History log of /openssh-portable/sshconnect2.c (Results 1 - 25 of 576)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 96bd895a 06-Feb-2020 djm@openbsd.org

upstream: When using HostkeyAlgorithms to merely append or remove

algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the
default behaviour of preferring those algori

upstream: When using HostkeyAlgorithms to merely append or remove

algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the
default behaviour of preferring those algorithms that have existing keys in
known_hosts; ok markus

OpenBSD-Commit-ID: 040e7fcc38ea00146b5d224ce31ce7a1795ee6ed

show more ...


# a47f6a6c 06-Feb-2020 naddy@openbsd.org

upstream: Replace "security key" with "authenticator" in program

messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator"

upstream: Replace "security key" with "authenticator" in program

messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".

ok djm@

OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e

show more ...


# 7f8e66fe 23-Jan-2020 dtucker@openbsd.org

upstream: Make zlib optional. This adds a "ZLIB" build time option

that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@

Ope

upstream: Make zlib optional. This adds a "ZLIB" build time option

that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@

OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910

show more ...


# 3bf2a6ac 23-Jan-2020 dtucker@openbsd.org

upstream: Replace all calls to signal(2) with a wrapper around

sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTA

upstream: Replace all calls to signal(2) with a wrapper around

sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.

OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519

show more ...


# c4b3a128 22-Jan-2020 dtucker@openbsd.org

upstream: Remove unsupported algorithms from list of defaults at run

time and remove ifdef and distinct settings for OPENSSL=no case.

This will make things much simpler for -portabl

upstream: Remove unsupported algorithms from list of defaults at run

time and remove ifdef and distinct settings for OPENSSL=no case.

This will make things much simpler for -portable where the exact set
of algos depends on the configuration of both OpenSSH and the libcrypto
it's linked against (if any). ok djm@

OpenBSD-Commit-ID: e0116d0183dcafc7a9c40ba5fe9127805c5dfdd2

show more ...


# 881aded0 21-Jan-2020 djm@openbsd.org

upstream: a little more verbosity in sign_and_send_pubkey() debug

messages

OpenBSD-Commit-ID: 6da47a0e6373f6683006f49bc2a516d197655508


# 49dc9fa9 14-Nov-2019 djm@openbsd.org

upstream: close the "touch your security key" notifier on the error

path too

OpenBSD-Commit-ID: c7628bf80505c1aefbb1de7abc8bb5ee51826829


# 72687c8e 12-Nov-2019 deraadt@openbsd.org

upstream: stdarg.h required more broadly; ok djm

OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513


# e44bb618 12-Nov-2019 djm@openbsd.org

upstream: security keys typically need to be tapped/touched in

order to perform a signature operation. Notify the user when this is expected
via the TTY (if available) or $SSH_ASKPASS if

upstream: security keys typically need to be tapped/touched in

order to perform a signature operation. Notify the user when this is expected
via the TTY (if available) or $SSH_ASKPASS if we can.

ok markus@

OpenBSD-Commit-ID: 0ef90a99a85d4a2a07217a58efb4df8444818609

show more ...


# 2c55744a 12-Nov-2019 markus@openbsd.org

upstream: enable ed25519 support; ok djm

OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e


# 9a14c64c 31-Oct-2019 djm@openbsd.org

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign()

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c

show more ...


# 884416bd 31-Oct-2019 djm@openbsd.org

upstream: ssh client support for U2F/FIDO keys

OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc


Revision tags: V_8_1_P1
# 6b39a7b4 05-Aug-2019 dtucker@openbsd.org

upstream: Remove now-redundant perm_ok arg since

sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that
case. Patch from jitendra.sharma at intel.com, ok djm@

upstream: Remove now-redundant perm_ok arg since

sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that
case. Patch from jitendra.sharma at intel.com, ok djm@

OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77

show more ...


# 696fb429 06-Jul-2019 dtucker@openbsd.org

upstream: Remove some set but never used variables. ok daraadt@

OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7


# 4d28fa78 28-Jun-2019 deraadt@openbsd.org

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this be

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075

show more ...


# c586d2d3 30-May-2019 djm@openbsd.org

upstream: fix ssh-keysign fd handling problem introduced in r1.304

caused by a typo (STDIN_FILENO vs STDERR_FILENO)

OpenBSD-Commit-ID: 57a0b4be7bef23963afe24150e24bf014fdd9cb0


# a1d29cc3 15-May-2019 deraadt@openbsd.org

upstream: When doing the fork+exec'ing for ssh-keysign, rearrange

the socket into fd3, so as to not mistakenly leak other fd forward
accidentally. ok djm

OpenBSD-Commit-ID: 24cc

upstream: When doing the fork+exec'ing for ssh-keysign, rearrange

the socket into fd3, so as to not mistakenly leak other fd forward
accidentally. ok djm

OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296

show more ...


Revision tags: V_8_0_P1
# 38e83e4f 12-Feb-2019 djm@openbsd.org

upstream: fix regression in r1.302 reported by naddy@ - only the first

public key from the agent was being attempted for use.

OpenBSD-Commit-ID: 07116aea521a04888718b2157f1ca723b2f4

upstream: fix regression in r1.302 reported by naddy@ - only the first

public key from the agent was being attempted for use.

OpenBSD-Commit-ID: 07116aea521a04888718b2157f1ca723b2f46c8d

show more ...


# 5c68ea8d 11-Feb-2019 djm@openbsd.org

upstream: cleanup GSSAPI authentication context after completion of the

authmethod. Move function-static GSSAPI state to the client Authctxt
structure. Make static a bunch of functions t

upstream: cleanup GSSAPI authentication context after completion of the

authmethod. Move function-static GSSAPI state to the client Authctxt
structure. Make static a bunch of functions that aren't used outside this
file.

Based on patch from Markus Schmidt <markus@blueflash.cc>; ok markus@

OpenBSD-Commit-ID: 497fb792c0ddb4f1ba631b6eed526861f115dbe5

show more ...


# aaca72d6 21-Jan-2019 djm@openbsd.org

upstream: rename kex->kem_client_pub -> kex->client_pub now that

KEM has been renamed to kexgen

from markus@ ok djm@

OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8

upstream: rename kex->kem_client_pub -> kex->client_pub now that

KEM has been renamed to kexgen

from markus@ ok djm@

OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8

show more ...


# 92dda34e 21-Jan-2019 djm@openbsd.org

upstream: use KEM API for vanilla ECDH

from markus@ ok djm@

OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c


# 9c9c97e1 21-Jan-2019 djm@openbsd.org

upstream: use KEM API for vanilla DH KEX

from markus@ ok djm@

OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9


# 2f6a9ddb 21-Jan-2019 djm@openbsd.org

upstream: use KEM API for vanilla c25519 KEX

OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f


# dfd59161 21-Jan-2019 djm@openbsd.org

upstream: Add support for a PQC KEX/KEM:

sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss.

upstream: Add support for a PQC KEX/KEM:

sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not
enabled by default.

introduce KEM API; a simplified framework for DH-ish KEX methods.

from markus@ feedback & ok djm@

OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7

show more ...


# 0a5f2ea3 20-Jan-2019 djm@openbsd.org

upstream: GSSAPI code got missed when converting to new packet API

OpenBSD-Commit-ID: 37e4f06ab4a0f4214430ff462ba91acba28b7851


12345678910>>...24