diff options
-rw-r--r-- | PROTOCOL.certkeys | 4 | ||||
-rw-r--r-- | PROTOCOL.chacha20poly1305 | 4 | ||||
-rw-r--r-- | PROTOCOL.krl | 4 | ||||
-rw-r--r-- | auth.h | 4 | ||||
-rw-r--r-- | authfd.c | 4 | ||||
-rw-r--r-- | channels.c | 8 | ||||
-rw-r--r-- | clientloop.c | 4 | ||||
-rw-r--r-- | kexdhs.c | 4 | ||||
-rw-r--r-- | kexgexs.c | 4 | ||||
-rw-r--r-- | scp.c | 4 | ||||
-rw-r--r-- | servconf.c | 6 | ||||
-rw-r--r-- | sftp.c | 4 | ||||
-rw-r--r-- | ssh-agent.c | 4 | ||||
-rw-r--r-- | ssh.c | 4 | ||||
-rw-r--r-- | ssh_api.h | 4 | ||||
-rw-r--r-- | ssh_config.5 | 6 | ||||
-rw-r--r-- | sshbuf.h | 4 | ||||
-rw-r--r-- | sshconnect.c | 4 | ||||
-rw-r--r-- | sshd.c | 4 | ||||
-rw-r--r-- | sshkey-xmss.c | 6 | ||||
-rw-r--r-- | umac.c | 14 | ||||
-rw-r--r-- | xmss_wots.c | 4 |
22 files changed, 54 insertions, 54 deletions
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index 64cb18700..65f11f538 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys | |||
@@ -174,7 +174,7 @@ certificate. Each represents a time in seconds since 1970-01-01 | |||
174 | 174 | ||
175 | valid after <= current time < valid before | 175 | valid after <= current time < valid before |
176 | 176 | ||
177 | criticial options is a set of zero or more key options encoded as | 177 | critical options is a set of zero or more key options encoded as |
178 | below. All such options are "critical" in the sense that an implementation | 178 | below. All such options are "critical" in the sense that an implementation |
179 | must refuse to authorise a key that has an unrecognised option. | 179 | must refuse to authorise a key that has an unrecognised option. |
180 | 180 | ||
@@ -291,4 +291,4 @@ permit-user-rc empty Flag indicating that execution of | |||
291 | of this script will not be permitted if | 291 | of this script will not be permitted if |
292 | this option is not present. | 292 | this option is not present. |
293 | 293 | ||
294 | $OpenBSD: PROTOCOL.certkeys,v 1.13 2017/11/03 02:32:19 djm Exp $ | 294 | $OpenBSD: PROTOCOL.certkeys,v 1.14 2018/04/10 00:10:49 djm Exp $ |
diff --git a/PROTOCOL.chacha20poly1305 b/PROTOCOL.chacha20poly1305 index 4857d3853..9ce2a1e3a 100644 --- a/PROTOCOL.chacha20poly1305 +++ b/PROTOCOL.chacha20poly1305 | |||
@@ -16,7 +16,7 @@ that computes a 128 bit integrity tag given a message and a single-use | |||
16 | The chacha20-poly1305@openssh.com combines these two primitives into an | 16 | The chacha20-poly1305@openssh.com combines these two primitives into an |
17 | authenticated encryption mode. The construction used is based on that | 17 | authenticated encryption mode. The construction used is based on that |
18 | proposed for TLS by Adam Langley in [3], but differs in the layout of | 18 | proposed for TLS by Adam Langley in [3], but differs in the layout of |
19 | data passed to the MAC and in the addition of encyption of the packet | 19 | data passed to the MAC and in the addition of encryption of the packet |
20 | lengths. | 20 | lengths. |
21 | 21 | ||
22 | Negotiation | 22 | Negotiation |
@@ -103,5 +103,5 @@ References | |||
103 | [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley | 103 | [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley |
104 | http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 | 104 | http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 |
105 | 105 | ||
106 | $OpenBSD: PROTOCOL.chacha20poly1305,v 1.3 2016/05/03 13:10:24 djm Exp $ | 106 | $OpenBSD: PROTOCOL.chacha20poly1305,v 1.4 2018/04/10 00:10:49 djm Exp $ |
107 | 107 | ||
diff --git a/PROTOCOL.krl b/PROTOCOL.krl index b9695107b..f319bad21 100644 --- a/PROTOCOL.krl +++ b/PROTOCOL.krl | |||
@@ -145,7 +145,7 @@ This section may appear multiple times. | |||
145 | 5. KRL signature sections | 145 | 5. KRL signature sections |
146 | 146 | ||
147 | The KRL_SECTION_SIGNATURE section serves a different purpose to the | 147 | The KRL_SECTION_SIGNATURE section serves a different purpose to the |
148 | preceeding ones: to provide cryptographic authentication of a KRL that | 148 | preceding ones: to provide cryptographic authentication of a KRL that |
149 | is retrieved over a channel that does not provide integrity protection. | 149 | is retrieved over a channel that does not provide integrity protection. |
150 | Its format is slightly different to the previously-described sections: | 150 | Its format is slightly different to the previously-described sections: |
151 | in order to simplify the signature generation, it includes as a "body" | 151 | in order to simplify the signature generation, it includes as a "body" |
@@ -166,4 +166,4 @@ Implementations that retrieve KRLs over untrusted channels must verify | |||
166 | signatures. Signature sections are optional for KRLs distributed by | 166 | signatures. Signature sections are optional for KRLs distributed by |
167 | trusted means. | 167 | trusted means. |
168 | 168 | ||
169 | $OpenBSD: PROTOCOL.krl,v 1.3 2015/01/30 01:10:33 djm Exp $ | 169 | $OpenBSD: PROTOCOL.krl,v 1.4 2018/04/10 00:10:49 djm Exp $ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.h,v 1.95 2018/03/03 03:15:51 djm Exp $ */ | 1 | /* $OpenBSD: auth.h,v 1.96 2018/04/10 00:10:49 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -89,7 +89,7 @@ struct Authctxt { | |||
89 | struct sshkey **prev_keys; | 89 | struct sshkey **prev_keys; |
90 | u_int nprev_keys; | 90 | u_int nprev_keys; |
91 | 91 | ||
92 | /* Last used key and ancilliary information from active auth method */ | 92 | /* Last used key and ancillary information from active auth method */ |
93 | struct sshkey *auth_method_key; | 93 | struct sshkey *auth_method_key; |
94 | char *auth_method_info; | 94 | char *auth_method_info; |
95 | 95 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.c,v 1.108 2018/02/23 15:58:37 markus Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.109 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -323,7 +323,7 @@ ssh_free_identitylist(struct ssh_identitylist *idl) | |||
323 | */ | 323 | */ |
324 | 324 | ||
325 | 325 | ||
326 | /* encode signature algoritm in flag bits, so we can keep the msg format */ | 326 | /* encode signature algorithm in flag bits, so we can keep the msg format */ |
327 | static u_int | 327 | static u_int |
328 | agent_encode_alg(const struct sshkey *key, const char *alg) | 328 | agent_encode_alg(const struct sshkey *key, const char *alg) |
329 | { | 329 | { |
diff --git a/channels.c b/channels.c index bdee1f386..65d9dbd5f 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.379 2018/02/05 05:36:49 tb Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.380 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2599,7 +2599,7 @@ channel_output_poll(struct ssh *ssh) | |||
2599 | * SSH_CHANNEL_MUX_PROXY channel and replace the mux clients ID | 2599 | * SSH_CHANNEL_MUX_PROXY channel and replace the mux clients ID |
2600 | * with the newly allocated channel ID. | 2600 | * with the newly allocated channel ID. |
2601 | * 2) Upstream messages are received by matching SSH_CHANNEL_MUX_PROXY | 2601 | * 2) Upstream messages are received by matching SSH_CHANNEL_MUX_PROXY |
2602 | * channels and procesed by channel_proxy_upstream(). The local channel ID | 2602 | * channels and processed by channel_proxy_upstream(). The local channel ID |
2603 | * is then translated back to the original mux client ID. | 2603 | * is then translated back to the original mux client ID. |
2604 | * 3) In both cases we need to keep track of matching SSH2_MSG_CHANNEL_CLOSE | 2604 | * 3) In both cases we need to keep track of matching SSH2_MSG_CHANNEL_CLOSE |
2605 | * messages so we can clean up SSH_CHANNEL_MUX_PROXY channels. | 2605 | * messages so we can clean up SSH_CHANNEL_MUX_PROXY channels. |
@@ -2610,7 +2610,7 @@ channel_output_poll(struct ssh *ssh) | |||
2610 | * channel. E.g. client_request_forwarded_tcpip() needs to figure | 2610 | * channel. E.g. client_request_forwarded_tcpip() needs to figure |
2611 | * out whether the request is addressed to the local client or a | 2611 | * out whether the request is addressed to the local client or a |
2612 | * specific downstream client based on the listen-address/port. | 2612 | * specific downstream client based on the listen-address/port. |
2613 | * 6) Agent and X11-Forwarding have a similar problem and are currenly | 2613 | * 6) Agent and X11-Forwarding have a similar problem and are currently |
2614 | * not supported as the matching session/channel cannot be identified | 2614 | * not supported as the matching session/channel cannot be identified |
2615 | * easily. | 2615 | * easily. |
2616 | */ | 2616 | */ |
@@ -2787,7 +2787,7 @@ channel_proxy_upstream(Channel *c, int type, u_int32_t seq, struct ssh *ssh) | |||
2787 | /* | 2787 | /* |
2788 | * When receiving packets from the peer we need to check whether we | 2788 | * When receiving packets from the peer we need to check whether we |
2789 | * need to forward the packets to the mux client. In this case we | 2789 | * need to forward the packets to the mux client. In this case we |
2790 | * restore the orignal channel id and keep track of CLOSE messages, | 2790 | * restore the original channel id and keep track of CLOSE messages, |
2791 | * so we can cleanup the channel. | 2791 | * so we can cleanup the channel. |
2792 | */ | 2792 | */ |
2793 | if (c == NULL || c->type != SSH_CHANNEL_MUX_PROXY) | 2793 | if (c == NULL || c->type != SSH_CHANNEL_MUX_PROXY) |
diff --git a/clientloop.c b/clientloop.c index 7bcf22e38..4801f4a77 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.311 2018/02/11 21:16:56 dtucker Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.312 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -664,7 +664,7 @@ client_status_confirm(struct ssh *ssh, int type, Channel *c, void *ctx) | |||
664 | options.request_tty == REQUEST_TTY_YES)) | 664 | options.request_tty == REQUEST_TTY_YES)) |
665 | cr->action = CONFIRM_CLOSE; | 665 | cr->action = CONFIRM_CLOSE; |
666 | 666 | ||
667 | /* XXX supress on mux _client_ quietmode */ | 667 | /* XXX suppress on mux _client_ quietmode */ |
668 | tochan = options.log_level >= SYSLOG_LEVEL_ERROR && | 668 | tochan = options.log_level >= SYSLOG_LEVEL_ERROR && |
669 | c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE; | 669 | c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE; |
670 | 670 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdhs.c,v 1.26 2018/02/07 02:06:51 jsing Exp $ */ | 1 | /* $OpenBSD: kexdhs.c,v 1.27 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -194,7 +194,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |||
194 | 194 | ||
195 | /* destroy_sensitive_data(); */ | 195 | /* destroy_sensitive_data(); */ |
196 | 196 | ||
197 | /* send server hostkey, DH pubkey 'f' and singed H */ | 197 | /* send server hostkey, DH pubkey 'f' and signed H */ |
198 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || | 198 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || |
199 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || | 199 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || |
200 | (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ | 200 | (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexs.c,v 1.32 2018/02/07 02:06:51 jsing Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.33 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -224,7 +224,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |||
224 | 224 | ||
225 | /* destroy_sensitive_data(); */ | 225 | /* destroy_sensitive_data(); */ |
226 | 226 | ||
227 | /* send server hostkey, DH pubkey 'f' and singed H */ | 227 | /* send server hostkey, DH pubkey 'f' and signed H */ |
228 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || | 228 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || |
229 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || | 229 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || |
230 | (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ | 230 | (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: scp.c,v 1.195 2018/02/10 06:15:12 djm Exp $ */ | 1 | /* $OpenBSD: scp.c,v 1.196 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
4 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
@@ -311,7 +311,7 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout) | |||
311 | } | 311 | } |
312 | 312 | ||
313 | /* | 313 | /* |
314 | * This functions executes a command simlar to do_cmd(), but expects the | 314 | * This function executes a command similar to do_cmd(), but expects the |
315 | * input and output descriptors to be setup by a previous call to do_cmd(). | 315 | * input and output descriptors to be setup by a previous call to do_cmd(). |
316 | * This way the input and output of two commands can be connected. | 316 | * This way the input and output of two commands can be connected. |
317 | */ | 317 | */ |
diff --git a/servconf.c b/servconf.c index 4a508f138..5ca84515f 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.327 2018/04/04 15:12:17 job Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.328 2018/04/10 00:10:49 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -1951,7 +1951,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1951 | case sAuthenticationMethods: | 1951 | case sAuthenticationMethods: |
1952 | if (options->num_auth_methods == 0) { | 1952 | if (options->num_auth_methods == 0) { |
1953 | value = 0; /* seen "any" pseudo-method */ | 1953 | value = 0; /* seen "any" pseudo-method */ |
1954 | value2 = 0; /* sucessfully parsed any method */ | 1954 | value2 = 0; /* successfully parsed any method */ |
1955 | while ((arg = strdelim(&cp)) && *arg != '\0') { | 1955 | while ((arg = strdelim(&cp)) && *arg != '\0') { |
1956 | if (strcmp(arg, "any") == 0) { | 1956 | if (strcmp(arg, "any") == 0) { |
1957 | if (options->num_auth_methods > 0) { | 1957 | if (options->num_auth_methods > 0) { |
@@ -2135,7 +2135,7 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec) | |||
2135 | * | 2135 | * |
2136 | * If the preauth flag is set, we do not bother copying the string or | 2136 | * If the preauth flag is set, we do not bother copying the string or |
2137 | * array values that are not used pre-authentication, because any that we | 2137 | * array values that are not used pre-authentication, because any that we |
2138 | * do use must be explictly sent in mm_getpwnamallow(). | 2138 | * do use must be explicitly sent in mm_getpwnamallow(). |
2139 | */ | 2139 | */ |
2140 | void | 2140 | void |
2141 | copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | 2141 | copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp.c,v 1.182 2017/11/03 03:46:52 djm Exp $ */ | 1 | /* $OpenBSD: sftp.c,v 1.183 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -1844,7 +1844,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, | |||
1844 | return 0; | 1844 | return 0; |
1845 | } | 1845 | } |
1846 | 1846 | ||
1847 | /* Complete ambigious command */ | 1847 | /* Complete ambiguous command */ |
1848 | tmp = complete_ambiguous(cmd, list, count); | 1848 | tmp = complete_ambiguous(cmd, list, count); |
1849 | if (count > 1) | 1849 | if (count > 1) |
1850 | complete_display(list, 0); | 1850 | complete_display(list, 0); |
diff --git a/ssh-agent.c b/ssh-agent.c index 68de56ce6..cd028913e 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.229 2018/04/09 23:54:49 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.230 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -709,7 +709,7 @@ process_message(u_int socknum) | |||
709 | 709 | ||
710 | debug("%s: socket %u (fd=%d) type %d", __func__, socknum, e->fd, type); | 710 | debug("%s: socket %u (fd=%d) type %d", __func__, socknum, e->fd, type); |
711 | 711 | ||
712 | /* check wheter agent is locked */ | 712 | /* check whether agent is locked */ |
713 | if (locked && type != SSH_AGENTC_UNLOCK) { | 713 | if (locked && type != SSH_AGENTC_UNLOCK) { |
714 | sshbuf_reset(e->request); | 714 | sshbuf_reset(e->request); |
715 | switch (type) { | 715 | switch (type) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.475 2018/02/23 15:58:38 markus Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.476 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1485,7 +1485,7 @@ main(int ac, char **av) | |||
1485 | /* load options.identity_files */ | 1485 | /* load options.identity_files */ |
1486 | load_public_identity_files(pw); | 1486 | load_public_identity_files(pw); |
1487 | 1487 | ||
1488 | /* optionally set the SSH_AUTHSOCKET_ENV_NAME varibale */ | 1488 | /* optionally set the SSH_AUTHSOCKET_ENV_NAME variable */ |
1489 | if (options.identity_agent && | 1489 | if (options.identity_agent && |
1490 | strcmp(options.identity_agent, SSH_AUTHSOCKET_ENV_NAME) != 0) { | 1490 | strcmp(options.identity_agent, SSH_AUTHSOCKET_ENV_NAME) != 0) { |
1491 | if (strcmp(options.identity_agent, "none") == 0) { | 1491 | if (strcmp(options.identity_agent, "none") == 0) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh_api.h,v 1.1 2015/01/19 20:30:23 markus Exp $ */ | 1 | /* $OpenBSD: ssh_api.h,v 1.2 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2012 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2012 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -81,7 +81,7 @@ int ssh_set_verify_host_key_callback(struct ssh *ssh, | |||
81 | * ssh_packet_next() sets typep if there is no new packet available. | 81 | * ssh_packet_next() sets typep if there is no new packet available. |
82 | * in this case the caller must fill the input byte-stream by passing | 82 | * in this case the caller must fill the input byte-stream by passing |
83 | * the data received over network to ssh_input_append(). | 83 | * the data received over network to ssh_input_append(). |
84 | * additinally, the caller needs to send the resulting output | 84 | * additionally, the caller needs to send the resulting output |
85 | * byte-stream back over the network. otherwise the key exchange | 85 | * byte-stream back over the network. otherwise the key exchange |
86 | * would not proceed. the output byte-stream is accessed through | 86 | * would not proceed. the output byte-stream is accessed through |
87 | * ssh_output_ptr(). | 87 | * ssh_output_ptr(). |
diff --git a/ssh_config.5 b/ssh_config.5 index 1ca0862b8..bcd18a872 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.272 2018/04/07 13:50:10 jmc Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.273 2018/04/10 00:10:49 djm Exp $ |
37 | .Dd $Mdocdate: April 7 2018 $ | 37 | .Dd $Mdocdate: April 10 2018 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -1308,7 +1308,7 @@ section. | |||
1308 | .It Cm RemoteForward | 1308 | .It Cm RemoteForward |
1309 | Specifies that a TCP port on the remote machine be forwarded over | 1309 | Specifies that a TCP port on the remote machine be forwarded over |
1310 | the secure channel. | 1310 | the secure channel. |
1311 | The remote port may either be fowarded to a specified host and port | 1311 | The remote port may either be forwarded to a specified host and port |
1312 | from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote | 1312 | from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote |
1313 | client to connect to arbitrary destinations from the local machine. | 1313 | client to connect to arbitrary destinations from the local machine. |
1314 | The first argument must be | 1314 | The first argument must be |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshbuf.h,v 1.9 2017/09/12 06:32:07 djm Exp $ */ | 1 | /* $OpenBSD: sshbuf.h,v 1.10 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2011 Damien Miller | 3 | * Copyright (c) 2011 Damien Miller |
4 | * | 4 | * |
@@ -53,7 +53,7 @@ struct sshbuf { | |||
53 | #ifndef SSHBUF_NO_DEPREACTED | 53 | #ifndef SSHBUF_NO_DEPREACTED |
54 | /* | 54 | /* |
55 | * NB. Please do not use sshbuf_init() in new code. Please use sshbuf_new() | 55 | * NB. Please do not use sshbuf_init() in new code. Please use sshbuf_new() |
56 | * instead. sshbuf_init() is deprectated and will go away soon (it is | 56 | * instead. sshbuf_init() is deprecated and will go away soon (it is |
57 | * only included to allow compat with buffer_* in OpenSSH) | 57 | * only included to allow compat with buffer_* in OpenSSH) |
58 | */ | 58 | */ |
59 | void sshbuf_init(struct sshbuf *buf); | 59 | void sshbuf_init(struct sshbuf *buf); |
diff --git a/sshconnect.c b/sshconnect.c index 3805d35d9..32f9c8b3a 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.297 2018/02/23 15:58:38 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.298 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -277,7 +277,7 @@ ssh_kill_proxy_command(void) | |||
277 | #ifdef HAVE_IFADDRS_H | 277 | #ifdef HAVE_IFADDRS_H |
278 | /* | 278 | /* |
279 | * Search a interface address list (returned from getifaddrs(3)) for an | 279 | * Search a interface address list (returned from getifaddrs(3)) for an |
280 | * address that matches the desired address family on the specifed interface. | 280 | * address that matches the desired address family on the specified interface. |
281 | * Returns 0 and fills in *resultp and *rlenp on success. Returns -1 on failure. | 281 | * Returns 0 and fills in *resultp and *rlenp on success. Returns -1 on failure. |
282 | */ | 282 | */ |
283 | static int | 283 | static int |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.507 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1336,7 +1336,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
1336 | * return an error if any are found). Basically we are worried about | 1336 | * return an error if any are found). Basically we are worried about |
1337 | * source routing; it can be used to pretend you are somebody | 1337 | * source routing; it can be used to pretend you are somebody |
1338 | * (ip-address) you are not. That itself may be "almost acceptable" | 1338 | * (ip-address) you are not. That itself may be "almost acceptable" |
1339 | * under certain circumstances, but rhosts autentication is useless | 1339 | * under certain circumstances, but rhosts authentication is useless |
1340 | * if source routing is accepted. Notice also that if we just dropped | 1340 | * if source routing is accepted. Notice also that if we just dropped |
1341 | * source routing here, the other side could use IP spoofing to do | 1341 | * source routing here, the other side could use IP spoofing to do |
1342 | * rest of the interaction and could still bypass security. So we | 1342 | * rest of the interaction and could still bypass security. So we |
diff --git a/sshkey-xmss.c b/sshkey-xmss.c index 5d66ee790..2c50f75f8 100644 --- a/sshkey-xmss.c +++ b/sshkey-xmss.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey-xmss.c,v 1.1 2018/02/23 15:58:38 markus Exp $ */ | 1 | /* $OpenBSD: sshkey-xmss.c,v 1.2 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2017 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2017 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -66,7 +66,7 @@ struct ssh_xmss_state { | |||
66 | treehash_inst *treehash; | 66 | treehash_inst *treehash; |
67 | 67 | ||
68 | u_int32_t idx; /* state read from file */ | 68 | u_int32_t idx; /* state read from file */ |
69 | u_int32_t maxidx; /* resticted # of signatures */ | 69 | u_int32_t maxidx; /* restricted # of signatures */ |
70 | int have_state; /* .state file exists */ | 70 | int have_state; /* .state file exists */ |
71 | int lockfd; /* locked in sshkey_xmss_get_state() */ | 71 | int lockfd; /* locked in sshkey_xmss_get_state() */ |
72 | int allow_update; /* allow sshkey_xmss_update_state() */ | 72 | int allow_update; /* allow sshkey_xmss_update_state() */ |
@@ -583,7 +583,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) | |||
583 | } | 583 | } |
584 | idx = PEEK_U32(k->xmss_sk); | 584 | idx = PEEK_U32(k->xmss_sk); |
585 | if (idx == state->idx) { | 585 | if (idx == state->idx) { |
586 | /* no signature happend, no need to update */ | 586 | /* no signature happened, no need to update */ |
587 | ret = 0; | 587 | ret = 0; |
588 | goto done; | 588 | goto done; |
589 | } else if (idx != state->idx + 1) { | 589 | } else if (idx != state->idx + 1) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: umac.c,v 1.16 2017/12/12 15:06:12 naddy Exp $ */ | 1 | /* $OpenBSD: umac.c,v 1.17 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* ----------------------------------------------------------------------- | 2 | /* ----------------------------------------------------------------------- |
3 | * | 3 | * |
4 | * umac.c -- C Implementation UMAC Message Authentication | 4 | * umac.c -- C Implementation UMAC Message Authentication |
@@ -65,7 +65,7 @@ | |||
65 | /* #define AES_IMPLEMENTAION 1 1 = OpenSSL, 2 = Barreto, 3 = Gladman */ | 65 | /* #define AES_IMPLEMENTAION 1 1 = OpenSSL, 2 = Barreto, 3 = Gladman */ |
66 | /* #define SSE2 0 Is SSE2 is available? */ | 66 | /* #define SSE2 0 Is SSE2 is available? */ |
67 | /* #define RUN_TESTS 0 Run basic correctness/speed tests */ | 67 | /* #define RUN_TESTS 0 Run basic correctness/speed tests */ |
68 | /* #define UMAC_AE_SUPPORT 0 Enable auhthenticated encrytion */ | 68 | /* #define UMAC_AE_SUPPORT 0 Enable authenticated encryption */ |
69 | 69 | ||
70 | /* ---------------------------------------------------------------------- */ | 70 | /* ---------------------------------------------------------------------- */ |
71 | /* -- Global Includes --------------------------------------------------- */ | 71 | /* -- Global Includes --------------------------------------------------- */ |
@@ -295,9 +295,9 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) | |||
295 | * Before beginning another hash calculation the nh_reset() routine | 295 | * Before beginning another hash calculation the nh_reset() routine |
296 | * must be called. The single-buffer routine, nh(), is equivalent to | 296 | * must be called. The single-buffer routine, nh(), is equivalent to |
297 | * the sequence of calls nh_update() and nh_final(); however it is | 297 | * the sequence of calls nh_update() and nh_final(); however it is |
298 | * optimized and should be prefered whenever the multiple-buffer interface | 298 | * optimized and should be preferred whenever the multiple-buffer interface |
299 | * is not necessary. When using either interface, it is the client's | 299 | * is not necessary. When using either interface, it is the client's |
300 | * responsability to pass no more than L1_KEY_LEN bytes per hash result. | 300 | * responsibility to pass no more than L1_KEY_LEN bytes per hash result. |
301 | * | 301 | * |
302 | * The routine nh_init() initializes the nh_ctx data structure and | 302 | * The routine nh_init() initializes the nh_ctx data structure and |
303 | * must be called once, before any other PDF routine. | 303 | * must be called once, before any other PDF routine. |
@@ -319,8 +319,8 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) | |||
319 | typedef struct { | 319 | typedef struct { |
320 | UINT8 nh_key [L1_KEY_LEN + L1_KEY_SHIFT * (STREAMS - 1)]; /* NH Key */ | 320 | UINT8 nh_key [L1_KEY_LEN + L1_KEY_SHIFT * (STREAMS - 1)]; /* NH Key */ |
321 | UINT8 data [HASH_BUF_BYTES]; /* Incoming data buffer */ | 321 | UINT8 data [HASH_BUF_BYTES]; /* Incoming data buffer */ |
322 | int next_data_empty; /* Bookeeping variable for data buffer. */ | 322 | int next_data_empty; /* Bookkeeping variable for data buffer. */ |
323 | int bytes_hashed; /* Bytes (out of L1_KEY_LEN) incorperated. */ | 323 | int bytes_hashed; /* Bytes (out of L1_KEY_LEN) incorporated. */ |
324 | UINT64 state[STREAMS]; /* on-line state */ | 324 | UINT64 state[STREAMS]; /* on-line state */ |
325 | } nh_ctx; | 325 | } nh_ctx; |
326 | 326 | ||
@@ -851,7 +851,7 @@ static void poly_hash(uhash_ctx_t hc, UINT32 data_in[]) | |||
851 | 851 | ||
852 | 852 | ||
853 | /* The final step in UHASH is an inner-product hash. The poly hash | 853 | /* The final step in UHASH is an inner-product hash. The poly hash |
854 | * produces a result not neccesarily WORD_LEN bytes long. The inner- | 854 | * produces a result not necessarily WORD_LEN bytes long. The inner- |
855 | * product hash breaks the polyhash output into 16-bit chunks and | 855 | * product hash breaks the polyhash output into 16-bit chunks and |
856 | * multiplies each with a 36 bit key. | 856 | * multiplies each with a 36 bit key. |
857 | */ | 857 | */ |
diff --git a/xmss_wots.c b/xmss_wots.c index b4702ed8d..ed904cd75 100644 --- a/xmss_wots.c +++ b/xmss_wots.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: xmss_wots.c,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ | 1 | /* $OpenBSD: xmss_wots.c,v 1.3 2018/04/10 00:10:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | wots.c version 20160722 | 3 | wots.c version 20160722 |
4 | Andreas Hülsing | 4 | Andreas Hülsing |
@@ -65,7 +65,7 @@ static void expand_seed(unsigned char *outseeds, const unsigned char *inseed, co | |||
65 | * Computes the chaining function. | 65 | * Computes the chaining function. |
66 | * out and in have to be n-byte arrays | 66 | * out and in have to be n-byte arrays |
67 | * | 67 | * |
68 | * interpretes in as start-th value of the chain | 68 | * interprets in as start-th value of the chain |
69 | * addr has to contain the address of the chain | 69 | * addr has to contain the address of the chain |
70 | */ | 70 | */ |
71 | static void gen_chain(unsigned char *out, const unsigned char *in, unsigned int start, unsigned int steps, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]) | 71 | static void gen_chain(unsigned char *out, const unsigned char *in, unsigned int start, unsigned int steps, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]) |