![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.79 / (download) - annotate - [select for diffs], Sun Mar 5 05:34:09 2023 UTC (14 months, 1 week ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
HEAD
Changes since 1.78: +1 -2 lines
Diff to previous 1.78 (colored)
Remove unused compat.h includes. We've previously removed a lot of the really old compatibility code, and with it went the need to include compat.h in most of the files that have it.
Revision 1.78 / (download) - annotate - [select for diffs], Fri Oct 28 02:47:04 2022 UTC (18 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.77: +1 -21 lines
Diff to previous 1.77 (colored)
put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds
Revision 1.77 / (download) - annotate - [select for diffs], Fri Oct 28 00:44:44 2022 UTC (18 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.76: +56 -1 lines
Diff to previous 1.76 (colored)
refactor sshkey_private_deserialize feedback/ok markus@
Revision 1.76 / (download) - annotate - [select for diffs], Fri Oct 28 00:44:17 2022 UTC (18 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.75: +28 -1 lines
Diff to previous 1.75 (colored)
refactor sshkey_private_serialize_opt() feedback/ok markus@
Revision 1.75 / (download) - annotate - [select for diffs], Fri Oct 28 00:43:08 2022 UTC (18 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.74: +21 -16 lines
Diff to previous 1.74 (colored)
refactor sshkey_sign() and sshkey_verify() feedback/ok markus@
Revision 1.74 / (download) - annotate - [select for diffs], Fri Oct 28 00:41:52 2022 UTC (18 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.73: +54 -4 lines
Diff to previous 1.73 (colored)
refactor sshkey_from_blob_internal() feedback/ok markus@
Revision 1.73 / (download) - annotate - [select for diffs], Fri Oct 28 00:41:17 2022 UTC (18 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.72: +28 -1 lines
Diff to previous 1.72 (colored)
refactor sshkey_from_private() feedback/ok markus@
Revision 1.72 / (download) - annotate - [select for diffs], Fri Oct 28 00:39:29 2022 UTC (18 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.71: +30 -1 lines
Diff to previous 1.71 (colored)
factor out key generation feedback/ok markus@
Revision 1.71 / (download) - annotate - [select for diffs], Fri Oct 28 00:37:24 2022 UTC (18 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.70: +20 -1 lines
Diff to previous 1.70 (colored)
factor out public key serialization feedback/ok markus@
Revision 1.70 / (download) - annotate - [select for diffs], Fri Oct 28 00:36:31 2022 UTC (18 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.69: +23 -1 lines
Diff to previous 1.69 (colored)
factor out sshkey_equal_public() feedback/ok markus@
Revision 1.69 / (download) - annotate - [select for diffs], Fri Oct 28 00:35:40 2022 UTC (18 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.68: +107 -1 lines
Diff to previous 1.68 (colored)
begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@
Revision 1.68 / (download) - annotate - [select for diffs], Thu Sep 13 02:08:33 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.67: +35 -14 lines
Diff to previous 1.67 (colored)
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
Revision 1.67 / (download) - annotate - [select for diffs], Tue Jul 3 11:39:54 2018 UTC (5 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.66: +45 -15 lines
Diff to previous 1.66 (colored)
Improve strictness and control over RSA-SHA2 signature types: In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@
Revision 1.66 / (download) - annotate - [select for diffs], Wed Feb 14 16:27:24 2018 UTC (6 years, 3 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.65: +10 -8 lines
Diff to previous 1.65 (colored)
Ensure that D mod (P-1) and D mod (Q-1) are calculated in constant time. This avoids a potential side channel timing leak. ok djm@ markus@
Revision 1.65 / (download) - annotate - [select for diffs], Wed Feb 7 05:17:56 2018 UTC (6 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.64: +6 -15 lines
Diff to previous 1.64 (colored)
Convert some explicit_bzero()/free() calls to freezero(). ok deraadt@ dtucker@
Revision 1.64 / (download) - annotate - [select for diffs], Mon Dec 18 23:14:34 2017 UTC (6 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.63: +4 -1 lines
Diff to previous 1.63 (colored)
log mismatched RSA signature types; ok markus@
Revision 1.63 / (download) - annotate - [select for diffs], Mon Dec 18 02:25:15 2017 UTC (6 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.62: +13 -6 lines
Diff to previous 1.62 (colored)
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
Revision 1.62 / (download) - annotate - [select for diffs], Sat Jul 1 13:50:45 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.61: +36 -1 lines
Diff to previous 1.61 (colored)
remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus
Revision 1.61 / (download) - annotate - [select for diffs], Sun May 7 23:15:59 2017 UTC (7 years ago) by djm
Branch: MAIN
Changes since 1.60: +6 -4 lines
Diff to previous 1.60 (colored)
Refuse RSA keys <1024 bits in length. Improve reporting for keys that do not meet this requirement. ok markus@
Revision 1.60 / (download) - annotate - [select for diffs], Mon Sep 12 23:39:34 2016 UTC (7 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.59: +4 -4 lines
Diff to previous 1.59 (colored)
handle certs in rsa_hash_alg_from_ident(), saving an unnecessary special case elsewhere.
Revision 1.59 / (download) - annotate - [select for diffs], Thu Apr 21 06:08:02 2016 UTC (8 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.58: +3 -2 lines
Diff to previous 1.58 (colored)
make argument == NULL tests more consistent
Revision 1.58 / (download) - annotate - [select for diffs], Fri Dec 11 04:21:12 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.57: +3 -5 lines
Diff to previous 1.57 (colored)
Remove NULL-checks before sshbuf_free(). ok djm@
Revision 1.57 / (download) - annotate - [select for diffs], Thu Dec 10 17:08:40 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
Changes since 1.56: +2 -3 lines
Diff to previous 1.56 (colored)
Remove NULL-checks before free(). ok dtucker@
Revision 1.56 / (download) - annotate - [select for diffs], Mon Dec 7 20:04:09 2015 UTC (8 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.55: +6 -6 lines
Diff to previous 1.55 (colored)
stricter encoding type checks for ssh-rsa; ok djm@
Revision 1.55 / (download) - annotate - [select for diffs], Fri Dec 4 16:41:28 2015 UTC (8 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.54: +113 -23 lines
Diff to previous 1.54 (colored)
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@
Revision 1.54 / (download) - annotate - [select for diffs], Wed Sep 9 00:52:44 2015 UTC (8 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.53: +3 -3 lines
Diff to previous 1.53 (colored)
openssh_RSA_verify return type is int, so don't make it size_t within the function itself with only negative numbers or zero assigned to it. bz#2460
Revision 1.53 / (download) - annotate - [select for diffs], Mon Jun 15 01:32:50 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.52: +2 -2 lines
Diff to previous 1.52 (colored)
return failure on RSA signature error; reported by Albert S
Revision 1.52 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.51: +137 -131 lines
Diff to previous 1.51 (colored)
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
Revision 1.51 / (download) - annotate - [select for diffs], Sun Feb 2 03:44:31 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.50: +7 -7 lines
Diff to previous 1.50 (colored)
convert memset of potentially-private data to explicit_bzero()
Revision 1.50 / (download) - annotate - [select for diffs], Thu Jan 9 23:20:00 2014 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.49: +30 -24 lines
Diff to previous 1.49 (colored)
Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@
Revision 1.49 / (download) - annotate - [select for diffs], Mon Dec 30 23:52:27 2013 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.48: +3 -20 lines
Diff to previous 1.48 (colored)
refuse RSA keys from old proprietary clients/servers that use the obsolete RSA+MD5 signature scheme. it will still be possible to connect with these clients/servers but only DSA keys will be accepted, and we'll deprecate them entirely in a future release. ok markus@
Revision 1.48 / (download) - annotate - [select for diffs], Fri Dec 27 22:37:18 2013 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.47: +3 -3 lines
Diff to previous 1.47 (colored)
correct comment
Revision 1.47 / (download) - annotate - [select for diffs], Fri Dec 27 22:30:17 2013 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.46: +21 -18 lines
Diff to previous 1.46 (colored)
make the original RSA and DSA signing/verification code look more like the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type rather than tediously listing all variants, use __func__ for debug/ error messages
Revision 1.46 / (download) - annotate - [select for diffs], Fri May 17 00:13:14 2013 UTC (11 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.45: +11 -12 lines
Diff to previous 1.45 (colored)
bye, bye xfree(); ok markus@
Revision 1.45 / (download) - annotate - [select for diffs], Tue Aug 31 09:58:37 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)
Add buffer_get_cstring() and related functions that verify that the string extracted from the buffer contains no embedded \0 characters* This prevents random (possibly malicious) crap from being appended to strings where it would not be noticed if the string is used with a string(3) function. Use the new API in a few sensitive places. * actually, we allow a single one at the end of the string for now because we don't know how many deployed implementations get this wrong, but don't count on this to remain indefinitely.
Revision 1.44 / (download) - annotate - [select for diffs], Fri Jul 16 14:07:35 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.43: +6 -4 lines
Diff to previous 1.43 (colored)
more timing paranoia - compare all parts of the expected decrypted data before returning. AFAIK not exploitable in the SSH protocol. "groovy" deraadt@
Revision 1.43 / (download) - annotate - [select for diffs], Tue Jul 13 23:13:16 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.42: +3 -3 lines
Diff to previous 1.42 (colored)
s/timing_safe_cmp/timingsafe_bcmp/g
Revision 1.42 / (download) - annotate - [select for diffs], Tue Jul 13 11:52:06 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.41: +4 -3 lines
Diff to previous 1.41 (colored)
implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
Revision 1.41 / (download) - annotate - [select for diffs], Fri Apr 16 01:47:26 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.40: +5 -7 lines
Diff to previous 1.40 (colored)
revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
following changes:
move the nonce field to the beginning of the certificate where it can
better protect against chosen-prefix attacks on the signature hash
Rename "constraints" field to "critical options"
Add a new non-critical "extensions" field
Add a serial number
The older format is still support for authentication and cert generation
(use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
ok markus@
Revision 1.40 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.39: +7 -3 lines
Diff to previous 1.39 (colored)
Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
Revision 1.32.2.1 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:33 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.32: +7 -5 lines
Diff to previous 1.32 (colored) next main 1.33 (colored)
upgrade to OpenSSH 4.4
Revision 1.32.4.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:51 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.32: +7 -5 lines
Diff to previous 1.32 (colored) next main 1.33 (colored)
upgrade to OpenSSH 4.4
Revision 1.39 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.38: +3 -3 lines
Diff to previous 1.38 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.38 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.37: +3 -1 lines
Diff to previous 1.37 (colored)
move #include <string.h> out of includes.h
Revision 1.37 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.36: +1 -0 lines
Diff to previous 1.36 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.36 / (download) - annotate - [select for diffs], Sat Mar 25 01:13:23 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.35: +1 -1 lines
Diff to previous 1.35 (colored)
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
Revision 1.35 / (download) - annotate - [select for diffs], Mon Mar 20 18:26:55 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.34: +1 -0 lines
Diff to previous 1.34 (colored)
annoying spacing fixes getting in the way of real diffs
Revision 1.34 / (download) - annotate - [select for diffs], Mon Mar 20 17:17:23 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.33: +0 -1 lines
Diff to previous 1.33 (colored)
in a switch (), break after return or goto is stupid
Revision 1.33 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:18 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.32: +0 -1 lines
Diff to previous 1.32 (colored)
RCSID() can die
Revision 1.31.6.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:10 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored) next main 1.32 (colored)
upgrade to OpenSSH 4.2
Revision 1.31.4.1 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:01 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored) next main 1.32 (colored)
upgrade to OpenSSH 4.2
Revision 1.32 / (download) - annotate - [select for diffs], Fri Jun 17 02:44:33 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_9,
OPENBSD_3_8
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)
make this -Wsign-compare clean; ok avsm@ markus@
Revision 1.28.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:16 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.28.2.1: +5 -5 lines
Diff to previous 1.28.2.1 (colored) to branchpoint 1.28 (colored) next main 1.29 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.30.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:34 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.30: +5 -5 lines
Diff to previous 1.30 (colored) next main 1.31 (colored)
upgrade to OpenSSH 3.8
Revision 1.31 / (download) - annotate - [select for diffs], Mon Nov 10 16:23:41 2003 UTC (20 years, 6 months ago) by jakob
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_6_BASE,
OPENBSD_3_5_BASE,
OPENBSD_3_5
Branch point for: OPENBSD_3_7,
OPENBSD_3_6
Changes since 1.30: +5 -5 lines
Diff to previous 1.30 (colored)
constify. ok markus@ & djm@
Revision 1.26.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:28 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.26.2.1: +12 -21 lines
Diff to previous 1.26.2.1 (colored) to branchpoint 1.26 (colored) next main 1.27 (colored)
upgrade to OpenSSH 3.7
Revision 1.28.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:44 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.28: +12 -21 lines
Diff to previous 1.28 (colored)
upgrade to OpenSSH 3.7
Revision 1.30 / (download) - annotate - [select for diffs], Wed Jun 18 11:28:11 2003 UTC (20 years, 11 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.29: +13 -22 lines
Diff to previous 1.29 (colored)
backout last change, since it violates pkcs#1 switch to share/misc/license.template
Revision 1.29 / (download) - annotate - [select for diffs], Mon Jun 16 08:22:35 2003 UTC (20 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.28: +3 -3 lines
Diff to previous 1.28 (colored)
make sure the signature has at least the expected length (don't insist on len == hlen + oidlen, since this breaks some smartcards) bugzilla #592; ok djm@
Revision 1.18.2.3 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:18 2003 UTC (21 years, 1 month ago) by miod
Branch: OPENBSD_3_1
Changes since 1.18.2.2: +2 -3 lines
Diff to previous 1.18.2.2 (colored) to branchpoint 1.18 (colored) next main 1.19 (colored)
Merge OpenSSH 3.6.1
Revision 1.26.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:14 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.26: +2 -3 lines
Diff to previous 1.26 (colored)
Update to OpenSSH 3.6
Revision 1.28 / (download) - annotate - [select for diffs], Wed Feb 12 09:33:04 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.27: +1 -2 lines
Diff to previous 1.27 (colored)
merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@
Revision 1.27 / (download) - annotate - [select for diffs], Thu Nov 21 23:03:51 2002 UTC (21 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
KNF
Revision 1.10.2.6 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:07 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.10.2.5: +103 -16 lines
Diff to previous 1.10.2.5 (colored) to branchpoint 1.10 (colored) next main 1.11 (colored)
Update to OpenSSH 3.5
Revision 1.18.2.2 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:53 2002 UTC (21 years, 7 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.18.2.1: +103 -16 lines
Diff to previous 1.18.2.1 (colored) to branchpoint 1.18 (colored)
Update to OpenSSH 3.5
Revision 1.26 / (download) - annotate - [select for diffs], Tue Aug 27 17:13:56 2002 UTC (21 years, 8 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.25: +3 -2 lines
Diff to previous 1.25 (colored)
RSA_public_decrypt() returns -1 on error so len must be signed; ok markus@
Revision 1.25 / (download) - annotate - [select for diffs], Fri Aug 2 22:20:30 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.24: +93 -7 lines
Diff to previous 1.24 (colored)
replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser for authentication; ok deraadt/djm
Revision 1.24 / (download) - annotate - [select for diffs], Fri Aug 2 21:23:41 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored)
diff is u_int (2x); ok deraadt/provos
Revision 1.23 / (download) - annotate - [select for diffs], Thu Jul 4 10:41:47 2002 UTC (21 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.22: +8 -10 lines
Diff to previous 1.22 (colored)
don't allocate, copy, and discard if there is not interested in the data; ok deraadt@
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jul 4 04:15:33 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.21: +3 -1 lines
Diff to previous 1.21 (colored)
patch memory leaks; grendel@zeitbombe.org
Revision 1.10.2.5 / (download) - annotate - [select for diffs], Wed Jun 26 18:22:36 2002 UTC (21 years, 10 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.10.2.4: +11 -13 lines
Diff to previous 1.10.2.4 (colored) to branchpoint 1.10 (colored)
There was an update to OpenSSH 3.4, and people rejoiced.
Revision 1.18.2.1 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:39 2002 UTC (21 years, 10 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.18: +27 -14 lines
Diff to previous 1.18 (colored)
Pull in OpenSSH-3.4
Revision 1.21 / (download) - annotate - [select for diffs], Sun Jun 23 03:30:17 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.20: +11 -13 lines
Diff to previous 1.20 (colored)
various KNF and %d for unsigned
Revision 1.10.2.4 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:18 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.10.2.3: +19 -4 lines
Diff to previous 1.10.2.3 (colored) to branchpoint 1.10 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.20 / (download) - annotate - [select for diffs], Mon Jun 10 16:53:06 2002 UTC (21 years, 11 months ago) by stevesk
Branch: MAIN
Changes since 1.19: +3 -3 lines
Diff to previous 1.19 (colored)
display minimum RSA modulus in error(); ok markus@
Revision 1.8.2.4 / (download) - annotate - [select for diffs], Sun Jun 2 22:56:11 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.8.2.3: +3 -10 lines
Diff to previous 1.8.2.3 (colored) to branchpoint 1.8 (colored) next main 1.9 (colored)
Upgrade to OpenSSH 3.2.3. Except for improbable compilation error fixes, this should be the last commit made to the 2.9-STABLE branche. Have fun upgrading.
Revision 1.19 / (download) - annotate - [select for diffs], Fri May 31 13:20:50 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.18: +17 -2 lines
Diff to previous 1.18 (colored)
pad received signature with leading zeros, because RSA_verify expects a signature of RSA_size. the drafts says the signature is transmitted unpadded (e.g. putty does not pad), reported by anakin@pobox.com
Revision 1.10.2.3 / (download) - annotate - [select for diffs], Fri May 17 00:03:24 2002 UTC (22 years ago) by miod
Branch: OPENBSD_3_0
Changes since 1.10.2.2: +3 -10 lines
Diff to previous 1.10.2.2 (colored) to branchpoint 1.10 (colored)
Update OpenSSH to version 3.2.2.
Revision 1.18 / (download) - annotate - [select for diffs], Tue Apr 2 20:11:38 2002 UTC (22 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.17: +1 -9 lines
Diff to previous 1.17 (colored)
ignore SSH_BUG_SIGBLOB for ssh-rsa; #187
Revision 1.17 / (download) - annotate - [select for diffs], Fri Mar 29 19:18:33 2002 UTC (22 years, 1 month ago) by stevesk
Branch: MAIN
Changes since 1.16: +3 -2 lines
Diff to previous 1.16 (colored)
make RSA modulus minimum #define; ok markus@
Revision 1.8.2.3 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:45 2002 UTC (22 years, 2 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.8.2.2: +12 -18 lines
Diff to previous 1.8.2.2 (colored) to branchpoint 1.8 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.6.2.7 / (download) - annotate - [select for diffs], Fri Mar 8 17:04:43 2002 UTC (22 years, 2 months ago) by brad
Branch: OPENBSD_2_8
Changes since 1.6.2.6: +12 -18 lines
Diff to previous 1.6.2.6 (colored) next main 1.7 (colored)
Merge OpenSSH 3.1.
Revision 1.10.2.2 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:47 2002 UTC (22 years, 2 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.10.2.1: +12 -18 lines
Diff to previous 1.10.2.1 (colored) to branchpoint 1.10 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.16 / (download) - annotate - [select for diffs], Sun Feb 24 19:14:59 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.15: +5 -5 lines
Diff to previous 1.15 (colored)
signed vs. unsigned: make size arguments u_int, ok stevesk@
Revision 1.15 / (download) - annotate - [select for diffs], Fri Jan 25 21:42:11 2002 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.14: +7 -13 lines
Diff to previous 1.14 (colored)
use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@ don't use evp_md->md_size, it's not public.
Revision 1.14 / (download) - annotate - [select for diffs], Wed Dec 5 10:06:12 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
minor KNF
Revision 1.8.2.2 / (download) - annotate - [select for diffs], Thu Nov 15 22:51:15 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.8.2.1: +11 -3 lines
Diff to previous 1.8.2.1 (colored) to branchpoint 1.8 (colored)
Merge OpenSSH 3.0.1.
Revision 1.6.2.6 / (download) - annotate - [select for diffs], Thu Nov 15 22:50:30 2001 UTC (22 years, 6 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.6.2.5: +11 -3 lines
Diff to previous 1.6.2.5 (colored)
Merge OpenSSH 3.0.1. This is likely to be the last commit to the 2.8-STABLE branch.
Revision 1.10.2.1 / (download) - annotate - [select for diffs], Wed Nov 14 03:24:39 2001 UTC (22 years, 6 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.10: +11 -3 lines
Diff to previous 1.10 (colored)
Pull in patches from current (Errata 002): Update to OpenSSH-3.0.1 via errata patch (Instead of using release tarball)
Revision 1.13 / (download) - annotate - [select for diffs], Sat Nov 10 13:22:42 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)
KNF (unexpand)
Revision 1.12 / (download) - annotate - [select for diffs], Wed Nov 7 22:10:28 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)
missing free and sync dss/rsa code.
Revision 1.11 / (download) - annotate - [select for diffs], Wed Nov 7 21:40:21 2001 UTC (22 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.10: +9 -1 lines
Diff to previous 1.10 (colored)
ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
Revision 1.8.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:55 2001 UTC (22 years, 7 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.8: +3 -4 lines
Diff to previous 1.8 (colored)
Pull in OpenSSH-2.9.9
Revision 1.6.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:42 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.6.2.4: +3 -4 lines
Diff to previous 1.6.2.4 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.10 / (download) - annotate - [select for diffs], Mon Sep 17 19:27:15 2001 UTC (22 years, 8 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored)
u_char*/char* cleanup; ok markus@
Revision 1.9 / (download) - annotate - [select for diffs], Wed Jun 6 23:13:54 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.8: +1 -2 lines
Diff to previous 1.8 (colored)
cleanup, remove old code
Revision 1.6.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:36 2001 UTC (23 years ago) by jason
Branch: OPENBSD_2_8
Changes since 1.6.2.3: +23 -12 lines
Diff to previous 1.6.2.3 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.8 / (download) - annotate - [select for diffs], Tue Mar 27 10:57:00 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.7: +4 -3 lines
Diff to previous 1.7 (colored)
some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5 signatures in SSH protocol 2, ok djm@
Revision 1.7 / (download) - annotate - [select for diffs], Tue Mar 27 10:34:08 2001 UTC (23 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.6: +22 -12 lines
Diff to previous 1.6 (colored)
use EVP_get_digestbynid, reorder some calls and fix missing free.
Revision 1.6.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:30 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.6.2.2: +0 -0 lines
Diff to previous 1.6.2.2 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.6.4.2 / (download) - annotate - [select for diffs], Wed Mar 21 18:53:10 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.6.4.1: +0 -0 lines
Diff to previous 1.6.4.1 (colored) next main 1.7 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.6.4.1 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:16 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.6: +1 -1 lines
Diff to previous 1.6 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.6.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:19:31 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.6.2.1: +0 -0 lines
Diff to previous 1.6.2.1 (colored)
Pull in OpenSSH-2.5.1
Revision 1.6.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:13:19 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.6: +1 -1 lines
Diff to previous 1.6 (colored)
Pull in OpenSSH 2.5.0
Revision 1.6 / (download) - annotate - [select for diffs], Thu Feb 8 19:30:52 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Branch point for: OPENBSD_2_8,
OPENBSD_2_7
Changes since 1.5: +2 -1 lines
Diff to previous 1.5 (colored)
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
Revision 1.5 / (download) - annotate - [select for diffs], Sun Jan 21 19:05:58 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.4: +5 -8 lines
Diff to previous 1.4 (colored)
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
Revision 1.4 / (download) - annotate - [select for diffs], Tue Jan 16 19:20:06 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.3: +6 -1 lines
Diff to previous 1.3 (colored)
make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from galb@vandyke.com. note that you have to delete older ssh2-rsa keys, since they are in the wrong format, too. they must be removed from .ssh/authorized_keys2 and .ssh/known_hosts2, etc. (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2) additionally, we now check that BN_num_bits(rsa->n) >= 768.
Revision 1.3 / (download) - annotate - [select for diffs], Sat Jan 6 11:23:27 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.2: +1 -4 lines
Diff to previous 1.2 (colored)
remove unused
Revision 1.2 / (download) - annotate - [select for diffs], Tue Dec 19 23:17:58 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.1: +10 -10 lines
Diff to previous 1.1 (colored)
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Nov 12 19:50:38 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.