1. 07 Dec, 2013 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2013/12/06 13:39:49 · 5be9d9e3
      Damien Miller authored
           [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
           [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
           [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
           [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
           [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
           support ed25519 keys (hostkeys and user identities) using the public
           domain ed25519 reference code from SUPERCOP, see
           http://ed25519.cr.yp.to/software.html
           feedback, help & ok djm@
      5be9d9e3
  2. 03 Nov, 2013 1 commit
  3. 01 Jun, 2013 1 commit
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/17 00:13:13 · a627d42e
      Darren Tucker authored
           [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
           ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
           gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
           auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
           servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
           auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
           sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
           kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
           kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
           monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
           ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
           sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
           ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
           dns.c packet.c readpass.c authfd.c moduli.c]
           bye, bye xfree(); ok markus@
      a627d42e
  4. 22 Apr, 2012 1 commit
  5. 05 May, 2011 2 commits
  6. 06 Jan, 2011 1 commit
  7. 31 Aug, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/31 11:54:45 · eb8b60e3
      Damien Miller authored
           [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
           [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
           [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
           [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
           [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
           [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
           [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
           Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
           host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
           better performance than plain DH and DSA at the same equivalent symmetric
           key length, as well as much shorter keys.
      
           Only the mandatory sections of RFC5656 are implemented, specifically the
           three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
           ECDSA. Point compression (optional in RFC5656 is NOT implemented).
      
           Certificate host and user keys using the new ECDSA key types are supported.
      
           Note that this code has not been tested for interoperability and may be
           subject to change.
      
           feedback and ok markus@
      eb8b60e3
  8. 25 Jun, 2010 1 commit
  9. 09 Jan, 2010 2 commits
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2010/01/09 23:04:13 · 7bd98e7f
      Darren Tucker authored
           [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
           ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
           readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
           Remove RoutingDomain from ssh since it's now not needed.  It can be
           replaced with "route exec" or "nc -V" as a proxycommand.  "route exec"
           also ensures that trafic such as DNS lookups stays withing the specified
           routingdomain.  For example (from reyk):
           # route -T 2 exec /usr/sbin/sshd
           or inherited from the parent process
           $ route -T 2 exec sh
           $ ssh 10.1.2.3
           ok deraadt@ markus@ stevesk@ reyk@
      7bd98e7f
    • Darren Tucker's avatar
      - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] · 8c65f646
      Darren Tucker authored
         Remove hacks add for RoutingDomain in preparation for its removal.
      8c65f646
  10. 08 Jan, 2010 3 commits
  11. 28 Jan, 2009 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2009/01/22 10:02:34 · 3dc71ad8
      Damien Miller authored
           [clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
           [serverloop.c ssh-keyscan.c ssh.c sshd.c]
           make a2port() return -1 when it encounters an invalid port number
           rather than 0, which it will now treat as valid (needed for future work)
           adjust current consumers of a2port() to check its return value is <= 0,
           which in turn required some things to be converted from u_short => int
           make use of int vs. u_short consistent in some other places too
           feedback & ok markus@
      3dc71ad8
  12. 03 Nov, 2008 1 commit
  13. 04 Jul, 2008 1 commit
  14. 19 May, 2008 1 commit
  15. 28 Dec, 2007 1 commit
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2007/12/27 14:22:08 · 4abde771
      Darren Tucker authored
           [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
           sshd.c]
           Add a small helper function to consistently handle the EAI_SYSTEM error
           code of getaddrinfo.  Prompted by vgiffin at apple com via bz #1417.
           ok markus@ stevesk@
      4abde771
  16. 23 Oct, 2006 1 commit
  17. 02 Sep, 2006 1 commit
    • Darren Tucker's avatar
      - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c · 46aa3e0c
      Darren Tucker authored
         openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
         openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
         for hton* and ntoh* macros.  Required on (at least) HP-UX since we define
         _XOPEN_SOURCE_EXTENDED.  Found by santhi.amirta at gmail com.
      46aa3e0c
  18. 05 Aug, 2006 4 commits
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 · d7834353
      Damien Miller authored
           [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
           [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
           [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
           [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
           [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
           [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
           [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
           [serverloop.c session.c session.h sftp-client.c sftp-common.c]
           [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
           [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
           [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
           [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
           [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
           almost entirely get rid of the culture of ".h files that include .h files"
           ok djm, sort of ok stevesk
           makes the pain stop in one easy step
           NB. portable commit contains everything *except* removing includes.h, as
           that will take a fair bit more work as we move headers that are required
           for portability workarounds to defines.h. (also, this step wasn't "easy")
      d7834353
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 · a7a73ee3
      Damien Miller authored
           [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
           [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
           [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
           [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
           [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
           [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
           [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
           [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
           [uuencode.h xmalloc.c]
           move #include <stdio.h> out of includes.h
      a7a73ee3
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/26 13:57:17 · e7a1e5cf
      Damien Miller authored
           [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
           [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
           [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
           [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
           [sshconnect1.c sshd.c xmalloc.c]
           move #include <stdlib.h> out of includes.h
      e7a1e5cf
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/25 02:59:21 · 9aec9194
      Damien Miller authored
           [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
           [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
           move #include <sys/time.h> out of includes.h
      9aec9194
  19. 24 Jul, 2006 4 commits
    • Damien Miller's avatar
      - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c] · b8fe89c4
      Damien Miller authored
         [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
         [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
         [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
         [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
         [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
         [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
         [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
         [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
         [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
         make the portable tree compile again - sprinkle unistd.h and string.h
         back in. Don't redefine __unused, as it turned out to be used in
         headers on Linux, and replace its use in auth-pam.c with ARGSUSED
      b8fe89c4
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 · e3476ed0
      Damien Miller authored
           [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
           [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
           [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
           [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
           [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
           [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
           [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
           [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
           [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
           [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
           [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
           [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
           move #include <string.h> out of includes.h
      e3476ed0
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/17 01:31:10 · e6b3b610
      Damien Miller authored
           [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
           [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
           [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
           [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
           [sshconnect.c sshlogin.c sshpty.c uidswap.c]
           move #include <unistd.h> out of includes.h
      e6b3b610
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/12 22:28:52 · be43ebf9
      Damien Miller authored
           [auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
           move #include <netdb.h> out of includes.h; ok djm@
      be43ebf9
  20. 12 Jul, 2006 2 commits
  21. 10 Jul, 2006 1 commit
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/08 21:47:12 · e3b60b52
      Damien Miller authored
           [authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
           [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
           [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
           move #include <sys/socket.h> out of includes.h
      e3b60b52
  22. 26 Mar, 2006 3 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 13:17:03 · 57c30117
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
           [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
           [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
           [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
           [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
           [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
           [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
           [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
           [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
           [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
           [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
           [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
           [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
           [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c]
           Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
           Theo nuked - our scripts to sync -portable need them in the files
      57c30117
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 00:05:41 · 07d86bec
      Damien Miller authored
           [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
           [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
           [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
           [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
           [xmalloc.c xmalloc.h]
           introduce xcalloc() and xasprintf() failure-checked allocations
           functions and use them throughout openssh
      
           xcalloc is particularly important because malloc(nmemb * size) is a
           dangerous idiom (subject to integer overflow) and it is time for it
           to die
      
           feedback and ok deraadt@
      07d86bec
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/03/19 18:59:49 · 3bbaba60
      Damien Miller authored
           [ssh-keyscan.c]
           please lint
      3bbaba60
  23. 25 Mar, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 · b0fb6872
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
           [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
           [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
           [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
           [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
           [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
           [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
           [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
           [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
           [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
           [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
           [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
           [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
           [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
           [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
           [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
           [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
           RCSID() can die
      b0fb6872
  24. 15 Mar, 2006 3 commits
  25. 05 Nov, 2005 1 commit