.github
Add tests for OpenSSL 3.2.0 and 3.2 stable branch.
2023-11-27 09:37:28 +11:00
contrib
crank versions
2023-12-19 01:59:50 +11:00
m4
better detection of broken -fzero-call-used-regs
2023-12-22 17:56:26 +11:00
openbsd-compat
Solaris: prefer PRIV_XPOLICY to PRIV_LIMIT
2023-10-12 13:20:01 +11:00
regress
upstream: regress test for agent PKCS#11-backed certificates
2023-12-19 01:57:37 +11:00
.depend
depend
2023-12-19 01:59:06 +11:00
.git_allowed_signers
additional keys
2022-08-29 13:27:45 +10:00
.git_allowed_signers.asc
additional keys
2022-08-29 13:27:45 +10:00
.gitignore
…
.skipped-commit-ids
upstream: Import regenerated moduli.
2024-01-08 13:26:29 +11:00
CREDITS
…
INSTALL
remove support for old libcrypto
2023-03-24 13:56:25 +11:00
LICENCE
Add a timegm implementation from Heimdal via Samba.
2022-08-11 22:51:10 +10:00
Makefile.in
Have configure find PuTTY and Conch binaries.
2023-10-20 20:35:46 +11:00
OVERVIEW
…
PROTOCOL
upstream: spelling; ok markus@
2024-01-08 13:25:21 +11:00
PROTOCOL.agent
upstream: spelling; ok markus@
2024-01-08 13:25:21 +11:00
PROTOCOL.certkeys
…
PROTOCOL.chacha20poly1305
…
PROTOCOL.key
upstream: use consistent field names (s/char/byte)
2022-07-01 16:00:01 +10:00
PROTOCOL.krl
upstream: remove vestigal support for KRL signatures
2023-07-17 14:52:35 +10:00
PROTOCOL.mux
upstream: spelling ok dtucker@
2022-01-01 15:19:48 +11:00
PROTOCOL.sshsig
…
PROTOCOL.u2f
…
README
crank versions
2023-12-19 01:59:50 +11:00
README.dns
…
README.md
Add Coverity badges.
2023-03-03 14:50:03 +11:00
README.platform
…
README.privsep
…
README.tun
…
SECURITY.md
basic SECURITY.md (refers people to the website)
2021-11-03 12:08:21 +11:00
TODO
…
addr.c
upstream: fix test: getnameinfo returns a non-zero value on error, not
2023-03-27 14:31:57 +11:00
addr.h
upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
2022-10-28 13:39:35 +11:00
addrmatch.c
…
atomicio.c
remove sys/param.h in -portable, after upstream
2021-12-22 09:02:50 +11:00
atomicio.h
…
audit-bsm.c
…
audit-linux.c
…
audit.c
…
audit.h
…
auth-bsdauth.c
…
auth-krb5.c
…
auth-options.c
conditionalise stdint.h inclusion on HAVE_STDINT_H
2023-07-18 15:41:12 +10:00
auth-options.h
…
auth-pam.c
Fix typo in declaration of nmesg.
2023-07-14 17:07:32 +10:00
auth-pam.h
…
auth-passwd.c
…
auth-rhosts.c
upstream: Add server debugging for hostbased auth.
2022-12-09 11:36:27 +11:00
auth-shadow.c
Cast time_t's in debug output to long long.
2023-02-27 21:04:22 +11:00
auth-sia.c
…
auth-sia.h
…
auth.c
upstream: Remove unused compat.h includes.
2023-03-05 19:27:31 +11:00
auth.h
upstream: make sure that UseDNS hostname lookup happens in the monitor
2022-06-16 02:12:11 +10:00
auth2-chall.c
…
auth2-gss.c
upstream: clamp max number of GSSAPI mechanisms to 2048; ok dtucker
2023-03-31 15:32:37 +11:00
auth2-hostbased.c
upstream: Remove unused compat.h includes.
2023-03-05 19:27:31 +11:00
auth2-kbdint.c
upstream: prepare for multiple names for authmethods
2021-12-20 09:28:07 +11:00
auth2-none.c
upstream: Remove unused compat.h includes.
2023-03-05 19:27:31 +11:00
auth2-passwd.c
upstream: f sshpkt functions fail, then password is not cleared
2022-05-27 14:59:17 +10:00
auth2-pubkey.c
upstream: make sshd_config AuthorizedPrincipalsCommand and
2023-07-28 08:29:21 +10:00
auth2-pubkeyfile.c
upstream: Remove unused compat.h includes.
2023-03-05 19:27:31 +11:00
auth2.c
upstream: add "ext-info-in-auth@openssh.com" extension
2023-12-19 01:51:46 +11:00
authfd.c
upstream: Make it possible to load certs from PKCS#11 tokens
2023-12-19 01:52:55 +11:00
authfd.h
upstream: Make it possible to load certs from PKCS#11 tokens
2023-12-19 01:52:55 +11:00
authfile.c
upstream: Check pointer for NULL before deref.
2023-03-14 18:35:31 +11:00
authfile.h
…
bitmap.c
…
bitmap.h
…
buildpkg.sh.in
…
canohost.c
upstream: Return immediately from get_sock_port
2023-03-31 16:17:22 +11:00
canohost.h
…
chacha.c
upstream: move other RCSIDs to before their respective license blocks
2023-07-17 15:33:51 +10:00
chacha.h
…
channels.c
upstream: stricter handling of channel window limits
2023-12-19 01:52:55 +11:00
channels.h
upstream: stricter handling of channel window limits
2023-12-19 01:52:55 +11:00
cipher-aes.c
remove support for old libcrypto
2023-03-24 13:56:25 +11:00
cipher-aesctr.c
…
cipher-aesctr.h
…
cipher-chachapoly-libcrypto.c
upstream: move other RCSIDs to before their respective license blocks
2023-07-17 15:33:51 +10:00
cipher-chachapoly.c
upstream: move other RCSIDs to before their respective license blocks
2023-07-17 15:33:51 +10:00
cipher-chachapoly.h
…
cipher.c
upstream: Garbage collect cipher_get_keyiv_len()
2023-10-11 15:57:08 +11:00
cipher.h
upstream: Garbage collect cipher_get_keyiv_len()
2023-10-11 15:57:08 +11:00
cleanup.c
…
clientloop.c
upstream: Plug mem leak of msg when processing a quit message.
2023-11-24 12:01:34 +11:00
clientloop.h
…
compat.c
upstream: Refactor creation of KEX proposal.
2023-03-06 23:31:52 +11:00
compat.h
upstream: Refactor creation of KEX proposal.
2023-03-06 23:31:52 +11:00
config.guess
Update autotools
2022-12-06 12:23:08 +11:00
config.sub
Update autotools
2022-12-06 12:23:08 +11:00
configure.ac
better detection of broken -fzero-call-used-regs
2023-12-18 14:49:11 +11:00
crypto_api.h
upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
2023-01-16 10:57:41 +11:00
defines.h
Correct value for IPTOS_DSCP_LE.
2021-12-15 10:50:33 +11:00
dh.c
…
dh.h
…
digest-libc.c
Use SHA.*_HMAC_BLOCK_SIZE if needed.
2021-12-23 11:36:08 +11:00
digest-openssl.c
…
digest.h
…
dispatch.c
upstream: Remove unused compat.h includes.
2023-03-05 19:27:31 +11:00
dispatch.h
…
dns.c
upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@.
2023-03-10 15:42:37 +11:00
dns.h
upstream: let ssh-keygen and ssh-keyscan accept
2023-02-10 16:12:42 +11:00
ed25519.c
upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
2023-01-16 10:57:41 +11:00
ed25519.sh
upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
2023-01-16 10:57:41 +11:00
entropy.c
Remove seed passing over reexec.
2022-11-10 12:44:51 +11:00
entropy.h
…
fatal.c
…
fixalgorithms
…
fixpaths
…
groupaccess.c
…
groupaccess.h
…
gss-genr.c
need stdlib.h for free(3)
2021-10-01 16:36:24 +10:00
gss-serv-krb5.c
…
gss-serv.c
gss-serv.c: `MAXHOSTNAMELEN` -> `HOST_NAME_MAX`
2023-07-05 17:54:15 +10:00
hash.c
…
hmac.c
…
hmac.h
…
hostfile.c
upstream: fseek to end of known_hosts before writing to it.
2023-02-21 18:28:26 +11:00
hostfile.h
…
includes.h
remove sys/param.h in -portable, after upstream
2021-12-22 09:02:50 +11:00
install-sh
Update autotools
2022-12-06 12:23:08 +11:00
kex.c
upstream: remove ext-info-* in the kex.c code, not in callers;
2024-01-08 13:26:43 +11:00
kex.h
upstream: add "ext-info-in-auth@openssh.com" extension
2023-12-19 01:51:46 +11:00
kexc25519.c
…
kexdh.c
…
kexecdh.c
…
kexgen.c
upstream: Record session ID, host key and sig at intital KEX
2021-12-20 09:24:42 +11:00
kexgex.c
…
kexgexc.c
upstream: Record session ID, host key and sig at intital KEX
2021-12-20 09:24:42 +11:00
kexgexs.c
upstream: Ignore return from sshpkt_disconnect
2023-03-29 12:33:32 +11:00
kexsntrup761x25519.c
upstream: fix unintended sizeof pointer in debug path ok markus@
2021-12-07 12:30:50 +11:00
krl.c
upstream: Move RCSID to before license block and away from #includes,
2023-07-17 15:24:14 +10:00
krl.h
upstream: remove vestigal support for KRL signatures
2023-07-17 14:52:35 +10:00
log.c
upstream: short circuit debug log processing early if we're not going
2023-12-07 08:09:11 +11:00
log.h
…
loginrec.c
remove sys/param.h in -portable, after upstream
2021-12-22 09:02:50 +11:00
loginrec.h
…
logintest.c
…
mac.c
…
mac.h
…
match.c
upstream: match_user() shouldn't be called with user==NULL unless
2023-04-06 13:27:16 +10:00
match.h
…
mdoc2man.awk
…
misc.c
upstream: 64 %-expansion keys ought to be enough for anybody; ok
2023-10-12 14:37:52 +11:00
misc.h
upstream: add ChannelTimeout support to the client, mirroring the
2023-10-12 10:00:13 +11:00
mkinstalldirs
…
moduli
upstream: Import regenerated moduli.
2023-10-26 23:46:03 +11:00
moduli.5
Resync moduli.5 with upstream.
2022-04-16 14:33:20 +10:00
moduli.c
upstream: Always call fclose on checkpoints.
2023-03-02 18:24:51 +11:00
monitor.c
upstream: defence-in-depth MaxAuthTries check in monitor; ok markus
2023-08-18 11:44:41 +10:00
monitor.h
…
monitor_fdpass.c
…
monitor_fdpass.h
…
monitor_wrap.c
upstream: add "ext-info-in-auth@openssh.com" extension
2023-12-19 01:51:46 +11:00
monitor_wrap.h
upstream: make sure that UseDNS hostname lookup happens in the monitor
2022-06-16 02:12:11 +10:00
msg.c
…
msg.h
…
mux.c
upstream: Include existing mux path in debug message.
2023-11-24 12:01:31 +11:00
myproposal.h
upstream: select post-quantum KEX
2022-03-31 08:16:38 +11:00
nchan.c
upstream: mark const string array contents const too, i.e. static
2022-02-02 10:38:59 +11:00
nchan.ms
…
nchan2.ms
…
openssh.xml.in
…
opensshd.init.in
Replace shell function with ssh-keygen -A.
2021-08-20 18:14:13 +10:00
packet.c
upstream: implement "strict key exchange" in ssh and sshd
2023-12-19 01:51:11 +11:00
packet.h
upstream: implement "strict key exchange" in ssh and sshd
2023-12-19 01:51:11 +11:00
pathnames.h
…
pkcs11.h
…
platform-misc.c
…
platform-pledge.c
…
platform-tracing.c
Fix comment text. From emaste at freebsd.org.
2022-11-09 08:27:47 +11:00
platform.c
Factor out platform-specific locked account check.
2022-03-26 12:49:50 +11:00
platform.h
Missing semicolon.
2022-03-26 13:15:44 +11:00
poly1305.c
upstream: move other RCSIDs to before their respective license blocks
2023-07-17 15:33:51 +10:00
poly1305.h
…
progressmeter.c
upstream: remove duplicate signal.h include
2023-04-17 09:21:14 +10:00
progressmeter.h
…
readconf.c
upstream: add %j token that expands to the configured ProxyJump
2023-10-12 13:19:41 +11:00
readconf.h
upstream: add %j token that expands to the configured ProxyJump
2023-10-12 13:19:41 +11:00
readpass.c
upstream: Avoid kill with -1 argument. The out_ctx label can be
2022-05-27 14:59:17 +10:00
rijndael.c
…
rijndael.h
upstream: Make prototype for rijndaelEncrypt match function
2021-09-29 11:09:27 +10:00
sandbox-capsicum.c
Cache timezone data in capsicum sandbox.
2022-04-23 21:14:01 +10:00
sandbox-darwin.c
…
sandbox-null.c
…
sandbox-pledge.c
…
sandbox-rlimit.c
…
sandbox-seccomp-filter.c
Improve seccomp compat on older systems.
2023-02-11 12:32:19 +11:00
sandbox-solaris.c
…
sandbox-systrace.c
…
scp.1
upstream: Mention that scp uses the SFTP protocol and remove
2023-01-03 17:53:05 +11:00
scp.c
upstream: in olde rcp/scp protocol mode, when rejecting a path from the
2023-10-11 16:44:40 +11:00
servconf.c
upstream: add ChannelTimeout support to the client, mirroring the
2023-10-12 10:00:13 +11:00
servconf.h
upstream: allow override of Sybsystem directives in sshd Match
2023-09-07 09:54:47 +10:00
serverloop.c
upstream: correct math for ClientAliveInterval that caused the
2023-08-28 13:34:00 +10:00
serverloop.h
…
session.c
upstream: better debug logging of sessions' exit status
2023-08-11 09:12:59 +10:00
session.h
upstream: Add channel_force_close()
2023-01-06 16:21:39 +11:00
sftp-client.c
upstream: Make sure sftp_get_limits() only returns 0 if 'limits'
2023-11-16 09:53:42 +11:00
sftp-client.h
upstream: the sftp code was one of my first contributions to
2023-09-08 15:59:08 +10:00
sftp-common.c
upstream: don't attempt to decode a ridiculous number of
2023-03-31 15:06:20 +11:00
sftp-common.h
upstream: extend sftp-common.c:extend ls_file() to support supplied
2022-09-19 20:49:13 +10:00
sftp-glob.c
upstream: rename remote_glob() -> sftp_glob() to match other API
2023-09-11 09:14:02 +10:00
sftp-realpath.c
upstream: sys/param.h is not needed for any visible reason
2021-09-03 14:20:22 +10:00
sftp-server-main.c
Remove seed_rng calls from scp, sftp, sftp-server.
2022-07-27 16:22:30 +10:00
sftp-server.8
upstream: standardise the grammar in the options list; issue
2021-08-03 09:39:57 +10:00
sftp-server.c
upstream: fix double words ok dtucker@
2023-04-17 09:21:13 +10:00
sftp-usergroup.c
upstream: the sftp code was one of my first contributions to
2023-09-08 15:59:08 +10:00
sftp-usergroup.h
upstream: use users-groups-by-id@openssh.com sftp-server extension
2022-09-19 20:51:14 +10:00
sftp.1
upstream: add a -X option to both scp(1) and sftp(1) to allow
2023-01-03 17:53:05 +11:00
sftp.c
upstream: rename remote_glob() -> sftp_glob() to match other API
2023-09-11 09:14:02 +10:00
sftp.h
…
sk-api.h
upstream: when enrolling a resident key on a security token, check
2022-07-20 13:38:47 +10:00
sk-usbhid.c
conditionalise stdint.h inclusion on HAVE_STDINT_H
2023-07-18 15:41:12 +10:00
smult_curve25519_ref.c
…
sntrup761.c
upstream: remove whitespace at EOL from code extracted from SUPERCOP
2023-01-11 13:17:03 +11:00
sntrup761.sh
upstream: remove whitespace at EOL from code extracted from SUPERCOP
2023-01-11 13:17:03 +11:00
srclimit.c
…
srclimit.h
…
ssh-add.1
upstream: sort -C, and add to usage(); ok djm
2024-01-08 13:25:20 +11:00
ssh-add.c
upstream: fix typo; spotted by Albert Chin
2024-01-08 13:26:42 +11:00
ssh-agent.1
use portable provider allowlist path in manpage
2023-10-04 10:54:04 +11:00
ssh-agent.c
upstream: match flag type (s/int/u_int)
2024-01-08 13:25:19 +11:00
ssh-dss.c
upstream: Remove unused compat.h includes.
2023-03-05 19:27:31 +11:00
ssh-ecdsa-sk.c
upstream: Delete obsolete /* ARGSUSED */ lint comments.
2023-03-08 17:26:53 +11:00
ssh-ecdsa.c
upstream: Delete obsolete /* ARGSUSED */ lint comments.
2023-03-08 17:26:53 +11:00
ssh-ed25519-sk.c
upstream: refactor sshkey_private_deserialize
2022-10-28 12:47:01 +11:00
ssh-ed25519.c
upstream: refactor sshkey_private_deserialize
2022-10-28 12:47:01 +11:00
ssh-gss.h
…
ssh-keygen.1
upstream: Generate Ed25519 keys when invoked without arguments
2023-09-07 09:53:59 +10:00
ssh-keygen.c
upstream: Generate Ed25519 keys when invoked without arguments
2023-09-07 09:53:59 +10:00
ssh-keyscan.1
upstream: space between macro and punctuation; sort usage();
2023-02-16 21:11:38 +11:00
ssh-keyscan.c
upstream: spelling; ok markus@
2024-01-08 13:25:21 +11:00
ssh-keysign.8
upstream: man pages: add missing commas between subordinate and
2022-04-06 09:16:05 +10:00
ssh-keysign.c
upstream: avoid double-free in error path introduced in r1.70; report
2022-08-01 21:11:33 +10:00
ssh-pkcs11-client.c
upstream: Make it possible to load certs from PKCS#11 tokens
2023-12-19 01:52:55 +11:00
ssh-pkcs11-helper.8
upstream: mention that the helpers are used by ssh(1), ssh-agent(1)
2022-04-29 13:26:24 +10:00
ssh-pkcs11-helper.c
upstream: check for POLLHUP wherever we check for POLLIN
2021-11-18 14:32:54 +11:00
ssh-pkcs11.c
upstream: don't incorrectly truncate logged strings retrieved from
2023-07-28 08:31:01 +10:00
ssh-pkcs11.h
upstream: Make it possible to load certs from PKCS#11 tokens
2023-12-19 01:52:55 +11:00
ssh-rsa.c
upstream: Remove unused compat.h includes.
2023-03-05 19:27:31 +11:00
ssh-sandbox.h
…
ssh-sk-client.c
upstream: sshsk_load_resident: don't preallocate resp
2022-01-14 14:40:40 +11:00
ssh-sk-helper.8
upstream: mention that the helpers are used by ssh(1), ssh-agent(1)
2022-04-29 13:26:24 +10:00
ssh-sk-helper.c
upstream: Remove duplicate includes.
2022-12-04 22:40:04 +11:00
ssh-sk.c
upstream: Ensure FIDO/PKCS11 libraries contain expected symbols
2023-07-20 00:21:31 +10:00
ssh-sk.h
upstream: When downloading resident keys from a FIDO token, pass
2021-10-28 13:56:59 +11:00
ssh-xmss.c
conditionalise stdint.h inclusion on HAVE_STDINT_H
2023-07-18 15:41:12 +10:00
ssh.1
upstream: ssh -Q does not make sense with other command-line options,
2023-10-12 10:15:47 +11:00
ssh.c
upstream: ban user/hostnames with most shell metacharacters
2023-12-19 01:53:40 +11:00
ssh.h
…
ssh2.h
upstream: Reserve a range of "local extension" message numbers that
2023-10-10 14:58:55 +11:00
ssh_api.c
…
ssh_api.h
…
ssh_config
upstream: CheckHostIP has defaulted to 'no' for a while; make the
2023-08-03 09:09:02 +10:00
ssh_config.5
upstream: add %j token that expands to the configured ProxyJump
2023-10-12 13:19:41 +11:00
sshbuf-getput-basic.c
upstream: revert previous; it was broken (spotted by Theo)
2022-05-25 16:06:03 +10:00
sshbuf-getput-crypto.c
upstream: revert previous; it was broken (spotted by Theo)
2022-05-25 16:06:03 +10:00
sshbuf-io.c
…
sshbuf-misc.c
upstream: Add a sshbuf_read() that attempts to read(2) directly in
2022-01-25 10:45:47 +11:00
sshbuf.c
upstream: make struct sshbuf private
2022-12-04 22:39:42 +11:00
sshbuf.h
upstream: make struct sshbuf private
2022-12-04 22:39:42 +11:00
sshconnect.c
upstream: set errno=EAFNOSUPPORT when filtering addresses that don't
2023-11-20 13:51:15 +11:00
sshconnect.h
upstream: add %j token that expands to the configured ProxyJump
2023-10-12 13:19:41 +11:00
sshconnect2.c
upstream: remove ext-info-* in the kex.c code, not in callers;
2024-01-08 13:26:43 +11:00
sshd.8
upstream: typo; from Jim Spath
2023-10-01 10:57:54 +11:00
sshd.c
upstream: remove ext-info-* in the kex.c code, not in callers;
2024-01-08 13:26:43 +11:00
sshd_config
Use "prohibit-password" in -portable comments.
2022-11-07 10:54:29 +11:00
sshd_config.5
upstream: %C is a callable macro in mdoc(7)
2023-08-01 18:54:13 +10:00
ssherr.c
…
ssherr.h
…
sshkey-xmss.c
upstream: factor out key generation
2022-10-28 12:46:58 +11:00
sshkey-xmss.h
upstream: factor out key generation
2022-10-28 12:46:58 +11:00
sshkey.c
upstream: spelling; ok markus@
2024-01-08 13:25:21 +11:00
sshkey.h
upstream: better validate CASignatureAlgorithms in ssh_config and
2023-06-21 15:13:56 +10:00
sshlogin.c
Include stdlib.h for free() prototype.
2022-04-23 21:14:01 +10:00
sshlogin.h
…
sshpty.c
…
sshpty.h
…
sshsig.c
upstream: prevent leak in sshsig_match_principals; ok djm@
2023-12-13 14:33:50 +11:00
sshsig.h
upstream: Add ssh-keygen -Y match-principals operation to perform
2021-11-27 18:22:41 +11:00
sshtty.c
…
survey.sh.in
…
ttymodes.c
…
ttymodes.h
…
uidswap.c
…
uidswap.h
…
umac.c
upstream: correct size for array argument when changing
2023-03-07 16:38:39 +11:00
umac.h
upstream: spelling ok dtucker@
2022-01-01 15:19:48 +11:00
umac128.c
…
utf8.c
…
utf8.h
…
version.h
upstream: openssh-9.6
2023-12-19 01:53:47 +11:00
xmalloc.c
upstream: ssh: xstrdup(): use memcpy(3)
2022-03-18 13:33:36 +11:00
xmalloc.h
…
xmss_commons.c
…
xmss_commons.h
…
xmss_fast.c
…
xmss_fast.h
…
xmss_hash.c
upstream: spelling; ok markus@
2024-01-08 13:25:21 +11:00
xmss_hash.h
…
xmss_hash_address.c
…
xmss_hash_address.h
…
xmss_wots.c
…
xmss_wots.h
…