Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.38 / (download) - annotate - [select for diffs], Sun Dec 19 22:08:06 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
HEAD
Changes since 1.37: +21 -3 lines
Diff to previous 1.37 (colored)
Record session ID, host key and sig at intital KEX These will be used later for agent session ID / hostkey binding ok markus@
Revision 1.37 / (download) - annotate - [select for diffs], Sun Jan 31 22:55:29 2021 UTC (3 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.36: +8 -4 lines
Diff to previous 1.36 (colored)
more strictly enforce KEX state-machine by banning packet types once they are received. Fixes memleak caused by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via oss-fuzz #30078). ok markus@
Revision 1.36 / (download) - annotate - [select for diffs], Wed Jan 27 09:26:54 2021 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)
remove global variable used to stash compat flags and use the purpose-built ssh->compat variable instead; feedback/ok markus@
Revision 1.35 / (download) - annotate - [select for diffs], Mon Nov 25 00:51:37 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
Add new structure for signature options This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@
Revision 1.34 / (download) - annotate - [select for diffs], Wed Jan 23 00:30:41 2019 UTC (5 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.33: +17 -12 lines
Diff to previous 1.33 (colored)
pass most arguments to the KEX hash functions as sshbuf rather than pointer+length; ok markus@
Revision 1.33 / (download) - annotate - [select for diffs], Mon Jan 21 10:07:22 2019 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.32: +2 -14 lines
Diff to previous 1.32 (colored)
factor out kex_verify_hostkey() - again, duplicated almost exactly across client and server for several KEX methods. from markus@ ok djm@
Revision 1.32 / (download) - annotate - [select for diffs], Mon Jan 21 10:03:37 2019 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.31: +11 -34 lines
Diff to previous 1.31 (colored)
factor out kex_dh_compute_key() - it's shared between plain DH KEX and DH GEX in both the client and server implementations from markus@ ok djm@
Revision 1.31 / (download) - annotate - [select for diffs], Mon Jan 21 09:55:52 2019 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.30: +1 -12 lines
Diff to previous 1.30 (colored)
save the derived session id in kex_derive_keys() rather than making each kex method implementation do it. from markus@ ok djm@
Revision 1.30 / (download) - annotate - [select for diffs], Mon Jan 21 09:54:11 2019 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.29: +5 -15 lines
Diff to previous 1.29 (colored)
Make sshpkt_get_bignum2() allocate the bignum it is parsing rather than make the caller do it. Saves a lot of boilerplate code. from markus@ ok djm@
Revision 1.29 / (download) - annotate - [select for diffs], Thu Dec 27 03:25:25 2018 UTC (5 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.28: +3 -3 lines
Diff to previous 1.28 (colored)
move client/server SSH-* banners to buffers under ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
Revision 1.28 / (download) - annotate - [select for diffs], Thu Sep 13 02:08:33 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.27: +13 -7 lines
Diff to previous 1.27 (colored)
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
Revision 1.27 / (download) - annotate - [select for diffs], Wed Feb 7 02:06:51 2018 UTC (6 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.26: +5 -9 lines
Diff to previous 1.26 (colored)
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@
Revision 1.26 / (download) - annotate - [select for diffs], Mon Dec 18 02:25:15 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
Revision 1.25 / (download) - annotate - [select for diffs], Tue May 30 14:23:52 2017 UTC (7 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.24: +5 -7 lines
Diff to previous 1.24 (colored)
protocol handlers all get struct ssh passed; ok djm@
Revision 1.24 / (download) - annotate - [select for diffs], Tue May 16 16:56:15 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.23: +1 -5 lines
Diff to previous 1.23 (colored)
remove duplicate check; spotted by Jakub Jelen
Revision 1.23 / (download) - annotate - [select for diffs], Mon Sep 12 01:22:38 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.22: +3 -3 lines
Diff to previous 1.22 (colored)
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
Revision 1.22 / (download) - annotate - [select for diffs], Tue May 26 23:23:40 2015 UTC (9 years ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.21: +4 -1 lines
Diff to previous 1.21 (colored)
Cap DH-GEX group size at 4kbits for Cisco implementations. Some of them will choke when asked for preferred sizes >4k instead of returning the 4k group that they do have. bz#2209, ok djm@
Revision 1.21 / (download) - annotate - [select for diffs], Mon Apr 13 02:04:08 2015 UTC (9 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.20: +10 -20 lines
Diff to previous 1.20 (colored)
deprecate ancient, pre-RFC4419 and undocumented SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems reasonable" dtucker@
Revision 1.20 / (download) - annotate - [select for diffs], Mon Jan 26 06:10:03 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.19: +7 -1 lines
Diff to previous 1.19 (colored)
correctly match ECDSA subtype (== curve) for offered/recevied host keys. Fixes connection-killing host key mismatches when a server offers multiple ECDSA keys with different curve type (an extremely unlikely configuration). ok markus, "looks mechanical" deraadt@
Revision 1.19 / (download) - annotate - [select for diffs], Mon Jan 19 20:16:15 2015 UTC (9 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.18: +176 -113 lines
Diff to previous 1.18 (colored)
adapt kex to sshbuf and struct ssh; ok djm@
Revision 1.18 / (download) - annotate - [select for diffs], Mon Jan 19 19:52:16 2015 UTC (9 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
Revision 1.17 / (download) - annotate - [select for diffs], Sun Feb 2 03:44:31 2014 UTC (10 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
convert memset of potentially-private data to explicit_bzero()
Revision 1.16 / (download) - annotate - [select for diffs], Sat Jan 25 10:12:50 2014 UTC (10 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
Revision 1.15 / (download) - annotate - [select for diffs], Sun Jan 12 08:13:13 2014 UTC (10 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)
avoid use of OpenSSL BIGNUM type and functions for KEX with Curve25519 by adding a buffer_put_bignum2_from_string() that stores a string using the bignum encoding rules. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in the future; ok markus@
Revision 1.14 / (download) - annotate - [select for diffs], Thu Jan 9 23:20:00 2014 UTC (10 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@
Revision 1.13 / (download) - annotate - [select for diffs], Fri May 17 00:13:13 2013 UTC (11 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.12: +4 -4 lines
Diff to previous 1.12 (colored)
bye, bye xfree(); ok markus@
Revision 1.12 / (download) - annotate - [select for diffs], Wed Nov 10 01:33:07 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.11: +3 -1 lines
Diff to previous 1.11 (colored)
use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. these have been around for years by this time. ok markus
Revision 1.2.8.3 / (download) - annotate - [select for diffs], Wed Nov 8 00:44:05 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.2.8.2: +7 -4 lines
Diff to previous 1.2.8.2 (colored) to branchpoint 1.2 (colored) next main 1.3 (colored)
upgrade to OpenSSH 4.5
Revision 1.9.4.1 / (download) - annotate - [select for diffs], Wed Nov 8 00:42:10 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_4_0
Changes since 1.9: +7 -4 lines
Diff to previous 1.9 (colored) next main 1.10 (colored)
upgrade to OpenSSH 4.5
Revision 1.3.2.2 / (download) - annotate - [select for diffs], Wed Nov 8 00:17:14 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.3.2.1: +7 -4 lines
Diff to previous 1.3.2.1 (colored) to branchpoint 1.3 (colored) next main 1.4 (colored)
upgrade to OpenSSH 4.5
Revision 1.11 / (download) - annotate - [select for diffs], Mon Nov 6 21:25:28 2006 UTC (17 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.10: +3 -2 lines
Diff to previous 1.10 (colored)
add missing checks for openssl return codes; with & ok djm@
Revision 1.10 / (download) - annotate - [select for diffs], Tue Oct 31 16:33:12 2006 UTC (17 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.9: +5 -3 lines
Diff to previous 1.9 (colored)
check DH_compute_key() for -1 even if it should not happen because of earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
Revision 1.2.8.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:32 2006 UTC (17 years, 8 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.2.8.1: +9 -3 lines
Diff to previous 1.2.8.1 (colored) to branchpoint 1.2 (colored)
upgrade to OpenSSH 4.4
Revision 1.3.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:50 2006 UTC (17 years, 8 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.3: +9 -3 lines
Diff to previous 1.3 (colored)
upgrade to OpenSSH 4.4
Revision 1.9 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE
Branch point for: OPENBSD_4_0
Changes since 1.8: +5 -2 lines
Diff to previous 1.8 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.8 / (download) - annotate - [select for diffs], Tue Aug 1 23:22:47 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)
move #include <stdio.h> out of includes.h
Revision 1.7 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.6: +3 -1 lines
Diff to previous 1.6 (colored)
move #include <string.h> out of includes.h
Revision 1.6 / (download) - annotate - [select for diffs], Thu May 18 21:27:25 2006 UTC (18 years ago) by miod
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
paramter -> parameter
Revision 1.5 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.4: +1 -0 lines
Diff to previous 1.4 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.4 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:18 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +0 -1 lines
Diff to previous 1.3 (colored)
RCSID() can die
Revision 1.2.8.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:56 2006 UTC (18 years, 4 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.2: +10 -7 lines
Diff to previous 1.2 (colored)
upgrade to OpenSSH 4.3
Revision 1.2.6.1 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:44 2006 UTC (18 years, 4 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.2: +10 -7 lines
Diff to previous 1.2 (colored) next main 1.3 (colored)
upgrade to OpenSSH 4.3
Revision 1.3 / (download) - annotate - [select for diffs], Fri Nov 4 05:15:59 2005 UTC (18 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.2: +10 -7 lines
Diff to previous 1.2 (colored)
remove hardcoded hash lengths in key exchange code, allowing implementation of KEX methods with different hashes (e.g. SHA-256); ok markus@ dtucker@ stevesk@
Revision 1.1.2.1 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:15 2004 UTC (20 years, 3 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.1: +6 -5 lines
Diff to previous 1.1 (colored) next main 1.2 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.1.8.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:33 2004 UTC (20 years, 3 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.1: +6 -5 lines
Diff to previous 1.1 (colored) next main 1.2 (colored)
upgrade to OpenSSH 3.8
Revision 1.2 / (download) - annotate - [select for diffs], Mon Dec 8 11:00:47 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_7_BASE,
OPENBSD_3_6_BASE,
OPENBSD_3_6,
OPENBSD_3_5_BASE,
OPENBSD_3_5
Branch point for: OPENBSD_3_8,
OPENBSD_3_7
Changes since 1.1: +6 -5 lines
Diff to previous 1.1 (colored)
print requested group size in debug; ok djm
Revision 1.1.4.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:26 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.1.4.1: +0 -0 lines
Diff to previous 1.1.4.1 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored)
upgrade to OpenSSH 3.7
Revision 1.1.6.1 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:17 2003 UTC (21 years, 2 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored) next main 1.2 (colored)
Merge OpenSSH 3.6.1
Revision 1.1.4.1 / (download) - annotate - [select for diffs], Tue Apr 1 10:38:57 2003 UTC (21 years, 2 months ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
These were missed on the update to the last openssh. Thanks to all who pointed it out.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Feb 16 17:09:57 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_4,
OPENBSD_3_3,
OPENBSD_3_2,
OPENBSD_3_1
split kex into client and server code, no need to link server code into the client; ok provos@