Commit Graph

6196 Commits

Author SHA1 Message Date
Tim Rice
bdd3e67c19 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
1.12 to unbreak Solaris build.
   ok djm@
2010-10-24 18:35:55 -07:00
Darren Tucker
7bc236de21 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
have it.
2010-10-24 11:58:43 +11:00
Darren Tucker
d633fef471 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
which don't have ECC support in libcrypto.
2010-10-24 11:33:07 +11:00
Darren Tucker
bfd9b1be41 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
which don't have ECC support in libcrypto.
2010-10-24 11:19:26 +11:00
Darren Tucker
d78739ab90 - sthen@cvs.openbsd.org 2010/10/23 22:06:12
[sftp.c]
     escape '[' in filename tab-completion; fix a type while there.
     ok djm@
2010-10-24 10:56:32 +11:00
Darren Tucker
a53939332d - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. 2010-10-24 10:47:30 +11:00
Damien Miller
6fd2d7de4b - djm@cvs.openbsd.org 2010/08/31 12:24:09
[regress/cert-hostkey.sh regress/cert-userkey.sh]
     tests for ECDSA certificates
2010-10-21 15:27:14 +11:00
Damien Miller
68512c0341 - OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2010/10/12 02:22:24
     [mux.c]
     Typo in confirmation message.  bz#1827, patch from imorgan at nas nasa gov
2010-10-21 15:21:11 +11:00
Damien Miller
9c0c31d2db - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) 2010-10-12 13:30:44 +11:00
Damien Miller
47e57bfab4 - (djm) [canohost.c] Zero a4 instead of addr to better match type.
bz#1825, reported by foo AT mailinator.com
2010-10-12 13:28:12 +11:00
Damien Miller
1f78980099 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
dr AT vasco.com
2010-10-11 22:35:22 +11:00
Damien Miller
88b844f19b - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp 2010-10-07 22:19:23 +11:00
Damien Miller
80e9953938 - (djm) [cipher-acss.c] Add missing header. 2010-10-07 22:12:08 +11:00
Damien Miller
37f4f1892f - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. 2010-10-07 22:10:38 +11:00
Damien Miller
45fcdaa1cf - djm@cvs.openbsd.org 2010/10/06 21:10:21
[sshconnect.c]
     swapped args to kill(2)
2010-10-07 22:07:58 +11:00
Damien Miller
a41ccca643 - djm@cvs.openbsd.org 2010/10/06 06:39:28
[clientloop.c ssh.c sshconnect.c sshconnect.h]
     kill proxy command on fatal() (we already kill it on clean exit);
     ok markus@
2010-10-07 22:07:32 +11:00
Damien Miller
38d9a965bf - djm@cvs.openbsd.org 2010/10/05 05:13:18
[sftp.c sshconnect.c]
     use default shell /bin/sh if $SHELL is ""; ok markus@
2010-10-07 22:07:11 +11:00
Damien Miller
9a3d0dc062 - djm@cvs.openbsd.org 2010/10/01 23:05:32
[cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
     adapt to API changes in openssl-1.0.0a
     NB. contains compat code to select correct API for older OpenSSL
2010-10-07 22:06:42 +11:00
Damien Miller
195dbaff7a - (djm) [ssh-agent.c] Fix type for curve name. 2010-10-07 22:05:11 +11:00
Damien Miller
2738361878 sadly, two typos on one line is not my best record 2010-10-07 22:00:24 +11:00
Damien Miller
faca8ccd4d unbreak previous 2010-10-07 21:59:40 +11:00
Damien Miller
c54b02c4eb - djm@cvs.openbsd.org 2010/09/30 11:04:51
[servconf.c]
     prevent free() of string in .rodata when overriding AuthorizedKeys in
     a Match block; patch from rein AT basefarm.no
2010-10-07 21:40:17 +11:00
Damien Miller
68e2e56ea9 - djm@cvs.openbsd.org 2010/09/26 22:26:33
[sftp.c]
     when performing an "ls" in columnated (short) mode, only call
     ioctl(TIOCGWINSZ) once to get the window width instead of per-
     filename
2010-10-07 21:39:55 +11:00
Damien Miller
a6e121aaa0 - djm@cvs.openbsd.org 2010/09/25 09:30:16
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
     make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
     rountrips to fetch per-file stat(2) information.
     NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
     match.
2010-10-07 21:39:17 +11:00
Damien Miller
aa18063baf - matthew@cvs.openbsd.org 2010/09/24 13:33:00
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
     [openbsd-compat/timingsafe_bcmp.c]
     Add timingsafe_bcmp(3) to libc, mention that it's already in the
     kernel in kern(9), and remove it from OpenSSH.
     ok deraadt@, djm@
     NB. re-added under openbsd-compat/ for portable OpenSSH
2010-10-07 21:25:27 +11:00
Damien Miller
2beb32f290 - jmc@cvs.openbsd.org 2010/09/23 13:36:46
[scp.1 sftp.1]
     add KexAlgorithms to the -o list;
2010-09-24 22:16:03 +10:00
Damien Miller
56883e194f - jmc@cvs.openbsd.org 2010/09/23 13:34:43
[sftp.c]
     add [-l limit] to usage();
2010-09-24 22:15:39 +10:00
Damien Miller
65e42f87fe - djm@cvs.openbsd.org 2010/09/22 22:58:51
[atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
     [sftp-client.h sftp.1 sftp.c]
     add an option per-read/write callback to atomicio

     factor out bandwidth limiting code from scp(1) into a generic bandwidth
     limiter that can be attached using the atomicio callback mechanism

     add a bandwidth limit option to sftp(1) using the above
     "very nice" markus@
2010-09-24 22:15:11 +10:00
Damien Miller
7fe2b1fec3 - jmc@cvs.openbsd.org 2010/09/22 08:30:08
[ssh.1 ssh_config.5]
     ssh.1: add kexalgorithms to the -o list
     ssh_config.5: format the kexalgorithms in a more consistent
     (prettier!) way
     ok djm
2010-09-24 22:11:53 +10:00
Damien Miller
d5f62bf280 - djm@cvs.openbsd.org 2010/09/22 05:01:30
[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
     [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
     add a KexAlgorithms knob to the client and server configuration to allow
     selection of which key exchange methods are used by ssh(1) and sshd(8)
     and their order of preference.
     ok markus@
2010-09-24 22:11:14 +10:00
Damien Miller
603134e077 - djm@cvs.openbsd.org 2010/09/20 07:19:27
[mux.c]
     "atomically" create the listening mux socket by binding it on a temorary
     name and then linking it into position after listen() has succeeded.
     this allows the mux clients to determine that the server socket is
     either ready or stale without races. stale server sockets are now
     automatically removed
     ok deraadt
2010-09-24 22:07:55 +10:00
Damien Miller
18e1cab1a1 - djm@cvs.openbsd.org 2010/09/20 04:54:07
[jpake.c]
     missing #include
2010-09-24 22:07:17 +10:00
Damien Miller
f7540cd5c4 - djm@cvs.openbsd.org 2010/09/20 04:50:53
[jpake.c schnorr.c]
     check that received values are smaller than the group size in the
     disabled and unfinished J-PAKE code.
     avoids catastrophic security failure found by Sebastien Martini
2010-09-24 22:03:24 +10:00
Damien Miller
857b02e37f - djm@cvs.openbsd.org 2010/09/20 04:41:47
[ssh.c]
     install a SIGCHLD handler to reap expiried child process; ok markus@
2010-09-24 22:02:56 +10:00
Damien Miller
881adf74eb - jmc@cvs.openbsd.org 2010/09/19 21:30:05
[sftp.1]
     more wacky macro fixing;
2010-09-24 22:01:54 +10:00
Damien Miller
1ca9469318 - djm@cvs.openbsd.org 2010/09/11 21:44:20
[ssh.1]
     mention RFC 5656 for ECC stuff
2010-09-24 22:01:22 +10:00
Damien Miller
6186bbc7fb - naddy@cvs.openbsd.org 2010/09/10 15:19:29
[ssh-keygen.1]
     * mention ECDSA in more places
     * less repetition in FILES section
     * SSHv1 keys are still encrypted with 3DES
     help and ok jmc@
2010-09-24 22:00:54 +10:00
Darren Tucker
8ccb7392e7 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
for missing headers and compiler warnings.
2010-09-10 12:28:24 +10:00
Damien Miller
6af914a15c - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
   [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
   platforms that don't have the requisite OpenSSL support. ok dtucker@
2010-09-10 11:39:26 +10:00
Damien Miller
041ab7c1e7 - djm@cvs.openbsd.org 2010/09/09 10:45:45
[kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
     ECDH/ECDSA compliance fix: these methods vary the hash function they use
     (SHA256/384/512) depending on the length of the curve in use. The previous
     code incorrectly used SHA256 in all cases.

     This fix will cause authentication failure when using 384 or 521-bit curve
     keys if one peer hasn't been upgraded and the other has. (256-bit curve
     keys work ok). In particular you may need to specify HostkeyAlgorithms
     when connecting to a server that has not been upgraded from an upgraded
     client.

     ok naddy@
2010-09-10 11:23:34 +10:00
Damien Miller
3796ab47d3 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31
[compress.c]
     work around name-space collisions some buggy compilers (looking at you
     gcc, at least in earlier versions, but this does not forgive your current
     transgressions) seen between zlib and openssl
     ok djm
2010-09-10 11:20:59 +10:00
Damien Miller
bf0423e550 - djm@cvs.openbsd.org 2010/09/08 03:54:36
[authfile.c]
     typo
2010-09-10 11:20:38 +10:00
Damien Miller
80ed82aaf4 - naddy@cvs.openbsd.org 2010/09/06 17:10:19
[sshd_config]
     add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
     <mattieu.b@gmail.com>
     ok deraadt@
2010-09-10 11:20:11 +10:00
Damien Miller
daa7b2254f - jmc@cvs.openbsd.org 2010/09/04 09:38:34
[ssh-add.1 ssh.1]
     two more EXIT STATUS sections;
2010-09-10 11:19:33 +10:00
Damien Miller
390f1532f2 - jmc@cvs.openbsd.org 2010/09/03 11:09:29
[scp.1]
     add an EXIT STATUS section for /usr/bin;
2010-09-10 11:17:54 +10:00
Damien Miller
6e9f680cd2 - naddy@cvs.openbsd.org 2010/09/02 17:21:50
[ssh-keygen.c]
     Switch ECDSA default key size to 256 bits, which according to RFC5656
     should still be better than our current RSA-2048 default.
     ok djm@, markus@
2010-09-10 11:17:38 +10:00
Damien Miller
5929c52f65 - markus@cvs.openbsd.org 2010/09/02 16:08:39
[ssh.c]
     unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
2010-09-10 11:17:02 +10:00
Damien Miller
5773794d55 - markus@cvs.openbsd.org 2010/09/02 16:07:25
[ssh-keygen.c]
     permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
2010-09-10 11:16:37 +10:00
Damien Miller
0f2635884c - djm@cvs.openbsd.org 2010/09/01 22:42:13
[myproposal.h]
     prefer ECDH in a 256 bit curve field; prompted by naddy@
2010-09-10 11:16:09 +10:00
Damien Miller
e13cadf41b - naddy@cvs.openbsd.org 2010/09/01 15:21:35
[servconf.c]
     pick up ECDSA host key by default; ok djm@
2010-09-10 11:15:33 +10:00