summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-01-23upstream: move a bunch of global flag variables to main(); make thedjm@openbsd.org
rest static OpenBSD-Commit-ID: fa431d92584e81fe99f95882f4c56b43fe3242dc
2019-01-23dependDamien Miller
2019-01-23upstream: switch mainloop from select(2) to poll(2); ok deraadt@djm@openbsd.org
OpenBSD-Commit-ID: 37645419a330037d297f6f0adc3b3663e7ae7b2e
2019-01-23upstream: pass most arguments to the KEX hash functions as sshbufdjm@openbsd.org
rather than pointer+length; ok markus@ OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7
2019-01-23upstream: backoff reading messages from active connections when thedjm@openbsd.org
input buffer is too full to read one, or if the output buffer is too full to enqueue a response; feedback & ok dtucker@ OpenBSD-Commit-ID: df3c5b6d57c968975875de40d8955cbfed05a6c8
2019-01-23upstream: add -m to usage(); reminded by jmc@djm@openbsd.org
OpenBSD-Commit-ID: bca476a5236e8f94210290b3e6a507af0434613e
2019-01-22upstream: Correct some bugs in PKCS#11 token PIN handling atdjm@openbsd.org
initial login, the attempt at reading the PIN could be skipped in some cases especially on devices with integrated PIN readers. based on patch from Daniel Kucera in bz#2652; ok markus@ OpenBSD-Commit-ID: fad70a61c60610afe8bb0db538c90e343e75e58e
2019-01-22upstream: Support keys that set the CKA_ALWAYS_AUTHENTICATE bydjm@openbsd.org
requring a fresh login after the C_SignInit operation. based on patch from Jakub Jelen in bz#2638; ok markus OpenBSD-Commit-ID: a76e66996ba7c0923b46b74d46d499b811786661
2019-01-22upstream: Mention that configuration for the destination host isdjm@openbsd.org
not applied to any ProxyJump/-J hosts. This has confused a few people... OpenBSD-Commit-ID: 03f4f641df6ca236c1bfc69836a256b873db868b
2019-01-22upstream: Include -m in the synopsis for a few more commands thatdjm@openbsd.org
support it Be more explicit in the description of -m about where it may be used Prompted by Jakub Jelen in bz2904 OpenBSD-Commit-ID: 3b398ac5e05d8a6356710d0ff114536c9d71046c
2019-01-22upstream: print the full pubkey being attempted at loglevel >=djm@openbsd.org
debug2; bz2939 OpenBSD-Commit-ID: ac0fe5ca1429ebf4d460bad602adc96de0d7e290
2019-01-22upstream: clarify: ssh-keygen -e only writes public keys, neverdjm@openbsd.org
private OpenBSD-Commit-ID: 7de7ff6d274d82febf9feb641e2415ffd6a30bfb
2019-01-22upstream: mention the new vs. old key formats in the introductiondjm@openbsd.org
and give some hints on how keys may be converted or written in the old format. OpenBSD-Commit-ID: 9c90a9f92eddc249e07fad1204d0e15c8aa13823
2019-01-22upstream: tweak previous;jmc@openbsd.org
OpenBSD-Commit-ID: d2a80e389da8e7ed71978643d8cbaa8605b597a8
2019-01-22upstream: Forgot to add -J to the synopsis.tb@openbsd.org
OpenBSD-Commit-ID: 26d95e409a0b72526526fc56ca1caca5cc3d3c5e
2019-01-22upstream: Add a -J option as a shortcut for -o Proxyjump= to scp(1)tb@openbsd.org
and sftp(1) to match ssh(1)'s interface. ok djm OpenBSD-Commit-ID: a75bc2d5f329caa7229a7e9fe346c4f41c2663fc
2019-01-22Allow building against OpenSSL dev (3.x) version.Darren Tucker
2019-01-22typoDamien Miller
2019-01-22add missing headerDamien Miller
2019-01-22upstream: switch sntrup implementation source from supercop todjm@openbsd.org
libpqcrypto; the latter is almost identical but doesn't rely on signed underflow to implement an optimised integer sort; from markus@ OpenBSD-Commit-ID: cd09bbf0e0fcef1bedca69fdf7990dc360567cf8
2019-01-22new files need includes.hDamien Miller
2019-01-21upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn updjm@openbsd.org
debug verbosity. Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run in debug mode ("ssh-agent -d"), so we get to see errors from the PKCS#11 code. ok markus@ OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
2019-01-21upstream: adapt to changes in KEX APIs and file removalsdjm@openbsd.org
OpenBSD-Regress-ID: 54d6857e7c58999c7a6d40942ab0fed3529f43ca
2019-01-21upstream: adapt to changes in KEX API and file removalsdjm@openbsd.org
OpenBSD-Regress-ID: 92cad022d3b0d11e08f3e0055d6a14b8f994c0d7
2019-01-21upstream: adapt to bignum1 API removal and bignum2 API changedjm@openbsd.org
OpenBSD-Regress-ID: cea6ff270f3d560de86b355a87a2c95b55a5ca63
2019-01-21upstream: remove hack to use non-system libcryptodjm@openbsd.org
OpenBSD-Regress-ID: ce72487327eee4dfae1ab0212a1f33871fe0809f
2019-01-21dependDamien Miller
2019-01-21upstream: fix reversed arguments to kex_load_hostkey(); manifested asdjm@openbsd.org
errors in cert-hostkey.sh regress failures. OpenBSD-Commit-ID: 12dab63850b844f84d5a67e86d9e21a42fba93ba
2019-01-21upstream: forgot to cvs add this file in previous series of commits;djm@openbsd.org
grrr OpenBSD-Commit-ID: bcff316c3e7da8fd15333e05d244442c3aaa66b0
2019-01-21upstream: nothing shall escape this purgedjm@openbsd.org
OpenBSD-Commit-ID: 4795b0ff142b45448f7e15f3c2f77a947191b217
2019-01-21upstream: rename kex->kem_client_pub -> kex->client_pub now thatdjm@openbsd.org
KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
2019-01-21upstream: merge kexkem[cs] into kexgendjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: 87d886b7f1812ff9355fda1435f6ea9b71a0ac89
2019-01-21upstream: pass values used in KEX hash computation as sshbufdjm@openbsd.org
rather than pointer+len suggested by me; implemented by markus@ ok me OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0
2019-01-21upstream: remove kex_derive_keys_bn wrapper; no unused since thedjm@openbsd.org
DH-like KEX methods have moved to KEM from markus@ ok djm@ OpenBSD-Commit-ID: bde9809103832f349545e4f5bb733d316db9a060
2019-01-21upstream: use KEM API for vanilla ECDHdjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
2019-01-21fixup missing ssherr.hDamien Miller
2019-01-21upstream: use KEM API for vanilla DH KEXdjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
2019-01-21upstream: use KEM API for vanilla c25519 KEXdjm@openbsd.org
OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
2019-01-21upstream: Add support for a PQC KEX/KEM:djm@openbsd.org
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
2019-01-21upstream: factor out kex_verify_hostkey() - again, duplicateddjm@openbsd.org
almost exactly across client and server for several KEX methods. from markus@ ok djm@ OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c
2019-01-21upstream: factor out kex_load_hostkey() - this is duplicated indjm@openbsd.org
both the client and server implementations for most KEX methods. from markus@ ok djm@ OpenBSD-Commit-ID: 8232fa7c21fbfbcaf838313b0c166dc6c8762f3c
2019-01-21upstream: factor out kex_dh_compute_key() - it's shared betweendjm@openbsd.org
plain DH KEX and DH GEX in both the client and server implementations from markus@ ok djm@ OpenBSD-Commit-ID: 12186e18791fffcd4642c82e7e0cfdd7ea37e2ec
2019-01-21upstream: factor out DH keygen; it's identical between the clientdjm@openbsd.org
and the server from markus@ ok djm@ OpenBSD-Commit-ID: 2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9
2019-01-21upstream: save the derived session id in kex_derive_keys() ratherdjm@openbsd.org
than making each kex method implementation do it. from markus@ ok djm@ OpenBSD-Commit-ID: d61ade9c8d1e13f665f8663c552abff8c8a30673
2019-01-21upstream: Make sshpkt_get_bignum2() allocate the bignum it isdjm@openbsd.org
parsing rather than make the caller do it. Saves a lot of boilerplate code. from markus@ ok djm@ OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9
2019-01-21upstream: remove obsolete (SSH v.1) sshbuf_get/put_bignum1djm@openbsd.org
functions from markus@ ok djm@ OpenBSD-Commit-ID: 0380b1b2d9de063de3c5a097481a622e6a04943e
2019-01-21upstream: fix all-zero check in kexc25519_shared_keydjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: 60b1d364e0d9d34d1d1ef1620cb92e36cf06712d
2019-01-21upstream: - -T was added to the first synopsis by mistake - sincejmc@openbsd.org
"..." denotes optional, no need to surround it in [] ok djm OpenBSD-Commit-ID: 918f6d8eed4e0d8d9ef5eadae1b8983d796f0e25
2019-01-21Make --with-rpath take a flag instead of yes/no.Darren Tucker
Linkers need various flags for -rpath and similar, so make --with-rpath take an optional flag argument which is passed to the linker. ok djm@
2019-01-21fix previous testDamien Miller