mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-24 17:44:17 +01:00
f374ba41f5
Release notes are available at https://www.openssh.com/txt/release-9.2 OpenSSH 9.2 contains fixes for two security problems and a memory safety problem. The memory safety problem is not believed to be exploitable. These fixes have already been committed to OpenSSH 9.1 in FreeBSD. Some other notable items from the release notes: * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that controls whether the client-side ~C escape sequence that provides a command-line is available. Among other things, the ~C command-line could be used to add additional port-forwards at runtime. * sshd(8): add support for channel inactivity timeouts via a new sshd_config(5) ChannelTimeout directive. This allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. * sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for a length of time. This complements the ChannelTimeout option above. * sshd(8): add a -V (version) option to sshd like the ssh client has. * scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol parameters: the copy buffer length and the number of in-flight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) only. This makes them available in both SFTP protocol clients using the same option character sequence. * ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 * ssh(1): support dynamic remote port forwarding in escape command-line's -R processing. bz#3499 MFC after: 1 week Sponsored by: The FreeBSD Foundation
57 lines
1.7 KiB
C
57 lines
1.7 KiB
C
/* $OpenBSD: crypto_api.h,v 1.8 2023/01/15 23:05:32 djm Exp $ */
|
|
|
|
/*
|
|
* Assembled from generated headers and source files by Markus Friedl.
|
|
* Placed in the public domain.
|
|
*/
|
|
|
|
#ifndef crypto_api_h
|
|
#define crypto_api_h
|
|
|
|
#include "includes.h"
|
|
|
|
#ifdef HAVE_STDINT_H
|
|
# include <stdint.h>
|
|
#endif
|
|
#include <stdlib.h>
|
|
|
|
typedef int8_t crypto_int8;
|
|
typedef uint8_t crypto_uint8;
|
|
typedef int16_t crypto_int16;
|
|
typedef uint16_t crypto_uint16;
|
|
typedef int32_t crypto_int32;
|
|
typedef uint32_t crypto_uint32;
|
|
typedef int64_t crypto_int64;
|
|
typedef uint64_t crypto_uint64;
|
|
|
|
#define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len))
|
|
#define small_random32() arc4random()
|
|
|
|
#define crypto_hash_sha512_BYTES 64U
|
|
|
|
int crypto_hash_sha512(unsigned char *, const unsigned char *,
|
|
unsigned long long);
|
|
|
|
#define crypto_sign_ed25519_SECRETKEYBYTES 64U
|
|
#define crypto_sign_ed25519_PUBLICKEYBYTES 32U
|
|
#define crypto_sign_ed25519_BYTES 64U
|
|
|
|
int crypto_sign_ed25519(unsigned char *, unsigned long long *,
|
|
const unsigned char *, unsigned long long, const unsigned char *);
|
|
int crypto_sign_ed25519_open(unsigned char *, unsigned long long *,
|
|
const unsigned char *, unsigned long long, const unsigned char *);
|
|
int crypto_sign_ed25519_keypair(unsigned char *, unsigned char *);
|
|
|
|
#define crypto_kem_sntrup761_PUBLICKEYBYTES 1158
|
|
#define crypto_kem_sntrup761_SECRETKEYBYTES 1763
|
|
#define crypto_kem_sntrup761_CIPHERTEXTBYTES 1039
|
|
#define crypto_kem_sntrup761_BYTES 32
|
|
|
|
int crypto_kem_sntrup761_enc(unsigned char *cstr, unsigned char *k,
|
|
const unsigned char *pk);
|
|
int crypto_kem_sntrup761_dec(unsigned char *k,
|
|
const unsigned char *cstr, const unsigned char *sk);
|
|
int crypto_kem_sntrup761_keypair(unsigned char *pk, unsigned char *sk);
|
|
|
|
#endif /* crypto_api_h */
|