/09 05:40:17Damien Miller
[ssh-keygen.c] correctly initialise fingerprint type for fingerprinting PKCS#11 keys
2013-01-09 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]Damien Miller
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little cipher compat code to openssl-compat.h
2013-01-09 - markus@cvs.openbsd.org 2013/01/08 18:49:04Damien Miller
[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c] [myproposal.h packet.c ssh_config.5 sshd_config.5] support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
2013-01-09 - jmc@cvs.openbsd.org 2013/01/04 19:26:38Damien Miller
[sftp-server.8 sftp-server.c] sftp-server.8: add argument name to -d sftp-server.c: add -d to usage() ok djm
2013-01-09 - djm@cvs.openbsd.org 2013/01/03 23:22:58Damien Miller
[ssh-keygen.c] allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ... ok markus@
2013-01-09 - djm@cvs.openbsd.org 2013/01/03 12:54:49Damien Miller
[sftp-server.8 sftp-server.c] allow specification of an alternate start directory for sftp-server(8) "I like this" markus@
2013-01-09 - djm@cvs.openbsd.org 2013/01/03 12:49:01Damien Miller
[PROTOCOL] fix description of MAC calculation for EtM modes; ok markus@
2013-01-09 - djm@cvs.openbsd.org 2013/01/03 05:49:36Damien Miller
[servconf.h] add a couple of ServerOptions members that should be copied to the privsep child (for consistency, in this case they happen only to be accessed in the monitor); ok dtucker@
2013-01-09 - djm@cvs.openbsd.org 2013/01/02 00:33:49Damien Miller
[PROTOCOL.agent] correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED bz#2051 from david AT lechnology.com
2013-01-09 - djm@cvs.openbsd.org 2013/01/02 00:32:07Damien Miller
[clientloop.c mux.c] channel_setup_local_fwd_listener() returns 0 on failure, not -ve bz#2055 reported by mathieu.lacage AT gmail.com
2013-01-09 - dtucker@cvs.openbsd.org 2012/12/14 05:26:43Damien Miller
[auth.c] use correct string in error message; from rustybsd at gmx.fr
2012-12-17 - (dtucker) [Makefile.in] Add some scaffolding so that the new regressDarren Tucker
tests will work with VPATH directories.
2012-12-13 - (djm) [cipher.c] Fix missing prototype for compat codeDamien Miller
2012-12-13 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain ourDamien Miller
compat code for older OpenSSL
2012-12-13 - markus@cvs.openbsd.org 2012/12/12 16:45:52Damien Miller
[packet.c] reset incoming_packet buffer for each new packet in EtM-case, too; this happens if packets are parsed only parially (e.g. ignore messages sent when su/sudo turn off echo); noted by sthen/millert
2012-12-12 - (djm) [regress/Makefile] fix t-exec ruleDamien Miller
2012-12-12- (djm) [regress/integrity.sh] Fix awk quoting, packet length skipDamien Miller
2012-12-12 - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh testDamien Miller
work on platforms without 'jot'
2012-12-12 - (djm) [mac.c] fix merge botchDamien Miller
2012-12-12 - markus@cvs.openbsd.org 2012/12/11 23:12:13Damien Miller
[try-ciphers.sh] add hmac-ripemd160-etm@openssh.com