| Age | Commit message (Collapse) | Author |
|---|
|
This ensures that the logged errors are consistent with other transport-
layer errors and that the relevant IP addresses are logged. bz3129
ok dtucker@
|
|
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
|
building without zlib compression and associated options. With feedback
from markus@, ok djm@
|
|
some platforms. ok deraadt.
|
|
the list with the '^' character, e.g.
HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com
ok djm@ dtucker@
|
|
https://github.com/openssh/openssh-portable/pull/144 by Ed Maste
|
|
the way up to dispatch_run_fatal() and lose all meaninful context
to help with bz#3063; ok dtucker@
|
|
|
|
cert-hostkey.sh regress failures.
|
|
to kexgen
from markus@ ok djm@
|
|
methods have moved to KEM
from markus@ ok djm@
|
|
using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP
coupled with X25519 as a stop-loss. Not enabled by default.
introduce KEM API; a simplified framework for DH-ish KEX methods.
from markus@ feedback & ok djm@
|
|
across client and server for several KEX methods.
from markus@ ok djm@
|
|
server implementations for most KEX methods.
from markus@ ok djm@
|
|
kex method implementation do it.
from markus@ ok djm@
|
|
out the banner exchange. This eliminates some common code from the
client and server.
Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).
Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@
|
|
be sent in subsequent ones, but if it is present we should ignore it.
This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy
these clients. Reported by Jakub Jelen via bz2929; ok dtucker@
|
|
It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:
date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
Rename COMP_DELAYED to COMP_ZLIB
Only delayed compression is supported nowadays.
ok markus@
date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
Remove leftovers from pre-authentication compression
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
|
|
Only delayed compression is supported nowadays.
ok markus@
|
|
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
|
|
returns ability to add/remove/specify algorithms by wildcard.
Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.
Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.
(lots of) feedback, ok markus@
|
|
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
|
|
functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at
openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
|
ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
|
|
\0 characters. This would cause fatal connection errors if an
implementation sent e.g. string-encoded sub-values inside a value.
Reported by Denis Bider; ok markus@
|
|
|
|
ok markus@
|
|
|
|
excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
Goncalves; ok dtucker@
|
|
via bz#2687, ok djm@
|
|
Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671
"I like it" markus@
|
|
Otherwise an unauthenticated peer can repeat the KEXINIT and cause
allocation of up to 128MB -- until the connection is closed.
Reported by shilei-c at 360.cn
|
|
they are still used by the client. Spotted by naddy@
|
|
commit was intended to remove it from the server only.
remove a few server-side pre-auth compression bits that escaped
adjust wording of Compression directive in sshd_config(5)
pointed out by naddy@ ok markus@
|
|
approaching standardisation (same algorithm is currently supported
as curve25519-sha256@libssh.org)
|
|
via https://github.com/openssh/openssh-portable/pull/50
|
|
NULL deref; found by Robert Swiecki/honggfuzz; fixed with & ok djm@
|
|
Reported by mb AT smartftp.com in bz#2547 and (independantly)
Ron Frederick; ok markus@
|
|
rather than pulling <sys/param.h> and unknown namespace pollution.
ok djm markus dtucker
|
|
ext_info if privsep is disabled; report Aris Adamantiadis & Mancha; ok djm@
|
|
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
|
|
This makes automatic rekeying internal to the packet code (previously
the server and client loops needed to assist). In doing to it makes
application of rekey limits more accurate by accounting for packets
about to be sent as well as packets queued during rekeying events
themselves.
Based on a patch from dtucker@ which was in turn based on a patch
Aleksander Adamowski in bz#2521; ok markus@
|
|
|
|
fix from Matt Johnston va bz#2515
|
|
ok dtucker@
|
|
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@
|
|
KEX; bz#2949, ok dtucker@
|
|
blocksize; ok dtucker@
|
|
The debug output now labels the client and server offers and the
negotiated options. ok markus@
|
|
by a '+' to indicate that the specified items be appended to the
default rather than replacing it.
approach suggested by dtucker@, feedback dlg@, ok markus@
|
