summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-01-24upstream: Sanitize scp filenames via snmprintf. To do this we movedtucker@openbsd.org
the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@ OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8
2019-01-24For broken read/readv comparisons, poll(RW).Darren Tucker
In the cases where we can't compare to read or readv function pointers for some reason we currently ifdef out the poll() used to block while waiting for reads or writes, falling back to busy waiting. This restores the poll() in this case, but has it always check for read or write, removing an inline ifdef in the process.
2019-01-24Include unistd.h for strmode().Darren Tucker
2019-01-24Also undef SIMPLEQ_FOREACH_SAFE.Darren Tucker
Prevents macro redefinition warning on at least NetBSD 6.1.
2019-01-23upstream: allow auto-incrementing certificate serial number for certsdjm@openbsd.org
signed in a single commandline. OpenBSD-Commit-ID: 39881087641efb8cd83c7ec13b9c98280633f45b
2019-01-23upstream: move a bunch of global flag variables to main(); make thedjm@openbsd.org
rest static OpenBSD-Commit-ID: fa431d92584e81fe99f95882f4c56b43fe3242dc
2019-01-23dependDamien Miller
2019-01-23upstream: switch mainloop from select(2) to poll(2); ok deraadt@djm@openbsd.org
OpenBSD-Commit-ID: 37645419a330037d297f6f0adc3b3663e7ae7b2e
2019-01-23upstream: pass most arguments to the KEX hash functions as sshbufdjm@openbsd.org
rather than pointer+length; ok markus@ OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7
2019-01-23upstream: backoff reading messages from active connections when thedjm@openbsd.org
input buffer is too full to read one, or if the output buffer is too full to enqueue a response; feedback & ok dtucker@ OpenBSD-Commit-ID: df3c5b6d57c968975875de40d8955cbfed05a6c8
2019-01-23upstream: add -m to usage(); reminded by jmc@djm@openbsd.org
OpenBSD-Commit-ID: bca476a5236e8f94210290b3e6a507af0434613e
2019-01-22upstream: Correct some bugs in PKCS#11 token PIN handling atdjm@openbsd.org
initial login, the attempt at reading the PIN could be skipped in some cases especially on devices with integrated PIN readers. based on patch from Daniel Kucera in bz#2652; ok markus@ OpenBSD-Commit-ID: fad70a61c60610afe8bb0db538c90e343e75e58e
2019-01-22upstream: Support keys that set the CKA_ALWAYS_AUTHENTICATE bydjm@openbsd.org
requring a fresh login after the C_SignInit operation. based on patch from Jakub Jelen in bz#2638; ok markus OpenBSD-Commit-ID: a76e66996ba7c0923b46b74d46d499b811786661
2019-01-22upstream: Mention that configuration for the destination host isdjm@openbsd.org
not applied to any ProxyJump/-J hosts. This has confused a few people... OpenBSD-Commit-ID: 03f4f641df6ca236c1bfc69836a256b873db868b
2019-01-22upstream: Include -m in the synopsis for a few more commands thatdjm@openbsd.org
support it Be more explicit in the description of -m about where it may be used Prompted by Jakub Jelen in bz2904 OpenBSD-Commit-ID: 3b398ac5e05d8a6356710d0ff114536c9d71046c
2019-01-22upstream: print the full pubkey being attempted at loglevel >=djm@openbsd.org
debug2; bz2939 OpenBSD-Commit-ID: ac0fe5ca1429ebf4d460bad602adc96de0d7e290
2019-01-22upstream: clarify: ssh-keygen -e only writes public keys, neverdjm@openbsd.org
private OpenBSD-Commit-ID: 7de7ff6d274d82febf9feb641e2415ffd6a30bfb
2019-01-22upstream: mention the new vs. old key formats in the introductiondjm@openbsd.org
and give some hints on how keys may be converted or written in the old format. OpenBSD-Commit-ID: 9c90a9f92eddc249e07fad1204d0e15c8aa13823
2019-01-22upstream: tweak previous;jmc@openbsd.org
OpenBSD-Commit-ID: d2a80e389da8e7ed71978643d8cbaa8605b597a8
2019-01-22upstream: Forgot to add -J to the synopsis.tb@openbsd.org
OpenBSD-Commit-ID: 26d95e409a0b72526526fc56ca1caca5cc3d3c5e
2019-01-22upstream: Add a -J option as a shortcut for -o Proxyjump= to scp(1)tb@openbsd.org
and sftp(1) to match ssh(1)'s interface. ok djm OpenBSD-Commit-ID: a75bc2d5f329caa7229a7e9fe346c4f41c2663fc
2019-01-22Allow building against OpenSSL dev (3.x) version.Darren Tucker
2019-01-22typoDamien Miller
2019-01-22add missing headerDamien Miller
2019-01-22upstream: switch sntrup implementation source from supercop todjm@openbsd.org
libpqcrypto; the latter is almost identical but doesn't rely on signed underflow to implement an optimised integer sort; from markus@ OpenBSD-Commit-ID: cd09bbf0e0fcef1bedca69fdf7990dc360567cf8
2019-01-22new files need includes.hDamien Miller
2019-01-21upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn updjm@openbsd.org
debug verbosity. Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run in debug mode ("ssh-agent -d"), so we get to see errors from the PKCS#11 code. ok markus@ OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
2019-01-21upstream: adapt to changes in KEX APIs and file removalsdjm@openbsd.org
OpenBSD-Regress-ID: 54d6857e7c58999c7a6d40942ab0fed3529f43ca
2019-01-21upstream: adapt to changes in KEX API and file removalsdjm@openbsd.org
OpenBSD-Regress-ID: 92cad022d3b0d11e08f3e0055d6a14b8f994c0d7
2019-01-21upstream: adapt to bignum1 API removal and bignum2 API changedjm@openbsd.org
OpenBSD-Regress-ID: cea6ff270f3d560de86b355a87a2c95b55a5ca63
2019-01-21upstream: remove hack to use non-system libcryptodjm@openbsd.org
OpenBSD-Regress-ID: ce72487327eee4dfae1ab0212a1f33871fe0809f
2019-01-21dependDamien Miller
2019-01-21upstream: fix reversed arguments to kex_load_hostkey(); manifested asdjm@openbsd.org
errors in cert-hostkey.sh regress failures. OpenBSD-Commit-ID: 12dab63850b844f84d5a67e86d9e21a42fba93ba
2019-01-21upstream: forgot to cvs add this file in previous series of commits;djm@openbsd.org
grrr OpenBSD-Commit-ID: bcff316c3e7da8fd15333e05d244442c3aaa66b0
2019-01-21upstream: nothing shall escape this purgedjm@openbsd.org
OpenBSD-Commit-ID: 4795b0ff142b45448f7e15f3c2f77a947191b217
2019-01-21upstream: rename kex->kem_client_pub -> kex->client_pub now thatdjm@openbsd.org
KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
2019-01-21upstream: merge kexkem[cs] into kexgendjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: 87d886b7f1812ff9355fda1435f6ea9b71a0ac89
2019-01-21upstream: pass values used in KEX hash computation as sshbufdjm@openbsd.org
rather than pointer+len suggested by me; implemented by markus@ ok me OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0
2019-01-21upstream: remove kex_derive_keys_bn wrapper; no unused since thedjm@openbsd.org
DH-like KEX methods have moved to KEM from markus@ ok djm@ OpenBSD-Commit-ID: bde9809103832f349545e4f5bb733d316db9a060
2019-01-21upstream: use KEM API for vanilla ECDHdjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
2019-01-21fixup missing ssherr.hDamien Miller
2019-01-21upstream: use KEM API for vanilla DH KEXdjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
2019-01-21upstream: use KEM API for vanilla c25519 KEXdjm@openbsd.org
OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
2019-01-21upstream: Add support for a PQC KEX/KEM:djm@openbsd.org
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
2019-01-21upstream: factor out kex_verify_hostkey() - again, duplicateddjm@openbsd.org
almost exactly across client and server for several KEX methods. from markus@ ok djm@ OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c
2019-01-21upstream: factor out kex_load_hostkey() - this is duplicated indjm@openbsd.org
both the client and server implementations for most KEX methods. from markus@ ok djm@ OpenBSD-Commit-ID: 8232fa7c21fbfbcaf838313b0c166dc6c8762f3c
2019-01-21upstream: factor out kex_dh_compute_key() - it's shared betweendjm@openbsd.org
plain DH KEX and DH GEX in both the client and server implementations from markus@ ok djm@ OpenBSD-Commit-ID: 12186e18791fffcd4642c82e7e0cfdd7ea37e2ec
2019-01-21upstream: factor out DH keygen; it's identical between the clientdjm@openbsd.org
and the server from markus@ ok djm@ OpenBSD-Commit-ID: 2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9
2019-01-21upstream: save the derived session id in kex_derive_keys() ratherdjm@openbsd.org
than making each kex method implementation do it. from markus@ ok djm@ OpenBSD-Commit-ID: d61ade9c8d1e13f665f8663c552abff8c8a30673
2019-01-21upstream: Make sshpkt_get_bignum2() allocate the bignum it isdjm@openbsd.org
parsing rather than make the caller do it. Saves a lot of boilerplate code. from markus@ ok djm@ OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9