1. 13 Aug, 2018 1 commit
    • djm@openbsd.org's avatar
      upstream: revert compat.[ch] section of the following change. It · c3903c38
      djm@openbsd.org authored
      causes double-free under some circumstances.
      date: 2018/07/31 03:07:24;  author: djm;  state: Exp;  lines: +33 -18;  commitid: f7g4UI8eeOXReTPh;
      fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
      feedback and ok dtucker@
      OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
  2. 31 Jul, 2018 1 commit
  3. 10 Jul, 2018 1 commit
  4. 04 Jul, 2018 1 commit
    • djm@openbsd.org's avatar
      upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA · 312d2f28
      djm@openbsd.org authored
      signature work - returns ability to add/remove/specify algorithms by
      Algorithm lists are now fully expanded when the server/client configs
      are finalised, so errors are reported early and the config dumps
      (e.g. "ssh -G ...") now list the actual algorithms selected.
      Clarify that, while wildcards are accepted in algorithm lists, they
      aren't full pattern-lists that support negation.
      (lots of) feedback, ok markus@
      OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
  5. 03 Jul, 2018 2 commits
    • djm@openbsd.org's avatar
      upstream: crank version number to 7.8; needed for new compat flag · 2f30300c
      djm@openbsd.org authored
      for prior version; part of RSA-SHA2 strictification, ok markus@
      OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b
    • djm@openbsd.org's avatar
      upstream: Improve strictness and control over RSA-SHA2 signature · 4ba0d547
      djm@openbsd.org authored
      In ssh, when an agent fails to return a RSA-SHA2 signature when
      requested and falls back to RSA-SHA1 instead, retry the signature to
      ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
      matches the one in the signature itself.
      In sshd, strictly enforce that the public key algorithm sent in the
      SSH_MSG_USERAUTH message matches what appears in the signature.
      Make the sshd_config PubkeyAcceptedKeyTypes and
      HostbasedAcceptedKeyTypes options control accepted signature algorithms
      (previously they selected supported key types). This allows these
      options to ban RSA-SHA1 in favour of RSA-SHA2.
      Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
      "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
      with certificate keys.
      feedback and ok markus@
      OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
  6. 16 Apr, 2018 1 commit
  7. 16 Feb, 2018 1 commit
  8. 23 Jan, 2018 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 14b5c635
      djm@openbsd.org authored
      Drop compatibility hacks for some ancient SSH
      implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
      These versions were all released in or before 2001 and predate the
      final SSH RFCs. The hacks in question aren't necessary for RFC-
      compliant SSH implementations.
      ok markus@
      OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
  9. 28 Jul, 2017 1 commit
    • dtucker@openbsd.org's avatar
      upstream commit · 2985d406
      dtucker@openbsd.org authored
      Make WinSCP patterns for SSH_OLD_DHGEX more specific to
      exclude WinSCP 5.10.x and up.  bz#2748, from martin at winscp.net, ok djm@
      Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a
  10. 30 Apr, 2017 3 commits
    • djm@openbsd.org's avatar
      upstream commit · 97f4d308
      djm@openbsd.org authored
      remove compat20/compat13/compat15 variables
      ok markus@
      Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
    • djm@openbsd.org's avatar
      upstream commit · 99f95ba8
      djm@openbsd.org authored
      remove options.protocol and client Protocol
      configuration knob
      ok markus@
      Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
    • djm@openbsd.org's avatar
      upstream commit · 56912dea
      djm@openbsd.org authored
      unifdef WITH_SSH1 ok markus@
      Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
  11. 03 Feb, 2017 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 68bc8cfa
      djm@openbsd.org authored
      support =- for removing methods from algorithms lists,
      e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
      it" markus@
      Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
  12. 06 Jun, 2016 2 commits
  13. 20 Aug, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 8543d4ef
      djm@openbsd.org authored
      Better compat matching for WinSCP, add compat matching
       for FuTTY (fork of PuTTY); ok markus@ deraadt@
      Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
  14. 29 Jul, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · b6ea0e57
      djm@openbsd.org authored
      add Cisco to the list of clients that choke on the
       hostkeys update extension. Pointed out by Howard Kash
      Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84
  15. 15 Jul, 2015 1 commit
    • dtucker@openbsd.org's avatar
      upstream commit · b1dc2b33
      dtucker@openbsd.org authored
      Add "PuTTY_Local:" to the clients to which we do not
       offer DH-GEX. This was the string that was used for development versions
       prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately
       there are some extant products based on those versions.  bx2424 from Jay
       Rouman, ok markus@ djm@
      Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5
  16. 27 May, 2015 1 commit
    • dtucker@openbsd.org's avatar
      upstream commit · b282fec1
      dtucker@openbsd.org authored
      Cap DH-GEX group size at 4kbits for Cisco implementations.
       Some of them will choke when asked for preferred sizes >4k instead of
       returning the 4k group that they do have.  bz#2209, ok djm@
      Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d
  17. 10 May, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · e661a863
      djm@openbsd.org authored
      Remove pattern length argument from match_pattern_list(), we
       only ever use it for strlen(pattern).
      Prompted by hanno AT hboeck.de pointing an out-of-bound read
      error caused by an incorrect pattern length found using AFL
      and his own tools.
      ok markus@
  18. 08 May, 2015 2 commits
    • dtucker@openbsd.org's avatar
      upstream commit · ea139507
      dtucker@openbsd.org authored
      Blacklist DH-GEX for specific PuTTY versions known to
       send non-RFC4419 DH-GEX messages rather than all versions of PuTTY.
       According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX
       messages.  ok djm@
    • dtucker@openbsd.org's avatar
      upstream commit · b58234f0
      dtucker@openbsd.org authored
      WinSCP doesn't implement RFC4419 DH-GEX so flag it so we
       don't offer that KEX method.  ok markus@
  19. 13 Apr, 2015 3 commits
    • djm@openbsd.org's avatar
      upstream commit · 318be28c
      djm@openbsd.org authored
      deprecate ancient, pre-RFC4419 and undocumented
       SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
       reasonable" dtucker@
    • dtucker@openbsd.org's avatar
      upstream commit · d8f391ca
      dtucker@openbsd.org authored
      Don't send hostkey advertisments
       (hostkeys-00@openssh.com) to current versions of Tera Term as they can't
       handle them.  Newer versions should be OK.  Patch from Bryan Drewery and
       IWAMOTO Kouichi, ok djm@
    • djm@openbsd.org's avatar
      upstream commit · 4492a4f2
      djm@openbsd.org authored
      treat Protocol=1,2|2,1 as Protocol=2 when compiled
       without SSH1 support; ok dtucker@ millert@
  20. 19 Jan, 2015 1 commit
  21. 13 Oct, 2014 1 commit
  22. 21 Apr, 2014 1 commit
    • Damien Miller's avatar
      bad bignum encoding for curve25519-sha256@libssh.org · 02883061
      Damien Miller authored
      So I screwed up when writing the support for the curve25519 KEX method
      that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left
      leading zero bytes where they should have been skipped. The impact of
      this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a
      peer that implements curve25519-sha256@libssh.org properly about 0.2%
      of the time (one in every 512ish connections).
      We've fixed this for OpenSSH 6.7 by avoiding the curve25519-sha256
      key exchange for previous versions, but I'd recommend distributors
      of OpenSSH apply this patch so the affected code doesn't become
      too entrenched in LTS releases.
      The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as
      to distinguish itself from the incorrect versions so the compatibility
      code to disable the affected KEX isn't activated.
      I've committed this on the 6.6 branch too.
      Apologies for the hassle.
      Origin: upstream, https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html
      Forwarded: not-needed
      Last-Update: 2014-04-21
      Patch-Name: curve25519-sha256-bignum-encoding.patch
  23. 20 Apr, 2014 3 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/04/20 02:49:32 · b628cc4c
      Damien Miller authored
           add a canonical 6.6 + curve25519 bignum fix fake version that I can
           recommend people use ahead of the openssh-6.7 release
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/04/19 05:54:59 · 0e6b6742
      Damien Miller authored
           missing wildcard; pointed out by naddy@
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/04/18 23:52:25 · 9395b282
      Damien Miller authored
           [compat.c compat.h sshconnect2.c sshd.c version.h]
           OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
           using the curve25519-sha256@libssh.org KEX exchange method to fail
           when connecting with something that implements the spec properly.
           Disable this KEX method when speaking to one of the affected
           reported by Aris Adamantiadis; ok markus@
  24. 31 Dec, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/12/30 23:52:28 · 324541e5
      Damien Miller authored
           [auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
           [sshconnect.c sshconnect2.c sshd.c]
           refuse RSA keys from old proprietary clients/servers that use the
           obsolete RSA+MD5 signature scheme. it will still be possible to connect
           with these clients/servers but only DSA keys will be accepted, and we'll
           deprecate them entirely in a future release. ok markus@
  25. 01 Jun, 2013 1 commit
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/17 00:13:13 · a627d42e
      Darren Tucker authored
           [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
           ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
           gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
           auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
           servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
           auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
           sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
           kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
           kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
           monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
           ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
           sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
           ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
           dns.c packet.c readpass.c authfd.c moduli.c]
           bye, bye xfree(); ok markus@
  26. 06 Sep, 2012 1 commit
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2012/08/17 01:30:00 · 00c1518a
      Darren Tucker authored
           [compat.c sshconnect.c]
           Send client banner immediately, rather than waiting for the server to
           move first for SSH protocol 2 connections (the default). Patch based on
           one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
  27. 02 Oct, 2011 1 commit
    • Darren Tucker's avatar
      - markus@cvs.openbsd.org 2011/09/23 07:45:05 · 68afb8c5
      Darren Tucker authored
           [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c     version.h]
           unbreak remote portforwarding with dynamic allocated listen ports:
           1) send the actual listen port in the open message (instead of 0).
              this allows multiple forwardings with a dynamic listen port
           2) update the matching permit-open entry, so we can identify where
              to connect to
           report: den at skbkontur.ru and P. Szczygielski
           feedback and ok djm@
  28. 23 Nov, 2008 1 commit
  29. 03 Nov, 2008 1 commit
  30. 05 Jan, 2007 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/12/12 03:58:42 · 1ec46265
      Damien Miller authored
           [channels.c compat.c compat.h]
           bz #1019: some ssh.com versions apparently can't cope with the
           remote port forwarding bind_address being a hostname, so send
           them an address for cases where they are not explicitly
           specified (wildcard or localhost bind).  reported by daveroth AT
           acm.org; ok dtucker@ deraadt@
  31. 05 Aug, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 · d7834353
      Damien Miller authored
           [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
           [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
           [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
           [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
           [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
           [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
           [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
           [serverloop.c session.c session.h sftp-client.c sftp-common.c]
           [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
           [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
           [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
           [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
           [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
           almost entirely get rid of the culture of ".h files that include .h files"
           ok djm, sort of ok stevesk
           makes the pain stop in one easy step
           NB. portable commit contains everything *except* removing includes.h, as
           that will take a fair bit more work as we move headers that are required
           for portability workarounds to defines.h. (also, this step wasn't "easy")