OpenSSH supports a number of transport-layer hardening measures under
a "strict KEX" feature. This feature is signalled similarly to the
RFC8308 ext-info feature: by including a additional algorithm in the
-initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append
+initial SSH2_MSG_KEXINIT kex_algorithms field. The client may append
"kex-strict-c-v00@openssh.com" to its kex_algorithms and the server
may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms
are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored
When an endpoint that supports this extension observes this algorithm
name in a peer's KEXINIT packet, it MUST make the following changes to
-the the protocol:
+the protocol:
a) During initial KEX, terminate the connection if any unexpected or
out-of-sequence packet is received. This includes terminating the
OpenSSH extends the usual agent protocol. These changes are documented
in the PROTOCOL.agent file.
-$OpenBSD: PROTOCOL,v 1.52 2023/12/19 06:41:14 djm Exp $
+$OpenBSD: PROTOCOL,v 1.53 2023/12/20 00:06:25 jsg Exp $
bool certs_only
string certsblob
-Where "certsblob" constists of one or more certificates encoded as public
+Where "certsblob" consists of one or more certificates encoded as public
key blobs:
string[] certificates
if any key (plain private or certificate) was successfully loaded, or
SSH_AGENT_FAILURE if no key was loaded.
-$OpenBSD: PROTOCOL.agent,v 1.21 2023/12/18 14:46:56 djm Exp $
+$OpenBSD: PROTOCOL.agent,v 1.22 2023/12/20 00:06:25 jsg Exp $
-/* $OpenBSD: ssh-keyscan.c,v 1.153 2023/06/21 05:06:04 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.154 2023/12/20 00:06:25 jsg Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
/*
* Read the server banner as per RFC4253 section 4.2. The "SSH-"
- * protocol identification string may be preceeded by an arbitrarily
+ * protocol identification string may be preceded by an arbitrarily
* large banner which we must read and ignore. Loop while reading
* newline-terminated lines until we have one starting with "SSH-".
* The ID string cannot be longer than 255 characters although the
- * preceeding banner lines may (in which case they'll be discarded
+ * preceding banner lines may (in which case they'll be discarded
* in multiple iterations of the outer loop).
*/
for (;;) {
-/* $OpenBSD: sshkey.c,v 1.140 2023/10/16 08:40:00 dtucker Exp $ */
+/* $OpenBSD: sshkey.c,v 1.141 2023/12/20 00:06:25 jsg Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
goto out;
}
if (sshkey_type_is_cert(type)) {
- /* Skip nonce that preceeds all certificates */
+ /* Skip nonce that precedes all certificates */
if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {
ret = SSH_ERR_INVALID_FORMAT;
goto out;
-/* $OpenBSD: xmss_hash.c,v 1.3 2022/04/20 16:00:25 millert Exp $ */
+/* $OpenBSD: xmss_hash.c,v 1.4 2023/12/20 00:06:25 jsg Exp $ */
/*
hash.c version 20160722
Andreas Hülsing
}
/*
- * Implemts H_msg
+ * Implements H_msg
*/
int h_msg(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int n)
{
projects / openbsd / commitdiff