1. 12 Jan, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/01/12 08:13:13 · 91b580e4
      Damien Miller authored
           [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
           [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
           avoid use of OpenSSL BIGNUM type and functions for KEX with
           Curve25519 by adding a buffer_put_bignum2_from_string() that stores
           a string using the bignum encoding rules. Will make it easier to
           build a reduced-feature OpenSSH without OpenSSL in the future;
           ok markus@
      91b580e4
  2. 03 Nov, 2013 2 commits
  3. 20 Jul, 2013 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2013/07/19 07:37:48 · 85b45e09
      Damien Miller authored
           [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
           [servconf.h session.c sshd.c sshd_config.5]
           add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
           or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
           ok djm@
      85b45e09
  4. 01 Jun, 2013 1 commit
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/17 00:13:13 · a627d42e
      Darren Tucker authored
           [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
           ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
           gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
           auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
           servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
           auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
           sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
           kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
           kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
           monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
           ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
           sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
           ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
           dns.c packet.c readpass.c authfd.c moduli.c]
           bye, bye xfree(); ok markus@
      a627d42e
  5. 20 Nov, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/11/10 01:33:07 · 4499f4cc
      Damien Miller authored
           [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
           use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
           these have been around for years by this time. ok markus
      4499f4cc
  6. 26 Feb, 2010 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Sync · 0a80ca19
      Damien Miller authored
         - djm@cvs.openbsd.org 2010/02/26 20:29:54
           [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
           [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
           [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
           [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
           [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
           [sshconnect2.c sshd.8 sshd.c sshd_config.5]
           Add support for certificate key types for users and hosts.
      
           OpenSSH certificate key types are not X.509 certificates, but a much
           simpler format that encodes a public key, identity information and
           some validity constraints and signs it with a CA key. CA keys are
           regular SSH keys. This certificate style avoids the attack surface
           of X.509 certificates and is very easy to deploy.
      
           Certified host keys allow automatic acceptance of new host keys
           when a CA certificate is marked as sh/known_hosts.
           see VERIFYING HOST KEYS in ssh(1) for details.
      
           Certified user keys allow authentication of users when the signing
           CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
           FILE FORMAT" in sshd(8) for details.
      
           Certificates are minted using ssh-keygen(1), documentation is in
           the "CERTIFICATES" section of that manpage.
      
           Documentation on the format of certificates is in the file
           PROTOCOL.certkeys
      
           feedback and ok markus@
      0a80ca19
  7. 21 Jun, 2009 1 commit
  8. 07 Nov, 2006 1 commit
    • Darren Tucker's avatar
      - markus@cvs.openbsd.org 2006/11/06 21:25:28 · 0bc85579
      Darren Tucker authored
           [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
           ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
           add missing checks for openssl return codes; with & ok djm@
      0bc85579
  9. 04 Nov, 2006 1 commit
  10. 01 Sep, 2006 1 commit
    • Damien Miller's avatar
      - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] · ded319cc
      Damien Miller authored
         [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
         [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
         [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
         [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
         [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
         [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
         [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
         [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
         [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
         [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
         [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
         [openbsd-compat/port-uw.c]
         Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
         compile problems reported by rac AT tenzing.org
      ded319cc
  11. 05 Aug, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 · d7834353
      Damien Miller authored
           [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
           [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
           [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
           [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
           [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
           [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
           [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
           [serverloop.c session.c session.h sftp-client.c sftp-common.c]
           [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
           [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
           [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
           [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
           [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
           almost entirely get rid of the culture of ".h files that include .h files"
           ok djm, sort of ok stevesk
           makes the pain stop in one easy step
           NB. portable commit contains everything *except* removing includes.h, as
           that will take a fair bit more work as we move headers that are required
           for portability workarounds to defines.h. (also, this step wasn't "easy")
      d7834353
  12. 24 Jul, 2006 1 commit
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 · e3476ed0
      Damien Miller authored
           [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
           [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
           [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
           [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
           [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
           [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
           [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
           [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
           [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
           [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
           [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
           [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
           move #include <string.h> out of includes.h
      e3476ed0
  13. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 13:17:03 · 57c30117
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
           [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
           [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
           [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
           [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
           [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
           [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
           [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
           [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
           [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
           [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
           [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
           [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
           [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c]
           Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
           Theo nuked - our scripts to sync -portable need them in the files
      57c30117
  14. 25 Mar, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 · b0fb6872
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
           [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
           [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
           [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
           [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
           [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
           [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
           [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
           [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
           [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
           [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
           [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
           [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
           [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
           [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
           [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
           [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
           RCSID() can die
      b0fb6872
  15. 05 Nov, 2005 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2005/11/04 05:15:59 · 19bb3a57
      Damien Miller authored
           [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
           remove hardcoded hash lengths in key exchange code, allowing
           implementation of KEX methods with different hashes (e.g. SHA-256);
           ok markus@ dtucker@ stevesk@
      19bb3a57
  16. 15 Jun, 2004 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2004/06/13 12:53:24 · f675fc49
      Damien Miller authored
           [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
           [ssh-keyscan.c sshconnect2.c sshd.c]
           implement diffie-hellman-group14-sha1 kex method (trivial extension to
           existing diffie-hellman-group1-sha1); ok markus@
      f675fc49
  17. 24 Feb, 2003 1 commit