summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Import regenerated moduli file.dtucker2019-10-226-450/+404
|
* potential NULL dereference for revoked hostkeys; reported bydjm2019-10-161-2/+2
| | | | krishnaiah bommu
* free buf before return; reported by krishnaiah bommudjm2019-10-161-1/+2
|
* memleak in error path; spotted by oss-fuzz, ok markus@djm2019-10-141-9/+17
|
* openssh-8.1djm2019-10-091-2/+2
|
* fix an unreachable integer overflow similar to the XMSS case, and somedjm2019-10-091-4/+22
| | | | | | other NULL dereferences found by fuzzing. fix with and ok markus@
* fix integer overflow in XMSS private key parsing. Reported bydjm2019-10-091-2/+3
| | | | | | | | Adam Zabrocki via SecuriTeam's SSH program. Note that this code is experimental and not compiled by default. ok markus@
* Correct type for end-of-list sentinel; fixes initializer warnings ondtucker2019-10-081-2/+2
| | | | some platforms. ok deraadt.
* reversed test yielded incorrect debug messagedjm2019-10-071-2/+2
|
* fix memory leak in error path; bz#3074djm2019-10-041-3/+2
| | | | patch from krishnaiah.bommu@intel.com, ok dtucker
* spacedjm2019-10-041-2/+2
|
* Check for gmtime failure in moduli generation. Based on patch fromdtucker2019-10-041-1/+3
| | | | krishnaiah.bommu@intel.com, ok djm@
* use a more common options order in SYNOPSIS and sync usage();jmc2019-10-032-35/+33
| | | | | | while here, no need for Bk/Ek; ok dtucker
* thinko in previous; spotted by Mantas Mikulėnasdjm2019-10-021-2/+2
|
* make signature format match PROTOCOL.sshsig file: the message hashdjm2019-10-021-2/+2
| | | | | should be written as a string, not raw bytes. Spotted by Mantas Mikulėnas
* ban empty namespace strings for sshsig; spotted by Mantas Mikulėnasdjm2019-10-021-2/+2
|
* remove some duplicate #includesdjm2019-10-025-10/+5
|
* revert unconditional forced login implemented in r1.41 of ssh-pkcs11.c;djm2019-10-011-26/+5
| | | | | | | | r1.45 added a forced login as a fallback for cases where the token returns no objects and this is less disruptive for users of tokens directly in ssh (rather than via ssh-agent) and in ssh-keygen bz3006, patch from Jakub Jelen; ok markus
* group and sort single letter options; ok deraadtjmc2019-09-292-11/+9
|
* fix the DH-GEX text in -a;jmc2019-09-271-5/+5
| | | | because this required a comma, i added a comma to the first part, for balance...
* identity_file[] should be PATH_MAX, not the arbitrary number 1024deraadt2019-09-241-2/+2
|
* new sentence, new line;jmc2019-09-201-3/+4
|
* Allow testing signature syntax and validity without verifying thatdjm2019-09-162-10/+44
| | | | | | | | a signature came from a trusted signer. To discourage accidental or unintentional use, this is invoked by the deliberately ugly option name "check-novalidate" from Sebastian Kinne
* clarify that IdentitiesOnly also applies to the default ~/.ssh/id_*djm2019-09-131-4/+4
| | | | keys; bz#3062
* Plug mem leaks on error paths, based in part on github pr#120 fromdtucker2019-09-132-16/+21
| | | | David Carlier. ok djm@.
* whitespacedjm2019-09-131-3/+3
|
* allow %n to be expanded in ProxyCommand stringsdjm2019-09-134-22/+28
| | | | | From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@
* clarify that ConnectTimeout applies both to the TCP connection and todjm2019-09-131-4/+4
| | | | the protocol handshake/KEX. From Jean-Charles Longuet via Github PR140
* Fix potential truncation warning. ok deraadt.dtucker2019-09-091-2/+2
|
* Allow prepending a list of algorithms to the default set by startingnaddy2019-09-066-19/+80
| | | | | | | | | the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@
* key conversion should fail for !openssl builds, not fall through todjm2019-09-061-2/+5
| | | | the key generation code
* typo in previousdjm2019-09-061-2/+2
|
* avoid compiling certain files that deeply depend on libcrypto whendjm2019-09-064-8/+13
| | | | WITH_OPENSSL isn't set
* fixes for !WITH_OPENSSL compilation; ok dtucker@djm2019-09-0617-30/+111
|
* lots of things were relying on libcrypto headers to transitivelydjm2019-09-0617-18/+42
| | | | | include various system headers (mostly stdlib.h); include them explicitly
* remove leakmalloc reference; we used this early when refactoring butdjm2019-09-061-5/+1
| | | | not since
* better error code for bad arguments; inspired bydjm2019-09-061-2/+5
| | | | https://github.com/openssh/openssh-portable/pull/144 by Ed Maste
* if a PKCS#11 token returns no keys then try to login and refetchdjm2019-09-051-11/+33
| | | | them. Based on patch from Jakub Jelen; bz#2430 ok markus@
* sprinkle in some explicit errors here, otherwise the percolate alldjm2019-09-051-20/+60
| | | | | | the way up to dispatch_run_fatal() and lose all meaninful context to help with bz#3063; ok dtucker@
* only send ext_info for KEX_INITIAL; bz#2929 ok dtuckerdjm2019-09-051-3/+4
|
* macro fix; ok djmjmc2019-09-051-5/+5
|
* memleak on error path; found by libfuzzerdjm2019-09-051-1/+1
|
* expose allowed_signers options parsing code in header for fuzzingdjm2019-09-052-9/+17
| | | | | rename to make more consistent with philosophically-similar auth options parsing API.
* Call comma-separated lists as such to clarify semantics.naddy2019-09-042-18/+18
| | | | | | | | | | | | Options such as Ciphers take values that may be a list of ciphers; the complete list, not indiviual elements, may be prefixed with a dash or plus character to remove from or append to the default list, respectively. Users might read the current text as if each elment took an optional prefix, so tweak the wording from "values" to "list" to prevent such ambiguity for all options supporting these semantics. Fix instances missed in first commit. ok jmc@ kn@
* tweak previous;jmc2019-09-041-5/+5
|
* repair typo and editing mishapnaddy2019-09-032-3/+3
|
* sshsig tweaks and improvements from and suggested by Markusdjm2019-09-035-104/+122
| | | | ok markus/me
* sshsig: lightweight signature and verification ability for OpenSSHdjm2019-09-036-8/+1408
| | | | | | | | | | | | | This adds a simple manual signature scheme to OpenSSH. Signatures can be made and verified using ssh-keygen -Y sign|verify Signatures embed the key used to make them. At verification time, this is matched via principal name against an authorized_keys-like list of allowed signers. Mostly by Sebastian Kinne w/ some tweaks by me ok markus@
* move authorized_keys option parsing helpsers to misc.c and makedjm2019-09-033-72/+80
| | | | them public; ok markus@
* make get_sigtype public as sshkey_get_sigtype(); ok markus@djm2019-09-032-8/+9
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.