Azure
/
sonic-openssh
зеркало из https://github.com/Azure/sonic-openssh.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
7 103 коммитов 21 ветка 415 Теги 26 MiB
Граф коммитов

7103 Коммитов

Автор SHA1 Сообщение Дата
Damien Miller 534b2ccade - djm@cvs.openbsd.org 2013/12/05 01:16:41 
[servconf.c servconf.h]
     bz#2161 - fix AuthorizedKeysCommand inside a Match block and
     rearrange things so the same error is harder to make next time;
     with and ok dtucker@
 2013-12-05 14:07:27 +11:00
Darren Tucker 8369c8e61a - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct 
-L location for libedit.  Patch from Serge van den Boom.
 2013-12-05 11:00:16 +11:00
Damien Miller 9275df3e0a - djm@cvs.openbsd.org 2013/12/04 04:20:01 
[sftp-client.c]
     bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
     AfriNIC
 2013-12-05 10:26:32 +11:00
Damien Miller 960f6a2b52 - djm@cvs.openbsd.org 2013/12/02 03:13:14 
[cipher.c]
     correct bzero of chacha20+poly1305 key context. bz#2177 from
     Loganaden Velvindron @ AfriNIC

     Also make it a memset for consistency with the rest of cipher.c
 2013-12-05 10:26:14 +11:00
Damien Miller f7e8a8796d - djm@cvs.openbsd.org 2013/12/02 03:09:22 
[key.c]
     make key_to_blob() return a NULL blob on failure; part of
     bz#2175 from Loganaden Velvindron @ AfriNIC
 2013-12-05 10:25:51 +11:00
Damien Miller f1e44ea9d9 - djm@cvs.openbsd.org 2013/12/02 02:56:17 
[ssh-pkcs11-helper.c]
     use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
 2013-12-05 10:23:21 +11:00
Damien Miller 114e540b15 - djm@cvs.openbsd.org 2013/12/02 02:50:27 
[PROTOCOL.chacha20poly1305]
     typo; from Jon Cave
 2013-12-05 10:22:57 +11:00
Damien Miller e4870c0906 - djm@cvs.openbsd.org 2013/12/01 23:19:05 
[PROTOCOL]
     mention curve25519-sha256@libssh.org key exchange algorithm
 2013-12-05 10:22:39 +11:00
Damien Miller 1d2f8804a6 - deraadt@cvs.openbsd.org 2013/11/26 19:15:09 
[pkcs11.h]
     cleanup 1 << 31 idioms.  Resurrection of this issue pointed out by
     Eitan Adler ok markus for ssh, implies same change in kerberosV
 2013-12-05 10:22:03 +11:00
Damien Miller bdb352a54f - jmc@cvs.openbsd.org 2013/11/26 12:14:54 
[ssh.1 ssh.c]
     - put -Q in the right place
     - Ar was a poor choice for the arguments to -Q. i've chosen an
       admittedly equally poor Cm, at least consistent with the rest
       of the docs. also no need for multiple instances
     - zap a now redundant Nm
     - usage() sync
 2013-12-05 10:20:52 +11:00
Damien Miller d937dc084a - deraadt@cvs.openbsd.org 2013/11/25 18:04:21 
[ssh.1 ssh.c]
     improve -Q usage and such.  One usage change is that the option is now
     case-sensitive
     ok dtucker markus djm
 2013-12-05 10:19:54 +11:00
Damien Miller dec0393f7e - jmc@cvs.openbsd.org 2013/11/21 08:05:09 
[ssh_config.5 sshd_config.5]
     no need for .Pp before displays;
 2013-12-05 10:18:43 +11:00
Damien Miller 8a073cf579 - djm@cvs.openbsd.org 2013/11/21 03:18:51 
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
     [regress/try-ciphers.sh]
     use new "ssh -Q cipher-auth" query to obtain lists of authenticated
     encryption ciphers instead of specifying them manually; ensures that
     the new chacha20poly1305@openssh.com mode is tested;

     ok markus@ and naddy@ as part of the diff to add
     chacha20poly1305@openssh.com
 2013-11-21 14:26:18 +11:00
Damien Miller ea61b2179f - djm@cvs.openbsd.org 2013/11/21 03:16:47 
[regress/modpipe.c]
     use unsigned long long instead of u_int64_t here to avoid warnings
     on some systems portable OpenSSH is built on.
 2013-11-21 14:25:15 +11:00
Damien Miller 36aba25b04 - djm@cvs.openbsd.org 2013/11/21 03:15:46 
[regress/krl.sh]
     add some reminders for additional tests that I'd like to implement
 2013-11-21 14:24:42 +11:00
Damien Miller fa7a20bc28 - naddy@cvs.openbsd.org 2013/11/18 05:09:32 
[regress/forward-control.sh]
     bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164)
     to successfully run this; ok djm@
     (ID sync only; our timeouts are already longer)
 2013-11-21 14:24:08 +11:00
Damien Miller 0fde8acdad - djm@cvs.openbsd.org 2013/11/21 00:45:44 
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
     [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
     [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
     [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
     cipher "chacha20-poly1305@openssh.com" that combines Daniel
     Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
     authenticated encryption mode.

     Inspired by and similar to Adam Langley's proposal for TLS:
     http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
     but differs in layout used for the MAC calculation and the use of a
     second ChaCha20 instance to separately encrypt packet lengths.
     Details are in the PROTOCOL.chacha20poly1305 file.

     Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
     ok markus@ naddy@
 2013-11-21 14:12:23 +11:00
Damien Miller fdb2306acd - deraadt@cvs.openbsd.org 2013/11/20 20:54:10 
[canohost.c clientloop.c match.c readconf.c sftp.c]
     unsigned casts for ctype macros where neccessary
     ok guenther millert markus
 2013-11-21 13:57:15 +11:00
Damien Miller e00167307e - deraadt@cvs.openbsd.org 2013/11/20 20:53:10 
[scp.c]
     unsigned casts for ctype macros where neccessary
     ok guenther millert markus
 2013-11-21 13:56:49 +11:00
Damien Miller 23e00aa6ba - djm@cvs.openbsd.org 2013/11/20 02:19:01 
[sshd.c]
     delay closure of in/out fds until after "Bad protocol version
     identification..." message, as get_remote_ipaddr/get_remote_port
     require them open.
 2013-11-21 13:56:28 +11:00
Damien Miller 867e6934be - markus@cvs.openbsd.org 2013/11/13 13:48:20 
[ssh-pkcs11.c]
     add missing braces found by pedro
 2013-11-21 13:56:06 +11:00
Damien Miller 0600c7020f - dtucker@cvs.openbsd.org 2013/11/08 11:15:19 
[bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
     [uidswap.c] Include stdlib.h for free() as per the man page.
 2013-11-21 13:55:43 +11:00
Darren Tucker b6a75b0b93 - (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by 
querying the ones that are compiled in.
 2013-11-10 20:25:22 +11:00
Darren Tucker 2c89430119 - (dtucker) [key.c] Check for the correct defines for NID_secp521r1. 2013-11-10 12:38:42 +11:00
Darren Tucker dd5264db5f - (dtucker) [configure.ac] Add missing "test". 2013-11-09 22:32:51 +11:00
Darren Tucker 95cb2d4eb0 - (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test. 2013-11-09 22:02:31 +11:00
Darren Tucker 37bcef51b3 - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of 
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
   latter actually works before using it.  Fedora (at least) has NID_secp521r1
   that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
 2013-11-09 18:39:25 +11:00
Darren Tucker 6e2fe81f92 - dtucker@cvs.openbsd.org 2013/11/09 05:41:34 
[regress/test-exec.sh regress/rekey.sh]
     Use smaller test data files to speed up tests.  Grow test datafiles
     where necessary for a specific test.
 2013-11-09 16:55:03 +11:00
Darren Tucker aff7ef1bb8 - (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation: 
rather than testing and generating each key, call ssh-keygen -A.
   Patch from vinschen at redhat.com.
 2013-11-09 00:19:22 +11:00
Darren Tucker 882abfd3fb - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform 
and pass in TEST_ENV.  Unknown options cause stderr to get polluted
   and the stderr-data test to fail.
 2013-11-09 00:17:41 +11:00
Darren Tucker 8c333ec23b - (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile 
warnings.
 2013-11-08 21:12:58 +11:00
Darren Tucker d94240b2f6 - (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256. 2013-11-08 21:10:04 +11:00
Darren Tucker 1c8ce34909 - (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have 
EVP_sha256.
 2013-11-08 19:50:32 +11:00
Darren Tucker ccdb9bec46 - (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of 
arc4random_stir for platforms that have arc4random but don't have
   arc4random_stir (right now this is only OpenBSD -current).
 2013-11-08 18:54:38 +11:00
Damien Miller 3420a50169 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 
[contrib/suse/openssh.spec] Update version numbers following release.
 2013-11-08 16:48:13 +11:00
Damien Miller 3ac4a234df - djm@cvs.openbsd.org 2013/11/08 01:38:11 
[version.h]
     openssh-6.4
 2013-11-08 12:39:49 +11:00
Damien Miller 6c81fee693 - djm@cvs.openbsd.org 2013/11/08 00:39:15 
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
     [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
     [sftp-client.c sftp-glob.c]
     use calloc for all structure allocations; from markus@
 2013-11-08 12:19:55 +11:00
Damien Miller 690d989008 - dtucker@cvs.openbsd.org 2013/11/07 11:58:27 
[cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
     Output the effective values of Ciphers, MACs and KexAlgorithms when
     the default has not been overridden.  ok markus@
 2013-11-08 12:16:49 +11:00
Darren Tucker 08998c5fb9 - dtucker@cvs.openbsd.org 2013/11/08 01:06:14 
[regress/rekey.sh]
      Rekey less frequently during tests to speed them up
 2013-11-08 12:11:46 +11:00
Darren Tucker 4bf7e50e53 - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment 
variable.  It's no longer used now that we get the supported MACs from
   ssh -Q.
 2013-11-07 22:33:48 +11:00
Darren Tucker 6e9d6f4112 - dtucker@cvs.openbsd.org 2013/11/07 04:26:56 
[regress/kextype.sh]
     trailing space
 2013-11-07 15:32:37 +11:00
Darren Tucker 74cbc22529 - dtucker@cvs.openbsd.org 2013/11/07 03:55:41 
[regress/kextype.sh]
     Use ssh -Q to get kex types instead of a static list.
 2013-11-07 15:26:12 +11:00
Darren Tucker a955041c93 - dtucker@cvs.openbsd.org 2013/11/07 02:48:38 
[regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
     Use ssh -Q instead of hardcoding lists of ciphers or MACs.
 2013-11-07 15:21:19 +11:00
Darren Tucker 06595d6395 - dtucker@cvs.openbsd.org 2013/11/07 01:12:51 
[regress/rekey.sh]
     Factor out the data transfer rekey tests
 2013-11-07 15:08:02 +11:00
Darren Tucker 651dc8b259 - dtucker@cvs.openbsd.org 2013/11/07 00:12:05 
[regress/rekey.sh]
     Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
     the GCM ciphers.
 2013-11-07 15:04:44 +11:00
Darren Tucker 234557762b - dtucker@cvs.openbsd.org 2013/11/04 12:27:42 
[regress/rekey.sh]
     Test rekeying with all KexAlgorithms.
 2013-11-07 15:00:51 +11:00
Darren Tucker bbfb9b0f38 - markus@cvs.openbsd.org 2013/11/02 22:39:53 
[regress/kextype.sh]
     add curve25519-sha256@libssh.org
 2013-11-07 14:56:43 +11:00
Darren Tucker aa19548a98 - djm@cvs.openbsd.org 2013/10/09 23:44:14 
[regress/Makefile] (ID sync only)
     regression test for sftp request white/blacklisting and readonly mode.
 2013-11-07 14:50:09 +11:00
Damien Miller c8908aabff - djm@cvs.openbsd.org 2013/11/06 23:05:59 
[ssh-pkcs11.c]
     from portable: s/true/true_val/ to avoid name collisions on dump platforms
     RCSID sync only
 2013-11-07 13:38:35 +11:00
Damien Miller 49c145c5e8 - markus@cvs.openbsd.org 2013/11/06 16:52:11 
[monitor_wrap.c]
     fix rekeying for AES-GCM modes; ok deraadt
 2013-11-07 13:35:39 +11:00