1. 09 Jan, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/01/09 23:20:00 · b3051d01
      Damien Miller authored
           [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
           [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
           [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
           [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
           Introduce digest API and use it to perform all hashing operations
           rather than calling OpenSSL EVP_Digest* directly. Will make it easier
           to build a reduced-feature OpenSSH without OpenSSL in future;
           feedback, ok markus@
      b3051d01
  2. 29 Dec, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/12/27 22:30:17 · 3e19295c
      Damien Miller authored
           [ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
           make the original RSA and DSA signing/verification code look more like
           the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
           rather than tediously listing all variants, use __func__ for debug/
           error messages
      3e19295c
  3. 01 Jun, 2013 1 commit
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/17 00:13:13 · a627d42e
      Darren Tucker authored
           [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
           ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
           gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
           auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
           servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
           auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
           sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
           kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
           kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
           monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
           ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
           sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
           ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
           dns.c packet.c readpass.c authfd.c moduli.c]
           bye, bye xfree(); ok markus@
      a627d42e
  4. 31 Aug, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/31 09:58:37 · da108ece
      Damien Miller authored
           [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
           [packet.h ssh-dss.c ssh-rsa.c]
           Add buffer_get_cstring() and related functions that verify that the
           string extracted from the buffer contains no embedded \0 characters*
           This prevents random (possibly malicious) crap from being appended to
           strings where it would not be noticed if the string is used with
           a string(3) function.
      
           Use the new API in a few sensitive places.
      
           * actually, we allow a single one at the end of the string for now because
           we don't know how many deployed implementations get this wrong, but don't
           count on this to remain indefinitely.
      da108ece
  5. 16 Apr, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/04/16 01:47:26 · 4e270b05
      Damien Miller authored
           [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
           [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
           [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
           [sshconnect.c sshconnect2.c sshd.c]
           revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
           following changes:
      
           move the nonce field to the beginning of the certificate where it can
           better protect against chosen-prefix attacks on the signature hash
      
           Rename "constraints" field to "critical options"
      
           Add a new non-critical "extensions" field
      
           Add a serial number
      
           The older format is still support for authentication and cert generation
           (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
      
           ok markus@
      4e270b05
  6. 26 Feb, 2010 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Sync · 0a80ca19
      Damien Miller authored
         - djm@cvs.openbsd.org 2010/02/26 20:29:54
           [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
           [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
           [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
           [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
           [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
           [sshconnect2.c sshd.8 sshd.c sshd_config.5]
           Add support for certificate key types for users and hosts.
      
           OpenSSH certificate key types are not X.509 certificates, but a much
           simpler format that encodes a public key, identity information and
           some validity constraints and signs it with a CA key. CA keys are
           regular SSH keys. This certificate style avoids the attack surface
           of X.509 certificates and is very easy to deploy.
      
           Certified host keys allow automatic acceptance of new host keys
           when a CA certificate is marked as sh/known_hosts.
           see VERIFYING HOST KEYS in ssh(1) for details.
      
           Certified user keys allow authentication of users when the signing
           CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
           FILE FORMAT" in sshd(8) for details.
      
           Certificates are minted using ssh-keygen(1), documentation is in
           the "CERTIFICATES" section of that manpage.
      
           Documentation on the format of certificates is in the file
           PROTOCOL.certkeys
      
           feedback and ok markus@
      0a80ca19
  7. 07 Nov, 2006 1 commit
    • Darren Tucker's avatar
      - markus@cvs.openbsd.org 2006/11/06 21:25:28 · 0bc85579
      Darren Tucker authored
           [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
           ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
           add missing checks for openssl return codes; with & ok djm@
      0bc85579
  8. 01 Sep, 2006 1 commit
    • Damien Miller's avatar
      - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] · ded319cc
      Damien Miller authored
         [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
         [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
         [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
         [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
         [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
         [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
         [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
         [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
         [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
         [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
         [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
         [openbsd-compat/port-uw.c]
         Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
         compile problems reported by rac AT tenzing.org
      ded319cc
  9. 05 Aug, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 · d7834353
      Damien Miller authored
           [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
           [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
           [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
           [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
           [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
           [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
           [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
           [serverloop.c session.c session.h sftp-client.c sftp-common.c]
           [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
           [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
           [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
           [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
           [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
           almost entirely get rid of the culture of ".h files that include .h files"
           ok djm, sort of ok stevesk
           makes the pain stop in one easy step
           NB. portable commit contains everything *except* removing includes.h, as
           that will take a fair bit more work as we move headers that are required
           for portability workarounds to defines.h. (also, this step wasn't "easy")
      d7834353
  10. 24 Jul, 2006 1 commit
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 · e3476ed0
      Damien Miller authored
           [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
           [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
           [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
           [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
           [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
           [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
           [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
           [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
           [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
           [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
           [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
           [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
           move #include <string.h> out of includes.h
      e3476ed0
  11. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 13:17:03 · 57c30117
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
           [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
           [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
           [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
           [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
           [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
           [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
           [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
           [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
           [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
           [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
           [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
           [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
           [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c]
           Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
           Theo nuked - our scripts to sync -portable need them in the files
      57c30117
  12. 25 Mar, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 · b0fb6872
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
           [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
           [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
           [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
           [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
           [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
           [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
           [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
           [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
           [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
           [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
           [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
           [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
           [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
           [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
           [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
           [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
           RCSID() can die
      b0fb6872
  13. 17 Nov, 2003 1 commit
    • Damien Miller's avatar
      - jakob@cvs.openbsd.org 2003/11/10 16:23:41 · f58b58ce
      Damien Miller authored
           [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
           [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
           [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
           constify. ok markus@ & djm@
      f58b58ce
  14. 24 Feb, 2003 1 commit
  15. 07 Jul, 2002 2 commits
  16. 23 Jun, 2002 1 commit
  17. 05 Mar, 2002 1 commit
  18. 26 Feb, 2002 1 commit
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2002/02/24 19:14:59 · 90fd814f
      Ben Lindstrom authored
           [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
            ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
           signed vs. unsigned: make size arguments u_int, ok stevesk@
      90fd814f
  19. 05 Feb, 2002 1 commit
  20. 22 Jan, 2002 1 commit
  21. 06 Dec, 2001 1 commit
  22. 12 Nov, 2001 1 commit
  23. 18 Sep, 2001 1 commit
  24. 09 Jun, 2001 1 commit
  25. 09 Feb, 2001 1 commit
  26. 05 Feb, 2001 2 commits
  27. 22 Jan, 2001 1 commit
    • Ben Lindstrom's avatar
      Hopefully things did not get mixed around too much. It compiles under · 226cfa03
      Ben Lindstrom authored
      Linux and works.  So that is at least a good sign. =)
      20010122
       - (bal) OpenBSD Resync
         - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
           [servconf.c ssh.h sshd.c]
           only auth-chall.c needs #ifdef SKEY
         - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
           [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
            auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
            packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
            session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
            ssh1.h sshconnect1.c sshd.c ttymodes.c]
           move ssh1 definitions to ssh1.h, pathnames to pathnames.h
         - markus@cvs.openbsd.org 2001/01/19 16:48:14
           [sshd.8]
           fix typo; from stevesk@
         - markus@cvs.openbsd.org 2001/01/19 16:50:58
           [ssh-dss.c]
           clear and free digest, make consistent with other code (use dlen); from
           stevesk@
         - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
           [auth-options.c auth-options.h auth-rsa.c auth2.c]
           pass the filename to auth_parse_options()
         - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
           [readconf.c]
           fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
         - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
           [sshconnect2.c]
           dh_new_group() does not return NULL.  ok markus@
         - markus@cvs.openbsd.org 2001/01/20 21:33:42
           [ssh-add.c]
           do not loop forever if askpass does not exist; from
           andrew@pimlott.ne.mediaone.net
         - djm@cvs.openbsd.org 2001/01/20 23:00:56
           [servconf.c]
           Check for NULL return from strdelim; ok markus
         - djm@cvs.openbsd.org 2001/01/20 23:02:07
           [readconf.c]
           KNF; ok markus
         - jakob@cvs.openbsd.org 2001/01/21 9:00:33
           [ssh-keygen.1]
           remove -R flag; ok markus@
         - markus@cvs.openbsd.org 2001/01/21 19:05:40
           [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
            auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
            auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
            bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
            cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
            deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
            key.c key.h log-client.c log-server.c log.c log.h login.c login.h
            match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
            readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
            session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
            ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
            sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
            ttysmodes.c uidswap.c xmalloc.c]
           split ssh.h and try to cleanup the #include mess. remove unnecessary
           #includes.  rename util.[ch] -> misc.[ch]
       - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
       - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
         conflict when compiling for non-kerb install
       - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
         on 1/19.
      226cfa03
  28. 22 Dec, 2000 1 commit
    • Ben Lindstrom's avatar
      One way to massive patch. <sigh> It compiles and works under Linux.. · 46c16220
      Ben Lindstrom authored
      And I think I have all the bits right from the OpenBSD tree.
      20001222
       - Updated RCSID for pty.c
       - (bal) OpenBSD CVS Updates:
        - markus@cvs.openbsd.org 2000/12/21 15:10:16
          [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
          print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
        - markus@cvs.openbsd.org 2000/12/20 19:26:56
          [authfile.c]
          allow ssh -i userkey for root
        - markus@cvs.openbsd.org 2000/12/20 19:37:21
          [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
          fix prototypes; from stevesk@pobox.com
        - markus@cvs.openbsd.org 2000/12/20 19:32:08
          [sshd.c]
          init pointer to NULL; report from Jan.Ivan@cern.ch
        - markus@cvs.openbsd.org 2000/12/19 23:17:54
          [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
           auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
           bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
           crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
           key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
           packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
           serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
           ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h  uuencode.c
           uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
          replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
          unsigned' with u_char.
      46c16220
  29. 13 Nov, 2000 1 commit
    • Damien Miller's avatar
      - (djm) Merge OpenBSD changes: · 0bc1bd81
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/11/06 16:04:56
           [channels.c channels.h clientloop.c nchan.c serverloop.c]
           [session.c ssh.c]
           agent forwarding and -R for ssh2, based on work from
           jhuuskon@messi.uku.fi
         - markus@cvs.openbsd.org  2000/11/06 16:13:27
           [ssh.c sshconnect.c sshd.c]
           do not disabled rhosts(rsa) if server port > 1024; from
           pekkas@netcore.fi
         - markus@cvs.openbsd.org  2000/11/06 16:16:35
           [sshconnect.c]
           downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
         - markus@cvs.openbsd.org  2000/11/09 18:04:40
           [auth1.c]
           typo; from mouring@pconline.com
         - markus@cvs.openbsd.org  2000/11/12 12:03:28
           [ssh-agent.c]
           off-by-one when removing a key from the agent
         - markus@cvs.openbsd.org  2000/11/12 12:50:39
           [auth-rh-rsa.c auth2.c authfd.c authfd.h]
           [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
           [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
           [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
           [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
           [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
           add support for RSA to SSH2.  please test.
           there are now 3 types of keys: RSA1 is used by ssh-1 only,
           RSA and DSA are used by SSH2.
           you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
           keys for SSH2 and use the RSA keys for hostkeys or for user keys.
           SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
       - (djm) Fix up Makefile and Redhat init script to create RSA host keys
       - (djm) Change to interim version
      0bc1bd81
  30. 16 Sep, 2000 1 commit
    • Damien Miller's avatar
      - (djm) Merge OpenBSD changes: · e4340be5
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/09/05 02:59:57
           [session.c]
           print hostname (not hushlogin)
         - markus@cvs.openbsd.org  2000/09/05 13:18:48
           [authfile.c ssh-add.c]
           enable ssh-add -d for DSA keys
         - markus@cvs.openbsd.org  2000/09/05 13:20:49
           [sftp-server.c]
           cleanup
         - markus@cvs.openbsd.org  2000/09/06 03:46:41
           [authfile.h]
           prototype
         - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
           [ALL]
           cleanup copyright notices on all files.  I have attempted to be
           accurate with the details.  everything is now under Tatu's licence
           (which I copied from his readme), and/or the core-sdi bsd-ish thing
           for deattack, or various openbsd developers under a 2-term bsd
           licence.  We're not changing any rules, just being accurate.
         - markus@cvs.openbsd.org  2000/09/07 14:40:30
           [channels.c channels.h clientloop.c serverloop.c ssh.c]
           cleanup window and packet sizes for ssh2 flow control; ok niels
         - markus@cvs.openbsd.org  2000/09/07 14:53:00
           [scp.c]
           typo
         - markus@cvs.openbsd.org  2000/09/07 15:13:37
           [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
           [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
           [pty.c readconf.c]
           some more Copyright fixes
         - markus@cvs.openbsd.org  2000/09/08 03:02:51
           [README.openssh2]
           bye bye
         - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
           [LICENCE cipher.c]
           a few more comments about it being ARC4 not RC4
         - markus@cvs.openbsd.org  2000/09/12 14:53:11
           [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
           multiple debug levels
         - markus@cvs.openbsd.org  2000/09/14 14:25:15
           [clientloop.c]
           typo
         - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
           [ssh-agent.c]
           check return value for setenv(3) for failure, and deal appropriately
      e4340be5
  31. 21 Jul, 2000 1 commit
    • Damien Miller's avatar
      - (djm) OpenBSD CVS updates: · 994cf142
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/07/16 02:27:22
           [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
           [sshconnect1.c sshconnect2.c]
           make ssh-add accept dsa keys (the agent does not)
         - djm@cvs.openbsd.org     2000/07/17 19:25:02
           [sshd.c]
           Another closing of stdin; ok deraadt
         - markus@cvs.openbsd.org  2000/07/19 18:33:12
           [dsa.c]
           missing free, reorder
         - markus@cvs.openbsd.org  2000/07/20 16:23:14
           [ssh-keygen.1]
           document input and output files
      994cf142
  32. 22 Jun, 2000 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Updates: · 6536c7d3
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/06/18 18:50:11
           [auth2.c compat.c compat.h sshconnect2.c]
           make userauth+pubkey interop with ssh.com-2.2.0
         - markus@cvs.openbsd.org  2000/06/18 20:56:17
           [dsa.c]
           mem leak + be more paranoid in dsa_verify.
         - markus@cvs.openbsd.org  2000/06/18 21:29:50
           [key.c]
           cleanup fingerprinting, less hardcoded sizes
         - markus@cvs.openbsd.org  2000/06/19 19:39:45
           [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
           [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
           [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
           [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
           [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
           [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
           [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
           OpenBSD tag
         - markus@cvs.openbsd.org  2000/06/21 10:46:10
           sshconnect2.c missing free; nuke old comment
      6536c7d3
  33. 09 May, 2000 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS update · 30c3d429
      Damien Miller authored
        - markus@cvs.openbsd.org
          [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
          [ssh.h sshconnect1.c sshconnect2.c sshd.8]
          - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
        - hugh@cvs.openbsd.org
          [ssh.1]
          - zap typo
          [ssh-keygen.1]
          - One last nit fix. (markus approved)
          [sshd.8]
          - some markus certified spelling adjustments
        - markus@cvs.openbsd.org
          [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
          [sshconnect2.c ]
          - bug compat w/ ssh-2.0.13 x11, split out bugs
          [nchan.c]
          - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
          [ssh-keygen.c]
          - handle escapes in real and original key format, ok millert@
          [version.h]
          - OpenSSH-2.1
      30c3d429
  34. 07 May, 2000 1 commit
    • Damien Miller's avatar
      - Remove references to SSLeay. · e247cc40
      Damien Miller authored
       - Big OpenBSD CVS update
        - markus@cvs.openbsd.org
          [clientloop.c]
          - typo
          [session.c]
          - update proctitle on pty alloc/dealloc, e.g. w/ windows client
          [session.c]
          - update proctitle for proto 1, too
          [channels.h nchan.c serverloop.c session.c sshd.c]
          - use c-style comments
        - deraadt@cvs.openbsd.org
          [scp.c]
          - more atomicio
        - markus@cvs.openbsd.org
          [channels.c]
          - set O_NONBLOCK
          [ssh.1]
          - update AUTHOR
          [readconf.c ssh-keygen.c ssh.h]
          - default DSA key file ~/.ssh/id_dsa
          [clientloop.c]
          - typo, rm verbose debug
        - deraadt@cvs.openbsd.org
          [ssh-keygen.1]
          - document DSA use of ssh-keygen
          [sshd.8]
          - a start at describing what i understand of the DSA side
          [ssh-keygen.1]
          - document -X and -x
          [ssh-keygen.c]
          - simplify usage
        - markus@cvs.openbsd.org
          [sshd.8]
          - there is no rhosts_dsa
          [ssh-keygen.1]
          - document -y, update -X,-x
          [nchan.c]
          - fix close for non-open ssh1 channels
          [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
          - s/DsaKey/HostDSAKey/, document option
          [sshconnect2.c]
          - respect number_of_password_prompts
          [channels.c channels.h servconf.c servconf.h session.c sshd.8]
          - GatewayPorts for sshd, ok deraadt@
          [ssh-add.1 ssh-agent.1 ssh.1]
          - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
          [ssh.1]
          - more info on proto 2
          [sshd.8]
          - sync AUTHOR w/ ssh.1
          [key.c key.h sshconnect.c]
          - print key type when talking about host keys
          [packet.c]
          - clear padding in ssh2
          [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
          - replace broken uuencode w/ libc b64_ntop
          [auth2.c]
          - log failure before sending the reply
          [key.c radix.c uuencode.c]
          - remote trailing comments before calling __b64_pton
          [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
          [sshconnect2.c sshd.8]
          - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
       - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
      e247cc40
  35. 29 Apr, 2000 1 commit
    • Damien Miller's avatar
      - Merge big update to OpenSSH-2.0 from OpenBSD CVS · eba71bab
      Damien Miller authored
         [README.openssh2]
         - interop w/ F-secure windows client
         - sync documentation
         - ssh_host_dsa_key not ssh_dsa_key
         [auth-rsa.c]
         - missing fclose
         [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
         [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
         [sshd.c uuencode.c uuencode.h authfile.h]
         - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
           for trading keys with the real and the original SSH, directly from the
           people who invented the SSH protocol.
         [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
         [sshconnect1.c sshconnect2.c]
         - split auth/sshconnect in one file per protocol version
         [sshconnect2.c]
         - remove debug
         [uuencode.c]
         - add trailing =
         [version.h]
         - OpenSSH-2.0
         [ssh-keygen.1 ssh-keygen.c]
         - add -R flag: exit code indicates if RSA is alive
         [sshd.c]
         - remove unused
           silent if -Q is specified
         [ssh.h]
         - host key becomes /etc/ssh_host_dsa_key
         [readconf.c servconf.c ]
         - ssh/sshd default to proto 1 and 2
         [uuencode.c]
         - remove debug
         [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
         - xfree DSA blobs
         [auth2.c serverloop.c session.c]
         - cleanup logging for sshd/2, respect PasswordAuth no
         [sshconnect2.c]
         - less debug, respect .ssh/config
         [README.openssh2 channels.c channels.h]
         - clientloop.c session.c ssh.c
         - support for x11-fwding, client+server
      eba71bab
  36. 16 Apr, 2000 3 commits