RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-03 00:02:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,646 Commits 69 Branches 157 Tags 27 MiB
ade31d7b6f
Commit Graph

7646 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Damien Miller
ade31d7b6f these need active_state defined to link on OSX 
temporary measure until active_state goes away entirely
 2015-01-27 23:06:23 +11:00
djm@openbsd.org
e56aa87502 upstream commit 
use printf instead of echo -n to reduce diff against
 -portable
 2015-01-27 23:03:15 +11:00
jmc@openbsd.org
9f7637f56e upstream commit 
sort previous;
 2015-01-27 23:02:44 +11:00
djm@openbsd.org
3076ee7d53 upstream commit 
properly restore umask
 2015-01-27 00:37:35 +11:00
djm@openbsd.org
d411d39555 upstream commit 
regression test for host key rotation
 2015-01-27 00:03:53 +11:00
djm@openbsd.org
fe8a3a5169 upstream commit 
adapt to sshkey API tweaks
 2015-01-27 00:03:31 +11:00
miod@openbsd.org
7dd355fb1f upstream commit 
Move -lz late in the linker commandline for things to
 build on static arches.
 2015-01-27 00:03:30 +11:00
miod@openbsd.org
0dad3b806f upstream commit 
-Wpointer-sign is supported by gcc 4 only.
 2015-01-27 00:03:30 +11:00
djm@openbsd.org
2b3b1c1e4b upstream commit 
use SUBDIR to recuse into unit tests; makes "make obj"
 actually work
 2015-01-27 00:03:12 +11:00
djm@openbsd.org
1d1092bff8 upstream commit 
correct description of UpdateHostKeys in ssh_config.5 and
 add it to -o lists for ssh, scp and sftp; pointed out by jmc@
 2015-01-27 00:00:58 +11:00
djm@openbsd.org
5104db7cbd upstream commit 
correctly match ECDSA subtype (== curve) for
 offered/recevied host keys. Fixes connection-killing host key mismatches when
 a server offers multiple ECDSA keys with different curve type (an extremely
 unlikely configuration).

ok markus, "looks mechanical" deraadt@
 2015-01-27 00:00:57 +11:00
djm@openbsd.org
8d4f87258f upstream commit 
Host key rotation support.

Add a hostkeys@openssh.com protocol extension (global request) for
a server to inform a client of all its available host key after
authentication has completed. The client may record the keys in
known_hosts, allowing it to upgrade to better host key algorithms
and a server to gracefully rotate its keys.

The client side of this is controlled by a UpdateHostkeys config
option (default on).

ok markus@
 2015-01-27 00:00:57 +11:00
djm@openbsd.org
60b1825262 upstream commit 
small refactor and add some convenience functions; ok
 markus
 2015-01-27 00:00:36 +11:00
jmc@openbsd.org
a5a3e3328d upstream commit 
heirarchy -> hierarchy;
 2015-01-26 23:58:54 +11:00
deraadt@openbsd.org
dcff5810a1 upstream commit 
Provide a warning about chroot misuses (which sadly, seem
 to have become quite popular because shiny).  sshd cannot detect/manage/do
 anything about these cases, best we can do is warn in the right spot in the
 man page. ok markus
 2015-01-26 23:58:53 +11:00
deraadt@openbsd.org
087266ec33 upstream commit 
Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus
 2015-01-26 23:58:53 +11:00
markus@openbsd.org
57e783c8ba upstream commit 
kex_setup errors are fatal()
 2015-01-26 23:53:56 +11:00
djm@openbsd.org
1d6424a6ff upstream commit 
this test would accidentally delete agent.sh if run without
 obj/
 2015-01-20 19:03:08 +11:00
djm@openbsd.org
12b5f50777 upstream commit 
make this compile with KERBEROS5 enabled
 2015-01-20 18:58:37 +11:00
djm@openbsd.org
e2cc6bef08 upstream commit 
fix hostkeys in agent; ok markus@
 2015-01-20 18:58:36 +11:00
Damien Miller
1ca3e2155a fix kex test 2015-01-20 10:11:31 +11:00
markus@openbsd.org
c78a578107 upstream commit 
finally enable the KEX tests I wrote some years ago...
 2015-01-20 09:50:34 +11:00
markus@openbsd.org
31821d7217 upstream commit 
adapt to new error message (SSH_ERR_MAC_INVALID)
 2015-01-20 09:46:48 +11:00
djm@openbsd.org
d3716ca19e upstream commit 
this test was broken in at least two ways, such that it
 wasn't checking that a KRL was not excluding valid keys
 2015-01-20 09:45:56 +11:00
markus@openbsd.org
3f79765374 upstream commit 
switch ssh-keyscan from setjmp to multiple ssh transport
 layer instances ok djm@
 2015-01-20 09:24:11 +11:00
markus@openbsd.org
f582f0e917 upstream commit 
add experimental api for packet layer; ok djm@
 2015-01-20 09:23:46 +11:00
markus@openbsd.org
48b3b2ba75 upstream commit 
store compat flags in struct ssh; ok djm@
 2015-01-20 09:19:40 +11:00
markus@openbsd.org
57d10cbe86 upstream commit 
adapt kex to sshbuf and struct ssh; ok djm@
 2015-01-20 09:19:39 +11:00
markus@openbsd.org
3fdc88a0de upstream commit 
move dispatch to struct ssh; ok djm@
 2015-01-20 09:14:16 +11:00
markus@openbsd.org
091c302829 upstream commit 
update packet.c & isolate, introduce struct ssh a) switch
 packet.c to buffer api and isolate per-connection info into struct ssh b)
 (de)serialization of the state is moved from monitor to packet.c c) the old
 packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and
 integrated into packet.c with and ok djm@
 2015-01-20 09:13:01 +11:00
djm@openbsd.org
4e62cc68ce upstream commit 
fix format strings in (disabled) debugging
 2015-01-20 08:33:01 +11:00
djm@openbsd.org
d85e062459 upstream commit 
be a bit more careful in these tests to ensure that
 known_hosts is clean
 2015-01-20 00:26:13 +11:00
djm@openbsd.org
7947810eab upstream commit 
regression test for known_host file editing using
 ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok
 markus@
 2015-01-20 00:26:13 +11:00
djm@openbsd.org
3a2b09d147 upstream commit 
more and better key tests

test signatures and verification
test certificate generation
flesh out nested cert test

removes most of the XXX todo markers
 2015-01-20 00:25:12 +11:00
djm@openbsd.org
589e69fd82 upstream commit 
make the signature fuzzing test much more rigorous:
 ensure that the fuzzed input cases do not match the original (using new
 fuzz_matches_original() function) and check that the verification fails in
 each case
 2015-01-20 00:24:40 +11:00
djm@openbsd.org
80603c0daa upstream commit 
add a fuzz_matches_original() function to the fuzzer to
 detect fuzz cases that are identical to the original data. Hacky
 implementation, but very useful when you need the fuzz to be different, e.g.
 when verifying signature
 2015-01-20 00:24:39 +11:00
djm@openbsd.org
87d5495bd3 upstream commit 
better dumps from the fuzzer (shown on errors) -
 include the original data as well as the fuzzed copy.
 2015-01-20 00:24:39 +11:00
djm@openbsd.org
d59ec478c4 upstream commit 
enable hostkey-agent.sh test
 2015-01-20 00:24:17 +11:00
djm@openbsd.org
26b3425170 upstream commit 
unit test for hostkeys in ssh-agent
 2015-01-20 00:23:43 +11:00
markus@openbsd.org
9e06a0fb23 upstream commit 
add kex unit tests
 2015-01-20 00:22:50 +11:00
deraadt@openbsd.org
d2099dec6d upstream commit 
djm, your /usr/include tree is old
 2015-01-20 00:20:45 +11:00
djm@openbsd.org
2b3c3c76c3 upstream commit 
some feedback from markus@: comment hostkeys_foreach()
 context and avoid a member in it.
 2015-01-20 00:20:44 +11:00
djm@openbsd.org
cecb30bc2b upstream commit 
make ssh-keygen use hostkeys_foreach(). Removes some
 horrendous code; ok markus@
 2015-01-20 00:20:44 +11:00
djm@openbsd.org
ec3d065df3 upstream commit 
convert load_hostkeys() (hostkey ordering and
 known_host matching) to use the new hostkey_foreach() iterator; ok markus
 2015-01-20 00:20:44 +11:00
djm@openbsd.org
c29811cc48 upstream commit 
introduce hostkeys_foreach() to allow iteration over a
 known_hosts file or controlled subset thereof. This will allow us to pull out
 some ugly and duplicated code, and will be used to implement hostkey rotation
 later.

feedback and ok markus
 2015-01-20 00:20:43 +11:00
deraadt@openbsd.org
f101d8291d upstream commit 
string truncation due to sizeof(size) ok djm markus
 2015-01-20 00:20:17 +11:00
djm@openbsd.org
35d6022b55 upstream commit 
avoid trailing ',' in host key algorithms
 2015-01-20 00:20:00 +11:00
djm@openbsd.org
7efb455789 upstream commit 
infer key length correctly when user specified a fully-
 qualified key name instead of using the -b bits option; ok markus@
 2015-01-20 00:19:59 +11:00
djm@openbsd.org
83f8ffa6a5 upstream commit 
fix hostkeys on ssh agent; found by unit test I'm about
 to commit
 2015-01-20 00:18:45 +11:00
schwarze@openbsd.org
369d61f176 upstream commit 
garbage collect empty .No macros mandoc warns about
 2015-01-20 00:18:44 +11:00