Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.306 / (download) - annotate - [select for diffs], Sat Mar 9 05:12:13 2024 UTC (3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.305: +25 -17 lines
Diff to previous 1.305 (colored)
avoid logging in signal handler by converting mainloop to ppoll() bz3670, reported by Ben Hamilton; ok dtucker@
Revision 1.305 / (download) - annotate - [select for diffs], Wed Mar 6 00:31:04 2024 UTC (3 months ago) by djm
Branch: MAIN
Changes since 1.304: +4 -2 lines
Diff to previous 1.304 (colored)
wrap a few PKCS#11-specific bits in ENABLE_PKCS11
Revision 1.304 / (download) - annotate - [select for diffs], Mon Dec 18 15:58:56 2023 UTC (5 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.303: +2 -2 lines
Diff to previous 1.303 (colored)
match flag type (s/int/u_int)
Revision 1.303 / (download) - annotate - [select for diffs], Mon Dec 18 14:48:08 2023 UTC (5 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.302: +15 -3 lines
Diff to previous 1.302 (colored)
ssh-agent: record failed session-bind attempts Record failed attempts to session-bind a connection and refuse signing operations on that connection henceforth. Prevents a future situation where we add a new hostkey type that is not recognised by an older ssh-agent, that consequently causes session-bind to fail (this situation is only likely to arise when people mix ssh(1) and ssh-agent(1) of different versions on the same host). Previously, after such a failure the agent socket would be considered unbound and not subject to restriction. Spotted by Jann Horn
Revision 1.302 / (download) - annotate - [select for diffs], Mon Dec 18 14:46:56 2023 UTC (5 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.301: +98 -26 lines
Diff to previous 1.301 (colored)
Make it possible to load certs from PKCS#11 tokens Adds a protocol extension to allow grafting certificates supplied by ssh-add to keys loaded from PKCS#11 tokens in the agent. feedback/ok markus@
Revision 1.301 / (download) - annotate - [select for diffs], Mon Dec 18 14:46:12 2023 UTC (5 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.300: +100 -5 lines
Diff to previous 1.300 (colored)
apply destination constraints to all p11 keys Previously applied only to the first key returned from each token. ok markus@
Revision 1.292.4.1 / (download) - annotate - [select for diffs], Wed Jul 19 14:08:59 2023 UTC (10 months, 3 weeks ago) by bluhm
Branch: OPENBSD_7_2
Changes since 1.292: +21 -2 lines
Diff to previous 1.292 (colored) next main 1.293 (colored)
Disallow remote addition of FIDO/PKCS11 provider libraries to ssh-agent by default. The old behaviour of allowing remote clients from loading providers can be restored using `ssh-agent -O allow-remote-pkcs11`. Detection of local/remote clients requires a ssh(1) that supports the `session-bind@openssh.com` extension. Forwarding access to a ssh-agent socket using non-OpenSSH tools may circumvent this control. from djm@; ok markus@ terminate process if requested to load a PKCS#11 provider that isn't a PKCS#11 provider; from / ok markus@ from djm@ this is errata/7.2/032_ssh_agent.patch.sig
Revision 1.297.4.1 / (download) - annotate - [select for diffs], Wed Jul 19 14:07:53 2023 UTC (10 months, 3 weeks ago) by bluhm
Branch: OPENBSD_7_3
Changes since 1.297: +21 -2 lines
Diff to previous 1.297 (colored) next main 1.298 (colored)
Disallow remote addition of FIDO/PKCS11 provider libraries to ssh-agent by default. The old behaviour of allowing remote clients from loading providers can be restored using `ssh-agent -O allow-remote-pkcs11`. Detection of local/remote clients requires a ssh(1) that supports the `session-bind@openssh.com` extension. Forwarding access to a ssh-agent socket using non-OpenSSH tools may circumvent this control. from djm@; ok markus@ terminate process if requested to load a PKCS#11 provider that isn't a PKCS#11 provider; from / ok markus@ from djm@ this is errata/7.3/010_ssh_agent.patch.sig
Revision 1.300 / (download) - annotate - [select for diffs], Wed Jul 19 13:56:33 2023 UTC (10 months, 3 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.299: +21 -2 lines
Diff to previous 1.299 (colored)
Disallow remote addition of FIDO/PKCS11 provider libraries to ssh-agent by default. The old behaviour of allowing remote clients from loading providers can be restored using `ssh-agent -O allow-remote-pkcs11`. Detection of local/remote clients requires a ssh(1) that supports the `session-bind@openssh.com` extension. Forwarding access to a ssh-agent socket using non-OpenSSH tools may circumvent this control. ok markus@
Revision 1.299 / (download) - annotate - [select for diffs], Mon Jul 10 04:51:26 2023 UTC (11 months ago) by djm
Branch: MAIN
Changes since 1.298: +2 -2 lines
Diff to previous 1.298 (colored)
misplaced debug message
Revision 1.298 / (download) - annotate - [select for diffs], Fri Mar 31 04:45:08 2023 UTC (14 months, 1 week ago) by dtucker
Branch: MAIN
Changes since 1.297: +3 -3 lines
Diff to previous 1.297 (colored)
Explictly ignore return codes where we don't check them. From Dmitry Belyavskiy via github PR#238, ok djm@
Revision 1.297 / (download) - annotate - [select for diffs], Thu Mar 9 21:06:24 2023 UTC (15 months ago) by jcs
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE
Branch point for: OPENBSD_7_3
Changes since 1.296: +3 -3 lines
Diff to previous 1.296 (colored)
modify parentheses in conditionals to make it clearer what is being assigned and what is being checked ok djm dtucker
Revision 1.296 / (download) - annotate - [select for diffs], Wed Mar 8 04:43:12 2023 UTC (15 months ago) by guenther
Branch: MAIN
Changes since 1.295: +1 -2 lines
Diff to previous 1.295 (colored)
Delete obsolete /* ARGSUSED */ lint comments. ok miod@ millert@
Revision 1.295 / (download) - annotate - [select for diffs], Sun Mar 5 05:34:09 2023 UTC (15 months, 1 week ago) by dtucker
Branch: MAIN
Changes since 1.294: +1 -2 lines
Diff to previous 1.294 (colored)
Remove unused compat.h includes. We've previously removed a lot of the really old compatibility code, and with it went the need to include compat.h in most of the files that have it.
Revision 1.294 / (download) - annotate - [select for diffs], Sun Dec 4 11:03:11 2022 UTC (18 months ago) by dtucker
Branch: MAIN
Changes since 1.293: +1 -2 lines
Diff to previous 1.293 (colored)
Remove duplicate includes. Patch from AtariDreams via github PR#364.
Revision 1.293 / (download) - annotate - [select for diffs], Fri Oct 7 06:00:58 2022 UTC (20 months ago) by jmc
Branch: MAIN
Changes since 1.292: +4 -4 lines
Diff to previous 1.292 (colored)
ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage()
Revision 1.292 / (download) - annotate - [select for diffs], Sat Sep 17 10:11:29 2022 UTC (20 months, 3 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE
Branch point for: OPENBSD_7_2
Changes since 1.291: +3 -2 lines
Diff to previous 1.291 (colored)
actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett
Revision 1.291 / (download) - annotate - [select for diffs], Wed Sep 14 00:13:13 2022 UTC (20 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.290: +2 -1 lines
Diff to previous 1.290 (colored)
a little extra debugging
Revision 1.290 / (download) - annotate - [select for diffs], Wed Sep 14 00:02:03 2022 UTC (20 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.289: +2 -11 lines
Diff to previous 1.289 (colored)
ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen
Revision 1.289 / (download) - annotate - [select for diffs], Fri Sep 9 03:31:42 2022 UTC (21 months ago) by djm
Branch: MAIN
Changes since 1.288: +3 -5 lines
Diff to previous 1.288 (colored)
notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen
Revision 1.288 / (download) - annotate - [select for diffs], Fri Apr 29 03:13:32 2022 UTC (2 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.287: +2 -1 lines
Diff to previous 1.287 (colored)
fix memleak on session-bind path; from Pedro Martelletto, ok dtucker@
Revision 1.287 / (download) - annotate - [select for diffs], Fri Jan 14 03:43:48 2022 UTC (2 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.286: +35 -6 lines
Diff to previous 1.286 (colored)
allow pin-required FIDO keys to be added to ssh-agent(1). ssh-askpass will be used to request the PIN at authentication time. From Pedro Martelletto, ok djm
Revision 1.286 / (download) - annotate - [select for diffs], Wed Jan 12 03:30:32 2022 UTC (2 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.285: +5 -4 lines
Diff to previous 1.285 (colored)
Don't log NULL hostname in restricted agent code, printf("%s", NULL) is not safe on all platforms. with & ok djm
Revision 1.285 / (download) - annotate - [select for diffs], Sat Jan 1 04:18:06 2022 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.284: +2 -1 lines
Diff to previous 1.284 (colored)
fix memleak in process_extension(); oss-fuzz issue #42719
Revision 1.284 / (download) - annotate - [select for diffs], Sat Jan 1 01:55:30 2022 UTC (2 years, 5 months ago) by jsg
Branch: MAIN
Changes since 1.283: +2 -2 lines
Diff to previous 1.283 (colored)
spelling ok dtucker@
Revision 1.283 / (download) - annotate - [select for diffs], Sun Dec 19 22:13:55 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.282: +23 -3 lines
Diff to previous 1.282 (colored)
Use hostkey parsed from hostbound userauth request Require host-bound userauth requests for forwarded SSH connections. The hostkey parsed from the host-bound userauth request is now checked against the most recently bound session ID / hostkey on the agent socket and the signature refused if they do not match. ok markus@
Revision 1.282 / (download) - annotate - [select for diffs], Sun Dec 19 22:13:33 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.281: +17 -7 lines
Diff to previous 1.281 (colored)
agent support for parsing hostkey-bound signatures Allow parse_userauth_request() to work with blobs from publickey-hostbound-v00@openssh.com userauth attempts. Extract hostkey from these blobs. ok markus@
Revision 1.281 / (download) - annotate - [select for diffs], Sun Dec 19 22:11:39 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.280: +463 -42 lines
Diff to previous 1.280 (colored)
ssh-agent side of destination constraints Gives ssh-agent the ability to parse restrict-destination-v00@openssh.com constraints and to apply them to keys. Check constraints against the hostkeys recorded for a SocketEntry when attempting a signature, adding, listing or deleting keys. Note that the "delete all keys" request will remove constrained keys regardless of location. feedback Jann Horn & markus@ ok markus@
Revision 1.280 / (download) - annotate - [select for diffs], Sun Dec 19 22:09:23 2021 UTC (2 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.279: +168 -9 lines
Diff to previous 1.279 (colored)
ssh-agent side of binding record session ID/hostkey/forwarding status for each active socket. Attempt to parse data-to-be-signed at signature request time and extract session ID from the blob if it is a pubkey userauth request. ok markus@
Revision 1.279 / (download) - annotate - [select for diffs], Thu Nov 18 03:31:44 2021 UTC (2 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.278: +3 -4 lines
Diff to previous 1.278 (colored)
check for POLLHUP wherever we check for POLLIN
Revision 1.278 / (download) - annotate - [select for diffs], Sat Apr 3 06:18:41 2021 UTC (3 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.277: +4 -4 lines
Diff to previous 1.277 (colored)
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
Revision 1.257.2.1 / (download) - annotate - [select for diffs], Wed Mar 3 17:41:52 2021 UTC (3 years, 3 months ago) by deraadt
Branch: OPENBSD_6_7
Changes since 1.257: +2 -1 lines
Diff to previous 1.257 (colored) next main 1.258 (colored)
Double free in ssh-agent(1), fixed differently in -current from djm his is errata 6.7/036_sshagent.patch.sig and 6.8/015_sshagent.patch.sig
Revision 1.264.4.1 / (download) - annotate - [select for diffs], Wed Mar 3 17:39:58 2021 UTC (3 years, 3 months ago) by deraadt
Branch: OPENBSD_6_8
Changes since 1.264: +2 -1 lines
Diff to previous 1.264 (colored) next main 1.265 (colored)
Double free in ssh-agent(1), fixed differently in -current from djm his is errata 6.7/036_sshagent.patch.sig
Revision 1.277 / (download) - annotate - [select for diffs], Fri Feb 12 03:14:18 2021 UTC (3 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.276: +59 -41 lines
Diff to previous 1.276 (colored)
factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its own function and remove an unused variable; ok dtucker@
Revision 1.276 / (download) - annotate - [select for diffs], Tue Feb 2 22:35:14 2021 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.275: +2 -2 lines
Diff to previous 1.275 (colored)
memleak on error path; ok markus@
Revision 1.275 / (download) - annotate - [select for diffs], Fri Jan 29 06:29:46 2021 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.274: +4 -4 lines
Diff to previous 1.274 (colored)
fix the values of enum sock_type
Revision 1.274 / (download) - annotate - [select for diffs], Fri Jan 29 06:28:10 2021 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.273: +2 -2 lines
Diff to previous 1.273 (colored)
give typedef'd struct a struct name; makes the fuzzer I'm writing a bit easier
Revision 1.273 / (download) - annotate - [select for diffs], Wed Jan 27 00:37:26 2021 UTC (3 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.272: +2 -2 lines
Diff to previous 1.272 (colored)
Logical not bitwise or. ok djm@
Revision 1.272 / (download) - annotate - [select for diffs], Tue Jan 26 11:25:01 2021 UTC (3 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.271: +4 -6 lines
Diff to previous 1.271 (colored)
Remove unused variables leftover from refactoring. ok djm@
Revision 1.271 / (download) - annotate - [select for diffs], Tue Jan 26 00:54:49 2021 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.270: +95 -69 lines
Diff to previous 1.270 (colored)
refactor key constraint parsing in ssh-agent Key constraints parsing code previously existed in both the "add regular key" and "add smartcard key" path. This unifies them but also introduces more consistency checking: duplicated constraints and constraints that are nonsensical for a particular situation (e.g. FIDO provider for a smartcard key) are now banned. ok markus@
Revision 1.270 / (download) - annotate - [select for diffs], Tue Jan 26 00:53:31 2021 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.269: +130 -67 lines
Diff to previous 1.269 (colored)
more ssh-agent refactoring Allow confirm_key() to accept an additional reason suffix Factor publickey userauth parsing out into its own function and allow it to optionally return things it parsed out of the message to its caller. feedback/ok markus@
Revision 1.269 / (download) - annotate - [select for diffs], Tue Jan 26 00:47:47 2021 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.268: +16 -4 lines
Diff to previous 1.268 (colored)
use recallocarray to allocate the agent sockets table; also clear socket entries that are being marked as unused. spinkle in some debug2() spam to make it easier to watch an agent do its thing. ok markus
Revision 1.268 / (download) - annotate - [select for diffs], Mon Jan 11 02:12:58 2021 UTC (3 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.267: +2 -2 lines
Diff to previous 1.267 (colored)
Change convtime() from returning long to returning int. On platforms where sizeof(int) != sizeof(long), convtime could accept values >MAX_INT which subsequently truncate when stored in an int during config parsing. bz#3250, ok djm@
Revision 1.267 / (download) - annotate - [select for diffs], Sun Nov 8 22:37:24 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.266: +2 -2 lines
Diff to previous 1.266 (colored)
when requesting a security key touch on stderr, inform the user once the touch has been recorded; requested by claudio@ ok markus@
Revision 1.266 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:02 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.265: +77 -95 lines
Diff to previous 1.265 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.265 / (download) - annotate - [select for diffs], Sat Oct 3 09:22:26 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.264: +4 -10 lines
Diff to previous 1.264 (colored)
There are lots of place where we want to redirect stdin, stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@
Revision 1.264 / (download) - annotate - [select for diffs], Fri Sep 18 08:16:38 2020 UTC (3 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE
Branch point for: OPENBSD_6_8
Changes since 1.263: +13 -6 lines
Diff to previous 1.263 (colored)
handle multiple messages in a single read() PR#183 by Dennis Kaarsemaker; feedback and ok markus@
Revision 1.263 / (download) - annotate - [select for diffs], Thu Aug 27 01:06:18 2020 UTC (3 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.262: +3 -2 lines
Diff to previous 1.262 (colored)
support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
Revision 1.262 / (download) - annotate - [select for diffs], Sun Jul 5 23:59:45 2020 UTC (3 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.261: +4 -4 lines
Diff to previous 1.261 (colored)
some language improvements; ok markus
Revision 1.261 / (download) - annotate - [select for diffs], Mon Jun 22 06:37:38 2020 UTC (3 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.260: +2 -2 lines
Diff to previous 1.260 (colored)
updated argument name for -P in first synopsis was missed in previous;
Revision 1.260 / (download) - annotate - [select for diffs], Mon Jun 22 05:52:05 2020 UTC (3 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.259: +12 -12 lines
Diff to previous 1.259 (colored)
better terminology for permissions; feedback & ok markus@
Revision 1.259 / (download) - annotate - [select for diffs], Fri Jun 19 07:21:42 2020 UTC (3 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.258: +4 -2 lines
Diff to previous 1.258 (colored)
Correct synopsis and usage for the options accepted when passing a command to ssh-agent. ok jmc@
Revision 1.258 / (download) - annotate - [select for diffs], Tue May 26 01:26:58 2020 UTC (4 years ago) by djm
Branch: MAIN
Changes since 1.257: +100 -10 lines
Diff to previous 1.257 (colored)
Restrict ssh-agent from signing web challenges for FIDO keys. When signing messages in ssh-agent using a FIDO key that has an application string that does not start with "ssh:", ensure that the message being signed is one of the forms expected for the SSH protocol (currently pubkey authentication and sshsig signatures). This prevents ssh-agent forwarding on a host that has FIDO keys attached granting the ability for the remote side to sign challenges for web authentication using those keys too. Note that the converse case of web browsers signing SSH challenges is already precluded because no web RP can have the "ssh:" prefix in the application string that we require. ok markus@
Revision 1.257 / (download) - annotate - [select for diffs], Fri Mar 6 18:28:27 2020 UTC (4 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE
Branch point for: OPENBSD_6_7
Changes since 1.256: +2 -2 lines
Diff to previous 1.256 (colored)
initialize seconds for debug message; ok djm
Revision 1.256 / (download) - annotate - [select for diffs], Wed Feb 26 13:40:09 2020 UTC (4 years, 3 months ago) by jsg
Branch: MAIN
Changes since 1.255: +2 -3 lines
Diff to previous 1.255 (colored)
change explicit_bzero();free() to freezero() While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@
Revision 1.255 / (download) - annotate - [select for diffs], Thu Feb 6 22:30:54 2020 UTC (4 years, 4 months ago) by naddy
Branch: MAIN
Changes since 1.254: +3 -3 lines
Diff to previous 1.254 (colored)
Replace "security key" with "authenticator" in program messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@
Revision 1.254 / (download) - annotate - [select for diffs], Sat Jan 25 00:06:48 2020 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.253: +19 -7 lines
Diff to previous 1.253 (colored)
process security key provider via realpath() in agent, avoids malicious client from being able to cause agent to load arbitrary libraries into ssh-sk-helper. reported by puck AT puckipedia.com; ok markus
Revision 1.253 / (download) - annotate - [select for diffs], Sat Jan 25 00:03:36 2020 UTC (4 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.252: +13 -6 lines
Diff to previous 1.252 (colored)
expose PKCS#11 key labels/X.509 subjects as comments Extract the key label or X.509 subject string when PKCS#11 keys are retrieved from the token and plumb this through to places where it may be used as a comment. based on https://github.com/openssh/openssh-portable/pull/138 by Danielle Church feedback and ok markus@
Revision 1.252 / (download) - annotate - [select for diffs], Thu Jan 23 07:10:22 2020 UTC (4 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.251: +5 -5 lines
Diff to previous 1.251 (colored)
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
Revision 1.251 / (download) - annotate - [select for diffs], Fri Dec 13 19:09:10 2019 UTC (4 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.250: +20 -140 lines
Diff to previous 1.250 (colored)
use ssh-sk-helper for all security key signing operations This extracts and refactors the client interface for ssh-sk-helper from ssh-agent and generalises it for use by the other programs. This means that most OpenSSH tools no longer need to link against libfido2 or directly interact with /dev/uhid* requested by, feedback and ok markus@
Revision 1.250 / (download) - annotate - [select for diffs], Tue Nov 19 16:02:32 2019 UTC (4 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.249: +3 -2 lines
Diff to previous 1.249 (colored)
revert previous: naddy pointed out what's meant to happen. rethink needed...
Revision 1.249 / (download) - annotate - [select for diffs], Tue Nov 19 14:54:47 2019 UTC (4 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.248: +3 -4 lines
Diff to previous 1.248 (colored)
-c and -s do not make sense with -k; reshuffle -k into the main synopsis/usage; ok djm
Revision 1.248 / (download) - annotate - [select for diffs], Mon Nov 18 16:10:05 2019 UTC (4 years, 6 months ago) by naddy
Branch: MAIN
Changes since 1.247: +2 -1 lines
Diff to previous 1.247 (colored)
additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@
Revision 1.247 / (download) - annotate - [select for diffs], Sat Nov 16 22:36:48 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.246: +11 -33 lines
Diff to previous 1.246 (colored)
always use ssh-sk-helper, even for the internal USB HID support. This avoid the need for a wpath pledge in ssh-agent. reported by jmc@
Revision 1.246 / (download) - annotate - [select for diffs], Fri Nov 15 05:37:27 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.245: +16 -4 lines
Diff to previous 1.245 (colored)
unshield security key privkey before attempting signature in agent. spotted by dtucker@
Revision 1.245 / (download) - annotate - [select for diffs], Fri Nov 15 04:12:32 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.244: +4 -2 lines
Diff to previous 1.244 (colored)
don't consult dlopen whitelist for internal security key provider; spotted by dtucker@
Revision 1.244 / (download) - annotate - [select for diffs], Fri Nov 15 02:38:07 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.243: +15 -9 lines
Diff to previous 1.243 (colored)
show the "please touch your security key" notifier when using the (default) build-in security key support.
Revision 1.243 / (download) - annotate - [select for diffs], Thu Nov 14 21:27:30 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.242: +6 -1 lines
Diff to previous 1.242 (colored)
directly support U2F/FIDO2 security keys in OpenSSH by linking against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging.
Revision 1.242 / (download) - annotate - [select for diffs], Wed Nov 13 07:53:10 2019 UTC (4 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.241: +5 -5 lines
Diff to previous 1.241 (colored)
fix shield/unshield for xmss keys: - in ssh-agent we need to delay the call to shield until we have received key specific options. - when serializing xmss keys for shield we need to deal with all optional components (e.g. state might not be loaded). ok djm@
Revision 1.241 / (download) - annotate - [select for diffs], Tue Nov 12 22:36:44 2019 UTC (4 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.240: +11 -2 lines
Diff to previous 1.240 (colored)
security keys typically need to be tapped/touched in order to perform a signature operation. Notify the user when this is expected via the TTY (if available) or $SSH_ASKPASS if we can. ok markus@
Revision 1.240 / (download) - annotate - [select for diffs], Tue Nov 12 19:33:08 2019 UTC (4 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.239: +2 -2 lines
Diff to previous 1.239 (colored)
enable ed25519 support; ok djm
Revision 1.239 / (download) - annotate - [select for diffs], Thu Oct 31 21:23:19 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.238: +4 -3 lines
Diff to previous 1.238 (colored)
Refactor signing - use sshkey_sign for everything, including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
Revision 1.238 / (download) - annotate - [select for diffs], Thu Oct 31 21:22:01 2019 UTC (4 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.237: +199 -19 lines
Diff to previous 1.237 (colored)
ssh-agent support for U2F/FIDO keys feedback & ok markus@
Revision 1.237 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.236: +5 -5 lines
Diff to previous 1.236 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.236 / (download) - annotate - [select for diffs], Fri Jun 21 04:21:04 2019 UTC (4 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.235: +5 -2 lines
Diff to previous 1.235 (colored)
Add protection for private keys at rest in RAM against speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@
Revision 1.235 / (download) - annotate - [select for diffs], Fri Jun 14 03:51:47 2019 UTC (4 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.234: +6 -1 lines
Diff to previous 1.234 (colored)
process agent requests for RSA certificate private keys using correct signature algorithm when requested. Patch from Jakub Jelen in bz3016 ok dtucker markus
Revision 1.234 / (download) - annotate - [select for diffs], Thu Jun 6 05:13:13 2019 UTC (5 years ago) by otto
Branch: MAIN
Changes since 1.233: +1 -2 lines
Diff to previous 1.233 (colored)
Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
Revision 1.233 / (download) - annotate - [select for diffs], Tue Jan 22 22:58:50 2019 UTC (5 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.232: +18 -4 lines
Diff to previous 1.232 (colored)
backoff reading messages from active connections when the input buffer is too full to read one, or if the output buffer is too full to enqueue a response; feedback & ok dtucker@
Revision 1.232 / (download) - annotate - [select for diffs], Fri Nov 9 02:57:58 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.231: +2 -2 lines
Diff to previous 1.231 (colored)
typo in error message; caught by Debian lintian, via Colin Watson
Revision 1.231 / (download) - annotate - [select for diffs], Fri May 11 03:38:51 2018 UTC (6 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.230: +49 -11 lines
Diff to previous 1.230 (colored)
implement EMFILE mitigation for ssh-agent: remember the fd rlimit and stop accepting new connections when it is exceeded (with some grace). Accept is resumed when enough connections are closed. bz#2576. feedback deraadt; ok dtucker@
Revision 1.230 / (download) - annotate - [select for diffs], Tue Apr 10 00:10:49 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.229: +2 -2 lines
Diff to previous 1.229 (colored)
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
Revision 1.229 / (download) - annotate - [select for diffs], Mon Apr 9 23:54:49 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.228: +3 -4 lines
Diff to previous 1.228 (colored)
don't kill ssh-agent's listening socket entriely if we fail to accept a connection; bz#2837, patch from Lukas Kuster
Revision 1.228 / (download) - annotate - [select for diffs], Fri Feb 23 15:58:37 2018 UTC (6 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.227: +19 -5 lines
Diff to previous 1.227 (colored)
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
Revision 1.227 / (download) - annotate - [select for diffs], Tue Jan 23 05:27:21 2018 UTC (6 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.226: +1 -3 lines
Diff to previous 1.226 (colored)
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
Revision 1.226 / (download) - annotate - [select for diffs], Wed Nov 15 02:10:16 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.225: +23 -10 lines
Diff to previous 1.225 (colored)
downgrade a couple more request parsing errors from process-fatal to just returning failure, making them consistent with the others that were already like that.
Revision 1.225 / (download) - annotate - [select for diffs], Wed Nov 15 00:13:40 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.224: +6 -3 lines
Diff to previous 1.224 (colored)
fix regression in 7.6: failure to parse a signature request message shouldn't be fatal to the process, just the request. Reported by Ron Frederick
Revision 1.224 / (download) - annotate - [select for diffs], Mon Jul 24 04:34:28 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.223: +3 -5 lines
Diff to previous 1.223 (colored)
g/c unused variable; make a little more portable
Revision 1.223 / (download) - annotate - [select for diffs], Wed Jul 19 01:15:02 2017 UTC (6 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.222: +183 -125 lines
Diff to previous 1.222 (colored)
switch from select() to poll() for the ssh-agent mainloop; ok markus
Revision 1.222 / (download) - annotate - [select for diffs], Sat Jul 1 13:50:45 2017 UTC (6 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.221: +1 -2 lines
Diff to previous 1.221 (colored)
remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus
Revision 1.221 / (download) - annotate - [select for diffs], Sun Apr 30 23:29:10 2017 UTC (7 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.220: +92 -164 lines
Diff to previous 1.220 (colored)
flense SSHv1 support from ssh-agent, considerably simplifying it ok markus
Revision 1.220 / (download) - annotate - [select for diffs], Sun Apr 30 23:18:44 2017 UTC (7 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.219: +12 -16 lines
Diff to previous 1.219 (colored)
remove KEY_RSA1 ok markus@
Revision 1.219 / (download) - annotate - [select for diffs], Sun Apr 30 23:10:43 2017 UTC (7 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.218: +1 -172 lines
Diff to previous 1.218 (colored)
unifdef WITH_SSH1 ok markus@
Revision 1.218 / (download) - annotate - [select for diffs], Wed Mar 15 03:52:30 2017 UTC (7 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.217: +2 -1 lines
Diff to previous 1.217 (colored)
accidents happen to the best of us; ok djm
Revision 1.217 / (download) - annotate - [select for diffs], Wed Mar 15 02:25:09 2017 UTC (7 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.216: +11 -4 lines
Diff to previous 1.216 (colored)
fix regression in 7.4: deletion of PKCS#11-hosted keys would fail unless they were specified by full physical pathname. Report and fix from Jakub Jelen via bz#2682; ok dtucker@
Revision 1.216 / (download) - annotate - [select for diffs], Wed Jan 4 02:21:43 2017 UTC (7 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.215: +2 -2 lines
Diff to previous 1.215 (colored)
relax PKCS#11 whitelist a bit to allow libexec as well as lib directories.
Revision 1.215 / (download) - annotate - [select for diffs], Wed Nov 30 03:07:37 2016 UTC (7 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.214: +35 -8 lines
Diff to previous 1.214 (colored)
add a whitelist of paths from which ssh-agent will load (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@
Revision 1.214 / (download) - annotate - [select for diffs], Mon Sep 12 01:22:38 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.213: +4 -5 lines
Diff to previous 1.213 (colored)
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
Revision 1.213 / (download) - annotate - [select for diffs], Mon May 2 08:49:03 2016 UTC (8 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.212: +8 -7 lines
Diff to previous 1.212 (colored)
fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@
Revision 1.212 / (download) - annotate - [select for diffs], Mon Feb 15 09:47:49 2016 UTC (8 years, 3 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.211: +2 -1 lines
Diff to previous 1.211 (colored)
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while.
Revision 1.211 / (download) - annotate - [select for diffs], Fri Dec 11 17:41:37 2015 UTC (8 years, 6 months ago) by doug
Branch: MAIN
Changes since 1.210: +2 -2 lines
Diff to previous 1.210 (colored)
Add "id" to ssh-agent pledge for subprocess support. Found the hard way by Jan Johansson when using ssh-agent with X. Also, rearranged proc/exec and retval to match other pledge calls in the tree. ok djm@
Revision 1.210 / (download) - annotate - [select for diffs], Fri Dec 11 02:29:03 2015 UTC (8 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.209: +2 -1 lines
Diff to previous 1.209 (colored)
fflush stdout so that output is seen even when running in debug mode when output may otherwise not be flushed. Patch from dustin at null-ptr.net.
Revision 1.209 / (download) - annotate - [select for diffs], Fri Dec 11 02:20:28 2015 UTC (8 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.208: +3 -3 lines
Diff to previous 1.208 (colored)
correct error messages; from Tomas Kuthan bz#2507
Revision 1.208 / (download) - annotate - [select for diffs], Fri Dec 4 16:41:28 2015 UTC (8 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.207: +14 -2 lines
Diff to previous 1.207 (colored)
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
Revision 1.207 / (download) - annotate - [select for diffs], Wed Dec 2 08:30:50 2015 UTC (8 years, 6 months ago) by doug
Branch: MAIN
Changes since 1.206: +2 -2 lines
Diff to previous 1.206 (colored)
Add "cpath" to the ssh-agent pledge so the cleanup handler can unlink(). ok djm@
Revision 1.206 / (download) - annotate - [select for diffs], Wed Dec 2 08:00:58 2015 UTC (8 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.205: +2 -2 lines
Diff to previous 1.205 (colored)
ssh-agent pledge needs proc for askpass; spotted by todd@
Revision 1.205 / (download) - annotate - [select for diffs], Tue Dec 1 23:29:24 2015 UTC (8 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.204: +4 -1 lines
Diff to previous 1.204 (colored)
basic pledge() for ssh-agent, more refinement needed
Revision 1.204 / (download) - annotate - [select for diffs], Wed Jul 8 20:24:02 2015 UTC (8 years, 11 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.203: +1 -4 lines
Diff to previous 1.203 (colored)
no need to include the old buffer/key API
Revision 1.203 / (download) - annotate - [select for diffs], Fri May 15 05:44:21 2015 UTC (9 years ago) by dtucker
Branch: MAIN
Changes since 1.202: +42 -15 lines
Diff to previous 1.202 (colored)
Use a salted hash of the lock passphrase instead of plain text and do constant-time comparisons of it. Should prevent leaking any information about it via timing, pointed out by Ryan Castellucci. Add a 0.1s incrementing delay for each failed unlock attempt up to 10s. ok markus@ (earlier version), djm@
Revision 1.202 / (download) - annotate - [select for diffs], Fri Apr 24 06:26:49 2015 UTC (9 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.201: +2 -2 lines
Diff to previous 1.201 (colored)
combine -Dd onto one line and update usage();
Revision 1.201 / (download) - annotate - [select for diffs], Fri Apr 24 05:26:44 2015 UTC (9 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.200: +15 -8 lines
Diff to previous 1.200 (colored)
add ssh-agent -D to leave ssh-agent in foreground without enabling debug mode; bz#2381 ok dtucker@
Revision 1.200 / (download) - annotate - [select for diffs], Fri Apr 24 01:36:01 2015 UTC (9 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.199: +2 -2 lines
Diff to previous 1.199 (colored)
rename xrealloc() to xreallocarray() since it follows that form. ok djm
Revision 1.199 / (download) - annotate - [select for diffs], Wed Mar 4 21:12:59 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.198: +3 -3 lines
Diff to previous 1.198 (colored)
make ssh-add -D work with !SSH1 agent
Revision 1.198 / (download) - annotate - [select for diffs], Tue Mar 3 21:21:13 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.197: +3 -1 lines
Diff to previous 1.197 (colored)
add SSH1 Makefile knob to make it easier to build without SSH1 support; ok markus@
Revision 1.197 / (download) - annotate - [select for diffs], Wed Jan 28 22:36:00 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.196: +3 -2 lines
Diff to previous 1.196 (colored)
update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
Revision 1.196 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:12 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.195: +5 -4 lines
Diff to previous 1.195 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.195 / (download) - annotate - [select for diffs], Wed Jan 14 19:33:41 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.194: +23 -14 lines
Diff to previous 1.194 (colored)
fix small regression: ssh-agent would return a success message but an empty signature if asked to sign using an unknown key; ok markus@
Revision 1.194 / (download) - annotate - [select for diffs], Wed Jan 14 13:09:09 2015 UTC (9 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.193: +308 -212 lines
Diff to previous 1.193 (colored)
switch to sshbuf/sshkey; with & ok djm@
Revision 1.193 / (download) - annotate - [select for diffs], Sun Dec 21 23:35:14 2014 UTC (9 years, 5 months ago) by jmc
Branch: MAIN
Changes since 1.192: +3 -3 lines
Diff to previous 1.192 (colored)
tweak previous;
Revision 1.192 / (download) - annotate - [select for diffs], Sun Dec 21 22:27:56 2014 UTC (9 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.191: +11 -4 lines
Diff to previous 1.191 (colored)
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
Revision 1.191 / (download) - annotate - [select for diffs], Tue Nov 18 20:54:28 2014 UTC (9 years, 6 months ago) by krw
Branch: MAIN
Changes since 1.190: +1 -2 lines
Diff to previous 1.190 (colored)
Nuke more obvious #include duplications. ok deraadt@ millert@ tedu@
Revision 1.190 / (download) - annotate - [select for diffs], Fri Jul 25 21:22:03 2014 UTC (9 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.189: +2 -1 lines
Diff to previous 1.189 (colored)
Clear buffer used for handling messages. This prevents keys being left in memory after they have been expired or deleted in some cases (but note that ssh-agent is setgid so you would still need root to access them). Pointed out by Kevin Burns, ok deraadt
Revision 1.189 / (download) - annotate - [select for diffs], Fri Jul 18 02:46:01 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.188: +5 -1 lines
Diff to previous 1.188 (colored)
restore umask around listener socket creation (dropped in streamlocal patch merge)
Revision 1.188 / (download) - annotate - [select for diffs], Tue Jul 15 15:54:14 2014 UTC (9 years, 10 months ago) by millert
Branch: MAIN
Changes since 1.187: +3 -16 lines
Diff to previous 1.187 (colored)
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
Revision 1.187 / (download) - annotate - [select for diffs], Thu Jul 3 03:11:03 2014 UTC (9 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.186: +9 -1 lines
Diff to previous 1.186 (colored)
Only cleanup agent socket in the main agent process and not in any subprocesses it may have started (e.g. forked askpass). Fixes agent sockets being zapped when askpass processes fatal(); bz#2236 patch from Dmitry V. Levin
Revision 1.186 / (download) - annotate - [select for diffs], Tue Jun 24 01:13:21 2014 UTC (9 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.185: +16 -8 lines
Diff to previous 1.185 (colored)
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
Revision 1.185 / (download) - annotate - [select for diffs], Tue Apr 29 18:01:49 2014 UTC (10 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.184: +11 -1 lines
Diff to previous 1.184 (colored)
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Revision 1.184 / (download) - annotate - [select for diffs], Sat Mar 15 17:28:26 2014 UTC (10 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.183: +5 -10 lines
Diff to previous 1.183 (colored)
Improve usage() and documentation towards the standard form. In particular, this line saves a lot of man page reading time. usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] [-N new_passphrase] [-C comment] [-f output_keyfile] ok schwarze jmc
Revision 1.183 / (download) - annotate - [select for diffs], Sun Feb 2 03:44:31 2014 UTC (10 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.182: +3 -3 lines
Diff to previous 1.182 (colored)
convert memset of potentially-private data to explicit_bzero()
Revision 1.182 / (download) - annotate - [select for diffs], Mon Jan 27 19:18:54 2014 UTC (10 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.181: +9 -7 lines
Diff to previous 1.181 (colored)
replace openssl MD5 with our ssh_digest_*; ok djm@
Revision 1.181 / (download) - annotate - [select for diffs], Thu Dec 19 01:19:41 2013 UTC (10 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.180: +4 -1 lines
Diff to previous 1.180 (colored)
bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com; ok dtucker
Revision 1.180 / (download) - annotate - [select for diffs], Fri Dec 6 13:39:49 2013 UTC (10 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.179: +2 -1 lines
Diff to previous 1.179 (colored)
support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
Revision 1.179 / (download) - annotate - [select for diffs], Fri Dec 6 13:34:54 2013 UTC (10 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.178: +1 -2 lines
Diff to previous 1.178 (colored)
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
Revision 1.178 / (download) - annotate - [select for diffs], Fri Dec 6 13:30:08 2013 UTC (10 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.177: +11 -117 lines
Diff to previous 1.177 (colored)
move private key (de)serialization to key.c; ok djm
Revision 1.177 / (download) - annotate - [select for diffs], Sat Jul 20 01:50:20 2013 UTC (10 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.176: +2 -3 lines
Diff to previous 1.176 (colored)
call cleanup_handler on SIGINT when in debug mode to ensure sockets are cleaned up on manual exit; bz#2120
Revision 1.176 / (download) - annotate - [select for diffs], Sun Jun 2 13:35:58 2013 UTC (11 years ago) by dtucker
Branch: MAIN
Changes since 1.175: +2 -2 lines
Diff to previous 1.175 (colored)
Make parent_alive_interval time_t to avoid signed/unsigned comparison
Revision 1.175 / (download) - annotate - [select for diffs], Sat Jun 1 13:15:52 2013 UTC (11 years ago) by dtucker
Branch: MAIN
Changes since 1.174: +6 -6 lines
Diff to previous 1.174 (colored)
Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
Revision 1.174 / (download) - annotate - [select for diffs], Fri May 31 12:28:10 2013 UTC (11 years ago) by dtucker
Branch: MAIN
Changes since 1.173: +12 -9 lines
Diff to previous 1.173 (colored)
Use time_t where appropriate. ok djm
Revision 1.173 / (download) - annotate - [select for diffs], Fri May 17 00:13:14 2013 UTC (11 years ago) by djm
Branch: MAIN
Changes since 1.172: +28 -35 lines
Diff to previous 1.172 (colored)
bye, bye xfree(); ok markus@
Revision 1.172 / (download) - annotate - [select for diffs], Fri Jun 3 01:37:40 2011 UTC (13 years ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.171: +6 -2 lines
Diff to previous 1.171 (colored)
Check current parent process ID against saved one to determine if the parent has exited, rather than attempting to send a zero signal, since the latter won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn Gillmor, ok djm@
Revision 1.171 / (download) - annotate - [select for diffs], Sun Nov 21 01:01:13 2010 UTC (13 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.170: +2 -2 lines
Diff to previous 1.170 (colored)
honour $TMPDIR for client xauth and ssh-agent temporary directories; feedback and ok markus@
Revision 1.170 / (download) - annotate - [select for diffs], Tue Aug 31 12:33:38 2010 UTC (13 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.169: +2 -2 lines
Diff to previous 1.169 (colored)
reintroduce commit from tedu@, which I pulled out for release engineering: OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
Revision 1.169 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.168: +57 -3 lines
Diff to previous 1.168 (colored)
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
Revision 1.168 / (download) - annotate - [select for diffs], Mon Aug 16 04:06:06 2010 UTC (13 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.167: +1 -1 lines
Diff to previous 1.167 (colored)
backout previous temporarily; discussed with deraadt@
Revision 1.167 / (download) - annotate - [select for diffs], Thu Aug 12 23:34:38 2010 UTC (13 years, 10 months ago) by tedu
Branch: MAIN
Changes since 1.166: +2 -2 lines
Diff to previous 1.166 (colored)
OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
Revision 1.166 / (download) - annotate - [select for diffs], Fri Apr 16 01:47:26 2010 UTC (14 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.165: +4 -1 lines
Diff to previous 1.165 (colored)
revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the following changes: move the nonce field to the beginning of the certificate where it can better protect against chosen-prefix attacks on the signature hash Rename "constraints" field to "critical options" Add a new non-critical "extensions" field Add a serial number The older format is still support for authentication and cert generation (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) ok markus@
Revision 1.165 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.164: +23 -1 lines
Diff to previous 1.164 (colored)
Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
Revision 1.164 / (download) - annotate - [select for diffs], Tue Feb 9 00:50:36 2010 UTC (14 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.163: +3 -2 lines
Diff to previous 1.163 (colored)
fallout from PKCS#11: unbreak -D
Revision 1.163 / (download) - annotate - [select for diffs], Mon Feb 8 10:50:20 2010 UTC (14 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.162: +51 -50 lines
Diff to previous 1.162 (colored)
replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev
Revision 1.162 / (download) - annotate - [select for diffs], Tue Sep 1 14:43:17 2009 UTC (14 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.161: +13 -19 lines
Diff to previous 1.161 (colored)
fix a race condition in ssh-agent that could result in a wedged or spinning agent: don't read off the end of the allocated fd_sets, and don't issue blocking read/write on agent sockets - just fall back to select() on retriable read/write errors. bz#1633 reported and tested by "noodle10000 AT googlemail.com"; ok dtucker@ markus@
Revision 1.161 / (download) - annotate - [select for diffs], Mon Mar 23 19:38:04 2009 UTC (15 years, 2 months ago) by tobias
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.160: +4 -3 lines
Diff to previous 1.160 (colored)
My previous commit didn't fix the problem at all, so stick at my first version of the fix presented to dtucker. Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de). ok dtucker
Revision 1.160 / (download) - annotate - [select for diffs], Mon Mar 23 08:31:19 2009 UTC (15 years, 2 months ago) by tobias
Branch: MAIN
Changes since 1.159: +2 -2 lines
Diff to previous 1.159 (colored)
Fixed a possible out-of-bounds memory access if the environment variable SHELL is shorter than 3 characters. with input by and ok dtucker
Revision 1.159 / (download) - annotate - [select for diffs], Sat Jun 28 14:05:15 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.158: +4 -1 lines
Diff to previous 1.158 (colored)
reset global compat flag after processing a protocol 2 signature request with the legacy DSA encoding flag set; ok markus
Revision 1.158 / (download) - annotate - [select for diffs], Sat Jun 28 13:58:23 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.157: +16 -8 lines
Diff to previous 1.157 (colored)
refuse to add a key that has unknown constraints specified; ok markus
Revision 1.157 / (download) - annotate - [select for diffs], Tue Sep 25 23:48:57 2007 UTC (16 years, 8 months ago) by canacar
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.156: +8 -7 lines
Diff to previous 1.156 (colored)
When adding a key that already exists, update the properties (time, confirm, comment) instead of discarding them. ok djm@ markus@
Revision 1.156 / (download) - annotate - [select for diffs], Sun Sep 9 11:38:01 2007 UTC (16 years, 9 months ago) by sobrado
Branch: MAIN
Changes since 1.155: +2 -2 lines
Diff to previous 1.155 (colored)
sort synopsis and options in ssh-agent(1); usage is lowercase ok jmc@
Revision 1.155 / (download) - annotate - [select for diffs], Mon Mar 19 12:16:42 2007 UTC (17 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.154: +41 -25 lines
Diff to previous 1.154 (colored)
Remove the signal handler that checks if the agent's parent process has gone away, instead check when the select loop returns. Record when the next key will expire when scanning for expired keys. Set the select timeout to whichever of these two things happens next. With djm@, with & ok deraadt@ markus@
Revision 1.154 / (download) - annotate - [select for diffs], Wed Feb 28 00:55:30 2007 UTC (17 years, 3 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.153: +14 -10 lines
Diff to previous 1.153 (colored)
Remove expired keys periodically so they don't remain in memory when the agent is entirely idle, as noted by David R. Piegdon. This is the simple fix, a more efficient one will be done later. With markus, deraadt, with & ok djm.
Revision 1.122.4.3 / (download) - annotate - [select for diffs], Wed Nov 8 00:44:05 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.122.4.2: +1 -1 lines
Diff to previous 1.122.4.2 (colored) to branchpoint 1.122 (colored) next main 1.123 (colored)
upgrade to OpenSSH 4.5
Revision 1.152.4.1 / (download) - annotate - [select for diffs], Wed Nov 8 00:42:11 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_4_0
Changes since 1.152: +2 -2 lines
Diff to previous 1.152 (colored) next main 1.153 (colored)
upgrade to OpenSSH 4.5
Revision 1.129.2.2 / (download) - annotate - [select for diffs], Wed Nov 8 00:17:14 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.129.2.1: +2 -2 lines
Diff to previous 1.129.2.1 (colored) to branchpoint 1.129 (colored) next main 1.130 (colored)
upgrade to OpenSSH 4.5
Revision 1.122.4.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:33 2006 UTC (17 years, 8 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.122.4.1: +38 -21 lines
Diff to previous 1.122.4.1 (colored) to branchpoint 1.122 (colored)
upgrade to OpenSSH 4.4
Revision 1.153 / (download) - annotate - [select for diffs], Fri Oct 6 02:29:19 2006 UTC (17 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.152: +2 -2 lines
Diff to previous 1.152 (colored)
sys/resource.h needs sys/time.h; prompted by brad@
Revision 1.129.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:51 2006 UTC (17 years, 8 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.129: +35 -25 lines
Diff to previous 1.129 (colored)
upgrade to OpenSSH 4.4
Revision 1.152 / (download) - annotate - [select for diffs], Fri Aug 4 20:46:05 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE
Branch point for: OPENBSD_4_0
Changes since 1.151: +2 -2 lines
Diff to previous 1.151 (colored)
spaces
Revision 1.151 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.150: +3 -5 lines
Diff to previous 1.150 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.150 / (download) - annotate - [select for diffs], Tue Aug 1 23:22:47 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.149: +2 -1 lines
Diff to previous 1.149 (colored)
move #include <stdio.h> out of includes.h
Revision 1.149 / (download) - annotate - [select for diffs], Wed Jul 26 13:57:17 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.148: +2 -1 lines
Diff to previous 1.148 (colored)
move #include <stdlib.h> out of includes.h
Revision 1.148 / (download) - annotate - [select for diffs], Wed Jul 26 02:35:17 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.147: +2 -1 lines
Diff to previous 1.147 (colored)
move #include <sys/param.h> out of includes.h
Revision 1.147 / (download) - annotate - [select for diffs], Tue Jul 25 02:59:21 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.146: +2 -1 lines
Diff to previous 1.146 (colored)
move #include <sys/time.h> out of includes.h
Revision 1.146 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.145: +5 -4 lines
Diff to previous 1.145 (colored)
move #include <string.h> out of includes.h
Revision 1.145 / (download) - annotate - [select for diffs], Sat Jul 22 19:08:54 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.144: +2 -1 lines
Diff to previous 1.144 (colored)
move #include <time.h> out of includes.h
Revision 1.144 / (download) - annotate - [select for diffs], Mon Jul 17 01:31:10 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.143: +2 -1 lines
Diff to previous 1.143 (colored)
move #include <unistd.h> out of includes.h
Revision 1.143 / (download) - annotate - [select for diffs], Tue Jul 11 20:07:25 2006 UTC (17 years, 11 months ago) by stevesk
Branch: MAIN
Changes since 1.142: +2 -1 lines
Diff to previous 1.142 (colored)
move #include <errno.h> out of includes.h; ok markus@
Revision 1.142 / (download) - annotate - [select for diffs], Sun Jul 9 15:15:11 2006 UTC (17 years, 11 months ago) by stevesk
Branch: MAIN
Changes since 1.141: +2 -1 lines
Diff to previous 1.141 (colored)
move #include <fcntl.h> out of includes.h
Revision 1.141 / (download) - annotate - [select for diffs], Sat Jul 8 21:47:12 2006 UTC (17 years, 11 months ago) by stevesk
Branch: MAIN
Changes since 1.140: +2 -1 lines
Diff to previous 1.140 (colored)
move #include <sys/socket.h> out of includes.h
Revision 1.140 / (download) - annotate - [select for diffs], Tue Jun 13 02:17:07 2006 UTC (18 years ago) by djm
Branch: MAIN
Changes since 1.139: +2 -2 lines
Diff to previous 1.139 (colored)
revert; i am on drugs. spotted by alexander AT beard.se
Revision 1.139 / (download) - annotate - [select for diffs], Tue Jun 13 01:18:36 2006 UTC (18 years ago) by djm
Branch: MAIN
Changes since 1.138: +3 -3 lines
Diff to previous 1.138 (colored)
always use a format string, even when printing a constant
Revision 1.138 / (download) - annotate - [select for diffs], Wed May 17 12:43:34 2006 UTC (18 years ago) by markus
Branch: MAIN
Changes since 1.137: +2 -2 lines
Diff to previous 1.137 (colored)
fix leak; coverity via Kylene Jo Hall
Revision 1.137 / (download) - annotate - [select for diffs], Thu Mar 30 09:58:16 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.136: +2 -3 lines
Diff to previous 1.136 (colored)
replace {GET,PUT}_XXBIT macros with functionally similar functions, silencing a heap of lint warnings. also allows them to use __bounded__ checking which can't be applied to macros; requested by and feedback from deraadt@
Revision 1.136 / (download) - annotate - [select for diffs], Tue Mar 28 01:53:43 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.135: +10 -6 lines
Diff to previous 1.135 (colored)
use strtonum() to parse the pid from the file, and range check it better; ok djm
Revision 1.135 / (download) - annotate - [select for diffs], Sat Mar 25 18:41:45 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.134: +3 -1 lines
Diff to previous 1.134 (colored)
mark two more signal handlers ARGSUSED
Revision 1.134 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.133: +1 -0 lines
Diff to previous 1.133 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.133 / (download) - annotate - [select for diffs], Sat Mar 25 01:13:23 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.132: +1 -1 lines
Diff to previous 1.132 (colored)
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
Revision 1.132 / (download) - annotate - [select for diffs], Sat Mar 25 00:05:41 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.131: +3 -6 lines
Diff to previous 1.131 (colored)
introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
Revision 1.131 / (download) - annotate - [select for diffs], Mon Mar 20 18:26:55 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.130: +2 -2 lines
Diff to previous 1.130 (colored)
annoying spacing fixes getting in the way of real diffs
Revision 1.130 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:18 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.129: +0 -1 lines
Diff to previous 1.129 (colored)
RCSID() can die
Revision 1.129 / (download) - annotate - [select for diffs], Mon Feb 20 17:02:44 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.128: +2 -1 lines
Diff to previous 1.128 (colored)
move #include <signal.h> out of includes.h; ok markus@
Revision 1.128 / (download) - annotate - [select for diffs], Mon Feb 20 16:36:14 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.127: +3 -1 lines
Diff to previous 1.127 (colored)
move #include <sys/un.h> out of includes.h; ok djm@
Revision 1.127 / (download) - annotate - [select for diffs], Wed Feb 8 14:31:30 2006 UTC (18 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.126: +2 -1 lines
Diff to previous 1.126 (colored)
move #include <sys/resource.h> out of includes.h; ok markus@
Revision 1.126 / (download) - annotate - [select for diffs], Wed Feb 8 12:15:27 2006 UTC (18 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.125: +3 -1 lines
Diff to previous 1.125 (colored)
move #include <paths.h> out of includes.h; ok markus@
Revision 1.125 / (download) - annotate - [select for diffs], Tue Feb 7 01:18:09 2006 UTC (18 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.124: +2 -1 lines
Diff to previous 1.124 (colored)
move #include <sys/queue.h> out of includes.h; ok markus@
Revision 1.122.4.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:57 2006 UTC (18 years, 4 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.122: +5 -2 lines
Diff to previous 1.122 (colored)
upgrade to OpenSSH 4.3
Revision 1.122.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:45 2006 UTC (18 years, 4 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.122: +5 -2 lines
Diff to previous 1.122 (colored) next main 1.123 (colored)
upgrade to OpenSSH 4.3
Revision 1.124 / (download) - annotate - [select for diffs], Sun Oct 30 08:52:18 2005 UTC (18 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.123: +2 -2 lines
Diff to previous 1.123 (colored)
no need to escape single quotes in comments, no binary change
Revision 1.123 / (download) - annotate - [select for diffs], Tue Sep 13 23:40:07 2005 UTC (18 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.122: +4 -1 lines
Diff to previous 1.122 (colored)
ensure that stdio fds are attached; ok deraadt@
Revision 1.117.2.2 / (download) - annotate - [select for diffs], Thu Mar 10 17:15:04 2005 UTC (19 years, 3 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.117.2.1: +8 -14 lines
Diff to previous 1.117.2.1 (colored) to branchpoint 1.117 (colored) next main 1.118 (colored)
upgrade to OpenSSH 4.0
Revision 1.120.2.1 / (download) - annotate - [select for diffs], Thu Mar 10 16:28:28 2005 UTC (19 years, 3 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.120: +8 -14 lines
Diff to previous 1.120 (colored) next main 1.121 (colored)
upgrade to OpenSSH 4.0
Revision 1.122 / (download) - annotate - [select for diffs], Fri Oct 29 22:53:56 2004 UTC (19 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_7_BASE
Branch point for: OPENBSD_3_8,
OPENBSD_3_7
Changes since 1.121: +6 -14 lines
Diff to previous 1.121 (colored)
factor out common permission-asking code to separate function; ok markus@
Revision 1.121 / (download) - annotate - [select for diffs], Thu Oct 7 10:12:36 2004 UTC (19 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.120: +3 -1 lines
Diff to previous 1.120 (colored)
don't unlink agent socket when bind() fails, spotted by rich AT rich-paul.net ok markus@
Revision 1.111.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:32 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.111.2.1: +5 -6 lines
Diff to previous 1.111.2.1 (colored) to branchpoint 1.111 (colored) next main 1.112 (colored)
upgrade to OpenSSH 3.9
Revision 1.117.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:27 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.117: +5 -6 lines
Diff to previous 1.117 (colored)
upgrade to OpenSSH 3.9
Revision 1.120 / (download) - annotate - [select for diffs], Wed Aug 11 21:43:05 2004 UTC (19 years, 10 months ago) by avsm
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.119: +4 -3 lines
Diff to previous 1.119 (colored)
some signed/unsigned int comparison cleanups; markus@ ok
Revision 1.119 / (download) - annotate - [select for diffs], Mon Jun 14 01:44:39 2004 UTC (20 years ago) by djm
Branch: MAIN
Changes since 1.118: +2 -3 lines
Diff to previous 1.118 (colored)
set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
Revision 1.118 / (download) - annotate - [select for diffs], Sat May 8 00:21:31 2004 UTC (20 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.117: +1 -2 lines
Diff to previous 1.117 (colored)
kill a tiny header; ok deraadt@
Revision 1.108.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:16 2004 UTC (20 years, 3 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.108.2.1: +17 -17 lines
Diff to previous 1.108.2.1 (colored) to branchpoint 1.108 (colored) next main 1.109 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.111.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:34 2004 UTC (20 years, 3 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.111: +17 -17 lines
Diff to previous 1.111 (colored)
upgrade to OpenSSH 3.8
Revision 1.117 / (download) - annotate - [select for diffs], Tue Dec 2 17:01:15 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.116: +2 -2 lines
Diff to previous 1.116 (colored)
use SSH_LISTEN_BACKLOG (=128) in listen(2).
Revision 1.116 / (download) - annotate - [select for diffs], Fri Nov 21 11:57:03 2003 UTC (20 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.115: +2 -2 lines
Diff to previous 1.115 (colored)
unexpand and delete whitespace at EOL; ok markus@
Revision 1.115 / (download) - annotate - [select for diffs], Tue Oct 14 19:54:39 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.114: +2 -2 lines
Diff to previous 1.114 (colored)
10X for mkdtemp; djm@
Revision 1.114 / (download) - annotate - [select for diffs], Tue Sep 23 20:17:11 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.113: +2 -13 lines
Diff to previous 1.113 (colored)
replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
Revision 1.113 / (download) - annotate - [select for diffs], Fri Sep 19 11:29:40 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.112: +16 -6 lines
Diff to previous 1.112 (colored)
provide a ssh-agent specific fatal() function; ok deraadt
Revision 1.112 / (download) - annotate - [select for diffs], Thu Sep 18 08:49:45 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.111: +9 -8 lines
Diff to previous 1.111 (colored)
more buffer allocation fixes; from Solar Designer; CAN-2003-0682; ok millert@
Revision 1.105.2.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:27 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.105.2.1: +24 -7 lines
Diff to previous 1.105.2.1 (colored) to branchpoint 1.105 (colored) next main 1.106 (colored)
upgrade to OpenSSH 3.7
Revision 1.108.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:44 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.108: +24 -7 lines
Diff to previous 1.108 (colored)
upgrade to OpenSSH 3.7
Revision 1.111 / (download) - annotate - [select for diffs], Thu Jun 12 19:12:03 2003 UTC (21 years ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.110: +2 -2 lines
Diff to previous 1.110 (colored)
add sc_get_key_label; larsch at trustcenter.de; bugzilla#591
Revision 1.110 / (download) - annotate - [select for diffs], Wed Jun 11 11:18:38 2003 UTC (21 years ago) by djm
Branch: MAIN
Changes since 1.109: +21 -4 lines
Diff to previous 1.109 (colored)
make agent constraints (lifetime, confirm) work with smartcard keys; ok markus@
Revision 1.109 / (download) - annotate - [select for diffs], Tue Apr 8 20:21:29 2003 UTC (21 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.108: +3 -3 lines
Diff to previous 1.108 (colored)
rename log() into logit() to avoid name conflict. markus ok, from netbsd
Revision 1.85.2.3 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:17 2003 UTC (21 years, 2 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.85.2.2: +70 -9 lines
Diff to previous 1.85.2.2 (colored) to branchpoint 1.85 (colored) next main 1.86 (colored)
Merge OpenSSH 3.6.1
Revision 1.105.2.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:14 2003 UTC (21 years, 2 months ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.105: +70 -9 lines
Diff to previous 1.105 (colored)
Update to OpenSSH 3.6
Revision 1.108 / (download) - annotate - [select for diffs], Thu Mar 13 11:44:50 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.107: +12 -1 lines
Diff to previous 1.107 (colored)
ssh-agent is similar to ssh-keysign (allows other processes to use private rsa keys). however, it gets key over socket and not from a file, so we have to do blinding here as well.
Revision 1.107 / (download) - annotate - [select for diffs], Thu Jan 23 13:50:27 2003 UTC (21 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.106: +46 -8 lines
Diff to previous 1.106 (colored)
ssh-add -c, prompt user for confirmation (using ssh-askpass) when private agent key is used; with djm@; test by dugsong@, djm@; ok deraadt@
Revision 1.106 / (download) - annotate - [select for diffs], Tue Jan 21 18:14:36 2003 UTC (21 years, 4 months ago) by marc
Branch: MAIN
Changes since 1.105: +14 -2 lines
Diff to previous 1.105 (colored)
Add a -t life option to ssh-agent that set the default lifetime. The default can still be overriden by using -t in ssh-add. OK markus@
Revision 1.72.2.5 / (download) - annotate - [select for diffs], Fri Oct 11 14:53:07 2002 UTC (21 years, 8 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.72.2.4: +36 -23 lines
Diff to previous 1.72.2.4 (colored) to branchpoint 1.72 (colored) next main 1.73 (colored)
Update to OpenSSH 3.5
Revision 1.85.2.2 / (download) - annotate - [select for diffs], Fri Oct 11 14:51:53 2002 UTC (21 years, 8 months ago) by miod
Branch: OPENBSD_3_1
Changes since 1.85.2.1: +36 -23 lines
Diff to previous 1.85.2.1 (colored) to branchpoint 1.85 (colored)
Update to OpenSSH 3.5
Revision 1.105 / (download) - annotate - [select for diffs], Tue Oct 1 20:34:12 2002 UTC (21 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.104: +2 -2 lines
Diff to previous 1.104 (colored)
allow root to access the agent, since there is no protection from root.
Revision 1.104 / (download) - annotate - [select for diffs], Thu Sep 12 19:11:52 2002 UTC (21 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.103: +3 -3 lines
Diff to previous 1.103 (colored)
%u for uid print; ok markus@
Revision 1.103 / (download) - annotate - [select for diffs], Tue Sep 10 20:24:47 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.102: +16 -1 lines
Diff to previous 1.102 (colored)
check the euid of the connecting process with getpeereid(2); ok provos deraadt stevesk
Revision 1.102 / (download) - annotate - [select for diffs], Thu Aug 22 20:57:19 2002 UTC (21 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.101: +1 -2 lines
Diff to previous 1.101 (colored)
shutdown(SHUT_RDWR) not needed before close here; ok markus@
Revision 1.101 / (download) - annotate - [select for diffs], Thu Aug 22 19:27:53 2002 UTC (21 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.100: +16 -22 lines
Diff to previous 1.100 (colored)
use common close function; ok markus@
Revision 1.100 / (download) - annotate - [select for diffs], Wed Aug 21 20:10:28 2002 UTC (21 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.99: +2 -2 lines
Diff to previous 1.99 (colored)
raise listen backlog; ok markus@
Revision 1.99 / (download) - annotate - [select for diffs], Mon Aug 12 10:46:35 2002 UTC (21 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.98: +5 -1 lines
Diff to previous 1.98 (colored)
make ssh-agent setgid, disallow ptrace.
Revision 1.98 / (download) - annotate - [select for diffs], Sun Jul 21 18:07:45 2002 UTC (21 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.97: +2 -1 lines
Diff to previous 1.97 (colored)
extern char *optarg; for portable
Revision 1.72.2.4 / (download) - annotate - [select for diffs], Wed Jun 26 18:22:36 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.72.2.3: +39 -38 lines
Diff to previous 1.72.2.3 (colored) to branchpoint 1.72 (colored)
There was an update to OpenSSH 3.4, and people rejoiced.
Revision 1.85.2.1 / (download) - annotate - [select for diffs], Wed Jun 26 15:30:39 2002 UTC (21 years, 11 months ago) by jason
Branch: OPENBSD_3_1
Changes since 1.85: +224 -95 lines
Diff to previous 1.85 (colored)
Pull in OpenSSH-3.4
Revision 1.97 / (download) - annotate - [select for diffs], Mon Jun 24 14:55:38 2002 UTC (21 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.96: +3 -3 lines
Diff to previous 1.96 (colored)
cat to (void) when output from buffer_get_X is ignored
Revision 1.96 / (download) - annotate - [select for diffs], Sun Jun 23 10:29:52 2002 UTC (21 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.95: +37 -36 lines
Diff to previous 1.95 (colored)
some minor KNF and %u
Revision 1.72.2.3 / (download) - annotate - [select for diffs], Sat Jun 22 07:23:18 2002 UTC (21 years, 11 months ago) by miod
Branch: OPENBSD_3_0
Changes since 1.72.2.2: +193 -65 lines
Diff to previous 1.72.2.2 (colored) to branchpoint 1.72 (colored)
Update OpenSSH to version 3.3 (with local changes, configuration files still living in /etc and privsep user being nobody).
Revision 1.95 / (download) - annotate - [select for diffs], Wed Jun 19 00:27:55 2002 UTC (21 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.94: +2 -4 lines
Diff to previous 1.94 (colored)
KNF done automatically while reading....
Revision 1.94 / (download) - annotate - [select for diffs], Sat Jun 15 01:27:48 2002 UTC (22 years ago) by markus
Branch: MAIN
Changes since 1.93: +14 -53 lines
Diff to previous 1.93 (colored)
remove the CONSTRAIN_IDENTITY messages and introduce a new ADD_ID message with contraints instead. contraints can be only added together with the private key.
Revision 1.93 / (download) - annotate - [select for diffs], Sat Jun 15 00:07:38 2002 UTC (22 years ago) by markus
Branch: MAIN
Changes since 1.92: +7 -7 lines
Diff to previous 1.92 (colored)
fix stupid typo
Revision 1.92 / (download) - annotate - [select for diffs], Sat Jun 15 00:01:36 2002 UTC (22 years ago) by markus
Branch: MAIN
Changes since 1.91: +17 -10 lines
Diff to previous 1.91 (colored)
break agent key lifetime protocol and allow other contraints for key usage.
Revision 1.91 / (download) - annotate - [select for diffs], Tue Jun 11 05:46:20 2002 UTC (22 years ago) by mpech
Branch: MAIN
Changes since 1.90: +7 -7 lines
Diff to previous 1.90 (colored)
pid_t cleanup. Markus need this now to keep hacking. markus@, millert@ ok Note: big usr.bin/ cleanup is comming. Now I'm waiting Ok from espie@ for make/.
Revision 1.90 / (download) - annotate - [select for diffs], Sun Jun 9 13:32:01 2002 UTC (22 years ago) by markus
Branch: MAIN
Changes since 1.89: +2 -2 lines
Diff to previous 1.89 (colored)
use tab not spaces (|unexpand)
Revision 1.89 / (download) - annotate - [select for diffs], Wed Jun 5 21:55:44 2002 UTC (22 years ago) by markus
Branch: MAIN
Changes since 1.88: +80 -9 lines
Diff to previous 1.88 (colored)
ssh-add -t life, Set lifetime (in seconds) when adding identities; ok provos@
Revision 1.88 / (download) - annotate - [select for diffs], Wed Jun 5 19:57:12 2002 UTC (22 years ago) by markus
Branch: MAIN
Changes since 1.87: +68 -1 lines
Diff to previous 1.87 (colored)
ssh-add -x for lock and -X for unlocking the agent. todo: encrypt private keys with locked...
Revision 1.87 / (download) - annotate - [select for diffs], Wed Jun 5 16:48:54 2002 UTC (22 years ago) by markus
Branch: MAIN
Changes since 1.86: +55 -42 lines
Diff to previous 1.86 (colored)
copy current request into an extra buffer and just flush this request on errors, ok provos@
Revision 1.86 / (download) - annotate - [select for diffs], Wed Jun 5 16:08:07 2002 UTC (22 years ago) by markus
Branch: MAIN
Changes since 1.85: +20 -9 lines
Diff to previous 1.85 (colored)
'-a bind_address' binds the agent to user-specified unix-domain socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
Revision 1.54.2.3 / (download) - annotate - [select for diffs], Sun Jun 2 22:56:11 2002 UTC (22 years ago) by miod
Branch: OPENBSD_2_9
Changes since 1.54.2.2: +48 -60 lines
Diff to previous 1.54.2.2 (colored) to branchpoint 1.54 (colored) next main 1.55 (colored)
Upgrade to OpenSSH 3.2.3. Except for improbable compilation error fixes, this should be the last commit made to the 2.9-STABLE branche. Have fun upgrading.
Revision 1.72.2.2 / (download) - annotate - [select for diffs], Fri May 17 00:03:24 2002 UTC (22 years, 1 month ago) by miod
Branch: OPENBSD_3_0
Changes since 1.72.2.1: +48 -60 lines
Diff to previous 1.72.2.1 (colored) to branchpoint 1.72 (colored)
Update OpenSSH to version 3.2.2.
Revision 1.85 / (download) - annotate - [select for diffs], Tue Apr 2 11:49:39 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_1
Changes since 1.84: +2 -2 lines
Diff to previous 1.84 (colored)
check $SHELL for -k and -d, too; http://bugzilla.mindrot.org/show_bug.cgi?id=199
Revision 1.84 / (download) - annotate - [select for diffs], Mon Mar 25 17:34:27 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.83: +41 -57 lines
Diff to previous 1.83 (colored)
change sc_get_key to sc_get_keys and hide smartcard details in scard.c
Revision 1.83 / (download) - annotate - [select for diffs], Thu Mar 21 22:44:05 2002 UTC (22 years, 2 months ago) by rees
Branch: MAIN
Changes since 1.82: +9 -5 lines
Diff to previous 1.82 (colored)
Add PIN-protection for secret key.
Revision 1.54.2.2 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:45 2002 UTC (22 years, 3 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.54.2.1: +98 -112 lines
Diff to previous 1.54.2.1 (colored) to branchpoint 1.54 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.37.2.6 / (download) - annotate - [select for diffs], Fri Mar 8 17:04:43 2002 UTC (22 years, 3 months ago) by brad
Branch: OPENBSD_2_8
Changes since 1.37.2.5: +98 -112 lines
Diff to previous 1.37.2.5 (colored) to branchpoint 1.37 (colored) next main 1.38 (colored)
Merge OpenSSH 3.1.
Revision 1.72.2.1 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:47 2002 UTC (22 years, 3 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.72: +98 -112 lines
Diff to previous 1.72 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.82 / (download) - annotate - [select for diffs], Mon Mar 4 17:27:39 2002 UTC (22 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.81: +1 -3 lines
Diff to previous 1.81 (colored)
$OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
Revision 1.81 / (download) - annotate - [select for diffs], Tue Feb 5 15:50:12 2002 UTC (22 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.80: +14 -14 lines
Diff to previous 1.80 (colored)
use log interface and remove perror() in child. use fatal_add_cleanup() vs. atexit(). ok mouring@ markus@
Revision 1.80 / (download) - annotate - [select for diffs], Mon Feb 4 00:53:39 2002 UTC (22 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.79: +2 -6 lines
Diff to previous 1.79 (colored)
unneeded includes
Revision 1.79 / (download) - annotate - [select for diffs], Fri Jan 18 18:14:17 2002 UTC (22 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.78: +3 -3 lines
Diff to previous 1.78 (colored)
unneeded cast cleanup; ok markus@
Revision 1.78 / (download) - annotate - [select for diffs], Sun Jan 13 17:27:07 2002 UTC (22 years, 5 months ago) by provos
Branch: MAIN
Changes since 1.77: +69 -82 lines
Diff to previous 1.77 (colored)
change to use queue.h macros; okay markus@
Revision 1.77 / (download) - annotate - [select for diffs], Sat Dec 29 21:56:01 2001 UTC (22 years, 5 months ago) by stevesk
Branch: MAIN
Changes since 1.76: +3 -3 lines
Diff to previous 1.76 (colored)
remove unneeded casts and some char->u_char cleanup; ok markus@
Revision 1.76 / (download) - annotate - [select for diffs], Thu Dec 27 18:22:16 2001 UTC (22 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.75: +4 -3 lines
Diff to previous 1.75 (colored)
call fatal() for openssl allocation failures
Revision 1.75 / (download) - annotate - [select for diffs], Wed Dec 19 07:18:56 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.74: +5 -5 lines
Diff to previous 1.74 (colored)
basic KNF done while i was looking for something else
Revision 1.74 / (download) - annotate - [select for diffs], Wed Dec 5 10:06:12 2001 UTC (22 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.73: +5 -5 lines
Diff to previous 1.73 (colored)
minor KNF
Revision 1.73 / (download) - annotate - [select for diffs], Sat Nov 17 19:14:34 2001 UTC (22 years, 6 months ago) by stevesk
Branch: MAIN
Changes since 1.72: +10 -6 lines
Diff to previous 1.72 (colored)
enum/int type cleanup where it made sense to do so; ok markus@
Revision 1.54.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:55 2001 UTC (22 years, 8 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.54: +200 -54 lines
Diff to previous 1.54 (colored)
Pull in OpenSSH-2.9.9
Revision 1.37.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:42 2001 UTC (22 years, 8 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.37.2.4: +200 -54 lines
Diff to previous 1.37.2.4 (colored) to branchpoint 1.37 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.72 / (download) - annotate - [select for diffs], Fri Aug 3 10:31:30 2001 UTC (22 years, 10 months ago) by jakob
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.71: +8 -4 lines
Diff to previous 1.71 (colored)
improve usage(). ok markus@
Revision 1.71 / (download) - annotate - [select for diffs], Thu Aug 2 16:14:05 2001 UTC (22 years, 10 months ago) by jakob
Branch: MAIN
Changes since 1.70: +3 -3 lines
Diff to previous 1.70 (colored)
clean up some /* SMARTCARD */. ok markus@
Revision 1.70 / (download) - annotate - [select for diffs], Thu Aug 2 15:43:57 2001 UTC (22 years, 10 months ago) by jakob
Branch: MAIN
Changes since 1.69: +5 -5 lines
Diff to previous 1.69 (colored)
add /* SMARTCARD */ to #else/#endif. ok markus@
Revision 1.69 / (download) - annotate - [select for diffs], Wed Aug 1 22:03:33 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.68: +11 -8 lines
Diff to previous 1.68 (colored)
use strings instead of ints for smartcard reader ids
Revision 1.68 / (download) - annotate - [select for diffs], Fri Jul 20 14:46:11 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.67: +16 -16 lines
Diff to previous 1.67 (colored)
do not exit() from signal handlers; ok deraadt@
Revision 1.67 / (download) - annotate - [select for diffs], Wed Jul 18 21:40:40 2001 UTC (22 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.66: +9 -6 lines
Diff to previous 1.66 (colored)
chdir("/") from bbraun@synack.net; ok markus@
Revision 1.66 / (download) - annotate - [select for diffs], Tue Jul 17 20:48:42 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.65: +12 -7 lines
Diff to previous 1.65 (colored)
update maxfd if maxfd is closed; report from jmcelroy@dtgnet.com
Revision 1.65 / (download) - annotate - [select for diffs], Sun Jul 15 16:58:29 2001 UTC (22 years, 11 months ago) by stevesk
Branch: MAIN
Changes since 1.64: +3 -3 lines
Diff to previous 1.64 (colored)
typo in usage; ok markus@
Revision 1.64 / (download) - annotate - [select for diffs], Wed Jul 4 23:49:27 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.63: +4 -2 lines
Diff to previous 1.63 (colored)
handle mutiple adds of the same smartcard key
Revision 1.63 / (download) - annotate - [select for diffs], Wed Jul 4 23:39:07 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.62: +4 -3 lines
Diff to previous 1.62 (colored)
for smartcards remove both RSA1/2 keys
Revision 1.62 / (download) - annotate - [select for diffs], Wed Jul 4 23:13:10 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.61: +3 -2 lines
Diff to previous 1.61 (colored)
handle card removal more gracefully, add sc_close() to scard.h
Revision 1.61 / (download) - annotate - [select for diffs], Wed Jul 4 22:47:19 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.60: +4 -5 lines
Diff to previous 1.60 (colored)
ignore SIGPIPE when debugging, too
Revision 1.60 / (download) - annotate - [select for diffs], Wed Jun 27 05:42:25 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.59: +4 -4 lines
Diff to previous 1.59 (colored)
s/generate_additional_parameters/rsa_generate_additional_parameters/ http://www.humppa.com/
Revision 1.59 / (download) - annotate - [select for diffs], Tue Jun 26 05:33:34 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.58: +116 -2 lines
Diff to previous 1.58 (colored)
more smartcard support.
Revision 1.58 / (download) - annotate - [select for diffs], Tue Jun 26 05:07:43 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.57: +3 -3 lines
Diff to previous 1.57 (colored)
update usage
Revision 1.57 / (download) - annotate - [select for diffs], Tue Jun 26 04:07:06 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.56: +25 -8 lines
Diff to previous 1.56 (colored)
add debug flag
Revision 1.56 / (download) - annotate - [select for diffs], Mon Jun 25 08:25:40 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.55: +3 -4 lines
Diff to previous 1.55 (colored)
update copyright for 2001
Revision 1.55 / (download) - annotate - [select for diffs], Sat Jun 23 15:12:20 2001 UTC (22 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.54: +20 -22 lines
Diff to previous 1.54 (colored)
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
Revision 1.37.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:35 2001 UTC (23 years, 1 month ago) by jason
Branch: OPENBSD_2_8
Changes since 1.37.2.3: +6 -23 lines
Diff to previous 1.37.2.3 (colored) to branchpoint 1.37 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.54 / (download) - annotate - [select for diffs], Tue Apr 3 13:56:11 2001 UTC (23 years, 2 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.53: +4 -4 lines
Diff to previous 1.53 (colored)
free() -> xfree()
Revision 1.53 / (download) - annotate - [select for diffs], Mon Mar 26 23:23:24 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.52: +4 -21 lines
Diff to previous 1.52 (colored)
try to read private f-secure ssh v2 rsa keys.
Revision 1.37.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:29 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.37.2.2: +19 -7 lines
Diff to previous 1.37.2.2 (colored) to branchpoint 1.37 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.31.2.4 / (download) - annotate - [select for diffs], Wed Mar 21 18:53:08 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.31.2.3: +19 -7 lines
Diff to previous 1.31.2.3 (colored) to branchpoint 1.31 (colored) next main 1.32 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.31.2.3 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:15 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.31.2.2: +183 -129 lines
Diff to previous 1.31.2.2 (colored) to branchpoint 1.31 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.52 / (download) - annotate - [select for diffs], Tue Mar 6 00:33:04 2001 UTC (23 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.51: +18 -6 lines
Diff to previous 1.51 (colored)
EINTR/EAGAIN handling is required in more cases
Revision 1.51 / (download) - annotate - [select for diffs], Fri Mar 2 18:54:31 2001 UTC (23 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.50: +3 -3 lines
Diff to previous 1.50 (colored)
make copyright lines the same format
Revision 1.37.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:19:27 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.37.2.1: +0 -0 lines
Diff to previous 1.37.2.1 (colored) to branchpoint 1.37 (colored)
Pull in OpenSSH-2.5.1
Revision 1.37.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:13:17 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.37: +183 -129 lines
Diff to previous 1.37 (colored)
Pull in OpenSSH 2.5.0
Revision 1.50 / (download) - annotate - [select for diffs], Thu Feb 8 19:30:52 2001 UTC (23 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.49: +3 -3 lines
Diff to previous 1.49 (colored)
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
Revision 1.49 / (download) - annotate - [select for diffs], Mon Jan 29 19:47:31 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.48: +4 -3 lines
Diff to previous 1.48 (colored)
handle rsa_private_decrypt failures; helps against the Bleichenbacher pkcs#1 attack
Revision 1.48 / (download) - annotate - [select for diffs], Thu Jan 25 08:06:33 2001 UTC (23 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.47: +15 -6 lines
Diff to previous 1.47 (colored)
call _exit() in signal handler
Revision 1.47 / (download) - annotate - [select for diffs], Sun Jan 21 19:05:56 2001 UTC (23 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.46: +7 -8 lines
Diff to previous 1.46 (colored)
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
Revision 1.46 / (download) - annotate - [select for diffs], Thu Jan 11 21:37:30 2001 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.45: +63 -29 lines
Diff to previous 1.45 (colored)
fix select overflow, work by deraadt and me.
Revision 1.45 / (download) - annotate - [select for diffs], Tue Dec 19 23:17:58 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.44: +20 -20 lines
Diff to previous 1.44 (colored)
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
Revision 1.44 / (download) - annotate - [select for diffs], Tue Dec 19 22:43:45 2000 UTC (23 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.43: +3 -3 lines
Diff to previous 1.43 (colored)
remove() -> unlink() for consistency
Revision 1.43 / (download) - annotate - [select for diffs], Wed Dec 13 23:25:44 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.42: +4 -4 lines
Diff to previous 1.42 (colored)
remove redundant spaces; from stevesk@pobox.com
Revision 1.42 / (download) - annotate - [select for diffs], Sat Dec 9 14:06:54 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.41: +3 -2 lines
Diff to previous 1.41 (colored)
extern int optind; from stevesk@sweden.hp.com
Revision 1.41 / (download) - annotate - [select for diffs], Thu Nov 30 18:33:05 2000 UTC (23 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.40: +9 -2 lines
Diff to previous 1.40 (colored)
agents must not dump core, ok niels@
Revision 1.40 / (download) - annotate - [select for diffs], Tue Nov 14 23:48:55 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.39: +12 -6 lines
Diff to previous 1.39 (colored)
do not reorder keys if a key is removed
Revision 1.39 / (download) - annotate - [select for diffs], Sun Nov 12 19:50:38 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.38: +64 -71 lines
Diff to previous 1.38 (colored)
add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
Revision 1.38 / (download) - annotate - [select for diffs], Sun Nov 12 19:03:28 2000 UTC (23 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.37: +8 -4 lines
Diff to previous 1.37 (colored)
off-by-one when removing a key from the agent
Revision 1.31.2.2 / (download) - annotate - [select for diffs], Wed Nov 8 21:31:21 2000 UTC (23 years, 7 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.31.2.1: +39 -5 lines
Diff to previous 1.31.2.1 (colored) to branchpoint 1.31 (colored)
openssh-2.3.0 (again) for 2.7 branch
Revision 1.37 / (download) - annotate - [select for diffs], Thu Sep 21 11:07:51 2000 UTC (23 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.36: +8 -3 lines
Diff to previous 1.36 (colored)
bug compat for old ssh.com software
Revision 1.36 / (download) - annotate - [select for diffs], Fri Sep 15 07:13:49 2000 UTC (23 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.35: +7 -4 lines
Diff to previous 1.35 (colored)
check return value for setenv(3) for failure, and deal appropriately
Revision 1.35 / (download) - annotate - [select for diffs], Thu Sep 7 20:27:54 2000 UTC (23 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.34: +28 -3 lines
Diff to previous 1.34 (colored)
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
Revision 1.31.2.1 / (download) - annotate - [select for diffs], Fri Sep 1 18:23:23 2000 UTC (23 years, 9 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.31: +320 -191 lines
Diff to previous 1.31 (colored)
Pull in the rest of openssh-2.2.0 to 2.7 branch (luvin' cvs...)
Revision 1.34 / (download) - annotate - [select for diffs], Thu Aug 31 22:09:34 2000 UTC (23 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.33: +3 -2 lines
Diff to previous 1.33 (colored)
add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
Revision 1.33 / (download) - annotate - [select for diffs], Sat Aug 19 21:34:43 2000 UTC (23 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.32: +316 -190 lines
Diff to previous 1.32 (colored)
add SSH2/DSA support to the agent and some other DSA related cleanups. (note that we cannot talk to ssh.com's ssh2 agents)
Revision 1.32 / (download) - annotate - [select for diffs], Sun Jul 16 08:27:21 2000 UTC (23 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.31: +6 -3 lines
Diff to previous 1.31 (colored)
make ssh-add accept dsa keys (the agent does not)
Revision 1.31 / (download) - annotate - [select for diffs], Sat Apr 29 18:11:52 2000 UTC (24 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE
Branch point for: OPENBSD_2_7
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored)
keysize warnings error() -> log()
Revision 1.30 / (download) - annotate - [select for diffs], Fri Apr 21 00:27:11 2000 UTC (24 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.29: +6 -2 lines
Diff to previous 1.29 (colored)
Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de> via Debian bug #59926
Revision 1.29 / (download) - annotate - [select for diffs], Wed Apr 19 07:05:49 2000 UTC (24 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.28: +5 -4 lines
Diff to previous 1.28 (colored)
pid_t
Revision 1.28 / (download) - annotate - [select for diffs], Fri Apr 14 10:30:33 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.27: +5 -5 lines
Diff to previous 1.27 (colored)
whitespace cleanup
Revision 1.27 / (download) - annotate - [select for diffs], Wed Apr 12 09:39:10 2000 UTC (24 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.26: +3 -3 lines
Diff to previous 1.26 (colored)
#include <ssl/foo.h> -> <openssh/foo.h>
Revision 1.26 / (download) - annotate - [select for diffs], Thu Mar 16 20:56:14 2000 UTC (24 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.25: +5 -4 lines
Diff to previous 1.25 (colored)
-pedantic: signed vs. unsigned, void*-arithm, etc
Revision 1.25 / (download) - annotate - [select for diffs], Sun Jan 2 21:51:03 2000 UTC (24 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.24: +4 -2 lines
Diff to previous 1.24 (colored)
cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and dgaudet@arctic.org
Revision 1.24 / (download) - annotate - [select for diffs], Wed Dec 15 19:43:10 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored)
keysize warnings talk about identity files
Revision 1.23 / (download) - annotate - [select for diffs], Wed Nov 24 19:53:51 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.22: +20 -13 lines
Diff to previous 1.22 (colored)
KNF, final part 3
Revision 1.22 / (download) - annotate - [select for diffs], Wed Nov 24 00:26:03 1999 UTC (24 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.21: +14 -19 lines
Diff to previous 1.21 (colored)
much more KNF
Revision 1.21 / (download) - annotate - [select for diffs], Tue Nov 23 22:25:55 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.20: +523 -570 lines
Diff to previous 1.20 (colored)
KNF part 1
Revision 1.20 / (download) - annotate - [select for diffs], Fri Nov 19 10:20:51 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.19: +4 -5 lines
Diff to previous 1.19 (colored)
only one 'extern char *__progname'
Revision 1.19 / (download) - annotate - [select for diffs], Thu Nov 18 14:00:49 1999 UTC (24 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 (colored)
more %d vs. %s in fmt-strings
Revision 1.18 / (download) - annotate - [select for diffs], Mon Nov 15 20:53:24 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.17: +6 -2 lines
Diff to previous 1.17 (colored)
the keysize of rsa-parameter 'n' is passed implizit, a few more checks and warnings about 'pretended' keysizes.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Nov 2 19:42:36 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.16: +8 -3 lines
Diff to previous 1.16 (colored)
replace assert() with error, fatal or packet_disconnect
Revision 1.16 / (download) - annotate - [select for diffs], Thu Oct 28 20:41:23 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.15: +11 -5 lines
Diff to previous 1.15 (colored)
call setsid() regardless of argv[]
Revision 1.15 / (download) - annotate - [select for diffs], Thu Oct 28 08:43:10 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.14: +139 -38 lines
Diff to previous 1.14 (colored)
from niklas: Add -c -s and -k support, Create socket early to avoid race, Don't let child access std{in,out,err}
Revision 1.14 / (download) - annotate - [select for diffs], Wed Oct 27 23:34:53 1999 UTC (24 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.13: +10 -1 lines
Diff to previous 1.13 (colored)
ignore sigpipe, do not die if the client (ssh-add, ssh) dies, ok: niklas@
Revision 1.13 / (download) - annotate - [select for diffs], Wed Oct 27 16:37:45 1999 UTC (24 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.12: +6 -6 lines
Diff to previous 1.12 (colored)
use libssl md5 routines
Revision 1.12 / (download) - annotate - [select for diffs], Thu Oct 14 18:17:42 1999 UTC (24 years, 8 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.11: +7 -57 lines
Diff to previous 1.11 (colored)
fix old connect() race security-bug for ssh-agent and agent-forwarding by removing the connect() junk, with the following restrictions: 1) change the version to "OpenSSH-1.1": agent-forwarding will work only between OpenSSH-1.1 client and OpenSSH-1.1 server 2) renamed the environment variable of OpenSSH-1.1 to "SSH_AUTH_SOCKET", since useing OpenSSH-1.0 ssh-add against the new ssh-agent does not work
Revision 1.11 / (download) - annotate - [select for diffs], Thu Oct 7 22:46:32 1999 UTC (24 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
You have Mail. Email fuer Dich. Karsten Patzwaldt <kpa@gmx.net> default=no
Revision 1.10 / (download) - annotate - [select for diffs], Tue Oct 5 22:18:52 1999 UTC (24 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.9: +29 -23 lines
Diff to previous 1.9 (colored)
move auth-sockets to private dir delete minfd residua
Revision 1.9 / (download) - annotate - [select for diffs], Mon Oct 4 20:45:01 1999 UTC (24 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.8: +43 -95 lines
Diff to previous 1.8 (colored)
nuke genminfd/AUTH_FD
Revision 1.8 / (download) - annotate - [select for diffs], Sun Oct 3 19:22:38 1999 UTC (24 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.7: +5 -5 lines
Diff to previous 1.7 (colored)
use SHUT_* symbols
Revision 1.7 / (download) - annotate - [select for diffs], Thu Sep 30 17:08:52 1999 UTC (24 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +4 -3 lines
Diff to previous 1.6 (colored)
use libc md5
Revision 1.6 / (download) - annotate - [select for diffs], Thu Sep 30 08:34:25 1999 UTC (24 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (colored)
even smaller
Revision 1.5 / (download) - annotate - [select for diffs], Thu Sep 30 05:11:29 1999 UTC (24 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.4: +1 -6 lines
Diff to previous 1.4 (colored)
do not bother with dinosaur pacification
Revision 1.4 / (download) - annotate - [select for diffs], Wed Sep 29 21:14:16 1999 UTC (24 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +5 -5 lines
Diff to previous 1.3 (colored)
numerous sprintf, strncpy, strcpy cleanups
Revision 1.3 / (download) - annotate - [select for diffs], Wed Sep 29 06:15:00 1999 UTC (24 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +11 -1 lines
Diff to previous 1.2 (colored)
test for RSA in the ssl library, real early on
Revision 1.2 / (download) - annotate - [select for diffs], Tue Sep 28 04:45:37 1999 UTC (24 years, 8 months ago) by provos
Branch: MAIN
Changes since 1.1: +94 -61 lines
Diff to previous 1.1 (colored)
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Sep 26 20:53:37 1999 UTC (24 years, 8 months ago) by deraadt
Branch: MAIN
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.