openssh.git -

Age	Commit message (Collapse)	Author
2019-11-25	upstream: redundant test	djm@openbsd.org
	OpenBSD-Commit-ID: 38fa7806c528a590d91ae560e67bd8b246c2d7a3
2019-11-25	upstream: add a "no-touch-required" option for authorized_keys and	djm@openbsd.org
	a similar extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
2019-11-25	upstream: Add a sshd_config PubkeyAuthOptions directive	djm@openbsd.org
	This directive has a single valid option "no-touch-required" that causes sshd to skip checking whether user presence was tested before a security key signature was made (usually by the user touching the key). ok markus@ OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de
2019-11-25	upstream: Add new structure for signature options	djm@openbsd.org
	This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
2019-11-20	upstream: a little more information from the monitor when signature	djm@openbsd.org
	verification fails. OpenBSD-Commit-ID: e6a30071e0518cac512f9e10be3dc3500e2003f3
2019-11-01	upstream: Refactor signing - use sshkey_sign for everything,	djm@openbsd.org
	including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
2019-10-09	upstream: reversed test yielded incorrect debug message	djm@openbsd.org
	OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3
2019-10-09	wrap stdint.h include in HAVE_STDINT_H	Damien Miller
	make the indenting a little more consistent too.. Fixes Solaris 2.6; reported by Tom G. Christensen
2019-07-05	upstream: When system calls indicate an error they return -1, not	deraadt@openbsd.org
	some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-01-21	upstream: rename kex->kem_client_pub -> kex->client_pub now that	djm@openbsd.org
	KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
2019-01-21	upstream: use KEM API for vanilla ECDH	djm@openbsd.org
	from markus@ ok djm@ OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
2019-01-21	upstream: use KEM API for vanilla DH KEX	djm@openbsd.org
	from markus@ ok djm@ OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
2019-01-21	upstream: use KEM API for vanilla c25519 KEX	djm@openbsd.org
	OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
2019-01-21	upstream: Add support for a PQC KEX/KEM:	djm@openbsd.org
	sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
2019-01-20	last bits of old packet API / active_state global	Damien Miller

2019-01-20	remove PAM dependencies on old packet API	Damien Miller
	Requires some caching of values, because the PAM code isn't always called with packet context.
2019-01-20	upstream: remove last references to active_state	djm@openbsd.org
	with & ok markus@ OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
2019-01-20	upstream: convert monitor.c to new packet API	djm@openbsd.org
	with & ok markus@ OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5
2019-01-20	upstream: convert auth.c to new packet API	djm@openbsd.org
	with & ok markus@ OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
2019-01-20	upstream: begin landing remaining refactoring of packet parsing	djm@openbsd.org
	API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2018-11-16	upstream: fix bug in HostbasedAcceptedKeyTypes and	djm@openbsd.org
	PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were specified, then authentication would always fail for RSA keys as the monitor checks only the base key (not the signature algorithm) type against *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b
2018-09-13	adapt -portable to OpenSSL 1.1x API	Damien Miller
	Polyfill missing API with replacement functions extracted from LibreSSL
2018-09-13	upstream: hold our collective noses and use the openssl-1.1.x API in	djm@openbsd.org
	OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
2018-07-31	Remove support for S/Key	Damien Miller
	Most people will 1) be using modern multi-factor authentication methods like TOTP/OATH etc and 2) be getting support for multi-factor authentication via PAM or BSD Auth.
2018-07-20	upstream: remove unused zlib.h	djm@openbsd.org
	OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1
2018-07-12	upstream: remove legacy key emulation layer; ok djm@	markus@openbsd.org
	OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-11	Supply some more missing "int r" in skey	Darren Tucker

2018-07-11	Supply missing "int r" in skey code.	Darren Tucker

2018-07-10	Adapt portable to legacy buffer API removal	Damien Miller

2018-07-10	upstream: kerberos/gssapi fixes for buffer removal	djm@openbsd.org
	OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
2018-07-10	upstream: sshd: switch monitor to sshbuf API; lots of help & ok	markus@openbsd.org
	djm@ OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48
2018-07-10	upstream: sshd: switch authentication to sshbuf API; ok djm@	markus@openbsd.org
	OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
2018-07-10	upstream: sshd: switch loginmsg to sshbuf API; ok djm@	markus@openbsd.org
	OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
2018-03-03	upstream: switch over to the new authorized_keys options API and	djm@openbsd.org
	remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-02-07	upstream commit	tb@openbsd.org
	Add a couple of non-negativity checks to avoid close(-1). ok djm OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880
2018-01-23	upstream commit	djm@openbsd.org
	Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2017-12-21	upstream commit	djm@openbsd.org
	revert stricter key type / signature type checking in userauth path; too much software generates inconsistent messages, so we need a better plan. OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519
2017-12-19	upstream commit	djm@openbsd.org
	pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
2017-10-20	upstream commit	djm@openbsd.org
	replace statically-sized arrays in ServerOptions with dynamic ones managed by xrecallocarray, removing some arbitrary (though large) limits and saving a bit of memory; "much nicer" markus@ Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
2017-10-03	upstream commit	djm@openbsd.org
	Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@ Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c
2017-09-12	upstream commit	djm@openbsd.org
	refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-06-24	upstream commit	djm@openbsd.org
	refactor authentication logging optionally record successful auth methods and public credentials used in a file accessible to user sessions feedback and ok markus@ Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
2017-06-01	upstream commit	markus@openbsd.org
	use SO_ZEROIZE for privsep communication (if available) Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62
2017-06-01	upstream commit	markus@openbsd.org
	clear session keys from memory; ok djm@ Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f
2017-05-31	upstream commit	markus@openbsd.org
	switch auth2-pubkey.c to modern APIs; with & ok djm@ Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07
2017-05-31	upstream commit	markus@openbsd.org
	switch from Key typedef with struct sshkey; ok djm@ Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
2017-02-04	upstream commit	djm@openbsd.org
	use ssh_packet_set_log_preamble() to include connection username in packet log messages, e.g. Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] ok markus@ bz#113 Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
2016-09-29	upstream commit	djm@openbsd.org
	Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years. Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
2016-09-12	upstream commit	djm@openbsd.org
	enforce expected request flow for GSSAPI calls; thanks to Jakub Jelen for testing; ok markus@ Upstream-ID: d4bc0e70e1be403735d3d9d7e176309b1fd626b9
2016-08-31	tighten PAM monitor calls	Damien Miller
	only allow kbd-interactive ones when that authentication method is enabled. Prompted by Solar Designer