History log of /openssh-portable/monitor_wrap.c (Results 1 - 25 of 268)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 56584cce 15-Dec-2019 djm@openbsd.org

upstream: allow security keys to act as host keys as well as user

keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FID

upstream: allow security keys to act as host keys as well as user

keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.

ok markus@

OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c

show more ...


# b7e74ea0 24-Nov-2019 djm@openbsd.org

upstream: Add new structure for signature options

This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment,

upstream: Add new structure for signature options

This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.

with and ok markus@

OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49

show more ...


# 189550f5 18-Nov-2019 naddy@openbsd.org

upstream: additional missing stdarg.h includes when built without

WITH_OPENSSL; ok djm@

OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b


# 9a14c64c 31-Oct-2019 djm@openbsd.org

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign()

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c

show more ...


Revision tags: V_8_1_P1
# 4d28fa78 28-Jun-2019 deraadt@openbsd.org

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this be

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075

show more ...


Revision tags: V_8_0_P1
# 7be8572b 21-Jan-2019 djm@openbsd.org

upstream: Make sshpkt_get_bignum2() allocate the bignum it is

parsing rather than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

OpenBSD-Commi

upstream: Make sshpkt_get_bignum2() allocate the bignum it is

parsing rather than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9

show more ...


# 9b655dc9 19-Jan-2019 Damien Miller

last bits of old packet API / active_state global


# 3f0786bb 19-Jan-2019 Damien Miller

remove PAM dependencies on old packet API

Requires some caching of values, because the PAM code isn't
always called with packet context.


# 04c091fc 19-Jan-2019 djm@openbsd.org

upstream: remove last references to active_state

with & ok markus@

OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2


# ec00f918 19-Jan-2019 djm@openbsd.org

upstream: convert monitor.c to new packet API

with & ok markus@

OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5


# 3a00a921 19-Jan-2019 djm@openbsd.org

upstream: convert auth.c to new packet API

with & ok markus@

OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4


# 0fa174eb 19-Jan-2019 djm@openbsd.org

upstream: begin landing remaining refactoring of packet parsing

API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes

upstream: begin landing remaining refactoring of packet parsing

API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4

show more ...


Revision tags: V_7_9_P1, V_7_8_P1
# 87f08be0 19-Jul-2018 Damien Miller

Remove support for S/Key

Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM

Remove support for S/Key

Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM or BSD Auth.

show more ...


# 6ad8648e 19-Jul-2018 djm@openbsd.org

upstream: remove unused zlib.h

OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1


# 1dd32c23 12-Jul-2018 Darren Tucker

Fallout from buffer conversion in AUDIT_EVENTS.

Supply missing "int r" and fix error path for sshbuf_new().


# 5467fbcb 11-Jul-2018 markus@openbsd.org

upstream: remove legacy key emulation layer; ok djm@

OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d


# 416287d4 10-Jul-2018 Darren Tucker

Fix sshbuf_new error path in skey.


# 7aab109b 10-Jul-2018 Darren Tucker

Supply missing third arg in skey.

During the change to the new buffer api the third arg to
sshbuf_get_cstring was ommitted. Fixes build when configured with skey.


# 380320bb 10-Jul-2018 Darren Tucker

Supply some more missing "int r" in skey


# 984bacfa 10-Jul-2018 sf@openbsd.org

upstream: re-remove some pre-auth compression bits

This time, make sure to not remove things that are necessary for
pre-auth compression on the client. Add a comment that pre-auth
co

upstream: re-remove some pre-auth compression bits

This time, make sure to not remove things that are necessary for
pre-auth compression on the client. Add a comment that pre-auth
compression is still supported in the client.

ok markus@

OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784

show more ...


# 120a1ec7 10-Jul-2018 Damien Miller

Adapt portable to legacy buffer API removal


# 0f3958c1 10-Jul-2018 djm@openbsd.org

upstream: kerberos/gssapi fixes for buffer removal

OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c


# 235c7c4e 09-Jul-2018 markus@openbsd.org

upstream: sshd: switch monitor to sshbuf API; lots of help & ok

djm@

OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48


# 2808d18c 09-Jul-2018 markus@openbsd.org

upstream: sshd: switch loginmsg to sshbuf API; ok djm@

OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42


# 168b46f4 09-Jul-2018 sf@openbsd.org

upstream: Revert previous two commits

It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:

date: 2018/07/06 09:06:14; au

upstream: Revert previous two commits

It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:

date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
Rename COMP_DELAYED to COMP_ZLIB

Only delayed compression is supported nowadays.

ok markus@

date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
Remove leftovers from pre-authentication compression

Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.

ok markus@

OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772

show more ...


1234567891011