Dynamically allocate encoded HashKnownHosts and free as appropriate.
Saves 1k of static storage and prevents snprintf "possible truncation"
warnings from newer compilers (although in this case it's f

Dynamically allocate encoded HashKnownHosts and free as appropriate.
Saves 1k of static storage and prevents snprintf "possible truncation"
warnings from newer compilers (although in this case it's false positive
since the actual sizes are limited by the output size of the SHA1).
ok djm@

show more ...

remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@

Update/replace the experimental post-quantim hybrid key exchange
method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced

Update/replace the experimental post-quantim hybrid key exchange
method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.

The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).

Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself

(note this both the updated method and the one that it replaced are
disabled by default)

show more ...

fix SEGV on fatal() errors spotted by dtucker@

use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@

variants of the log methods that append a ssherr.h string from
a supplied error code; ok markus@

make the log functions that exit (sshlogdie(), sshfatal(), etc) have
identical signatures. Makes things a bit more consistent...

revised log infrastructure for OpenSSH

log functions receive function, filename and line number of caller.
We can use this to selectively enable logging via pattern-lists.

ok markus@

ssh-keyscan(1): simplify conloop() with timercmp(3), timersub(3); ok djm@

allow ssh-keyscan to find security key hostkeys

fixes for !WITH_OPENSSL compilation; ok dtucker@

include SHA2-variant RSA key algorithms in KEX proposal; allows
ssh-keyscan to harvest keys from servers that disable olde SHA1
ssh-rsa. bz#3029 from Jakub Jelen

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

show more ...

Replace calls to ssh_malloc_init() by a static init of malloc_options.
Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@

make ssh-keyscan return a non-zero exit status if it finds no keys.
bz#2903

merge kexkem[cs] into kexgen

from markus@ ok djm@

use KEM API for vanilla ECDH

from markus@ ok djm@

use KEM API for vanilla DH KEX

from markus@ ok djm@

use KEM API for vanilla c25519 KEX

Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org
using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP
coupled with X25519 as a stop-loss. Not enabled by default

Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org
using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP
coupled with X25519 as a stop-loss. Not enabled by default.

introduce KEM API; a simplified framework for DH-ish KEX methods.

from markus@ feedback & ok djm@

show more ...

switch config file parsing to getline(3) as this avoids static limits
noted by gerhard@; ok dtucker@, djm@

apply a lick of paint; tweaks/ok dtucker

Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See

Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
ok djm@

show more ...

Add ssh-keyscan -D option to make it print its results in SSHFP format
bz#2821, ok dtucker@

Add monotime_ts and monotime_tv that return monotonic timespec and
timeval respectively. Replace calls to gettimeofday() in packet timing
with monotime_tv so that the callers will work over a clock

Add monotime_ts and monotime_tv that return monotonic timespec and
timeval respectively. Replace calls to gettimeofday() in packet timing
with monotime_tv so that the callers will work over a clock step.
Should prevent integer overflow during clock steps reported by wangle6
at huawei.com. "I like" markus@

show more ...