| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
indentation on continuation lines. Prompted by GHPR#185
|
| |
|
|
|
| |
use that instead of global variables containing copies of it.
feedback/ok markus@
|
| |
|
|
| |
purpose-built ssh->compat variable instead; feedback/ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.
The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).
Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself
(note this both the updated method and the one that it replaced are
disabled by default)
|
| | |
|
| |
|
|
| |
appending ssh_err(r) manually; ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.
Suggested by / ok markus@
|
| |
|
|
| |
David Carlier. ok djm@.
|
| | |
|
| |
|
|
|
| |
include various system headers (mostly stdlib.h); include them
explicitly
|
| |
|
|
| |
from markus@ ok djm@
|
| |
|
|
| |
from markus@ ok djm@
|
| |
|
|
| |
from markus@ ok djm@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP
coupled with X25519 as a stop-loss. Not enabled by default.
introduce KEM API; a simplified framework for DH-ish KEX methods.
from markus@ feedback & ok djm@
|
| |
|
|
| |
with & ok markus@
|
| |
|
|
|
|
|
|
|
|
|
| |
out the banner exchange. This eliminates some common code from the
client and server.
Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).
Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@
|
| |
|
|
| |
ok markus@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
|
| |
|
|
|
| |
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@
|
| |
|
|
|
|
|
|
|
|
| |
The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.
Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.
ok markus@
|
| |
|
|
| |
uses; feedback and "looks good" markus@
|
| |
|
|
|
|
|
|
| |
host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with different curve type
(an extremely unlikely configuration).
ok markus, "looks mechanical" deraadt@
|
| |
|
djm
markus
dtucker