Commit Graph

64 Commits

Author SHA1 Message Date
djm@openbsd.org 9fbbfeca1c
upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.

ok tb@ tobhe@

OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
2023-01-16 10:57:41 +11:00
Damien Miller 0ffb46f2ee
update .depend 2022-10-04 01:51:42 +11:00
Darren Tucker 800c2483e6 Remove workarounds for OpenSSL missing AES-CTR.
We have some compatibility hacks that were added to support OpenSSL
versions that do not support AES CTR mode.  Since that time, however,
the minimum OpenSSL version that we support has moved to 1.0.1 which
*does* have CTR, so this is no longer needed.  ok djm@
2022-07-25 21:49:04 +10:00
Damien Miller b275818065 depend 2022-03-31 14:11:36 +11:00
Damien Miller 166456ceda makedepend 2022-02-23 22:31:11 +11:00
Damien Miller 29a76994e2 depend 2022-01-25 11:52:34 +11:00
Damien Miller a48533a8da depend 2022-01-07 09:24:26 +11:00
Damien Miller e8976d92a4 depend 2021-11-29 12:29:29 +11:00
Damien Miller fcd8d895bb update depends 2021-11-18 10:16:44 +11:00
Damien Miller 2e6f5f24dd depend 2021-10-28 16:24:44 +11:00
Damien Miller e1a596186c depend 2021-08-20 14:03:49 +10:00
djm@openbsd.org 2b67932bb3 upstream: on fatal errors, make scp wait for ssh connection before
exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
after scp has returned exited and control has returned to the shell; ok
markus@

OpenBSD-Commit-ID: ef9dab5ef5ae54a6a4c3b15d380568e94263456c
2021-08-10 12:47:39 +10:00
Damien Miller 6df1fecb5d use openbsd-compat glob.h is required 2021-08-04 11:05:11 +10:00
djm@openbsd.org 197e29f1cc upstream: support for using the SFTP protocol for file transfers in
scp, via a new "-M sftp" option. Marked as experimental for now.

Some corner-cases exist, in particular there is no attempt to
provide bug-compatibility with scp's weird "double shell" quoting
rules.

Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@
Thanks jmc@ for improving the scp.1 bits.

OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c
2021-08-03 11:03:09 +10:00
Damien Miller e86968280e depend 2021-04-16 13:55:25 +10:00
Damien Miller d2afd717e6 update depend 2021-03-02 21:31:47 +11:00
djm@openbsd.org 2c71cec020 upstream: Update/replace the experimental post-quantim hybrid key
exchange method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.

The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).

Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself

(note this both the updated method and the one that it replaced are
disabled by default)

OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
2020-12-29 12:38:53 +11:00
djm@openbsd.org 816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
Damien Miller 53a33a0d74 .depend 2020-09-20 16:16:47 +10:00
Damien Miller c9bab1d3a9 depend 2020-05-29 14:49:16 +10:00
Damien Miller 83a6dc6ba1 make depend 2020-05-13 12:03:42 +10:00
Darren Tucker c697e46c31 Update .depend. 2020-05-02 18:34:47 +10:00
Darren Tucker 67697e4a82 Update .depend. 2020-04-24 11:10:18 +10:00
Damien Miller a2437f8ed0 depend 2020-02-06 12:02:22 +11:00
Damien Miller 6a10760635 depend 2020-01-26 10:28:21 +11:00
Damien Miller 10ecc647fc depend 2020-01-21 12:20:05 +11:00
Darren Tucker acaf9e0585 Update depend to remove rmd160.h. 2020-01-14 12:43:03 +11:00
Darren Tucker 7652a57662 Remove auth-skey.c.
S/Key support was removed in OpenSSH 7.8 but this file was missed.
2020-01-06 08:56:46 +11:00
Damien Miller c4b2664be7 refresh depend 2019-12-30 21:04:09 +11:00
Damien Miller 7b47b40b17 adapt Makefile to ssh-sk-client everywhere 2019-12-14 08:40:58 +11:00
Darren Tucker ad8cd42079 Sort depends. 2019-12-11 13:13:14 +11:00
Darren Tucker 5df9d1f5c0 Update depend to include sk files. 2019-12-11 13:06:43 +11:00
djm@openbsd.org 6bff9521ab upstream: directly support U2F/FIDO2 security keys in OpenSSH by
linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
and test/debugging.

OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
2019-11-15 09:57:30 +11:00
Darren Tucker 19cb64c4b4 Rebuild .depend. 2019-11-02 22:46:22 +11:00
Damien Miller 3420e0464b depend 2019-11-01 09:46:10 +11:00
Damien Miller 8ca491d29f depend 2019-10-09 11:06:37 +11:00
djm@openbsd.org 670104b923 upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06 17:54:21 +10:00
Darren Tucker 5299a09fa2 Revert one dependency per line change.
It turns out that having such a large number of lines in the .depend
file will cause the memory usage of awk during AC_SUBST to blow up on at
least NetBSD's awk, causing configure to fail.
2019-07-19 13:52:41 +10:00
Darren Tucker 05500af21d Force dependencies one per line.
Force makedepend to output one dependency per line, which will make
reading diffs against it much easier.  ok djm@
2019-07-19 13:20:03 +10:00
Darren Tucker b5bc5d016b make depend. 2019-07-19 13:18:07 +10:00
Damien Miller e44e4ad119 depend 2019-07-16 23:26:53 +10:00
Damien Miller 4efe1adf05 remove realpath() compat replacement
We shipped a BSD implementation of realpath() because sftp-server
depended on its behaviour.

OpenBSD is now moving to a more strictly POSIX-compliant realpath(2),
so sftp-server now unconditionally requires its own BSD-style realpath
implementation. As such, there is no need to carry another independant
implementation in openbsd-compat.

ok dtucker@
2019-07-08 13:38:39 +10:00
dtucker@openbsd.org 5696512d7a upstream: Remove crc32.{c,h} which were only used by the now-gone
SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.

OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240
2019-05-08 18:42:03 +10:00
Damien Miller fd0fa130ec makedepend 2019-04-18 08:52:57 +10:00
djm@openbsd.org 9b61130fbd upstream: openssh-7.9 accidentally reused the server's algorithm lists
in the client for KEX, ciphers and MACs. The ciphers and MACs were identical
between the client and server, but the error accidentially disabled the
diffie-hellman-group-exchange-sha1 KEX method.

This fixes the client code to use the correct method list, but
because nobody complained, it also disables the
diffie-hellman-group-exchange-sha1 KEX method.

Reported by nuxi AT vault24.org via bz#2697; ok dtucker

OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57
2019-02-24 10:51:46 +11:00
Damien Miller 2265402dc7 depend 2019-01-23 13:03:16 +11:00
Damien Miller 4dc06bd579 depend 2019-01-21 23:14:04 +11:00
Damien Miller c327813ea1 depend 2019-01-20 09:45:38 +11:00
djm@openbsd.org 0a843d9a0e upstream: move client/server SSH-* banners to buffers under
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-12-27 14:38:22 +11:00
Damien Miller b9fea45a68 regen depend 2018-10-23 17:10:35 +11:00