summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
AgeCommit message (Collapse)Author
2013-12-09remove unused definesMarkus Friedl
2013-12-09Add Authors for the public domain ed25519/nacl code.Markus Friedl
see also http://nacl.cr.yp.to/features.html All of the NaCl software is in the public domain. and http://ed25519.cr.yp.to/software.html The Ed25519 software is in the public domain.
2013-12-08Use a literal for the default value of KEXAlgorithms. ok deraadt jmcDarren Tucker
2013-12-07add missing mentions of ed25519; ok djm@Christian Weisgerber
2013-12-07document -a and -o wrt new key formatDamien Miller
2013-12-07correct RCS identsDamien Miller
2013-12-07set k->cert = NULL after freeing itDamien Miller
2013-12-06missing comma;Jason McIntyre
2013-12-06support ed25519 keys (hostkeys and user identities) using the public domainMarkus Friedl
ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
2013-12-06new private key format, bcrypt as KDF by default; details in PROTOCOL.key;Markus Friedl
feedback and lots help from djm; ok djm@
2013-12-06move private key (de)serialization to key.c; ok djmMarkus Friedl
2013-12-06remove duplicated character ('g') in getopt() string;Damien Miller
document the (few) remaining option characters so we don't have to rummage next time.
2013-12-05fix memory leak in error path in do_readdir(); pointed out byDamien Miller
Loganaden Velvindron @ AfriNIC in bz#2163
2013-12-05bz#2161 - fix AuthorizedKeysCommand inside a Match block andDamien Miller
rearrange things so the same error is harder to make next time; with and ok dtucker@
2013-12-04bz#2171: don't leak local_fd on error; from Loganaden Velvindron @Damien Miller
AfriNIC
2013-12-02correct bzero of chacha20+poly1305 key context. bz#2177 fromDamien Miller
Loganaden Velvindron @ AfriNIC Also make it a memset for consistency with the rest of cipher.c
2013-12-02make key_to_blob() return a NULL blob on failure; part ofDamien Miller
bz#2175 from Loganaden Velvindron @ AfriNIC
2013-12-02use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNICDamien Miller
2013-12-02typo; from Jon CaveDamien Miller
2013-12-01mention curve25519-sha256@libssh.org key exchange algorithmDamien Miller
2013-11-26cleanup 1 << 31 idioms. Resurrection of this issue pointed out by Eitan AdlerTheo de Raadt
ok markus for ssh, implies same change in kerberosV
2013-11-26- put -Q in the right placeJason McIntyre
- Ar was a poor choice for the arguments to -Q. i've chosen an admittedly equally poor Cm, at least consistent with the rest of the docs. also no need for multiple instances - zap a now redundant Nm - usage() sync
2013-11-25improve -Q usage and such. One usage change is that the option is nowTheo de Raadt
case-sensitive ok dtucker markus djm
2013-11-21no need for .Pp before displays;Jason McIntyre
2013-11-21RCSID markersDamien Miller
2013-11-21Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com"Damien Miller
that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
2013-11-20unsigned casts for ctype macros where neccessaryTheo de Raadt
ok guenther millert markus
2013-11-20delay closure of in/out fds until after "Bad protocol versionDamien Miller
identification..." message, as get_remote_ipaddr/get_remote_port require them open.
2013-11-13add missing braces found by pedroMarkus Friedl
2013-11-08Include stdlib.h for free() as per the man page.Darren Tucker
2013-11-08openssh-6.4Damien Miller
2013-11-08use calloc for all structure allocations; from markus@Damien Miller
2013-11-07Output the effective values of Ciphers, MACs and KexAlgorithms whenDarren Tucker
the default has not been overridden. ok markus@
2013-11-06from portable: s/true/true_val/ to avoid name collisions on dump platformsDamien Miller
2013-11-06fix rekeying for AES-GCM modes; ok deraadtMarkus Friedl
2013-11-04fix rekeying for KEX_C25519_SHA256; noted by dtucker@Markus Friedl
2013-11-03fix a couple of function definitions foo() -> foo(void)Damien Miller
(-Wold-style-definition)
2013-11-02the default kex is now curve25519-sha256@libssh.orgMarkus Friedl
2013-11-02no need to include monitor_wrap.h and ssh-gss.hMarkus Friedl
2013-11-02no need to include ssh-gss.hMarkus Friedl
2013-11-02no need to include monitor_wrap.hMarkus Friedl
2013-11-02add missing $OpenBSD$ tagsMarkus Friedl
2013-11-02use curve25519 for default key exchange (curve25519-sha256@libssh.org);Markus Friedl
initial patch from Aris Adamantiadis; ok djm@
2013-11-02support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;Markus Friedl
fixes bz#1908; based on patch from Laurent Barbe; ok djm
2013-10-29pty(4), not pty(7);Jason McIntyre
2013-10-29shd_config PermitTTY to disallow TTY allocation, mirroring theDamien Miller
longstanding no-pty authorized_keys option; bz#2070, patch from Teran McKinney; ok markus@
2013-10-29fix potential stack exhaustion caused by nested certificates;Damien Miller
report by Mateusz Kocielski; ok dtucker@ markus@
2013-10-25fix crash when using ProxyCommand caused by previous commit - was callingDamien Miller
freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
2013-10-24fix bug introduced in hostname canonicalisation commit: don't try toDamien Miller
resolve hostnames when a ProxyCommand is set unless the user has forced canonicalisation; spotted by Iain Morgan
2013-10-24Disallow empty Match statements and add "Match all" which matches everything.Darren Tucker
ok djm, man page help jmc@
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-20 08:35:41 +0000