#
17327fd1 |
| 05-Sep-2016 |
djm <djm@openbsd.org> |
enforce expected request flow for GSSAPI calls; thanks to Jakub Jelen for testing; ok markus@
|
#
490ba901 |
| 30-Aug-2016 |
djm <djm@openbsd.org> |
restrict monitor auth calls to be allowed only when their respective authentication methods are enabled in the configuration.
prompted by Solar Designer; ok markus dtucker
|
#
bb922da6 |
| 19-Aug-2016 |
djm <djm@openbsd.org> |
remove UseLogin option and support for having /bin/login manage login sessions; ok deraadt markus dtucker
|
#
3d9665d3 |
| 13-Aug-2016 |
markus <markus@openbsd.org> |
remove ssh1 server code; ok djm@
|
#
8674efda |
| 22-Jul-2016 |
djm <djm@openbsd.org> |
move debug("%p", key) to before key is free'd; probable undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581
|
#
ab8c372f |
| 02-May-2016 |
djm <djm@openbsd.org> |
add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K
add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker ok markus@
show more ...
|
#
9a1b52af |
| 02-May-2016 |
djm <djm@openbsd.org> |
fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@
|
#
1667b834 |
| 07-Mar-2016 |
djm <djm@openbsd.org> |
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c
feedback and ok markus@
|
#
3398298b |
| 15-Feb-2016 |
djm <djm@openbsd.org> |
memleak of algorithm name in mm_answer_sign; reported by Jakub Jelen
|
#
9068ae8f |
| 14-Jan-2016 |
markus <markus@openbsd.org> |
remove roaming support; ok djm@
|
#
321f30e3 |
| 04-Dec-2015 |
markus <markus@openbsd.org> |
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
|
#
2e96fb62 |
| 20-Oct-2015 |
mmcc <mmcc@openbsd.org> |
Compare pointers to NULL rather than 0.
ok djm@
|
#
5162f355 |
| 04-Sep-2015 |
djm <djm@openbsd.org> |
don't record hostbased authentication hostkeys as user keys in test for multiple authentication with the same key
|
#
0d001bbc |
| 02-Sep-2015 |
jsg <jsg@openbsd.org> |
Fix occurrences of "r = func() != 0" which result in the wrong error codes being returned due to != having higher precedence than =.
ok deraadt@ markus@
|
#
c7df2034 |
| 21-Aug-2015 |
deraadt <deraadt@openbsd.org> |
Improve size == 0, count == 0 checking in mm_zalloc, which is "array" like. Discussed with tedu, millert, otto.... and ok djm
|
#
21d98f2c |
| 22-Jun-2015 |
djm <djm@openbsd.org> |
Don't count successful partial authentication as failures in monitor; this may have caused the monitor to refuse multiple authentications that would otherwise have successfully completed; ok markus@
|
#
59480ede |
| 04-May-2015 |
djm <djm@openbsd.org> |
Remove pattern length argument from match_pattern_list(), we only ever use it for strlen(pattern).
Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern l
Remove pattern length argument from match_pattern_list(), we only ever use it for strlen(pattern).
Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools.
ok markus@
show more ...
|
#
5ead3da2 |
| 01-May-2015 |
djm <djm@openbsd.org> |
prevent authorized_keys options picked up on public key tests without a corresponding private key authentication being applied to other authentication methods. Reported by halex@, ok markus@
|
#
8803fac2 |
| 27-Apr-2015 |
djm <djm@openbsd.org> |
fix compilation with OPENSSL=no; ok dtucker@
|
#
4765bf44 |
| 17-Apr-2015 |
djm <djm@openbsd.org> |
don't call record_login() in monitor when UseLogin is enabled; bz#278 reported by drk AT sgi.com; ok dtucker
|
#
3782b423 |
| 20-Feb-2015 |
djm <djm@openbsd.org> |
UpdateHostKeys fixes:
I accidentally changed the format of the hostkeys@openssh.com messages last week without changing the extension name, and this has been causing connection failures for people w
UpdateHostKeys fixes:
I accidentally changed the format of the hostkeys@openssh.com messages last week without changing the extension name, and this has been causing connection failures for people who are running -current. First reported by sthen@
s/hostkeys@openssh.com/hostkeys-00@openssh.com/ Change the name of the proof message too, and reorder it a little.
Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY available to read the response) so disable UpdateHostKeys if it is in ask mode and ControlPersist is active (and document this)
show more ...
|
#
83fcfd69 |
| 16-Feb-2015 |
djm <djm@openbsd.org> |
Revise hostkeys@openssh.com hostkey learning extension.
The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client.
Allow Up
Revise hostkeys@openssh.com hostkey learning extension.
The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client.
Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered.
ok markus@
show more ...
|
#
3c027bb6 |
| 13-Feb-2015 |
markus <markus@openbsd.org> |
make rekey_limit for sshd w/privsep work; ok djm@ dtucker@
|
#
4239b822 |
| 06-Feb-2015 |
millert <millert@openbsd.org> |
SIZE_MAX is standard, we should be using it in preference to the obsolete SIZE_T_MAX. OK miod@ beck@
|
#
ace78deb |
| 20-Jan-2015 |
deraadt <deraadt@openbsd.org> |
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
|