summaryrefslogtreecommitdiffstats
path: root/kexmlkem768x25519.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-12-12upstream: Plug leak on error path, spotted by Coverity. ok djm@dtucker@openbsd.org1-2/+5
OpenBSD-Commit-ID: b1859959374b4709569760cae0866d22a16606d3
2024-12-12Add $(srcdir) for standalone sk-libfido2 make target.Xavier Hsinyuan1-2/+2
Fix out-of-tree build failure due to incorrect path for `sk-usbhid.c`.
2024-12-07upstream: replace bespoke logging of MaxSessions enforcement withdjm@openbsd.org1-42/+34
new ratelimited logging infrastructure. Add ratelimits to logging of connections dropped by PerSourcePenalties ok dtucker OpenBSD-Commit-ID: f22fe7c39607e4361aadf95e33773ffd68c59489
2024-12-07upstream: add infrastructure for ratelimited logging; feedback/okdjm@openbsd.org2-3/+193
dtucker OpenBSD-Commit-ID: 18a83e5ac09d59aaf1e834fd6b796db89dd842e7
2024-12-07upstream: allow glob(3) patterns for sshd_config AuthorizedKeysFiledjm@openbsd.org2-19/+75
and AuthorizedPrincipalsFile directives; bz2755 ok dtucker OpenBSD-Commit-ID: 3e3e05a17fca39bba78b993a07b44664519adf7f
2024-12-07upstream: support VersionAddendum in the client, mirroring thedjm@openbsd.org5-8/+50
option of the same name in the server; bz2745 ok dtucker@ OpenBSD-Commit-ID: 6ff7905b3f9806649bde750515786553fb89cdf4
2024-12-07upstream: clarify encoding of options/extensions; bz2389djm@openbsd.org1-5/+10
OpenBSD-Commit-ID: c4e92356d44dfe6d0a4416deecb33d1d1eba016c
2024-12-07upstream: ignore SIGPIPE here; some downstreams have had this fordjm@openbsd.org1-1/+2
years... OpenBSD-Commit-ID: 73674ee4f8ceb8fc9cb8de71d8ddea0c721eb035
2024-12-07upstream: sync -o option lists with ssh.1; requested jmc@djm@openbsd.org2-20/+98
OpenBSD-Commit-ID: a7ac295b444da7b2ca7a33a52370594f6897f6bb
2024-12-06Remove ancient RHL 6.x config in RPM spec.Fabio Pedretti1-26/+2
It looks like build6x options were intended for RHL 6.x (the Red Hat distro predating Fedora, not RHEL), but were then applied to RHEL. Completely remove support for this ancient configuration. Successfully built, installed and run on RHEL 6. This also remove a build warning about deprecation of PreReq.
2024-12-06Add new hardware-backed signing key for myself.Darren Tucker1-1/+2
Retire old non-hardware based signing key.
2024-12-06Fix configure implicit declaration and format warnings.Jonas 'Sortie' Termansen1-0/+5
2024-12-06upstream: Expand $SSH to absolute path if it's not already.dtucker@openbsd.org1-1/+6
Prevents problem later in increase_datafile_size if ssh is not in the path. Patch from quaresmajose via GHPR#510. OpenBSD-Regress-ID: 2670a66af8b827410ca7139f0a89f4501cece77b
2024-12-06upstream: Change "login again" to "log in again"dtucker@openbsd.org1-2/+2
in password change message. From ThinLinc-Zeijlon via github PR#532. OpenBSD-Commit-ID: fea5e9bc04caf613a118c419f16863733b340cf1
2024-12-06upstream: catch up documentation: AES-GCM is preferred to AES-CTRnaddy@openbsd.org2-8/+8
OpenBSD-Commit-ID: 63360924b6834507fe70020edb936f5075043a9e
2024-12-06Change text from "login to" to "log in to".Darren Tucker1-1/+1
From ThinLinc-Zeijlon via GHPR#532.
2024-12-06Fix configure message typo in sk-libfido2 standalone.Xavier Hsinyuan1-1/+1
2024-12-06Skip 2038 key expiry test on 64 bit time_t systems.Alexander Kanavin1-1/+2
This allows testing Y2038 with system time set to after that (i.e. 2040), so that actual Y2038 issues can be exposed, and not masked by key expiry errors. Signed-off-by: Alexander Kanavin <alex@linutronix.de>
2024-12-05Skip 64bit expiry time test on 32bit time_t.Darren Tucker1-0/+2
2024-12-05upstream: Add key expiry test in the 64bit time_t range for additionaldtucker@openbsd.org1-2/+2
coverage. From Alexander Kanavin via bz#3684. OpenBSD-Regress-ID: bdf6eb3c2421f2e1e11483d03b34c7931d1bccf7
2024-12-05typoDamien Miller1-1/+1
2024-12-05add a Makefile target for ssh-verify-attestationDamien Miller2-1/+17
Not built by default, but easier than doing it by hand
2024-12-05upstream: De-magic the x11 base port number into a define. ok djm@dtucker@openbsd.org1-7/+9
OpenBSD-Commit-ID: 23b85ca9d222cb739b9c33ee5e4d6ac9fdeecbfa
2024-12-05upstream: Prevent integer overflow in x11 port handling. These aredtucker@openbsd.org1-5/+6
theoretically possible if the admin misconfigures X11DisplayOffset or the user misconfigures their own $DISPLAY, but don't happen in normal operation. From Suhov Roman via bz#3730, ok djm@ OpenBSD-Commit-ID: e9e3860f1a19b862ccf07dc8ecbe8f1e1034f4ed
2024-12-04upstream: add a work-in-progress tool to verify FIDO attestationdjm@openbsd.org2-0/+447
blobs that ssh-keygen can write when enrolling FIDO keys. OpenBSD-Regress-ID: 6c97bf3f46e48866677ad69f54b77683eb92437f
2024-12-04upstream: Don't assume existence of SK provider in test. Patch fromdtucker@openbsd.org1-2/+2
balu.gajjala at gmail via bz#3402. OpenBSD-Regress-ID: d571932016d07d135b54433d07520b9e1901db43
2024-12-04upstream: sync the list of options accepted by -o with ssh_config.5djm@openbsd.org1-12/+22
prompted by bz3455 OpenBSD-Commit-ID: 0ecbfa70aea6c769bcc259defe07182edf461f57
2024-12-04upstream: don't screw up ssh-keygen -l output when the filedjm@openbsd.org1-2/+2
contains CR characters; GHPR236 bz3385, fix from Dmitry Belyavskiy OpenBSD-Commit-ID: e458cf6b0adcea5b69ef4c7ba38e590841d02ef4
2024-12-04upstream: spelling; ok djm@jsg@openbsd.org4-7/+7
OpenBSD-Commit-ID: c8ff3f70020451eef214e598117b7ce1a29853ef
2024-12-04upstream: Remove fallback to compiled-in gropup for dhgex when thedtucker@openbsd.org1-4/+4
moduli file exists, but does not contain moduli within the client-requested range. The fallback behaviour remains for the case where the moduli file does not exist (typically, running tests prior to installing). From bz#2793, based in part on patch from Joe Testa, ok djm@ OpenBSD-Commit-ID: b1a8c5dbbedf249b42474679ebaf14db7332b1ab
2024-12-04upstream: Remove redundant field of definition checktb@openbsd.org1-14/+1
This will allow us to get rid of EC_GROUP_method_of() in the near future. ok djm OpenBSD-Commit-ID: b4a3d2e00990cf5c2ec6881c21ddca67327c2df8
2024-12-04don't ignore changes in regress MakefilesDamien Miller1-2/+2
reported by Torben Hansen in bz2880
2024-12-04Support systemd-style socket activation in agentDamien Miller2-29/+79
Adds support for systemd LISTEN_PID/LISTEN_FDS socket activation to ssh-agent. Activated when these environment variables are set and the agent is started with the -d or -D option and no socket path is set. Based on GHPR502 by Daniel Kahn Gillmor, ok dtucker
2024-12-04Update readme files to better reflect reality.Darren Tucker3-18/+16
Prompted by bz#3738, ok djm@.
2024-12-03upstream: Improve description of KbdInteractiveAuthentication.dtucker@openbsd.org1-3/+5
Based on bz#3658, fixes jmc@ ok markus@ djm@. OpenBSD-Commit-ID: 9fadb56b9afed554d501acbba911c685acd6ffc2
2024-12-03Inherit DESTDIR from the environment.Jonas 'Sortie' Termansen1-1/+0
autoconf packages conventionally inherit the DESTDIR variable from the environment.
2024-12-03Define u_short and u_long if needed.Jonas 'Sortie' Termansen1-0/+2
2024-12-03upstream: support FIDO tokens that return no attestation data, e.g.djm@openbsd.org1-2/+4
recent WinHello. From Michael Braun via GHPR542 OpenBSD-Commit-ID: a71b0542f2f7819ba0e33a88908e01b6fc49e4ce
2024-12-02Add wtmpdb support as Y2038 safe wtmp replacementThorsten Kukuk4-5/+119
2024-12-02upstream: unbreakdjm@openbsd.org1-3/+3
OpenBSD-Commit-ID: 05b6c31f4a6e385338f43cc0e08776cea75802a1
2024-12-02upstream: prefer AES-GCM to AES-CTR; ok deraadt markusdjm@openbsd.org1-3/+3
OpenBSD-Commit-ID: 8366a72e0f300ee31c5dab2c95025387ec15bbc9
2024-12-02Fix compilation with DEBUG_SK enabledShiva Kaul1-1/+1
In `ssh_ecdsa_sk_verify`, the `datalen` variable was renamed to `dlen` -- but not in this debugging block.
2024-11-29upstream: Import regenerated moduli.dtucker@openbsd.org1-411/+433
OpenBSD-Commit-ID: 311d271bf0fab8a119e84f4f696d8cd40731692f
2024-11-28Add make target for standalone sk-libfido2Jeremy Stott5-3/+38
Add a Makefile target for sk-libfido2, the standalone fido2 security key shared library, suitable for use with the SecurityKeyProvider option. Add a new configure option `--with-security-key-standalone` that optionally sets the shared library target sk-libfido2$(SHLIBEXT), and adds it to $(TARGETS). misc.h is required when SK_STANDALONE is defined, because of the use of `monotime_tv` in `sk_select_by_touch`. Sets the shared library extension for sk-libfido2 is by setting `SHLIBEXT` depending on the platform in configure.ac. Add the shared library to the CI builds in the `sk` target config to make sure it can compile under the same conditions as `--with-security-key-builtin`. Add a libssh-pic.a static library that compiles with `-fPIC` reusing .c.lo method in sk-dummy.so for use in the shared library sk-libfido2. Note, a separate static library libssh-pic.a is needed, since defining -DSK_STANDALONE excludes some symbols needed in sshkey.lo.
2024-11-28mdoc2man: balance nested square bracketsArnout Engelen1-2/+2
I noticed the square brackets in `destination [command [argument...]` in the synopsis for the `ssh.1` manpage were not balanced, this balances them. Signed-off-by: Arnout Engelen <arnout@bzzt.net>
2024-11-27upstream: fix argument of "Compression" directive in ssh -G configdjm@openbsd.org1-1/+3
dump, which used to work but broke in 9.8 OpenBSD-Commit-ID: c79936242d29c70d01941b28d2d07fd0b85fe46f
2024-11-27upstream: new name/link for agent I-Ddjm@openbsd.org1-2/+2
OpenBSD-Commit-ID: e3420f3925a297a1b2ab7dfe7c7d274cfc8e1193
2024-11-27upstream: mention that biometrics may be used for FIDO key userdjm@openbsd.org1-5/+3
verification as well as PIN. Prompted by Zack Newman, ok jmc@ OpenBSD-Commit-ID: b774a4438c9be70012661ee278450790d21277b8
2024-11-26upstream: g/c outdated XXX commentsdjm@openbsd.org1-3/+3
OpenBSD-Commit-ID: 74d0c0b74994d9a4343c4d7ea4948cb34f609a6c
2024-11-26upstream: regression test for UpdateHostkeys with multiple keys backeddjm@openbsd.org1-1/+25
by ssh-agent. Patch from Maxime Rey. OpenBSD-Regress-ID: 1777ab6e639e57c0e20cbcb6df60455b49fd8bb3
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 12:08:10 +0100