summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
AgeCommit message (Collapse)Author
2013-12-04bz#2171: don't leak local_fd on error; from Loganaden Velvindron @Damien Miller
AfriNIC
2013-12-02correct bzero of chacha20+poly1305 key context. bz#2177 fromDamien Miller
Loganaden Velvindron @ AfriNIC Also make it a memset for consistency with the rest of cipher.c
2013-12-02make key_to_blob() return a NULL blob on failure; part ofDamien Miller
bz#2175 from Loganaden Velvindron @ AfriNIC
2013-12-02use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNICDamien Miller
2013-12-02typo; from Jon CaveDamien Miller
2013-12-01mention curve25519-sha256@libssh.org key exchange algorithmDamien Miller
2013-11-26cleanup 1 << 31 idioms. Resurrection of this issue pointed out by Eitan AdlerTheo de Raadt
ok markus for ssh, implies same change in kerberosV
2013-11-26- put -Q in the right placeJason McIntyre
- Ar was a poor choice for the arguments to -Q. i've chosen an admittedly equally poor Cm, at least consistent with the rest of the docs. also no need for multiple instances - zap a now redundant Nm - usage() sync
2013-11-25improve -Q usage and such. One usage change is that the option is nowTheo de Raadt
case-sensitive ok dtucker markus djm
2013-11-21no need for .Pp before displays;Jason McIntyre
2013-11-21RCSID markersDamien Miller
2013-11-21Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com"Damien Miller
that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
2013-11-20unsigned casts for ctype macros where neccessaryTheo de Raadt
ok guenther millert markus
2013-11-20delay closure of in/out fds until after "Bad protocol versionDamien Miller
identification..." message, as get_remote_ipaddr/get_remote_port require them open.
2013-11-13add missing braces found by pedroMarkus Friedl
2013-11-08Include stdlib.h for free() as per the man page.Darren Tucker
2013-11-08openssh-6.4Damien Miller
2013-11-08use calloc for all structure allocations; from markus@Damien Miller
2013-11-07Output the effective values of Ciphers, MACs and KexAlgorithms whenDarren Tucker
the default has not been overridden. ok markus@
2013-11-06from portable: s/true/true_val/ to avoid name collisions on dump platformsDamien Miller
2013-11-06fix rekeying for AES-GCM modes; ok deraadtMarkus Friedl
2013-11-04fix rekeying for KEX_C25519_SHA256; noted by dtucker@Markus Friedl
2013-11-03fix a couple of function definitions foo() -> foo(void)Damien Miller
(-Wold-style-definition)
2013-11-02the default kex is now curve25519-sha256@libssh.orgMarkus Friedl
2013-11-02no need to include monitor_wrap.h and ssh-gss.hMarkus Friedl
2013-11-02no need to include ssh-gss.hMarkus Friedl
2013-11-02no need to include monitor_wrap.hMarkus Friedl
2013-11-02add missing $OpenBSD$ tagsMarkus Friedl
2013-11-02use curve25519 for default key exchange (curve25519-sha256@libssh.org);Markus Friedl
initial patch from Aris Adamantiadis; ok djm@
2013-11-02support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;Markus Friedl
fixes bz#1908; based on patch from Laurent Barbe; ok djm
2013-10-29pty(4), not pty(7);Jason McIntyre
2013-10-29shd_config PermitTTY to disallow TTY allocation, mirroring theDamien Miller
longstanding no-pty authorized_keys option; bz#2070, patch from Teran McKinney; ok markus@
2013-10-29fix potential stack exhaustion caused by nested certificates;Damien Miller
report by Mateusz Kocielski; ok dtucker@ markus@
2013-10-25fix crash when using ProxyCommand caused by previous commit - was callingDamien Miller
freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
2013-10-24fix bug introduced in hostname canonicalisation commit: don't try toDamien Miller
resolve hostnames when a ProxyCommand is set unless the user has forced canonicalisation; spotted by Iain Morgan
2013-10-24Disallow empty Match statements and add "Match all" which matches everything.Darren Tucker
ok djm, man page help jmc@
2013-10-24Periodically print progress and, if possible, expected time to completionDarren Tucker
when screening moduli for DH groups. ok deraadt djm
2013-10-23include local address and port in "Connection from ..." message (onlyDamien Miller
shown at loglevel>=verbose)
2013-10-23fix commentDarren Tucker
2013-10-23Make code match documentation: relative-specified certificate expiry timeDamien Miller
should be relative to current time and not the validity start time. Reported by Petr Lautrbach; ok deraadt@
2013-10-23commentDamien Miller
2013-10-23Hostname may have %h sequences that should be expanded prior to MatchDamien Miller
evaluation; spotted by Iain Morgan
2013-10-20tweak the "exec" description, as worded by djm;Jason McIntyre
2013-10-20add canonicalisation options to -o listsDamien Miller
2013-10-20rename "command" subclause of the recently-added "Match" keyword toDamien Miller
"exec"; it's shorter, clearer in intent and we might want to add the ability to match against the command being executed at the remote end in the future.
2013-10-20document % expansions performed by "Match command ..."Damien Miller
2013-10-17include remote port in bad banner message; bz#2162Damien Miller
2013-10-17tweak previous;Jason McIntyre
2013-10-17rearrange check to reduce diff against -portableDamien Miller
2013-10-17fsync@openssh.com protocol extension for sftp-serverDamien Miller
client support to allow calling fsync() faster successful transfer patch mostly by imorgan AT nas.nasa.gov; bz#1798 "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 22:08:05 +0000