upstream: remove mostly vestigal uuencode.[ch]; moving the only unique

functionality there (wrapping of base64-encoded data) to sshbuf functions;
feedback and ok markus@

OpenBSD

upstream: remove mostly vestigal uuencode.[ch]; moving the only unique

functionality there (wrapping of base64-encoded data) to sshbuf functions;
feedback and ok markus@

OpenBSD-Commit-ID: 4dba6735d88c57232f6fccec8a08bdcfea44ac4c

show more ...

remove realpath() compat replacement

We shipped a BSD implementation of realpath() because sftp-server
depended on its behaviour.

OpenBSD is now moving to a more strictly POSIX-

remove realpath() compat replacement

We shipped a BSD implementation of realpath() because sftp-server
depended on its behaviour.

OpenBSD is now moving to a more strictly POSIX-compliant realpath(2),
so sftp-server now unconditionally requires its own BSD-style realpath
implementation. As such, there is no need to carry another independant
implementation in openbsd-compat.

ok dtucker@

show more ...

upstream: add a local implementation of BSD realpath() for

sftp-server use ahead of OpenBSD's realpath changing to match POSIX;

ok deraadt@ (thanks for snaps testing)

OpenB

upstream: add a local implementation of BSD realpath() for

sftp-server use ahead of OpenBSD's realpath changing to match POSIX;

ok deraadt@ (thanks for snaps testing)

OpenBSD-Commit-ID: 4f8cbf7ed8679f6237264301d104ecec64885d55

show more ...

upstream: Remove crc32.{c,h} which were only used by the now-gone

SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.

OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3

upstream: Remove crc32.{c,h} which were only used by the now-gone

SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.

OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240

show more ...

upstream: rename kex->kem_client_pub -> kex->client_pub now that

KEM has been renamed to kexgen

from markus@ ok djm@

OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8

upstream: rename kex->kem_client_pub -> kex->client_pub now that

KEM has been renamed to kexgen

from markus@ ok djm@

OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8

show more ...

upstream: use KEM API for vanilla ECDH

from markus@ ok djm@

OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c

upstream: use KEM API for vanilla DH KEX

from markus@ ok djm@

OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9

upstream: use KEM API for vanilla c25519 KEX

OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f

upstream: Add support for a PQC KEX/KEM:

sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss.

upstream: Add support for a PQC KEX/KEM:

sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not
enabled by default.

introduce KEM API; a simplified framework for DH-ish KEX methods.

from markus@ feedback & ok djm@

OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7

show more ...

pass TEST_SSH_SSHPKCS11HELPER to regress tests

upstream: remove last traces of old packet API!

with & ok markus@

OpenBSD-Commit-ID: 9bd10437026423eb8245636ad34797a20fbafd7d

upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be mor

upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b

show more ...

delete the correct thing; kexfuzz binary

fix path in distclean target

Patch from Jakub Jelen

Remove support for S/Key

Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM

Remove support for S/Key

Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM or BSD Auth.

show more ...

Create control sockets in clean temp directories

Adds a regress/mkdtemp tool and uses it to create empty temp
directories for tests needing control sockets.

Patch from Colin Wat

Create control sockets in clean temp directories

Adds a regress/mkdtemp tool and uses it to create empty temp
directories for tests needing control sockets.

Patch from Colin Watson via bz#2660; ok dtucker

show more ...

upstream: Remove support for running ssh(1) setuid and fatal if

attempted. Do not link uidwap.c into ssh any more. Neuters
UsePrivilegedPort, which will be marked as deprecated shortly.

upstream: Remove support for running ssh(1) setuid and fatal if

attempted. Do not link uidwap.c into ssh any more. Neuters
UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@
djm@

OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42

show more ...

rm regress/misc/kexfuzz/*.o in distclean target

upstream: remove legacy key emulation layer; ok djm@

OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d

upstream: remove legacy buffer API emulation layer; ok djm@

OpenBSD-Commit-ID: 2dd5dc17cbc23195be4299fa93be2707a0e08ad9

Revert $REGRESSTMP changes.

Revert 3fd2d229 and subsequent changes as they turned out to be a
portability hassle.

Many typo fixes from Karsten Weiss

Spotted using https://github.com/lucasdemarchi/codespell

Replace $(CURDIR) with $(PWD).

The former doesn't work on Solaris or BSDs.

Fix breakage when REGRESSTMP not set.

BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR
instead. Pointed out by djm@.

object files end with .o - not .c