| #
17327fd1 |
| 05-Sep-2016 |
djm <djm@openbsd.org> |
enforce expected request flow for GSSAPI calls; thanks to Jakub Jelen
for testing; ok markus@
|
| #
490ba901 |
| 30-Aug-2016 |
djm <djm@openbsd.org> |
restrict monitor auth calls to be allowed only when their
respective authentication methods are enabled in the configuration.
prompted by Solar Designer; ok markus dtucker
|
| #
bb922da6 |
| 19-Aug-2016 |
djm <djm@openbsd.org> |
remove UseLogin option and support for having /bin/login manage
login sessions; ok deraadt markus dtucker
|
| #
3d9665d3 |
| 13-Aug-2016 |
markus <markus@openbsd.org> |
remove ssh1 server code; ok djm@
|
| #
8674efda |
| 22-Jul-2016 |
djm <djm@openbsd.org> |
move debug("%p", key) to before key is free'd; probable undefined
behaviour on strict compilers; reported by Jakub Jelen bz#2581
|
| #
ab8c372f |
| 02-May-2016 |
djm <djm@openbsd.org> |
add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K
add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
show more ...
|
| #
9a1b52af |
| 02-May-2016 |
djm <djm@openbsd.org> |
fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of
strdup(sshbuf_ptr()) with better safety checking;
feedback and ok markus@
|
| #
1667b834 |
| 07-Mar-2016 |
djm <djm@openbsd.org> |
refactor canohost.c: move functions that cache results closer to the
places that use them (authn and session code). After this, no state is
cached in canohost.c
feedback and ok markus@
|
| #
3398298b |
| 15-Feb-2016 |
djm <djm@openbsd.org> |
memleak of algorithm name in mm_answer_sign; reported by Jakub Jelen
|
| #
9068ae8f |
| 14-Jan-2016 |
markus <markus@openbsd.org> |
remove roaming support; ok djm@
|
| #
321f30e3 |
| 04-Dec-2015 |
markus <markus@openbsd.org> |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@
|
| #
2e96fb62 |
| 20-Oct-2015 |
mmcc <mmcc@openbsd.org> |
Compare pointers to NULL rather than 0.
ok djm@
|
| #
5162f355 |
| 04-Sep-2015 |
djm <djm@openbsd.org> |
don't record hostbased authentication hostkeys as user keys
in test for multiple authentication with the same key
|
| #
0d001bbc |
| 02-Sep-2015 |
jsg <jsg@openbsd.org> |
Fix occurrences of "r = func() != 0" which result in the wrong error
codes being returned due to != having higher precedence than =.
ok deraadt@ markus@
|
| #
c7df2034 |
| 21-Aug-2015 |
deraadt <deraadt@openbsd.org> |
Improve size == 0, count == 0 checking in mm_zalloc, which is "array" like.
Discussed with tedu, millert, otto.... and ok djm
|
| #
21d98f2c |
| 22-Jun-2015 |
djm <djm@openbsd.org> |
Don't count successful partial authentication as failures in monitor;
this may have caused the monitor to refuse multiple authentications
that would otherwise have successfully completed; ok markus@
|
| #
59480ede |
| 04-May-2015 |
djm <djm@openbsd.org> |
Remove pattern length argument from match_pattern_list(),
we only ever use it for strlen(pattern).
Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern l
Remove pattern length argument from match_pattern_list(),
we only ever use it for strlen(pattern).
Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.
ok markus@
show more ...
|
| #
5ead3da2 |
| 01-May-2015 |
djm <djm@openbsd.org> |
prevent authorized_keys options picked up on public key tests without
a corresponding private key authentication being applied to other
authentication methods. Reported by halex@, ok markus@
|
| #
8803fac2 |
| 27-Apr-2015 |
djm <djm@openbsd.org> |
fix compilation with OPENSSL=no; ok dtucker@
|
| #
4765bf44 |
| 17-Apr-2015 |
djm <djm@openbsd.org> |
don't call record_login() in monitor when UseLogin is enabled;
bz#278 reported by drk AT sgi.com; ok dtucker
|
| #
3782b423 |
| 20-Feb-2015 |
djm <djm@openbsd.org> |
UpdateHostKeys fixes:
I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people w
UpdateHostKeys fixes:
I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@
s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.
Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)
show more ...
|
| #
83fcfd69 |
| 16-Feb-2015 |
djm <djm@openbsd.org> |
Revise hostkeys@openssh.com hostkey learning extension.
The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.
Allow Up
Revise hostkeys@openssh.com hostkey learning extension.
The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.
Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.
ok markus@
show more ...
|
| #
3c027bb6 |
| 13-Feb-2015 |
markus <markus@openbsd.org> |
make rekey_limit for sshd w/privsep work; ok djm@ dtucker@
|
| #
4239b822 |
| 06-Feb-2015 |
millert <millert@openbsd.org> |
SIZE_MAX is standard, we should be using it in preference to the
obsolete SIZE_T_MAX. OK miod@ beck@
|
| #
ace78deb |
| 20-Jan-2015 |
deraadt <deraadt@openbsd.org> |
Reduce use of <sys/param.h> and transition to <limits.h> throughout.
ok djm markus
|