History log of /openssh-portable/hostfile.c (Results 1 - 25 of 143)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 696fb429 06-Jul-2019 dtucker@openbsd.org

upstream: Remove some set but never used variables. ok daraadt@

OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7


# 1b2d55d1 27-Jun-2019 deraadt@openbsd.org

upstream: oops, from asou

OpenBSD-Commit-ID: 702e765d1639b732370d8f003bb84a1c71c4d0c6


# 5cdbaa78 27-Jun-2019 deraadt@openbsd.org

upstream: Some asprintf() calls were checked < 0, rather than the

precise == -1. ok millert nicm tb, etc

OpenBSD-Commit-ID: caecf8f57938685c04f125515b9f2806ad408d53


Revision tags: V_8_0_P1, V_7_9_P1, V_7_8_P1
# de2997a4 15-Jul-2018 djm@openbsd.org

upstream: memleaks; found by valgrind

OpenBSD-Commit-ID: 6c3ba22be53e753c899545f771e8399fc93cd844


# 7f906352 06-Jun-2018 markus@openbsd.org

upstream: switch config file parsing to getline(3) as this avoids

static limits noted by gerhard@; ok dtucker@, djm@

OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c


Revision tags: V_7_7_P1, V_7_6_P1
# 9e509d4e 31-May-2017 deraadt@openbsd.org

upstream commit

Switch to recallocarray() for a few operations. Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in t

upstream commit

Switch to recallocarray() for a few operations. Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus

Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065

show more ...


# 873d3e7d 30-Apr-2017 djm@openbsd.org

upstream commit

remove KEY_RSA1

ok markus@

Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133


# 56912dea 30-Apr-2017 djm@openbsd.org

upstream commit

unifdef WITH_SSH1 ok markus@

Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7


Revision tags: V_7_5_P1
# db259720 09-Mar-2017 djm@openbsd.org

upstream commit

ensure hostname is lower-case before hashing it;
bz#2591 reported by Griff Miller II; ok dtucker@

Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17


Revision tags: V_7_4_P1
# 10363563 17-Sep-2016 tedu@openbsd.org

upstream commit

replace two arc4random loops with arc4random_buf ok
deraadt natano

Upstream-ID: e18ede972d1737df54b49f011fa4f3917a403f48


Revision tags: V_7_3_P1, V_7_2_P2, V_7_2_P1, V_7_1_P2, V_7_1_P1, V_7_0_P1, V_6_9_P1
# e661a863 04-May-2015 djm@openbsd.org

upstream commit

Remove pattern length argument from match_pattern_list(), we
only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read

upstream commit

Remove pattern length argument from match_pattern_list(), we
only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.

ok markus@

show more ...


# 398f9ef1 31-Mar-2015 djm@openbsd.org

upstream commit

downgrade error() for known_hosts parse errors to debug()
to quiet warnings from ssh1 keys present when compiled !ssh1.

also identify ssh1 keys when scanning, e

upstream commit

downgrade error() for known_hosts parse errors to debug()
to quiet warnings from ssh1 keys present when compiled !ssh1.

also identify ssh1 keys when scanning, even when compiled !ssh1

ok markus@ miod@

show more ...


Revision tags: V_6_8_P1
# 6c5c9497 16-Feb-2015 djm@openbsd.org

upstream commit

Refactor hostkeys_foreach() and dependent code Deal with
IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing
changed ok markus@ as part of larger

upstream commit

Refactor hostkeys_foreach() and dependent code Deal with
IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing
changed ok markus@ as part of larger commit

show more ...


# 3076ee7d 26-Jan-2015 djm@openbsd.org

upstream commit

properly restore umask


# 8d4f8725 25-Jan-2015 djm@openbsd.org

upstream commit

Host key rotation support.

Add a hostkeys@openssh.com protocol extension (global request) for
a server to inform a client of all its available host key after

upstream commit

Host key rotation support.

Add a hostkeys@openssh.com protocol extension (global request) for
a server to inform a client of all its available host key after
authentication has completed. The client may record the keys in
known_hosts, allowing it to upgrade to better host key algorithms
and a server to gracefully rotate its keys.

The client side of this is controlled by a UpdateHostkeys config
option (default on).

ok markus@

show more ...


# ec3d065d 18-Jan-2015 djm@openbsd.org

upstream commit

convert load_hostkeys() (hostkey ordering and
known_host matching) to use the new hostkey_foreach() iterator; ok markus


# c29811cc 18-Jan-2015 djm@openbsd.org

upstream commit

introduce hostkeys_foreach() to allow iteration over a
known_hosts file or controlled subset thereof. This will allow us to pull out
some ugly and duplicated code,

upstream commit

introduce hostkeys_foreach() to allow iteration over a
known_hosts file or controlled subset thereof. This will allow us to pull out
some ugly and duplicated code, and will be used to implement hostkey rotation
later.

feedback and ok markus

show more ...


# 1129dcfc 15-Jan-2015 djm@openbsd.org

upstream commit

sync ssh-keysign, ssh-keygen and some dependencies to the
new buffer/key API; mostly mechanical, ok markus@


# 6fdcaeb9 19-Oct-2014 djm@openbsd.org

upstream commit

whitespace


Revision tags: V_6_7_P1
# 8668706d 02-Jul-2014 Damien Miller

- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c

- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
[cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
[digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
[hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
[ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
[ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
[sshconnect2.c sshd.c sshkey.c sshkey.h
[openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.

with and ok markus@

Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.

NB. This commit also removes portable OpenSSH support for OpenSSL
<0.9.8e.

show more ...


# 1f0311c7 15-May-2014 Damien Miller

- markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
[kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]

- markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
[kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
[roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
make compiling against OpenSSL optional (make OPENSSL=no);
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm

show more ...


Revision tags: V_6_6_P1
# 1d2c4564 03-Feb-2014 Damien Miller

- tedu@cvs.openbsd.org 2014/01/31 16:39:19
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
[channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]

- tedu@cvs.openbsd.org 2014/01/31 16:39:19
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
[channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
[kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
[sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
[openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
replace most bzero with explicit_bzero, except a few that cna be memset
ok djm dtucker

show more ...


# 4e8d937a 03-Feb-2014 Damien Miller

- markus@cvs.openbsd.org 2014/01/27 18:58:14
[Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
replace openssl HMAC with an implementation based on our ssh_digest

- markus@cvs.openbsd.org 2014/01/27 18:58:14
[Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
replace openssl HMAC with an implementation based on our ssh_digest_*
ok and feedback djm@

show more ...


Revision tags: V_6_5_P1
# b3051d01 09-Jan-2014 Damien Miller

- djm@cvs.openbsd.org 2014/01/09 23:20:00
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
[kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.

- djm@cvs.openbsd.org 2014/01/09 23:20:00
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
[kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
[kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
[schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@

show more ...


Revision tags: V_6_4_P1, V_6_3_P1
# ce986546 18-Jul-2013 Damien Miller

- djm@cvs.openbsd.org 2013/07/12 00:19:59
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
[hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]

- djm@cvs.openbsd.org 2013/07/12 00:19:59
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
[hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@

show more ...


123456