1. 01 Jun, 2013 1 commit
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/17 00:13:13 · a627d42e
      Darren Tucker authored
           [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
           ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
           gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
           auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
           servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
           auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
           sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
           kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
           kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
           monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
           ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
           sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
           ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
           dns.c packet.c readpass.c authfd.c moduli.c]
           bye, bye xfree(); ok markus@
      a627d42e
  2. 23 Apr, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/04/19 01:06:50 · ea11119e
      Damien Miller authored
           [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
           [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
           add the ability to query supported ciphers, MACs, key type and KEX
           algorithms to ssh. Includes some refactoring of KEX and key type handling
           to be table-driven; ok markus@
      ea11119e
  3. 24 Sep, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/09/22 05:01:30 · d5f62bf2
      Damien Miller authored
           [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
           [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
           add a KexAlgorithms knob to the client and server configuration to allow
           selection of which key exchange methods are used by ssh(1) and sshd(8)
           and their order of preference.
           ok markus@
      d5f62bf2
  4. 10 Sep, 2010 1 commit
  5. 31 Aug, 2010 2 commits
    • Damien Miller's avatar
      c79ff077
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/31 11:54:45 · eb8b60e3
      Damien Miller authored
           [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
           [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
           [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
           [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
           [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
           [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
           [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
           Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
           host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
           better performance than plain DH and DSA at the same equivalent symmetric
           key length, as well as much shorter keys.
      
           Only the mandatory sections of RFC5656 are implemented, specifically the
           three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
           ECDSA. Point compression (optional in RFC5656 is NOT implemented).
      
           Certificate host and user keys using the new ECDSA key types are supported.
      
           Note that this code has not been tested for interoperability and may be
           subject to change.
      
           feedback and ok markus@
      eb8b60e3
  6. 07 Nov, 2006 1 commit
    • Darren Tucker's avatar
      - markus@cvs.openbsd.org 2006/11/06 21:25:28 · 0bc85579
      Darren Tucker authored
           [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
           ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
           add missing checks for openssl return codes; with & ok djm@
      0bc85579
  7. 04 Nov, 2006 1 commit
  8. 01 Sep, 2006 1 commit
    • Damien Miller's avatar
      - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] · ded319cc
      Damien Miller authored
         [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
         [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
         [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
         [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
         [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
         [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
         [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
         [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
         [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
         [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
         [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
         [openbsd-compat/port-uw.c]
         Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
         compile problems reported by rac AT tenzing.org
      ded319cc
  9. 05 Aug, 2006 2 commits
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 · d7834353
      Damien Miller authored
           [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
           [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
           [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
           [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
           [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
           [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
           [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
           [serverloop.c session.c session.h sftp-client.c sftp-common.c]
           [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
           [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
           [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
           [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
           [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
           almost entirely get rid of the culture of ".h files that include .h files"
           ok djm, sort of ok stevesk
           makes the pain stop in one easy step
           NB. portable commit contains everything *except* removing includes.h, as
           that will take a fair bit more work as we move headers that are required
           for portability workarounds to defines.h. (also, this step wasn't "easy")
      d7834353
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 · a7a73ee3
      Damien Miller authored
           [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
           [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
           [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
           [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
           [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
           [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
           [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
           [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
           [uuencode.h xmalloc.c]
           move #include <stdio.h> out of includes.h
      a7a73ee3
  10. 24 Jul, 2006 1 commit
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 · e3476ed0
      Damien Miller authored
           [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
           [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
           [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
           [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
           [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
           [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
           [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
           [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
           [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
           [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
           [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
           [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
           move #include <string.h> out of includes.h
      e3476ed0
  11. 13 Jun, 2006 1 commit
  12. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 13:17:03 · 57c30117
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
           [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
           [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
           [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
           [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
           [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
           [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
           [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
           [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
           [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
           [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
           [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
           [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
           [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c]
           Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
           Theo nuked - our scripts to sync -portable need them in the files
      57c30117
  13. 25 Mar, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 · b0fb6872
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
           [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
           [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
           [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
           [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
           [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
           [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
           [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
           [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
           [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
           [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
           [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
           [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
           [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
           [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
           [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
           [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
           RCSID() can die
      b0fb6872
  14. 05 Nov, 2005 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2005/11/04 05:15:59 · 19bb3a57
      Damien Miller authored
           [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
           remove hardcoded hash lengths in key exchange code, allowing
           implementation of KEX methods with different hashes (e.g. SHA-256);
           ok markus@ dtucker@ stevesk@
      19bb3a57
  15. 15 Jun, 2004 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2004/06/13 12:53:24 · f675fc49
      Damien Miller authored
           [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
           [ssh-keyscan.c sshconnect2.c sshd.c]
           implement diffie-hellman-group14-sha1 kex method (trivial extension to
           existing diffie-hellman-group1-sha1); ok markus@
      f675fc49
  16. 24 Feb, 2003 1 commit
  17. 22 Mar, 2002 1 commit
    • Ben Lindstrom's avatar
      - provos@cvs.openbsd.org 2002/03/18 17:50:31 · 7a2073c5
      Ben Lindstrom authored
           [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
            auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
            session.h servconf.h serverloop.c session.c sshd.c]
           integrate privilege separated openssh; its turned off by default for now.
           work done by me and markus@
      
      applied, but outside of ensure that smaller code bits migrated with
      their owners.. no work was tried to 'fix' it to work. =)  Later project!
      7a2073c5
  18. 13 Mar, 2002 2 commits
  19. 05 Mar, 2002 1 commit
  20. 26 Feb, 2002 2 commits
  21. 05 Feb, 2002 2 commits
  22. 22 Jan, 2002 5 commits
  23. 18 Sep, 2001 1 commit
  24. 25 Jun, 2001 2 commits
    • Ben Lindstrom's avatar
      - itojun@cvs.openbsd.org 2001/06/23 15:12:20 · bba81213
      Ben Lindstrom authored
           [auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
            canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
            hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
            readpass.c scp.c servconf.c serverloop.c session.c sftp.c
            sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
            ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
            ssh-keygen.c ssh-keyscan.c]
           more strict prototypes.  raise warning level in Makefile.inc.
           markus ok'ed
           TODO; cleanup headers
      bba81213
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2001/06/23 02:34:33 · d6481ea4
      Ben Lindstrom authored
           [kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
            sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
           get rid of known_hosts2, use it for hostkey lookup, but do not
           modify.
      d6481ea4
  25. 09 Jun, 2001 1 commit
  26. 04 Apr, 2001 2 commits