diff --git a/binaries/puttycac-0.78u1-installer.msi b/binaries/puttycac-0.78u1-installer.msi deleted file mode 100644 index 9d3147c6..00000000 Binary files a/binaries/puttycac-0.78u1-installer.msi and /dev/null differ diff --git a/binaries/puttycac-0.78u1.zip b/binaries/puttycac-0.78u1.zip deleted file mode 100644 index ea5d7ccf..00000000 Binary files a/binaries/puttycac-0.78u1.zip and /dev/null differ diff --git a/binaries/puttycac-0.79-installer.msi b/binaries/puttycac-0.79-installer.msi new file mode 100644 index 00000000..5df07400 Binary files /dev/null and b/binaries/puttycac-0.79-installer.msi differ diff --git a/binaries/puttycac-0.79.zip b/binaries/puttycac-0.79.zip new file mode 100644 index 00000000..f013db3a Binary files /dev/null and b/binaries/puttycac-0.79.zip differ diff --git a/binaries/puttycac-64bit-0.78u1-installer.msi b/binaries/puttycac-64bit-0.78u1-installer.msi deleted file mode 100644 index 7c001073..00000000 Binary files a/binaries/puttycac-64bit-0.78u1-installer.msi and /dev/null differ diff --git a/binaries/puttycac-64bit-0.78u1.zip b/binaries/puttycac-64bit-0.78u1.zip deleted file mode 100644 index 9cb468d6..00000000 Binary files a/binaries/puttycac-64bit-0.78u1.zip and /dev/null differ diff --git a/binaries/puttycac-64bit-0.79-installer.msi b/binaries/puttycac-64bit-0.79-installer.msi new file mode 100644 index 00000000..f8db665f Binary files /dev/null and b/binaries/puttycac-64bit-0.79-installer.msi differ diff --git a/binaries/puttycac-64bit-0.79.zip b/binaries/puttycac-64bit-0.79.zip new file mode 100644 index 00000000..07b89695 Binary files /dev/null and b/binaries/puttycac-64bit-0.79.zip differ diff --git a/binaries/puttycac-hash.txt b/binaries/puttycac-hash.txt index 82db81cc..47e692e6 100644 --- a/binaries/puttycac-hash.txt +++ b/binaries/puttycac-hash.txt @@ -1,81 +1,81 @@ Algorithm Hash Path --------- ---- ---- -SHA256 F79CD0172951D67421AF0A410260E915BF6DD661DEFFC90E11A265B1BE26AEC6 x64\pageant.exe -SHA256 6D5C37B020BDF51BA4300CC4CACCC8854EDD55644578DB169997066BC2F5E7EC x64\plink.exe -SHA256 6CC7C669A49007E8EF38799004C98449A55582BFBE85C1D1DF62C4AD3C11D203 x64\pscp.exe -SHA256 64B524C839C9159F280CBBD08C37C8AEC9AF8B638B42501D60492FC464D01CD6 x64\psftp.exe -SHA256 7402E99518E6DB3C206375093212EFCEA4C052DA1ED5BE3BEC5181819AE20750 x64\pterm.exe -SHA256 23CAFBCBD2FAC1241EBD9440539812DE3A6214D531D7DD1159CD8C5A2C5A885B x64\putty.exe -SHA256 64557833E0A44BABC583B919E959FAA43DA0FB6D9BCE8796563AFE4382BA78C2 x64\puttygen.exe -SHA256 00561D4083055A5903EDE95527A591555EF089EF1DEA9F1633E234831DA7DD78 x64\puttyimp.exe -SHA256 B43D3D830CABBF79EFE38745BFFF8C9438465A7886E05289632DD36125EC4055 x64\puttytel.exe -SHA256 DF4F73A2794B5ABDFCD94A031E546F0E771CA8CB19FBFB7A59BAE82D7B97A2A5 x86\pageant.exe -SHA256 EB724F668B9480AD0C24ECA566B0F84143DF481FFEAEC7C186442BE76068A042 x86\plink.exe -SHA256 46940E760C86DDACB4BB74BB7CD8768CAB8CCBC78B7A03A21ABD2E57473A2DB0 x86\pscp.exe -SHA256 02ECD04BC96432C32FA4E7CF15FA62102132DCF65709CBCBB74EBD3CC3C4EE43 x86\psftp.exe -SHA256 399AF4959745C71D32DE7FA252F497797E35F0BA3AD2F20B2357D08E5F078F6E x86\pterm.exe -SHA256 1CCC2910A70E576F141A483B756D01B35EFA4F77CC1EF4B3EFF656237E8595B1 x86\putty.exe -SHA256 550CD8F50A30D74683E60BF8BBCBC6A3C7789EC87111AFB07882D3E9C1F59D33 x86\puttygen.exe -SHA256 200468EFB5481FC0777E68774E93F337A2E94D3604C43E44A42B1DEF17D09FF9 x86\puttyimp.exe -SHA256 39E4F9A0B7E39B2F15186678944EEA5A93E9BC0E904C01220ACF1F725B8142A4 x86\puttytel.exe -SHA256 C8DF457BE4AD9D3F078BE01A6A6272A641DF57B845474B899ED5B0AD5E6AC930 puttycac-0.78u1-installer.msi -SHA256 75F1315888F89404B3EF18A8F2E459AB0A508027DF357E007E3A29EB8C31C242 puttycac-0.78u1.zip -SHA256 C2E35BD6619EF090C983BE644FC606B858083B5A47CF03852A843B3ECFEBC18D puttycac-64bit-0.78u1-installer.msi -SHA256 23A5445F9D3AE199C826B71B3B822AB30204741239FB1F8DF40AE2748DB91653 puttycac-64bit-0.78u1.zip +SHA256 7ECB25837B73A77F9F499B3A678A178F465C3E9ED977626E4F4D8CCF1862D671 x64\pageant.exe +SHA256 8F8CF52B97A1E12F7BE5C341B2B36AAAF633C242C028CE3FBC89562601DA21C9 x64\plink.exe +SHA256 4EC816777E9F4663CE560C774E12A12C3527030FE6DA194D18A0A6517C5343C8 x64\pscp.exe +SHA256 452D678ADE5A87F905318E0A349AB7FDD11C3FA23B4F0FE2731A18E1BCD1245F x64\psftp.exe +SHA256 149A5EB061AADF75B7620631D515AEC61ECCA1623F2A4077B752F3C97DCD7FBA x64\pterm.exe +SHA256 8BD28EFC5AB76CE59F351F5F465ADCC953209D4B12D8E378D715F29D3466C10C x64\putty.exe +SHA256 62A955FAD1EDD02D82D6EF2D546EB83DF636BBADC06129B175EE831CDCFB3498 x64\puttygen.exe +SHA256 2BE375E0285DB3E7E99E1724E7FEF9DA27F05F8B39F1DCF3938F9C75FB1A595D x64\puttyimp.exe +SHA256 7AEF2277D864D7968D171EDC44156534DF8E3ADD7FE0B616DD5889D643F4E329 x64\puttytel.exe +SHA256 6999A9F716AF727AD1B81A3FBCBBA9CA128501AABE8962CB0456391DC0478727 x86\pageant.exe +SHA256 BA022E573F893C49312D1159791055FCC1DE9FA7BD230CA716D659D1D838DD66 x86\plink.exe +SHA256 2418CEAEBE7A7392244FFCDA037E72F9FC986690863BD3DD2AB04A43A9A93BD6 x86\pscp.exe +SHA256 25AF0BF568D17F50234C03FA0EB4E02488742CA0F4283502FABB831B49B01D96 x86\psftp.exe +SHA256 40242E3222823E3D78E6F33742B5347AFE7FEDDC1B8031AC51DA562EF2D161D0 x86\pterm.exe +SHA256 4CF9E917DDD9213EE769D474D92D0156D37BB66C4C60FA9CCA6F03A27C6FAEBB x86\putty.exe +SHA256 7E9CEF25B0F828D26A9550281525048B5CF9A724883E887E9124A6003211F187 x86\puttygen.exe +SHA256 2702563B4BFD89245043020197D9516A692AD01B167B9C4F7C3F848E011E9102 x86\puttyimp.exe +SHA256 5CA6BD2003BA1EC355A22ACB2B4B01F6DB4AC9B0727976FE4D0D2B79B61F24FF x86\puttytel.exe +SHA256 6A11D19193EB8E5D017C493247FE1CB324492255E8A0480BFC4558886C18AC57 puttycac-0.79-installer.msi +SHA256 D12D57174BC59C17F06BDDD9DFDFFD1031E919F483F1D119200DD8750A4B49BF puttycac-0.79.zip +SHA256 874C2383DB0A0B3E4B26B99148D9AD0110BBB77111645E3D9AA787BA52BE6590 puttycac-64bit-0.79-installer.msi +SHA256 528A9FB537C49838D93680459BB91D7795598AC662EF62CCFB4EC47F3C686089 puttycac-64bit-0.79.zip Algorithm Hash Path --------- ---- ---- -SHA1 6B633F553D0A4A072E4BCD0D9A70B11F27E0173E x64\pageant.exe -SHA1 C30660363CC33ECAD04F8BAE8465ABFAB1183C68 x64\plink.exe -SHA1 64031302BD1C1B213EB1B37EDB5D79B93B93F7FA x64\pscp.exe -SHA1 3F7C33BCDD3BBFA177536EB3117AFCE3751D5BFE x64\psftp.exe -SHA1 562876A1DF37059BAC25B3A191DCB128EA25A4B1 x64\pterm.exe -SHA1 CCDAB18EFAB32B3E20461C43E0FD55FC510CA6C8 x64\putty.exe -SHA1 892875925403002C9F26A0922DCC1351502EE694 x64\puttygen.exe -SHA1 EF7905FDBAD49457084BCE741345C74AFF7B8B23 x64\puttyimp.exe -SHA1 380CF45A3D9E7D7FC93011F34F521C24B9A1EE38 x64\puttytel.exe -SHA1 7FF488E651632BFE8D71AC51066D23EF8A84D99A x86\pageant.exe -SHA1 FCFE60866B020A4323F10B5B762D70014B200C43 x86\plink.exe -SHA1 D2D4756B8DB4EC4E1B9875C599E5510B5879621D x86\pscp.exe -SHA1 3EAE6842EE11EEDB1B35FB958CF937063A276D39 x86\psftp.exe -SHA1 EE2DAD8102A03EAF53D6B24F2D76A54FB238DF29 x86\pterm.exe -SHA1 3C21F564BD80FC7BAC06B2179371C92A1EBF73EA x86\putty.exe -SHA1 ABC1CA3D52BC6C0348597461CB43C1688312292F x86\puttygen.exe -SHA1 4D3AAA5655D95C85AC6EF6DE110F3BC8F6BD1D3C x86\puttyimp.exe -SHA1 2256A94F6C6BFC7C858F07764741B20844A11754 x86\puttytel.exe -SHA1 BAD7C1A7DEF62F654808034D0C74ACE65D0CF765 puttycac-0.78u1-installer.msi -SHA1 F9C2397D32639D7B9FB83FAE1B268F2D795916C8 puttycac-0.78u1.zip -SHA1 5814D5308EF35A056BC2FE2ACF0AC9495144A52F puttycac-64bit-0.78u1-installer.msi -SHA1 E07012AAEC96317BC277402CFAEAC6D7F0C03EF6 puttycac-64bit-0.78u1.zip +SHA1 3DF29227FD929E23F9FBEDE9B831ED380892FEB9 x64\pageant.exe +SHA1 ED9AC230317559581DDC22597156B137DAE566CE x64\plink.exe +SHA1 46E7BBC3953AE92EB6331158652C2637851D35AC x64\pscp.exe +SHA1 57A3900460E1CA9E8E83AF4140D36A2DC39F6FDF x64\psftp.exe +SHA1 D99DC4E216CC1E6401674F46DC7B81F7D40BB3CC x64\pterm.exe +SHA1 26DF7AABD714312E8FA0D08104E978CB6CA10733 x64\putty.exe +SHA1 F5C6F303E3E5567386FCC170CA3531A4855025D8 x64\puttygen.exe +SHA1 366A82861A856CCECEC6DD2C6CC3260EB99DA38A x64\puttyimp.exe +SHA1 7A7F54B8CC38ED65213EEB818422CC60895B2E3B x64\puttytel.exe +SHA1 C801DBB50198312869137C8A06C7D1237F1B480F x86\pageant.exe +SHA1 07B1FE0351D7539610112A050CFB507B3247CC17 x86\plink.exe +SHA1 52647F00B73A1BD9C9501CA6352AC066F77FA719 x86\pscp.exe +SHA1 4B02BB575BA1546AB20C94CB179AB01E46455BD3 x86\psftp.exe +SHA1 94B9924730557F8512CFD91402D71CFE359AE17E x86\pterm.exe +SHA1 584525008C2959E1C0842234186D6C2CC4907D69 x86\putty.exe +SHA1 50A7E211F164C35B35EB6A9F651A8B7DA6A7F84E x86\puttygen.exe +SHA1 02E926581448AD1AB4FEE3503332D5C9FFA7C87E x86\puttyimp.exe +SHA1 DA9530ED3B209FE3BA35708E75D904BB9EFF8F7A x86\puttytel.exe +SHA1 3899AFDB6B0F0C959C672BF1A53404BD4E397FB7 puttycac-0.79-installer.msi +SHA1 BBC476CF0BB72B1C6D4F32DB670DE2B2A16E6CFE puttycac-0.79.zip +SHA1 C83013711564CBB2419C6F0E8F32623E0470E3DC puttycac-64bit-0.79-installer.msi +SHA1 D101C8A9D2488E139AC8A385161834AB9DBEFDA2 puttycac-64bit-0.79.zip Algorithm Hash Path --------- ---- ---- -MD5 6CE055801AA78A16651DF994EA7FA989 x64\pageant.exe -MD5 9AA88858A1E0480FF2F8AA53939E4EF3 x64\plink.exe -MD5 CC4D6265A9D7DB05B9535C0C6C482F4A x64\pscp.exe -MD5 88C393D3E45E760D23247A81FD42EA82 x64\psftp.exe -MD5 635152540647A03106E5796739DA1336 x64\pterm.exe -MD5 86CD921032BDE10210F7D51002645094 x64\putty.exe -MD5 AAC9AADC2B5F0BCB056D14AF0092449F x64\puttygen.exe -MD5 97A404FB06A16E7DDC1F62658820DB24 x64\puttyimp.exe -MD5 30782E6E49099AFF0ED0C56E70FBFFFC x64\puttytel.exe -MD5 D5F6049CFE46F5D810A88A8F15760CE1 x86\pageant.exe -MD5 875E519BFB4DE85FAE1885BB62A1C2D1 x86\plink.exe -MD5 127DA5975D805C4A8F73B59183A83F71 x86\pscp.exe -MD5 12D14F087DC6247CDF532DD68CFFC2F1 x86\psftp.exe -MD5 33372D25F64E2B2376BCAEB850907BAE x86\pterm.exe -MD5 C9488632A4B1138F5B7F7357AFC1667C x86\putty.exe -MD5 7F76007D31FFC003404066A38F80E62A x86\puttygen.exe -MD5 ECD0E9B02B632B620C02DF81CB9BF20C x86\puttyimp.exe -MD5 824DFA9ABA9BBC337E19DD57017891E6 x86\puttytel.exe -MD5 651A006CD9652A674A501467C692521C puttycac-0.78u1-installer.msi -MD5 3006E967CE669779DD55BAF6415B75C9 puttycac-0.78u1.zip -MD5 64F936590343214418C715A6362CC913 puttycac-64bit-0.78u1-installer.msi -MD5 4EE2EEEAF6DAB69E2AB5905408C202D1 puttycac-64bit-0.78u1.zip +MD5 B42C43EE616270C167216FCCD5AB3C1A x64\pageant.exe +MD5 943259D6CA1F43EC9FD4107E864F7F67 x64\plink.exe +MD5 47D414E84376D792F5FB90B3F7AEA69F x64\pscp.exe +MD5 5ABDAC194DC511DF508C230F3891142F x64\psftp.exe +MD5 2ED85ACAA54B98D3087032B977BE172E x64\pterm.exe +MD5 C4BFF08219279104390F78D8C7C7645E x64\putty.exe +MD5 1AFE1BE7B086A4D6B3416CDF2C2D43ED x64\puttygen.exe +MD5 47A029AE85BF804AB70317D041A166F5 x64\puttyimp.exe +MD5 4CDC0D4684E56CD8DD128F0FF849363B x64\puttytel.exe +MD5 FA155FFEF6897BAB56CAE8CEF97F7A82 x86\pageant.exe +MD5 626B233FDCD5C057B673D43A0D4A18EE x86\plink.exe +MD5 FFD5F73335169F090FD8A64685E70BA8 x86\pscp.exe +MD5 6ED4E45FE3EE16951743720A195DEA7A x86\psftp.exe +MD5 9A74535AA8DCA6C1E99BAF280B41C2BE x86\pterm.exe +MD5 5A90291FF850F893CF146A4D84D16A19 x86\putty.exe +MD5 BCAD1E4C81A2012CC53E4A5F0B52993C x86\puttygen.exe +MD5 49A0E9E8C850FF1B50FAAA5906201EDE x86\puttyimp.exe +MD5 5568D86EC0533465CF49E9DDC98D089D x86\puttytel.exe +MD5 4FC491F22B2C5C6359616AD3F32C4DF0 puttycac-0.79-installer.msi +MD5 ABD1937226978881B1A336923FDBEF45 puttycac-0.79.zip +MD5 4CBA150DCA2FF1609EC248A30D2ED558 puttycac-64bit-0.79-installer.msi +MD5 8C85D645193D51C056AEBA804ACD4C50 puttycac-64bit-0.79.zip diff --git a/binaries/x64/pageant.exe b/binaries/x64/pageant.exe index e0d0947d..afd26add 100644 Binary files a/binaries/x64/pageant.exe and b/binaries/x64/pageant.exe differ diff --git a/binaries/x64/plink.exe b/binaries/x64/plink.exe index a5a21917..77a238d2 100644 Binary files a/binaries/x64/plink.exe and b/binaries/x64/plink.exe differ diff --git a/binaries/x64/pscp.exe b/binaries/x64/pscp.exe index 43232b7a..6bccd109 100644 Binary files a/binaries/x64/pscp.exe and b/binaries/x64/pscp.exe differ diff --git a/binaries/x64/psftp.exe b/binaries/x64/psftp.exe index 4f41affc..293812e7 100644 Binary files a/binaries/x64/psftp.exe and b/binaries/x64/psftp.exe differ diff --git a/binaries/x64/pterm.exe b/binaries/x64/pterm.exe index adba4bf7..602c6b5b 100644 Binary files a/binaries/x64/pterm.exe and b/binaries/x64/pterm.exe differ diff --git a/binaries/x64/putty.exe b/binaries/x64/putty.exe index c4a16b11..9b15e365 100644 Binary files a/binaries/x64/putty.exe and b/binaries/x64/putty.exe differ diff --git a/binaries/x64/puttygen.exe b/binaries/x64/puttygen.exe index 2a2d82a5..86f806b0 100644 Binary files a/binaries/x64/puttygen.exe and b/binaries/x64/puttygen.exe differ diff --git a/binaries/x64/puttyimp.exe b/binaries/x64/puttyimp.exe index f4eb5701..d8a5b450 100644 Binary files a/binaries/x64/puttyimp.exe and b/binaries/x64/puttyimp.exe differ diff --git a/binaries/x64/puttytel.exe b/binaries/x64/puttytel.exe index dfe73bf3..eb7b885a 100644 Binary files a/binaries/x64/puttytel.exe and b/binaries/x64/puttytel.exe differ diff --git a/binaries/x86/pageant.exe b/binaries/x86/pageant.exe index 0aecc665..e538a80a 100644 Binary files a/binaries/x86/pageant.exe and b/binaries/x86/pageant.exe differ diff --git a/binaries/x86/plink.exe b/binaries/x86/plink.exe index 15532dac..dab5386d 100644 Binary files a/binaries/x86/plink.exe and b/binaries/x86/plink.exe differ diff --git a/binaries/x86/pscp.exe b/binaries/x86/pscp.exe index 9cee94e0..f6f20ac7 100644 Binary files a/binaries/x86/pscp.exe and b/binaries/x86/pscp.exe differ diff --git a/binaries/x86/psftp.exe b/binaries/x86/psftp.exe index 49011c2a..01fa8c25 100644 Binary files a/binaries/x86/psftp.exe and b/binaries/x86/psftp.exe differ diff --git a/binaries/x86/pterm.exe b/binaries/x86/pterm.exe index 2b3eaaaa..be993777 100644 Binary files a/binaries/x86/pterm.exe and b/binaries/x86/pterm.exe differ diff --git a/binaries/x86/putty.exe b/binaries/x86/putty.exe index fe81ac14..395a823a 100644 Binary files a/binaries/x86/putty.exe and b/binaries/x86/putty.exe differ diff --git a/binaries/x86/puttygen.exe b/binaries/x86/puttygen.exe index 1966cbaa..59edc9b2 100644 Binary files a/binaries/x86/puttygen.exe and b/binaries/x86/puttygen.exe differ diff --git a/binaries/x86/puttyimp.exe b/binaries/x86/puttyimp.exe index af76a8e5..edb32dd6 100644 Binary files a/binaries/x86/puttyimp.exe and b/binaries/x86/puttyimp.exe differ diff --git a/binaries/x86/puttytel.exe b/binaries/x86/puttytel.exe index 3dd3a297..ea1989fe 100644 Binary files a/binaries/x86/puttytel.exe and b/binaries/x86/puttytel.exe differ diff --git a/code/Buildscr b/code/Buildscr index 02de6432..826ad321 100644 --- a/code/Buildscr +++ b/code/Buildscr @@ -35,7 +35,7 @@ module putty ifeq "$(RELEASE)" "" set Ndate $(!builddate) ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -pe 's/(....)(..)(..)/$$1-$$2-$$3/' > date ifneq "$(Ndate)" "" read Date date -set Epoch 18293 # update this at every release +set Epoch 18595 # update this at every release ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -ne 'use Time::Local; /(....)(..)(..)/ and print timegm(0,0,0,$$3,$$2-1,$$1) / 86400 - $(Epoch)' > days ifneq "$(Ndate)" "" read Days days @@ -270,12 +270,16 @@ in putty/windows do mkdir deliver in putty/windows do for subdir in build32 abuild32 build64 abuild64 buildold; do mkdir deliver/$$subdir; done in putty/windows do while read x; do mv $$x deliver/$$x; mv $$x.map deliver/$$x.map; done < to-sign.txt -in putty/windows/deliver/buildold do zip -k -j putty.zip `ls *.exe | grep -vxE '^(puttytel|pterm).exe'` ../../../docbuild/putty.chm -in putty/windows/deliver/build32 do zip -k -j putty.zip `ls *.exe | grep -vxE '^(puttytel|pterm).exe'` ../../../docbuild/putty.chm -in putty/windows/deliver/build64 do zip -k -j putty.zip `ls *.exe | grep -vxE '^(puttytel|pterm).exe'` ../../../docbuild/putty.chm -in putty/windows/deliver/abuild32 do zip -k -j putty.zip `ls *.exe | grep -vxE '^(puttytel|pterm).exe'` ../../../docbuild/putty.chm -in putty/windows/deliver/abuild64 do zip -k -j putty.zip `ls *.exe | grep -vxE '^(puttytel|pterm).exe'` ../../../docbuild/putty.chm -in docbuild/html do zip puttydoc.zip *.html +# Make putty.zip in each Windows directory. We add the files one by +# one, because 'zip' exits with a success status if it managed to add +# _at least one_ of the input files, even if another didn't exist. So +# doing them one at a time gets us proper error reporting. +in putty/windows/deliver/buildold do for file in *.exe ../../../../docbuild/putty.chm; do case "$$file" in puttytel.exe | pterm.exe) ;; *) zip -k -j putty.zip "$$file";; esac; done +in putty/windows/deliver/build32 do for file in *.exe ../../../../docbuild/putty.chm; do case "$$file" in puttytel.exe | pterm.exe) ;; *) zip -k -j putty.zip "$$file";; esac; done +in putty/windows/deliver/build64 do for file in *.exe ../../../../docbuild/putty.chm; do case "$$file" in puttytel.exe | pterm.exe) ;; *) zip -k -j putty.zip "$$file";; esac; done +in putty/windows/deliver/abuild32 do for file in *.exe ../../../../docbuild/putty.chm; do case "$$file" in puttytel.exe | pterm.exe) ;; *) zip -k -j putty.zip "$$file";; esac; done +in putty/windows/deliver/abuild64 do for file in *.exe ../../../../docbuild/putty.chm; do case "$$file" in puttytel.exe | pterm.exe) ;; *) zip -k -j putty.zip "$$file";; esac; done +in docbuild/html do for file in *.html; do case "$$file" in puttytel.exe | pterm.exe) ;; *) zip puttydoc.zip "$$file";; esac; done # Deliver the actual PuTTY release directory into a subdir `putty'. deliver putty/windows/deliver/buildold/*.exe putty/w32old/$@ diff --git a/code/LICENCE b/code/LICENCE index e90600eb..577526ed 100644 --- a/code/LICENCE +++ b/code/LICENCE @@ -1,4 +1,4 @@ -PuTTY CAC is copyright 1997-2022 Simon Tatham & Bryan Berns. +PuTTY is copyright 1997-2023 Simon Tatham & Bryan Berns. Portions copyright Robert de Bath, Joris van Rantwijk, Delian Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry, diff --git a/code/cmake/cmake.h.in b/code/cmake/cmake.h.in index 5ad32515..3882148b 100644 --- a/code/cmake/cmake.h.in +++ b/code/cmake/cmake.h.in @@ -1,6 +1,7 @@ #cmakedefine NO_IPV6 #cmakedefine NO_GSSAPI #cmakedefine STATIC_GSSAPI +#cmakedefine NO_SCROLLBACK_COMPRESSION #cmakedefine NO_MULTIMON diff --git a/code/cmake/setup.cmake b/code/cmake/setup.cmake index 7a650771..d81d5a5c 100644 --- a/code/cmake/setup.cmake +++ b/code/cmake/setup.cmake @@ -15,6 +15,12 @@ set(PUTTY_FUZZING OFF CACHE BOOL "Build PuTTY binaries suitable for fuzzing, NOT FOR REAL USE") set(PUTTY_COVERAGE OFF CACHE BOOL "Build PuTTY binaries suitable for code coverage analysis") +set(PUTTY_COMPRESS_SCROLLBACK ON + # This is always on in production versions of PuTTY, but downstreams + # of the code have been known to find it a better tradeoff to + # disable it. So there's a #ifdef in terminal.c, and a cmake option + # to enable that ifdef just in case it needs testing or debugging. + CACHE BOOL "Store terminal scrollback in compressed form") set(STRICT OFF CACHE BOOL "Enable extra compiler warnings and make them errors") @@ -108,6 +114,9 @@ endif() if(PUTTY_FUZZING) add_compile_definitions(FUZZING) endif() +if(NOT PUTTY_COMPRESS_SCROLLBACK) + set(NO_SCROLLBACK_COMPRESSION ON) +endif() if(PUTTY_COVERAGE) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage -g ") endif() diff --git a/code/config.c b/code/config.c index da5c80b7..811a94be 100644 --- a/code/config.c +++ b/code/config.c @@ -3452,7 +3452,8 @@ void setup_config_box(struct controlbox *b, bool midsession, FILTER_KEY_FILES, false, "Select private key file", HELPCTX(ssh_auth_privkey), conf_filesel_handler, I(CONF_keyfile)); - ctrl_filesel(s, "Certificate to use with the private key:", 'e', + ctrl_filesel(s, "Certificate to use with the private key " + "(optional):", 'e', NULL, false, "Select certificate file", HELPCTX(ssh_auth_cert), conf_filesel_handler, I(CONF_detached_cert)); @@ -3708,6 +3709,10 @@ void setup_config_box(struct controlbox *b, bool midsession, s = ctrl_getset(b, "Connection/SSH/More bugs", "main", "Detection of known bugs in SSH servers"); + ctrl_droplist(s, "Old RSA/SHA2 cert algorithm naming", 'l', 20, + HELPCTX(ssh_bugs_rsa_sha2_cert_userauth), + sshbug_handler, + I(CONF_sshbug_rsa_sha2_cert_userauth)); ctrl_droplist(s, "Requires padding on SSH-2 RSA signatures", 'p', 20, HELPCTX(ssh_bugs_rsapad2), sshbug_handler, I(CONF_sshbug_rsapad2)); diff --git a/code/contrib/authplugin-example.py b/code/contrib/authplugin-example.py index 395bd2c8..5932ad1a 100644 --- a/code/contrib/authplugin-example.py +++ b/code/contrib/authplugin-example.py @@ -3,6 +3,8 @@ # This is a demonstration example of how to write a # keyboard-interactive authentication helper plugin using PuTTY's # protocol for involving it in SSH connection setup. +# The protocol, and the purpose of an authentication plugin, is +# fully documented in an appendix to the PuTTY manual. import io import os @@ -134,7 +136,8 @@ def protocol(): hostname = rd_string_utf8(msg) port = rd_uint32(msg) username = rd_string_utf8(msg) - print(f"Got hostname {hostname!r}, port {port!r}", file=sys.stderr) + print(f"Got hostname {hostname!r}, port {port!r}", file=sys.stderr, + flush=True) # Decide which protocol version we're speaking. version = min(their_version, our_max_version) @@ -279,7 +282,7 @@ def protocol(): # Demonstration write to stderr, to prove that it shows up in PuTTY's # Event Log. -print("Hello from test plugin's stderr", file=sys.stderr) +print("Hello from test plugin's stderr", file=sys.stderr, flush=True) try: protocol() diff --git a/code/contrib/libfido2/include/cbor.h b/code/contrib/libfido2/include/cbor.h index d490e6c5..f3860107 100644 --- a/code/contrib/libfido2/include/cbor.h +++ b/code/contrib/libfido2/include/cbor.h @@ -43,17 +43,17 @@ extern "C" { * @return **new** CBOR item or `NULL` on failure. In that case, \p result * contains location and description of the error. */ -CBOR_EXPORT cbor_item_t* cbor_load(cbor_data source, size_t source_size, - struct cbor_load_result* result); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t* cbor_load( + cbor_data source, size_t source_size, struct cbor_load_result* result); -/** Deep copy of an item +/** Take a deep copy of an item * * All the reference counts in the new structure are set to one. * * @param item[borrow] item to copy - * @return **new** CBOR deep copy + * @return **new** CBOR deep copy or `NULL` on failure. */ -CBOR_EXPORT cbor_item_t* cbor_copy(cbor_item_t* item); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t* cbor_copy(cbor_item_t* item); #if CBOR_PRETTY_PRINTER #include diff --git a/code/contrib/libfido2/include/cbor/arrays.h b/code/contrib/libfido2/include/cbor/arrays.h index 740e9b16..cc5a7c01 100644 --- a/code/contrib/libfido2/include/cbor/arrays.h +++ b/code/contrib/libfido2/include/cbor/arrays.h @@ -20,6 +20,7 @@ extern "C" { * @param item[borrow] An array * @return The number of members */ +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_array_size(const cbor_item_t* item); /** Get the size of the allocated storage @@ -27,6 +28,7 @@ CBOR_EXPORT size_t cbor_array_size(const cbor_item_t* item); * @param item[borrow] An array * @return The size of the allocated storage (number of items) */ +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_array_allocated(const cbor_item_t* item); /** Get item by index @@ -35,6 +37,7 @@ CBOR_EXPORT size_t cbor_array_allocated(const cbor_item_t* item); * @param index The index * @return **incref** The item, or `NULL` in case of boundary violation */ +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t* cbor_array_get(const cbor_item_t* item, size_t index); /** Set item by index @@ -47,6 +50,7 @@ CBOR_EXPORT cbor_item_t* cbor_array_get(const cbor_item_t* item, size_t index); * @param index The index, first item is 0. * @return true on success, false on allocation failure. */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_array_set(cbor_item_t* item, size_t index, cbor_item_t* value); @@ -59,6 +63,7 @@ CBOR_EXPORT bool cbor_array_set(cbor_item_t* item, size_t index, * @param index The index, first item is 0. * @return true on success, false on allocation failure. */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_array_replace(cbor_item_t* item, size_t index, cbor_item_t* value); @@ -67,6 +72,7 @@ CBOR_EXPORT bool cbor_array_replace(cbor_item_t* item, size_t index, * @param item[borrow] An array * @return Is the array definite? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_array_is_definite(const cbor_item_t* item); /** Is the array indefinite? @@ -74,6 +80,7 @@ CBOR_EXPORT bool cbor_array_is_definite(const cbor_item_t* item); * @param item[borrow] An array * @return Is the array indefinite? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_array_is_indefinite(const cbor_item_t* item); /** Get the array contents @@ -84,6 +91,7 @@ CBOR_EXPORT bool cbor_array_is_indefinite(const cbor_item_t* item); * @param item[borrow] An array * @return #cbor_array_size items */ +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t** cbor_array_handle(const cbor_item_t* item); /** Create new definite array @@ -91,13 +99,15 @@ CBOR_EXPORT cbor_item_t** cbor_array_handle(const cbor_item_t* item); * @param size Number of slots to preallocate * @return **new** array or `NULL` upon malloc failure */ +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t* cbor_new_definite_array(size_t size); /** Create new indefinite array * * @return **new** array or `NULL` upon malloc failure */ -CBOR_EXPORT cbor_item_t* cbor_new_indefinite_array(); +_CBOR_NODISCARD +CBOR_EXPORT cbor_item_t* cbor_new_indefinite_array(void); /** Append to the end * @@ -108,6 +118,7 @@ CBOR_EXPORT cbor_item_t* cbor_new_indefinite_array(); * @param pushee[incref] The item to push * @return true on success, false on failure */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_array_push(cbor_item_t* array, cbor_item_t* pushee); #ifdef __cplusplus diff --git a/code/contrib/libfido2/include/cbor/bytestrings.h b/code/contrib/libfido2/include/cbor/bytestrings.h index 1942896f..fecaee92 100644 --- a/code/contrib/libfido2/include/cbor/bytestrings.h +++ b/code/contrib/libfido2/include/cbor/bytestrings.h @@ -28,6 +28,7 @@ extern "C" { * @param item[borrow] a definite bytestring * @return length of the binary data. Zero if no chunk has been attached yet */ +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_bytestring_length(const cbor_item_t *item); /** Is the byte string definite? @@ -35,6 +36,7 @@ CBOR_EXPORT size_t cbor_bytestring_length(const cbor_item_t *item); * @param item[borrow] a byte string * @return Is the byte string definite? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_bytestring_is_definite(const cbor_item_t *item); /** Is the byte string indefinite? @@ -42,6 +44,7 @@ CBOR_EXPORT bool cbor_bytestring_is_definite(const cbor_item_t *item); * @param item[borrow] a byte string * @return Is the byte string indefinite? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_bytestring_is_indefinite(const cbor_item_t *item); /** Get the handle to the binary data @@ -53,6 +56,7 @@ CBOR_EXPORT bool cbor_bytestring_is_indefinite(const cbor_item_t *item); * @return The address of the binary data. `NULL` if no data have been assigned * yet. */ +_CBOR_NODISCARD CBOR_EXPORT cbor_mutable_data cbor_bytestring_handle(const cbor_item_t *item); /** Set the handle to the binary data @@ -74,6 +78,7 @@ CBOR_EXPORT void cbor_bytestring_set_handle( * @param item[borrow] A indefinite byte string * @return array of #cbor_bytestring_chunk_count definite bytestrings */ +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t **cbor_bytestring_chunks_handle( const cbor_item_t *item); @@ -82,6 +87,7 @@ CBOR_EXPORT cbor_item_t **cbor_bytestring_chunks_handle( * @param item[borrow] A indefinite bytestring * @return The chunk count. 0 for freshly created items. */ +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_bytestring_chunk_count(const cbor_item_t *item); /** Appends a chunk to the bytestring @@ -95,6 +101,7 @@ CBOR_EXPORT size_t cbor_bytestring_chunk_count(const cbor_item_t *item); * @return true on success, false on realloc failure. In that case, the refcount * of `chunk` is not increased and the `item` is left intact. */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_bytestring_add_chunk(cbor_item_t *item, cbor_item_t *chunk); @@ -104,7 +111,8 @@ CBOR_EXPORT bool cbor_bytestring_add_chunk(cbor_item_t *item, * * @return **new** definite bytestring. `NULL` on malloc failure. */ -CBOR_EXPORT cbor_item_t *cbor_new_definite_bytestring(); +_CBOR_NODISCARD +CBOR_EXPORT cbor_item_t *cbor_new_definite_bytestring(void); /** Creates a new indefinite byte string * @@ -112,7 +120,8 @@ CBOR_EXPORT cbor_item_t *cbor_new_definite_bytestring(); * * @return **new** indefinite bytestring. `NULL` on malloc failure. */ -CBOR_EXPORT cbor_item_t *cbor_new_indefinite_bytestring(); +_CBOR_NODISCARD +CBOR_EXPORT cbor_item_t *cbor_new_indefinite_bytestring(void); /** Creates a new byte string and initializes it * @@ -123,6 +132,7 @@ CBOR_EXPORT cbor_item_t *cbor_new_indefinite_bytestring(); * @return A **new** byte string with content `handle`. `NULL` on malloc * failure. */ +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_bytestring(cbor_data handle, size_t length); #ifdef __cplusplus diff --git a/code/contrib/libfido2/include/cbor/common.h b/code/contrib/libfido2/include/cbor/common.h index f4419e5e..48948c59 100644 --- a/code/contrib/libfido2/include/cbor/common.h +++ b/code/contrib/libfido2/include/cbor/common.h @@ -56,10 +56,24 @@ static const uint8_t cbor_patch_version = CBOR_PATCH_VERSION; fprintf(stderr, "%s:%d:%s(): " fmt, __FILE__, __LINE__, __func__, \ __VA_ARGS__); \ } while (0) +extern bool _cbor_enable_assert; +// Like `assert`, but can be dynamically disabled in tests to allow testing +// invalid behaviors. +#define CBOR_ASSERT(e) assert(!_cbor_enable_assert || (e)) +#define _CBOR_TEST_DISABLE_ASSERT(block) \ + do { \ + _cbor_enable_assert = false; \ + block _cbor_enable_assert = true; \ + } while (0) #else #define debug_print(fmt, ...) \ do { \ } while (0) +#define CBOR_ASSERT(e) +#define _CBOR_TEST_DISABLE_ASSERT(block) \ + do { \ + block \ + } while (0) #endif #define _CBOR_TO_STR_(x) #x @@ -67,12 +81,25 @@ static const uint8_t cbor_patch_version = CBOR_PATCH_VERSION; #ifdef __GNUC__ #define _CBOR_UNUSED(x) __attribute__((__unused__)) x +// TODO(https://github.com/PJK/libcbor/issues/247): Prefer [[nodiscard]] if +// available +#define _CBOR_NODISCARD __attribute__((warn_unused_result)) #elif defined(_MSC_VER) #define _CBOR_UNUSED(x) __pragma(warning(suppress : 4100 4101)) x +#define _CBOR_NODISCARD #else #define _CBOR_UNUSED(x) x +#define _CBOR_NODISCARD #endif +typedef void *(*_cbor_malloc_t)(size_t); +typedef void *(*_cbor_realloc_t)(void *, size_t); +typedef void (*_cbor_free_t)(void *); + +CBOR_EXPORT extern _cbor_malloc_t _cbor_malloc; +CBOR_EXPORT extern _cbor_realloc_t _cbor_realloc; +CBOR_EXPORT extern _cbor_free_t _cbor_free; + // Macro to short-circuit builder functions when memory allocation fails #define _CBOR_NOTNULL(cbor_item) \ do { \ @@ -85,24 +112,12 @@ static const uint8_t cbor_patch_version = CBOR_PATCH_VERSION; #define _CBOR_DEPENDENT_NOTNULL(cbor_item, pointer) \ do { \ if (pointer == NULL) { \ - _CBOR_FREE(cbor_item); \ + _cbor_free(cbor_item); \ return NULL; \ } \ } while (0) -#if CBOR_CUSTOM_ALLOC - -typedef void *(*_cbor_malloc_t)(size_t); -typedef void *(*_cbor_realloc_t)(void *, size_t); -typedef void (*_cbor_free_t)(void *); - -CBOR_EXPORT extern _cbor_malloc_t _cbor_malloc; -CBOR_EXPORT extern _cbor_realloc_t _cbor_realloc; -CBOR_EXPORT extern _cbor_free_t _cbor_free; - /** Sets the memory management routines to use. - * - * Only available when `CBOR_CUSTOM_ALLOC` is truthy * * \rst * .. warning:: This function modifies the global state and should therefore be @@ -123,18 +138,6 @@ CBOR_EXPORT void cbor_set_allocs(_cbor_malloc_t custom_malloc, _cbor_realloc_t custom_realloc, _cbor_free_t custom_free); -#define _CBOR_MALLOC _cbor_malloc -#define _CBOR_REALLOC _cbor_realloc -#define _CBOR_FREE _cbor_free - -#else - -#define _CBOR_MALLOC malloc -#define _CBOR_REALLOC realloc -#define _CBOR_FREE free - -#endif - /* * ============================================================================ * Type manipulation @@ -146,6 +149,7 @@ CBOR_EXPORT void cbor_set_allocs(_cbor_malloc_t custom_malloc, * @param item[borrow] * @return The type */ +_CBOR_NODISCARD CBOR_EXPORT cbor_type cbor_typeof( const cbor_item_t *item); /* Will be inlined iff link-time opt is enabled */ @@ -155,48 +159,56 @@ CBOR_EXPORT cbor_type cbor_typeof( * @param item[borrow] the item * @return Is the item an #CBOR_TYPE_UINT? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_isa_uint(const cbor_item_t *item); /** Does the item have the appropriate major type? * @param item[borrow] the item * @return Is the item a #CBOR_TYPE_NEGINT? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_isa_negint(const cbor_item_t *item); /** Does the item have the appropriate major type? * @param item[borrow] the item * @return Is the item a #CBOR_TYPE_BYTESTRING? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_isa_bytestring(const cbor_item_t *item); /** Does the item have the appropriate major type? * @param item[borrow] the item * @return Is the item a #CBOR_TYPE_STRING? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_isa_string(const cbor_item_t *item); /** Does the item have the appropriate major type? * @param item[borrow] the item * @return Is the item an #CBOR_TYPE_ARRAY? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_isa_array(const cbor_item_t *item); /** Does the item have the appropriate major type? * @param item[borrow] the item * @return Is the item a #CBOR_TYPE_MAP? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_isa_map(const cbor_item_t *item); /** Does the item have the appropriate major type? * @param item[borrow] the item * @return Is the item a #CBOR_TYPE_TAG? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_isa_tag(const cbor_item_t *item); /** Does the item have the appropriate major type? * @param item[borrow] the item * @return Is the item a #CBOR_TYPE_FLOAT_CTRL? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_isa_float_ctrl(const cbor_item_t *item); /* Practical types with respect to their semantics (but not tag values) */ @@ -205,18 +217,21 @@ CBOR_EXPORT bool cbor_isa_float_ctrl(const cbor_item_t *item); * @param item[borrow] the item * @return Is the item an integer, either positive or negative? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_is_int(const cbor_item_t *item); /** Is the item an a floating point number? * @param item[borrow] the item * @return Is the item a floating point number? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_is_float(const cbor_item_t *item); /** Is the item an a boolean? * @param item[borrow] the item * @return Is the item a boolean? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_is_bool(const cbor_item_t *item); /** Does this item represent `null` @@ -229,6 +244,7 @@ CBOR_EXPORT bool cbor_is_bool(const cbor_item_t *item); * @param item[borrow] the item * @return Is the item (CBOR logical) null? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_is_null(const cbor_item_t *item); /** Does this item represent `undefined` @@ -241,6 +257,7 @@ CBOR_EXPORT bool cbor_is_null(const cbor_item_t *item); * @param item[borrow] the item * @return Is the item (CBOR logical) undefined? */ +_CBOR_NODISCARD CBOR_EXPORT bool cbor_is_undef(const cbor_item_t *item); /* @@ -285,6 +302,7 @@ CBOR_EXPORT void cbor_intermediate_decref(cbor_item_t *item); * @param item[borrow] the item * @return the reference count */ +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_refcount(const cbor_item_t *item); /** Provides CPP-like move construct @@ -302,6 +320,7 @@ CBOR_EXPORT size_t cbor_refcount(const cbor_item_t *item); * @param item[take] the item * @return the item with reference count decreased by one */ +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_move(cbor_item_t *item); #ifdef __cplusplus diff --git a/code/contrib/libfido2/include/cbor/configuration.h b/code/contrib/libfido2/include/cbor/configuration.h index cf27a379..51ec90b2 100644 --- a/code/contrib/libfido2/include/cbor/configuration.h +++ b/code/contrib/libfido2/include/cbor/configuration.h @@ -2,10 +2,9 @@ #define LIBCBOR_CONFIGURATION_H #define CBOR_MAJOR_VERSION 0 -#define CBOR_MINOR_VERSION 9 -#define CBOR_PATCH_VERSION 0 +#define CBOR_MINOR_VERSION 10 +#define CBOR_PATCH_VERSION 1 -#define CBOR_CUSTOM_ALLOC 0 #define CBOR_BUFFER_GROWTH 2 #define CBOR_MAX_STACK_SIZE 2048 #define CBOR_PRETTY_PRINTER 1 diff --git a/code/contrib/libfido2/include/cbor/encoding.h b/code/contrib/libfido2/include/cbor/encoding.h index 7446e145..bcc04f8a 100644 --- a/code/contrib/libfido2/include/cbor/encoding.h +++ b/code/contrib/libfido2/include/cbor/encoding.h @@ -27,50 +27,76 @@ extern "C" { * case it is not modified). */ -CBOR_EXPORT size_t cbor_encode_uint8(uint8_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_uint8(uint8_t, unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_uint16(uint16_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_uint16(uint16_t, unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_uint32(uint32_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_uint32(uint32_t, unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_uint64(uint64_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_uint64(uint64_t, unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_uint(uint64_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_uint(uint64_t, unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_negint8(uint8_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_negint8(uint8_t, unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_negint16(uint16_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_negint16(uint16_t, + unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_negint32(uint32_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_negint32(uint32_t, + unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_negint64(uint64_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_negint64(uint64_t, + unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_negint(uint64_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_negint(uint64_t, unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_bytestring_start(size_t, unsigned char *, - size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_bytestring_start(size_t, + unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_indef_bytestring_start(unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t +cbor_encode_indef_bytestring_start(unsigned char *, size_t); -CBOR_EXPORT size_t cbor_encode_string_start(size_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_string_start(size_t, + unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_indef_string_start(unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t +cbor_encode_indef_string_start(unsigned char *, size_t); -CBOR_EXPORT size_t cbor_encode_array_start(size_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_array_start(size_t, + unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_indef_array_start(unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t +cbor_encode_indef_array_start(unsigned char *, size_t); -CBOR_EXPORT size_t cbor_encode_map_start(size_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_map_start(size_t, + unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_indef_map_start(unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_indef_map_start(unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_tag(uint64_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_tag(uint64_t, unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_bool(bool, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_bool(bool, unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_null(unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_null(unsigned char *, size_t); -CBOR_EXPORT size_t cbor_encode_undef(unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_undef(unsigned char *, size_t); /** Encodes a half-precision float * @@ -93,15 +119,19 @@ CBOR_EXPORT size_t cbor_encode_undef(unsigned char *, size_t); * - In all other cases, the sign bit, the exponent, and 10 most significant * bits of the significand are kept */ -CBOR_EXPORT size_t cbor_encode_half(float, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_half(float, unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_single(float, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_single(float, unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_double(double, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_double(double, unsigned char *, + size_t); -CBOR_EXPORT size_t cbor_encode_break(unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_break(unsigned char *, size_t); -CBOR_EXPORT size_t cbor_encode_ctrl(uint8_t, unsigned char *, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_encode_ctrl(uint8_t, unsigned char *, + size_t); #ifdef __cplusplus } diff --git a/code/contrib/libfido2/include/cbor/floats_ctrls.h b/code/contrib/libfido2/include/cbor/floats_ctrls.h index 4b1ce594..70655367 100644 --- a/code/contrib/libfido2/include/cbor/floats_ctrls.h +++ b/code/contrib/libfido2/include/cbor/floats_ctrls.h @@ -26,14 +26,16 @@ extern "C" { * @param item[borrow] A float or ctrl item * @return Is this a ctrl value? */ -CBOR_EXPORT bool cbor_float_ctrl_is_ctrl(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT bool cbor_float_ctrl_is_ctrl( + const cbor_item_t *item); /** Get the float width * * @param item[borrow] A float or ctrl item * @return The width. */ -CBOR_EXPORT cbor_float_width cbor_float_get_width(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT cbor_float_width +cbor_float_get_width(const cbor_item_t *item); /** Get a half precision float * @@ -42,7 +44,8 @@ CBOR_EXPORT cbor_float_width cbor_float_get_width(const cbor_item_t *item); * @param[borrow] A half precision float * @return half precision value */ -CBOR_EXPORT float cbor_float_get_float2(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT float cbor_float_get_float2( + const cbor_item_t *item); /** Get a single precision float * @@ -51,7 +54,8 @@ CBOR_EXPORT float cbor_float_get_float2(const cbor_item_t *item); * @param[borrow] A single precision float * @return single precision value */ -CBOR_EXPORT float cbor_float_get_float4(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT float cbor_float_get_float4( + const cbor_item_t *item); /** Get a double precision float * @@ -60,7 +64,8 @@ CBOR_EXPORT float cbor_float_get_float4(const cbor_item_t *item); * @param[borrow] A double precision float * @return double precision value */ -CBOR_EXPORT double cbor_float_get_float8(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT double cbor_float_get_float8( + const cbor_item_t *item); /** Get the float value represented as double * @@ -69,14 +74,15 @@ CBOR_EXPORT double cbor_float_get_float8(const cbor_item_t *item); * @param[borrow] Any float * @return double precision value */ -CBOR_EXPORT double cbor_float_get_float(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT double cbor_float_get_float( + const cbor_item_t *item); /** Get value from a boolean ctrl item * * @param item[borrow] A ctrl item * @return boolean value */ -CBOR_EXPORT bool cbor_get_bool(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT bool cbor_get_bool(const cbor_item_t *item); /** Constructs a new ctrl item * @@ -84,7 +90,7 @@ CBOR_EXPORT bool cbor_get_bool(const cbor_item_t *item); * * @return **new** 1B ctrl or `NULL` upon memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_new_ctrl(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_ctrl(void); /** Constructs a new float item * @@ -92,7 +98,7 @@ CBOR_EXPORT cbor_item_t *cbor_new_ctrl(); * * @return **new** 2B float or `NULL` upon memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_new_float2(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_float2(void); /** Constructs a new float item * @@ -100,7 +106,7 @@ CBOR_EXPORT cbor_item_t *cbor_new_float2(); * * @return **new** 4B float or `NULL` upon memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_new_float4(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_float4(void); /** Constructs a new float item * @@ -108,26 +114,26 @@ CBOR_EXPORT cbor_item_t *cbor_new_float4(); * * @return **new** 8B float or `NULL` upon memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_new_float8(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_float8(void); /** Constructs new null ctrl item * * @return **new** null ctrl item or `NULL` upon memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_new_null(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_null(void); /** Constructs new undef ctrl item * * @return **new** undef ctrl item or `NULL` upon memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_new_undef(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_undef(void); /** Constructs new boolean ctrl item * * @param value The value to use * @return **new** boolean ctrl item or `NULL` upon memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_build_bool(bool value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_bool(bool value); /** Assign a control value * @@ -175,35 +181,35 @@ CBOR_EXPORT void cbor_set_float8(cbor_item_t *item, double value); * @param item[borrow] A ctrl item * @return the simple value */ -CBOR_EXPORT uint8_t cbor_ctrl_value(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT uint8_t cbor_ctrl_value(const cbor_item_t *item); /** Constructs a new float * * @param value the value to use * @return **new** float */ -CBOR_EXPORT cbor_item_t *cbor_build_float2(float value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_float2(float value); /** Constructs a new float * * @param value the value to use * @return **new** float or `NULL` upon memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_build_float4(float value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_float4(float value); /** Constructs a new float * * @param value the value to use * @return **new** float or `NULL` upon memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_build_float8(double value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_float8(double value); /** Constructs a ctrl item * * @param value the value to use * @return **new** ctrl item or `NULL` upon memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_build_ctrl(uint8_t value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_ctrl(uint8_t value); #ifdef __cplusplus } diff --git a/code/contrib/libfido2/include/cbor/internal/builder_callbacks.h b/code/contrib/libfido2/include/cbor/internal/builder_callbacks.h index 4776435a..7893960e 100644 --- a/code/contrib/libfido2/include/cbor/internal/builder_callbacks.h +++ b/code/contrib/libfido2/include/cbor/internal/builder_callbacks.h @@ -26,6 +26,10 @@ struct _cbor_decoder_context { struct _cbor_stack *stack; }; +/** Internal helper: Append item to the top of the stack while handling errors. + */ +void _cbor_builder_append(cbor_item_t *item, struct _cbor_decoder_context *ctx); + void cbor_builder_uint8_callback(void *, uint8_t); void cbor_builder_uint16_callback(void *, uint16_t); diff --git a/code/contrib/libfido2/include/cbor/internal/encoders.h b/code/contrib/libfido2/include/cbor/internal/encoders.h index 14ad5015..7eadb712 100644 --- a/code/contrib/libfido2/include/cbor/internal/encoders.h +++ b/code/contrib/libfido2/include/cbor/internal/encoders.h @@ -14,18 +14,23 @@ extern "C" { #endif +_CBOR_NODISCARD size_t _cbor_encode_uint8(uint8_t value, unsigned char *buffer, size_t buffer_size, uint8_t offset); +_CBOR_NODISCARD size_t _cbor_encode_uint16(uint16_t value, unsigned char *buffer, size_t buffer_size, uint8_t offset); +_CBOR_NODISCARD size_t _cbor_encode_uint32(uint32_t value, unsigned char *buffer, size_t buffer_size, uint8_t offset); +_CBOR_NODISCARD size_t _cbor_encode_uint64(uint64_t value, unsigned char *buffer, size_t buffer_size, uint8_t offset); +_CBOR_NODISCARD size_t _cbor_encode_uint(uint64_t value, unsigned char *buffer, size_t buffer_size, uint8_t offset); diff --git a/code/contrib/libfido2/include/cbor/internal/loaders.h b/code/contrib/libfido2/include/cbor/internal/loaders.h index c8fb9187..ce37563a 100644 --- a/code/contrib/libfido2/include/cbor/internal/loaders.h +++ b/code/contrib/libfido2/include/cbor/internal/loaders.h @@ -15,18 +15,25 @@ extern "C" { #endif /* Read the given uint from the given location, no questions asked */ +_CBOR_NODISCARD uint8_t _cbor_load_uint8(const unsigned char *source); +_CBOR_NODISCARD uint16_t _cbor_load_uint16(const unsigned char *source); +_CBOR_NODISCARD uint32_t _cbor_load_uint32(const unsigned char *source); +_CBOR_NODISCARD uint64_t _cbor_load_uint64(const unsigned char *source); +_CBOR_NODISCARD float _cbor_load_half(cbor_data source); +_CBOR_NODISCARD float _cbor_load_float(cbor_data source); +_CBOR_NODISCARD double _cbor_load_double(cbor_data source); #ifdef __cplusplus diff --git a/code/contrib/libfido2/include/cbor/internal/memory_utils.h b/code/contrib/libfido2/include/cbor/internal/memory_utils.h index c41ace67..14843c8c 100644 --- a/code/contrib/libfido2/include/cbor/internal/memory_utils.h +++ b/code/contrib/libfido2/include/cbor/internal/memory_utils.h @@ -11,9 +11,20 @@ #include #include -/** Can a and b be multiplied without overflowing size_t? */ +#include "cbor/common.h" + +/** Can `a` and `b` be multiplied without overflowing size_t? */ +_CBOR_NODISCARD bool _cbor_safe_to_multiply(size_t a, size_t b); +/** Can `a` and `b` be added without overflowing size_t? */ +_CBOR_NODISCARD +bool _cbor_safe_to_add(size_t a, size_t b); + +/** Adds `a` and `b`, propagating zeros and returing 0 on overflow. */ +_CBOR_NODISCARD +size_t _cbor_safe_signaling_add(size_t a, size_t b); + /** Overflow-proof contiguous array allocation * * @param item_size diff --git a/code/contrib/libfido2/include/cbor/internal/stack.h b/code/contrib/libfido2/include/cbor/internal/stack.h index 42ed0442..cf2206b4 100644 --- a/code/contrib/libfido2/include/cbor/internal/stack.h +++ b/code/contrib/libfido2/include/cbor/internal/stack.h @@ -16,8 +16,18 @@ extern "C" { /** Simple stack record for the parser */ struct _cbor_stack_record { + /** Pointer to the parent stack frame */ struct _cbor_stack_record *lower; + /** Item under construction */ cbor_item_t *item; + /** + * How many outstanding subitems are expected. + * + * For example, when we see a new definite array, `subitems` is initialized to + * the array length. With every item added, the counter is decreased. When it + * reaches zero, the stack is popped and the complete item is propagated + * upwards. + */ size_t subitems; }; @@ -27,10 +37,12 @@ struct _cbor_stack { size_t size; }; -struct _cbor_stack _cbor_stack_init(); +_CBOR_NODISCARD +struct _cbor_stack _cbor_stack_init(void); void _cbor_stack_pop(struct _cbor_stack *); +_CBOR_NODISCARD struct _cbor_stack_record *_cbor_stack_push(struct _cbor_stack *, cbor_item_t *, size_t); diff --git a/code/contrib/libfido2/include/cbor/internal/unicode.h b/code/contrib/libfido2/include/cbor/internal/unicode.h index 0d266199..af32cc7f 100644 --- a/code/contrib/libfido2/include/cbor/internal/unicode.h +++ b/code/contrib/libfido2/include/cbor/internal/unicode.h @@ -22,6 +22,7 @@ struct _cbor_unicode_status { uint64_t location; }; +_CBOR_NODISCARD uint64_t _cbor_unicode_codepoint_count(cbor_data source, uint64_t source_length, struct _cbor_unicode_status* status); diff --git a/code/contrib/libfido2/include/cbor/ints.h b/code/contrib/libfido2/include/cbor/ints.h index fc7de600..9c1d5723 100644 --- a/code/contrib/libfido2/include/cbor/ints.h +++ b/code/contrib/libfido2/include/cbor/ints.h @@ -26,35 +26,35 @@ extern "C" { * @param item[borrow] positive or negative integer * @return the value */ -CBOR_EXPORT uint8_t cbor_get_uint8(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT uint8_t cbor_get_uint8(const cbor_item_t *item); /** Extracts the integer value * * @param item[borrow] positive or negative integer * @return the value */ -CBOR_EXPORT uint16_t cbor_get_uint16(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT uint16_t cbor_get_uint16(const cbor_item_t *item); /** Extracts the integer value * * @param item[borrow] positive or negative integer * @return the value */ -CBOR_EXPORT uint32_t cbor_get_uint32(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT uint32_t cbor_get_uint32(const cbor_item_t *item); /** Extracts the integer value * * @param item[borrow] positive or negative integer * @return the value */ -CBOR_EXPORT uint64_t cbor_get_uint64(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT uint64_t cbor_get_uint64(const cbor_item_t *item); /** Extracts the integer value * * @param item[borrow] positive or negative integer * @return the value, extended to `uint64_t` */ -CBOR_EXPORT uint64_t cbor_get_int(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT uint64_t cbor_get_int(const cbor_item_t *item); /** Assigns the integer value * @@ -93,7 +93,8 @@ CBOR_EXPORT void cbor_set_uint64(cbor_item_t *item, uint64_t value); * @param item[borrow] positive or negative integer item * @return the width */ -CBOR_EXPORT cbor_int_width cbor_int_get_width(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT cbor_int_width +cbor_int_get_width(const cbor_item_t *item); /** Marks the integer item as a positive integer * @@ -118,7 +119,7 @@ CBOR_EXPORT void cbor_mark_negint(cbor_item_t *item); * @return **new** positive integer or `NULL` on memory allocation failure. The * value is not initialized */ -CBOR_EXPORT cbor_item_t *cbor_new_int8(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_int8(void); /** Allocates new integer with 2B width * @@ -127,7 +128,7 @@ CBOR_EXPORT cbor_item_t *cbor_new_int8(); * @return **new** positive integer or `NULL` on memory allocation failure. The * value is not initialized */ -CBOR_EXPORT cbor_item_t *cbor_new_int16(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_int16(void); /** Allocates new integer with 4B width * @@ -136,7 +137,7 @@ CBOR_EXPORT cbor_item_t *cbor_new_int16(); * @return **new** positive integer or `NULL` on memory allocation failure. The * value is not initialized */ -CBOR_EXPORT cbor_item_t *cbor_new_int32(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_int32(void); /** Allocates new integer with 8B width * @@ -145,63 +146,63 @@ CBOR_EXPORT cbor_item_t *cbor_new_int32(); * @return **new** positive integer or `NULL` on memory allocation failure. The * value is not initialized */ -CBOR_EXPORT cbor_item_t *cbor_new_int64(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_int64(void); /** Constructs a new positive integer * * @param value the value to use * @return **new** positive integer or `NULL` on memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_build_uint8(uint8_t value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_uint8(uint8_t value); /** Constructs a new positive integer * * @param value the value to use * @return **new** positive integer or `NULL` on memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_build_uint16(uint16_t value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_uint16(uint16_t value); /** Constructs a new positive integer * * @param value the value to use * @return **new** positive integer or `NULL` on memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_build_uint32(uint32_t value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_uint32(uint32_t value); /** Constructs a new positive integer * * @param value the value to use * @return **new** positive integer or `NULL` on memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_build_uint64(uint64_t value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_uint64(uint64_t value); /** Constructs a new negative integer * * @param value the value to use * @return **new** negative integer or `NULL` on memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_build_negint8(uint8_t value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_negint8(uint8_t value); /** Constructs a new negative integer * * @param value the value to use * @return **new** negative integer or `NULL` on memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_build_negint16(uint16_t value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_negint16(uint16_t value); /** Constructs a new negative integer * * @param value the value to use * @return **new** negative integer or `NULL` on memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_build_negint32(uint32_t value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_negint32(uint32_t value); /** Constructs a new negative integer * * @param value the value to use * @return **new** negative integer or `NULL` on memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_build_negint64(uint64_t value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_negint64(uint64_t value); #ifdef __cplusplus } diff --git a/code/contrib/libfido2/include/cbor/maps.h b/code/contrib/libfido2/include/cbor/maps.h index 05ce5451..2c57412c 100644 --- a/code/contrib/libfido2/include/cbor/maps.h +++ b/code/contrib/libfido2/include/cbor/maps.h @@ -26,28 +26,27 @@ extern "C" { * @param item[borrow] A map * @return The number of pairs */ -CBOR_EXPORT size_t cbor_map_size(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_map_size(const cbor_item_t *item); /** Get the size of the allocated storage * * @param item[borrow] A map * @return Allocated storage size (as the number of #cbor_pair items) */ -CBOR_EXPORT size_t cbor_map_allocated(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_map_allocated(const cbor_item_t *item); /** Create a new definite map * * @param size The number of slots to preallocate * @return **new** definite map. `NULL` on malloc failure. */ -CBOR_EXPORT cbor_item_t *cbor_new_definite_map(size_t size); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_definite_map(size_t size); /** Create a new indefinite map * - * @param size The number of slots to preallocate - * @return **new** definite map. `NULL` on malloc failure. + * @return **new** indefinite map. `NULL` on malloc failure. */ -CBOR_EXPORT cbor_item_t *cbor_new_indefinite_map(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_indefinite_map(void); /** Add a pair to the map * @@ -59,7 +58,8 @@ CBOR_EXPORT cbor_item_t *cbor_new_indefinite_map(); * @return `true` on success, `false` if either reallocation failed or the * preallocated storage is full */ -CBOR_EXPORT bool cbor_map_add(cbor_item_t *item, struct cbor_pair pair); +_CBOR_NODISCARD CBOR_EXPORT bool cbor_map_add(cbor_item_t *item, + struct cbor_pair pair); /** Add a key to the map * @@ -70,7 +70,8 @@ CBOR_EXPORT bool cbor_map_add(cbor_item_t *item, struct cbor_pair pair); * @return `true` on success, `false` if either reallocation failed or the * preallocated storage is full */ -CBOR_EXPORT bool _cbor_map_add_key(cbor_item_t *item, cbor_item_t *key); +_CBOR_NODISCARD CBOR_EXPORT bool _cbor_map_add_key(cbor_item_t *item, + cbor_item_t *key); /** Add a value to the map * @@ -81,21 +82,23 @@ CBOR_EXPORT bool _cbor_map_add_key(cbor_item_t *item, cbor_item_t *key); * @return `true` on success, `false` if either reallocation failed or the * preallocated storage is full */ -CBOR_EXPORT bool _cbor_map_add_value(cbor_item_t *item, cbor_item_t *value); +_CBOR_NODISCARD CBOR_EXPORT bool _cbor_map_add_value(cbor_item_t *item, + cbor_item_t *value); /** Is this map definite? * * @param item[borrow] A map * @return Is this map definite? */ -CBOR_EXPORT bool cbor_map_is_definite(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT bool cbor_map_is_definite(const cbor_item_t *item); /** Is this map indefinite? * * @param item[borrow] A map * @return Is this map indefinite? */ -CBOR_EXPORT bool cbor_map_is_indefinite(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT bool cbor_map_is_indefinite( + const cbor_item_t *item); /** Get the pairs storage * @@ -103,7 +106,8 @@ CBOR_EXPORT bool cbor_map_is_indefinite(const cbor_item_t *item); * @return Array of #cbor_map_size pairs. Manipulation is possible as long as * references remain valid. */ -CBOR_EXPORT struct cbor_pair *cbor_map_handle(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT struct cbor_pair *cbor_map_handle( + const cbor_item_t *item); #ifdef __cplusplus } diff --git a/code/contrib/libfido2/include/cbor/serialization.h b/code/contrib/libfido2/include/cbor/serialization.h index d63815e2..a4921f99 100644 --- a/code/contrib/libfido2/include/cbor/serialization.h +++ b/code/contrib/libfido2/include/cbor/serialization.h @@ -28,19 +28,36 @@ extern "C" { * @param buffer_size Size of the \p buffer * @return Length of the result. 0 on failure. */ -CBOR_EXPORT size_t cbor_serialize(const cbor_item_t *item, - cbor_mutable_data buffer, size_t buffer_size); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_serialize(const cbor_item_t *item, + cbor_mutable_data buffer, + size_t buffer_size); + +/** Compute the length (in bytes) of the item when serialized using + * `cbor_serialize`. + * + * Time complexity is proportional to the number of nested items. + * + * @param item[borrow] A data item + * @return Length (>= 1) of the item when serialized. 0 if the length overflows + * `size_t`. + */ +_CBOR_NODISCARD CBOR_EXPORT size_t +cbor_serialized_size(const cbor_item_t *item); /** Serialize the given item, allocating buffers as needed + * + * Since libcbor v0.10, the return value is always the same as `buffer_size` (if + * provided, see https://github.com/PJK/libcbor/pull/251/). New clients should + * ignore the return value. * * \rst - * .. warning:: It is your responsibility to free the buffer using an + * .. warning:: It is the caller's responsibility to free the buffer using an * appropriate ``free`` implementation. * \endrst * * @param item[borrow] A data item * @param buffer[out] Buffer containing the result - * @param buffer_size[out] Size of the \p buffer + * @param buffer_size[out] Size of the \p buffer, or ``NULL`` * @return Length of the result. 0 on failure, in which case \p buffer is * ``NULL``. */ @@ -55,8 +72,9 @@ CBOR_EXPORT size_t cbor_serialize_alloc(const cbor_item_t *item, * @param buffer_size Size of the \p buffer * @return Length of the result. 0 on failure. */ -CBOR_EXPORT size_t cbor_serialize_uint(const cbor_item_t *, cbor_mutable_data, - size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_serialize_uint(const cbor_item_t *, + cbor_mutable_data, + size_t); /** Serialize a negint * @@ -65,8 +83,9 @@ CBOR_EXPORT size_t cbor_serialize_uint(const cbor_item_t *, cbor_mutable_data, * @param buffer_size Size of the \p buffer * @return Length of the result. 0 on failure. */ -CBOR_EXPORT size_t cbor_serialize_negint(const cbor_item_t *, cbor_mutable_data, - size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_serialize_negint(const cbor_item_t *, + cbor_mutable_data, + size_t); /** Serialize a bytestring * @@ -75,8 +94,8 @@ CBOR_EXPORT size_t cbor_serialize_negint(const cbor_item_t *, cbor_mutable_data, * @param buffer_size Size of the \p buffer * @return Length of the result. 0 on failure. */ -CBOR_EXPORT size_t cbor_serialize_bytestring(const cbor_item_t *, - cbor_mutable_data, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t +cbor_serialize_bytestring(const cbor_item_t *, cbor_mutable_data, size_t); /** Serialize a string * @@ -85,8 +104,9 @@ CBOR_EXPORT size_t cbor_serialize_bytestring(const cbor_item_t *, * @param buffer_size Size of the \p buffer * @return Length of the result. 0 on failure. */ -CBOR_EXPORT size_t cbor_serialize_string(const cbor_item_t *, cbor_mutable_data, - size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_serialize_string(const cbor_item_t *, + cbor_mutable_data, + size_t); /** Serialize an array * @@ -95,8 +115,9 @@ CBOR_EXPORT size_t cbor_serialize_string(const cbor_item_t *, cbor_mutable_data, * @param buffer_size Size of the \p buffer * @return Length of the result. 0 on failure. */ -CBOR_EXPORT size_t cbor_serialize_array(const cbor_item_t *, cbor_mutable_data, - size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_serialize_array(const cbor_item_t *, + cbor_mutable_data, + size_t); /** Serialize a map * @@ -105,8 +126,9 @@ CBOR_EXPORT size_t cbor_serialize_array(const cbor_item_t *, cbor_mutable_data, * @param buffer_size Size of the \p buffer * @return Length of the result. 0 on failure. */ -CBOR_EXPORT size_t cbor_serialize_map(const cbor_item_t *, cbor_mutable_data, - size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_serialize_map(const cbor_item_t *, + cbor_mutable_data, + size_t); /** Serialize a tag * @@ -115,8 +137,9 @@ CBOR_EXPORT size_t cbor_serialize_map(const cbor_item_t *, cbor_mutable_data, * @param buffer_size Size of the \p buffer * @return Length of the result. 0 on failure. */ -CBOR_EXPORT size_t cbor_serialize_tag(const cbor_item_t *, cbor_mutable_data, - size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_serialize_tag(const cbor_item_t *, + cbor_mutable_data, + size_t); /** Serialize a * @@ -125,8 +148,8 @@ CBOR_EXPORT size_t cbor_serialize_tag(const cbor_item_t *, cbor_mutable_data, * @param buffer_size Size of the \p buffer * @return Length of the result. 0 on failure. */ -CBOR_EXPORT size_t cbor_serialize_float_ctrl(const cbor_item_t *, - cbor_mutable_data, size_t); +_CBOR_NODISCARD CBOR_EXPORT size_t +cbor_serialize_float_ctrl(const cbor_item_t *, cbor_mutable_data, size_t); #ifdef __cplusplus } diff --git a/code/contrib/libfido2/include/cbor/streaming.h b/code/contrib/libfido2/include/cbor/streaming.h index 54a17bcd..cb908e17 100644 --- a/code/contrib/libfido2/include/cbor/streaming.h +++ b/code/contrib/libfido2/include/cbor/streaming.h @@ -26,7 +26,7 @@ extern "C" { * @param callbacks The callback bundle * @param context An arbitrary pointer to allow for maintaining context. */ -CBOR_EXPORT struct cbor_decoder_result cbor_stream_decode( +_CBOR_NODISCARD CBOR_EXPORT struct cbor_decoder_result cbor_stream_decode( cbor_data source, size_t source_size, const struct cbor_callbacks* callbacks, void* context); diff --git a/code/contrib/libfido2/include/cbor/strings.h b/code/contrib/libfido2/include/cbor/strings.h index 49398af8..b9899c4b 100644 --- a/code/contrib/libfido2/include/cbor/strings.h +++ b/code/contrib/libfido2/include/cbor/strings.h @@ -21,14 +21,15 @@ extern "C" { * ============================================================================ */ -/** Returns the length of the underlying string +/** Returns the length of the underlying string in bytes * - * For definite strings only + * There can be fewer unicode character than bytes (see + * `cbor_string_codepoint_count`). For definite strings only. * * @param item[borrow] a definite string * @return length of the string. Zero if no chunk has been attached yet */ -CBOR_EXPORT size_t cbor_string_length(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT size_t cbor_string_length(const cbor_item_t *item); /** The number of codepoints in this string * @@ -37,21 +38,24 @@ CBOR_EXPORT size_t cbor_string_length(const cbor_item_t *item); * @param item[borrow] A string * @return The number of codepoints in this string */ -CBOR_EXPORT size_t cbor_string_codepoint_count(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT size_t +cbor_string_codepoint_count(const cbor_item_t *item); /** Is the string definite? * * @param item[borrow] a string * @return Is the string definite? */ -CBOR_EXPORT bool cbor_string_is_definite(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT bool cbor_string_is_definite( + const cbor_item_t *item); /** Is the string indefinite? * * @param item[borrow] a string * @return Is the string indefinite? */ -CBOR_EXPORT bool cbor_string_is_indefinite(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT bool cbor_string_is_indefinite( + const cbor_item_t *item); /** Get the handle to the underlying string * @@ -62,7 +66,8 @@ CBOR_EXPORT bool cbor_string_is_indefinite(const cbor_item_t *item); * @return The address of the underlying string. `NULL` if no data have been * assigned yet. */ -CBOR_EXPORT cbor_mutable_data cbor_string_handle(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT cbor_mutable_data +cbor_string_handle(const cbor_item_t *item); /** Set the handle to the underlying string * @@ -90,14 +95,16 @@ CBOR_EXPORT void cbor_string_set_handle( * @param item[borrow] A indefinite string * @return array of #cbor_string_chunk_count definite strings */ -CBOR_EXPORT cbor_item_t **cbor_string_chunks_handle(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t **cbor_string_chunks_handle( + const cbor_item_t *item); /** Get the number of chunks this string consist of * * @param item[borrow] A indefinite string * @return The chunk count. 0 for freshly created items. */ -CBOR_EXPORT size_t cbor_string_chunk_count(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT size_t +cbor_string_chunk_count(const cbor_item_t *item); /** Appends a chunk to the string * @@ -110,7 +117,8 @@ CBOR_EXPORT size_t cbor_string_chunk_count(const cbor_item_t *item); * @return true on success. false on realloc failure. In that case, the refcount * of `chunk` is not increased and the `item` is left intact. */ -CBOR_EXPORT bool cbor_string_add_chunk(cbor_item_t *item, cbor_item_t *chunk); +_CBOR_NODISCARD CBOR_EXPORT bool cbor_string_add_chunk(cbor_item_t *item, + cbor_item_t *chunk); /** Creates a new definite string * @@ -118,7 +126,7 @@ CBOR_EXPORT bool cbor_string_add_chunk(cbor_item_t *item, cbor_item_t *chunk); * * @return **new** definite string. `NULL` on malloc failure. */ -CBOR_EXPORT cbor_item_t *cbor_new_definite_string(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_definite_string(void); /** Creates a new indefinite string * @@ -126,7 +134,7 @@ CBOR_EXPORT cbor_item_t *cbor_new_definite_string(); * * @return **new** indefinite string. `NULL` on malloc failure. */ -CBOR_EXPORT cbor_item_t *cbor_new_indefinite_string(); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_indefinite_string(void); /** Creates a new string and initializes it * @@ -135,7 +143,7 @@ CBOR_EXPORT cbor_item_t *cbor_new_indefinite_string(); * @param val A null-terminated UTF-8 string * @return A **new** string with content `handle`. `NULL` on malloc failure. */ -CBOR_EXPORT cbor_item_t *cbor_build_string(const char *val); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_string(const char *val); /** Creates a new string and initializes it * @@ -144,7 +152,8 @@ CBOR_EXPORT cbor_item_t *cbor_build_string(const char *val); * @param val A UTF-8 string, at least \p length long (excluding the null byte) * @return A **new** string with content `handle`. `NULL` on malloc failure. */ -CBOR_EXPORT cbor_item_t *cbor_build_stringn(const char *val, size_t length); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_stringn(const char *val, + size_t length); #ifdef __cplusplus } diff --git a/code/contrib/libfido2/include/cbor/tags.h b/code/contrib/libfido2/include/cbor/tags.h index f4b8028f..1fac44a5 100644 --- a/code/contrib/libfido2/include/cbor/tags.h +++ b/code/contrib/libfido2/include/cbor/tags.h @@ -27,21 +27,21 @@ extern "C" { * @return **new** tag. Item reference is `NULL`. Returns `NULL` upon * memory allocation failure */ -CBOR_EXPORT cbor_item_t *cbor_new_tag(uint64_t value); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_new_tag(uint64_t value); /** Get the tagged item * * @param item[borrow] A tag * @return **incref** the tagged item */ -CBOR_EXPORT cbor_item_t *cbor_tag_item(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_tag_item(const cbor_item_t *item); /** Get tag value * * @param item[borrow] A tag * @return The tag value. Please consult the tag repository */ -CBOR_EXPORT uint64_t cbor_tag_value(const cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT uint64_t cbor_tag_value(const cbor_item_t *item); /** Set the tagged item * @@ -56,7 +56,8 @@ CBOR_EXPORT void cbor_tag_set_item(cbor_item_t *item, cbor_item_t *tagged_item); * @param value Tag value * @return **new** tag item */ -CBOR_EXPORT cbor_item_t *cbor_build_tag(uint64_t value, cbor_item_t *item); +_CBOR_NODISCARD CBOR_EXPORT cbor_item_t *cbor_build_tag(uint64_t value, + cbor_item_t *item); #ifdef __cplusplus } diff --git a/code/contrib/libfido2/include/fido.h b/code/contrib/libfido2/include/fido.h index ce7da160..607c44fc 100644 --- a/code/contrib/libfido2/include/fido.h +++ b/code/contrib/libfido2/include/fido.h @@ -124,6 +124,7 @@ const unsigned char *fido_cred_user_id_ptr(const fido_cred_t *); const unsigned char *fido_cred_x5c_ptr(const fido_cred_t *); int fido_assert_allow_cred(fido_assert_t *, const unsigned char *, size_t); +int fido_assert_empty_allow_list(fido_assert_t *); int fido_assert_set_authdata(fido_assert_t *, size_t, const unsigned char *, size_t); int fido_assert_set_authdata_raw(fido_assert_t *, size_t, const unsigned char *, @@ -143,6 +144,7 @@ int fido_assert_set_uv(fido_assert_t *, fido_opt_t); int fido_assert_set_sig(fido_assert_t *, size_t, const unsigned char *, size_t); int fido_assert_verify(const fido_assert_t *, size_t, int, const void *); int fido_cbor_info_algorithm_cose(const fido_cbor_info_t *, size_t); +int fido_cred_empty_exclude_list(fido_cred_t *); int fido_cred_exclude(fido_cred_t *, const unsigned char *, size_t); int fido_cred_prot(const fido_cred_t *); int fido_cred_set_attstmt(fido_cred_t *, const unsigned char *, size_t); diff --git a/code/contrib/libfido2/include/fido/eddsa.h b/code/contrib/libfido2/include/fido/eddsa.h index 7981a6f8..5c0b681e 100644 --- a/code/contrib/libfido2/include/fido/eddsa.h +++ b/code/contrib/libfido2/include/fido/eddsa.h @@ -53,7 +53,7 @@ int eddsa_pk_from_ptr(eddsa_pk_t *, const void *, size_t); #ifdef _FIDO_INTERNAL -#if defined(LIBRESSL_VERSION_NUMBER) +#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3070000f #define EVP_PKEY_ED25519 EVP_PKEY_NONE int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *); EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *, diff --git a/code/contrib/libfido2/include/openssl/asn1.h b/code/contrib/libfido2/include/openssl/asn1.h index e569e875..ff42e456 100644 --- a/code/contrib/libfido2/include/openssl/asn1.h +++ b/code/contrib/libfido2/include/openssl/asn1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1.h,v 1.62 2022/01/14 08:53:53 tb Exp $ */ +/* $OpenBSD: asn1.h,v 1.70 2022/09/11 17:22:52 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -547,8 +547,6 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); ASN1_OBJECT *ASN1_OBJECT_new(void); void ASN1_OBJECT_free(ASN1_OBJECT *a); int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); -ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long length); ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long length); @@ -577,9 +575,6 @@ void ASN1_BIT_STRING_free(ASN1_BIT_STRING *a); ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len); int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out); extern const ASN1_ITEM ASN1_BIT_STRING_it; -int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); -ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - const unsigned char **pp, long length); int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); @@ -599,9 +594,6 @@ void ASN1_INTEGER_free(ASN1_INTEGER *a); ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len); int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out); extern const ASN1_ITEM ASN1_INTEGER_it; -int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); -ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length); ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length); ASN1_INTEGER * ASN1_INTEGER_dup(const ASN1_INTEGER *x); @@ -719,6 +711,11 @@ ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len); int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out); extern const ASN1_ITEM ASN1_TIME_it; +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t2); +int ASN1_TIME_normalize(ASN1_TIME *t); +int ASN1_TIME_set_string_X509(ASN1_TIME *time, const char *str); int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, const ASN1_TIME *to); @@ -748,11 +745,17 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, const char *sn, const char *ln); +int ASN1_INTEGER_get_uint64(uint64_t *out_val, const ASN1_INTEGER *aint); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *aint, uint64_t val); +int ASN1_INTEGER_get_int64(int64_t *out_val, const ASN1_INTEGER *aint); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *aint, int64_t val); int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); long ASN1_INTEGER_get(const ASN1_INTEGER *a); ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); +int ASN1_ENUMERATED_get_int64(int64_t *out_val, const ASN1_ENUMERATED *aenum); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *aenum, int64_t val); int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); @@ -936,10 +939,6 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); int SMIME_crlf_copy(BIO *in, BIO *out, int flags); int SMIME_text(BIO *in, BIO *out); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_ASN1_strings(void); /* Error codes for the ASN1 functions. */ @@ -1109,6 +1108,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_ILLEGAL_HEX 178 #define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 #define ASN1_R_ILLEGAL_INTEGER 180 +#define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 #define ASN1_R_ILLEGAL_NESTED_TAGGING 181 #define ASN1_R_ILLEGAL_NULL 125 #define ASN1_R_ILLEGAL_NULL_VALUE 182 @@ -1168,8 +1168,11 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_TAG_VALUE_TOO_HIGH 153 #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 #define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +#define ASN1_R_TOO_LARGE 223 #define ASN1_R_TOO_LONG 155 +#define ASN1_R_TOO_SMALL 224 #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +#define ASN1_R_TYPE_NOT_PRIMITIVE 231 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 @@ -1186,11 +1189,11 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 #define ASN1_R_UNSUPPORTED_TYPE 196 +#define ASN1_R_WRONG_INTEGER_TYPE 225 #define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 #define ASN1_R_WRONG_TAG 168 #define ASN1_R_WRONG_TYPE 169 - int ASN1_time_parse(const char *_bytes, size_t _len, struct tm *_tm, int _mode); int ASN1_time_tm_cmp(struct tm *_tm1, struct tm *_tm2); #ifdef __cplusplus diff --git a/code/contrib/libfido2/include/openssl/asn1t.h b/code/contrib/libfido2/include/openssl/asn1t.h index 892c8b70..bb49be28 100644 --- a/code/contrib/libfido2/include/openssl/asn1t.h +++ b/code/contrib/libfido2/include/openssl/asn1t.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1t.h,v 1.19 2022/01/14 08:43:06 tb Exp $ */ +/* $OpenBSD: asn1t.h,v 1.22 2022/09/03 16:01:23 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -183,10 +183,6 @@ extern "C" { static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ ASN1_SEQUENCE(tname) -#define ASN1_BROKEN_SEQUENCE(tname) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ - ASN1_SEQUENCE(tname) - #define ASN1_SEQUENCE_ref(tname, cb, lck) \ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ ASN1_SEQUENCE(tname) @@ -219,8 +215,6 @@ extern "C" { #tname \ ASN1_ITEM_end(tname) -#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) - #define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) #define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) @@ -352,11 +346,6 @@ extern "C" { (flags), (tag), offsetof(stname, field),\ #field, ASN1_ITEM_ref(type) } -/* used when the structure is combined with the parent */ - -#define ASN1_EX_COMBINE(flags, tag, type) { \ - (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) } - /* implicit and explicit helper macros */ #define ASN1_IMP_EX(stname, field, type, tag, ex) \ @@ -569,17 +558,6 @@ struct ASN1_ADB_TABLE_st { #define ASN1_TFLG_ADB_INT (0x1<<9) -/* - * This flag means a parent structure is passed - * instead of the field: this is useful is a - * SEQUENCE is being combined with a CHOICE for - * example. Since this means the structure and - * item name will differ we need to use the - * ASN1_CHOICE_END_name() macro for example. - */ - -#define ASN1_TFLG_COMBINE (0x1<<10) - /* * This flag when present in a SEQUENCE OF, SET OF * or EXPLICIT causes indefinite length constructed @@ -761,8 +739,6 @@ typedef struct ASN1_STREAM_ARG_st { #define ASN1_AFLG_REFCOUNT 1 /* Save the encoding of structure (useful for signatures) */ #define ASN1_AFLG_ENCODING 2 -/* The Sequence length is invalid */ -#define ASN1_AFLG_BROKEN 4 /* operation values for asn1_cb */ @@ -906,11 +882,14 @@ extern const ASN1_ITEM ASN1_BOOLEAN_it; extern const ASN1_ITEM ASN1_TBOOLEAN_it; extern const ASN1_ITEM ASN1_FBOOLEAN_it; extern const ASN1_ITEM ASN1_SEQUENCE_it; -extern const ASN1_ITEM CBIGNUM_it; extern const ASN1_ITEM BIGNUM_it; extern const ASN1_ITEM LONG_it; extern const ASN1_ITEM ZLONG_it; +#ifndef LIBRESSL_INTERNAL +extern const ASN1_ITEM CBIGNUM_it; +#endif + DECLARE_STACK_OF(ASN1_VALUE) /* Functions used internally by the ASN1 code */ diff --git a/code/contrib/libfido2/include/openssl/bio.h b/code/contrib/libfido2/include/openssl/bio.h index d4bf8cb3..53217f80 100644 --- a/code/contrib/libfido2/include/openssl/bio.h +++ b/code/contrib/libfido2/include/openssl/bio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bio.h,v 1.54 2022/01/14 08:40:57 tb Exp $ */ +/* $OpenBSD: bio.h,v 1.56 2022/09/11 17:26:03 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -276,8 +276,9 @@ void BIO_set_callback_arg(BIO *b, char *arg); const char *BIO_method_name(const BIO *b); int BIO_method_type(const BIO *b); -typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long); typedef int BIO_info_cb(BIO *, int, int); +/* Compatibility with OpenSSL's backward compatibility. */ +typedef BIO_info_cb bio_info_cb; typedef struct bio_method_st BIO_METHOD; @@ -698,11 +699,6 @@ BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) __nonnull__(3))); #endif - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_BIO_strings(void); /* Error codes for the BIO functions. */ diff --git a/code/contrib/libfido2/include/openssl/bn.h b/code/contrib/libfido2/include/openssl/bn.h index abf8cfcf..5ac41438 100644 --- a/code/contrib/libfido2/include/openssl/bn.h +++ b/code/contrib/libfido2/include/openssl/bn.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn.h,v 1.52 2022/01/14 08:01:47 tb Exp $ */ +/* $OpenBSD: bn.h,v 1.55 2022/07/12 14:42:48 kn Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -471,6 +471,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret, void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); +int BN_security_bits(int L, int N); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, @@ -651,10 +653,6 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_BN_strings(void); /* Error codes for the BN functions. */ diff --git a/code/contrib/libfido2/include/openssl/buffer.h b/code/contrib/libfido2/include/openssl/buffer.h index ed6dac0e..c210bfd1 100644 --- a/code/contrib/libfido2/include/openssl/buffer.h +++ b/code/contrib/libfido2/include/openssl/buffer.h @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.h,v 1.15 2015/06/24 10:05:14 jsing Exp $ */ +/* $OpenBSD: buffer.h,v 1.16 2022/07/12 14:42:48 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -98,10 +98,6 @@ size_t BUF_strlcat(char *dst, const char *src, size_t siz) __attribute__ ((__bounded__(__string__,1,3))); #endif -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_BUF_strings(void); /* Error codes for the BUF functions. */ diff --git a/code/contrib/libfido2/include/openssl/conf.h b/code/contrib/libfido2/include/openssl/conf.h index bea6a871..5d10163b 100644 --- a/code/contrib/libfido2/include/openssl/conf.h +++ b/code/contrib/libfido2/include/openssl/conf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.h,v 1.15 2020/02/17 12:51:48 inoguchi Exp $ */ +/* $OpenBSD: conf.h,v 1.16 2022/07/12 14:42:48 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -193,10 +193,6 @@ int CONF_parse_list(const char *list, int sep, int nospc, void OPENSSL_load_builtin_modules(void); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_CONF_strings(void); /* Error codes for the CONF functions. */ diff --git a/code/contrib/libfido2/include/openssl/crypto.h b/code/contrib/libfido2/include/openssl/crypto.h index 5524feec..3b00f039 100644 --- a/code/contrib/libfido2/include/openssl/crypto.h +++ b/code/contrib/libfido2/include/openssl/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.54 2022/01/14 08:23:25 tb Exp $ */ +/* $OpenBSD: crypto.h,v 1.57 2022/09/11 17:26:51 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -509,10 +509,6 @@ void OPENSSL_init(void); int CRYPTO_memcmp(const void *a, const void *b, size_t len); #endif -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_CRYPTO_strings(void); /* Error codes for the CRYPTO functions. */ @@ -566,6 +562,7 @@ void ERR_load_CRYPTO_strings(void); #define OPENSSL_INIT_ENGINE_ALL_BUILTIN _OPENSSL_INIT_FLAG_NOOP int OPENSSL_init_crypto(uint64_t opts, const void *settings); +void OPENSSL_cleanup(void); #ifdef __cplusplus } diff --git a/code/contrib/libfido2/include/openssl/ct.h b/code/contrib/libfido2/include/openssl/ct.h index 2b549037..895046e0 100644 --- a/code/contrib/libfido2/include/openssl/ct.h +++ b/code/contrib/libfido2/include/openssl/ct.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ct.h,v 1.6 2021/12/18 16:50:40 tb Exp $ */ +/* $OpenBSD: ct.h,v 1.7 2022/05/08 20:59:32 tb Exp $ */ /* * Public API for Certificate Transparency (CT). * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. @@ -61,7 +61,6 @@ #include #include #include -#include #ifdef __cplusplus extern "C" { #endif @@ -507,6 +506,60 @@ int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); */ int CTLOG_STORE_load_default_file(CTLOG_STORE *store); +int ERR_load_CT_strings(void); + +/* + * CT function codes. + */ +# define CT_F_CTLOG_NEW 117 +# define CT_F_CTLOG_NEW_FROM_BASE64 118 +# define CT_F_CTLOG_NEW_FROM_CONF 119 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 +# define CT_F_CTLOG_STORE_LOAD_FILE 123 +# define CT_F_CTLOG_STORE_LOAD_LOG 130 +# define CT_F_CTLOG_STORE_NEW 131 +# define CT_F_CT_BASE64_DECODE 124 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 +# define CT_F_I2O_SCT 107 +# define CT_F_I2O_SCT_LIST 108 +# define CT_F_I2O_SCT_SIGNATURE 109 +# define CT_F_O2I_SCT 110 +# define CT_F_O2I_SCT_LIST 111 +# define CT_F_O2I_SCT_SIGNATURE 112 +# define CT_F_SCT_CTX_NEW 126 +# define CT_F_SCT_CTX_VERIFY 128 +# define CT_F_SCT_NEW 100 +# define CT_F_SCT_NEW_FROM_BASE64 127 +# define CT_F_SCT_SET0_LOG_ID 101 +# define CT_F_SCT_SET1_EXTENSIONS 114 +# define CT_F_SCT_SET1_LOG_ID 115 +# define CT_F_SCT_SET1_SIGNATURE 116 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 +# define CT_F_SCT_SET_SIGNATURE_NID 103 +# define CT_F_SCT_SET_VERSION 104 + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + #ifdef __cplusplus } #endif diff --git a/code/contrib/libfido2/include/openssl/cterr.h b/code/contrib/libfido2/include/openssl/cterr.h deleted file mode 100644 index 07ae519b..00000000 --- a/code/contrib/libfido2/include/openssl/cterr.h +++ /dev/null @@ -1,127 +0,0 @@ -/* $OpenBSD: cterr.h,v 1.5 2021/12/18 16:50:40 tb Exp $ */ -/* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#ifndef HEADER_CTERR_H -# define HEADER_CTERR_H - -# include - -# ifndef OPENSSL_NO_CT - -#ifdef __cplusplus -extern "C" -#endif - -int ERR_load_CT_strings(void); - -/* - * CT function codes. - */ -# define CT_F_CTLOG_NEW 117 -# define CT_F_CTLOG_NEW_FROM_BASE64 118 -# define CT_F_CTLOG_NEW_FROM_CONF 119 -# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 -# define CT_F_CTLOG_STORE_LOAD_FILE 123 -# define CT_F_CTLOG_STORE_LOAD_LOG 130 -# define CT_F_CTLOG_STORE_NEW 131 -# define CT_F_CT_BASE64_DECODE 124 -# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 -# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 -# define CT_F_I2O_SCT 107 -# define CT_F_I2O_SCT_LIST 108 -# define CT_F_I2O_SCT_SIGNATURE 109 -# define CT_F_O2I_SCT 110 -# define CT_F_O2I_SCT_LIST 111 -# define CT_F_O2I_SCT_SIGNATURE 112 -# define CT_F_SCT_CTX_NEW 126 -# define CT_F_SCT_CTX_VERIFY 128 -# define CT_F_SCT_NEW 100 -# define CT_F_SCT_NEW_FROM_BASE64 127 -# define CT_F_SCT_SET0_LOG_ID 101 -# define CT_F_SCT_SET1_EXTENSIONS 114 -# define CT_F_SCT_SET1_LOG_ID 115 -# define CT_F_SCT_SET1_SIGNATURE 116 -# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 -# define CT_F_SCT_SET_SIGNATURE_NID 103 -# define CT_F_SCT_SET_VERSION 104 - -/* - * CT reason codes. - */ -# define CT_R_BASE64_DECODE_ERROR 108 -# define CT_R_INVALID_LOG_ID_LENGTH 100 -# define CT_R_LOG_CONF_INVALID 109 -# define CT_R_LOG_CONF_INVALID_KEY 110 -# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 -# define CT_R_LOG_CONF_MISSING_KEY 112 -# define CT_R_LOG_KEY_INVALID 113 -# define CT_R_SCT_FUTURE_TIMESTAMP 116 -# define CT_R_SCT_INVALID 104 -# define CT_R_SCT_INVALID_SIGNATURE 107 -# define CT_R_SCT_LIST_INVALID 105 -# define CT_R_SCT_LOG_ID_MISMATCH 114 -# define CT_R_SCT_NOT_SET 106 -# define CT_R_SCT_UNSUPPORTED_VERSION 115 -# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 -# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 -# define CT_R_UNSUPPORTED_VERSION 103 - -# endif -#endif diff --git a/code/contrib/libfido2/include/openssl/dh.h b/code/contrib/libfido2/include/openssl/dh.h index ef104950..7b226a70 100644 --- a/code/contrib/libfido2/include/openssl/dh.h +++ b/code/contrib/libfido2/include/openssl/dh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.h,v 1.32 2022/01/14 08:25:44 tb Exp $ */ +/* $OpenBSD: dh.h,v 1.35 2022/07/12 14:42:49 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -143,6 +143,7 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int DH_set_ex_data(DH *d, int idx, void *arg); void *DH_get_ex_data(DH *d, int idx); +int DH_security_bits(const DH *dh); ENGINE *DH_get0_engine(DH *d); void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, @@ -195,10 +196,6 @@ int DHparams_print(char *bp, const DH *x); #define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_DH_strings(void); /* Error codes for the DH functions. */ diff --git a/code/contrib/libfido2/include/openssl/dsa.h b/code/contrib/libfido2/include/openssl/dsa.h index 4fafce38..eab35a6f 100644 --- a/code/contrib/libfido2/include/openssl/dsa.h +++ b/code/contrib/libfido2/include/openssl/dsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa.h,v 1.35 2022/01/14 08:27:23 tb Exp $ */ +/* $OpenBSD: dsa.h,v 1.39 2022/07/12 14:42:49 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -151,6 +151,7 @@ int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int DSA_set_ex_data(DSA *d, int idx, void *arg); void *DSA_get_ex_data(DSA *d, int idx); +int DSA_security_bits(const DSA *d); DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); @@ -219,6 +220,8 @@ ENGINE *DSA_get0_engine(DSA *d); DSA_METHOD *DSA_meth_new(const char *name, int flags); void DSA_meth_free(DSA_METHOD *meth); DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); +const char *DSA_meth_get0_name(const DSA_METHOD *meth); +int DSA_meth_set1_name(DSA_METHOD *meth, const char *name); int DSA_meth_set_sign(DSA_METHOD *meth, DSA_SIG *(*sign)(const unsigned char *, int, DSA *)); int DSA_meth_set_finish(DSA_METHOD *meth, int (*finish)(DSA *)); @@ -231,10 +234,6 @@ int DSA_meth_set_finish(DSA_METHOD *meth, int (*finish)(DSA *)); #define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) #define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_DSA_strings(void); /* Error codes for the DSA functions. */ diff --git a/code/contrib/libfido2/include/openssl/dso.h b/code/contrib/libfido2/include/openssl/dso.h index 6c982c9f..ae07b0a5 100644 --- a/code/contrib/libfido2/include/openssl/dso.h +++ b/code/contrib/libfido2/include/openssl/dso.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dso.h,v 1.12 2016/03/15 20:50:22 krw Exp $ */ +/* $OpenBSD: dso.h,v 1.13 2022/07/12 14:42:49 kn Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -302,10 +302,6 @@ int DSO_pathbyaddr(void *addr, char *path, int sz); * itself or libsocket. */ void *DSO_global_lookup(const char *name); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_DSO_strings(void); /* Error codes for the DSO functions. */ diff --git a/code/contrib/libfido2/include/openssl/ec.h b/code/contrib/libfido2/include/openssl/ec.h index d8ff42c0..52c8f2f3 100644 --- a/code/contrib/libfido2/include/openssl/ec.h +++ b/code/contrib/libfido2/include/openssl/ec.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec.h,v 1.27 2021/09/12 16:23:19 tb Exp $ */ +/* $OpenBSD: ec.h,v 1.28 2022/07/12 14:42:49 kn Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -1116,10 +1116,6 @@ EC_KEY *ECParameters_dup(EC_KEY *key); #define EVP_PKEY_ECDH_KDF_NONE 1 #define EVP_PKEY_ECDH_KDF_X9_63 2 -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_EC_strings(void); /* Error codes for the EC functions. */ diff --git a/code/contrib/libfido2/include/openssl/ecdh.h b/code/contrib/libfido2/include/openssl/ecdh.h index ccc1312f..b39a90f1 100644 --- a/code/contrib/libfido2/include/openssl/ecdh.h +++ b/code/contrib/libfido2/include/openssl/ecdh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdh.h,v 1.5 2015/09/13 12:03:07 jsing Exp $ */ +/* $OpenBSD: ecdh.h,v 1.6 2022/07/12 14:42:49 kn Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -102,10 +102,6 @@ int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); void *ECDH_get_ex_data(EC_KEY *d, int idx); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_ECDH_strings(void); /* Error codes for the ECDH functions. */ diff --git a/code/contrib/libfido2/include/openssl/ecdsa.h b/code/contrib/libfido2/include/openssl/ecdsa.h index eccca65b..29ee8729 100644 --- a/code/contrib/libfido2/include/openssl/ecdsa.h +++ b/code/contrib/libfido2/include/openssl/ecdsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsa.h,v 1.11 2022/01/14 08:31:03 tb Exp $ */ +/* $OpenBSD: ecdsa.h,v 1.12 2022/07/12 14:42:49 kn Exp $ */ /** * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions * \author Written by Nils Larsch for the OpenSSL project @@ -293,11 +293,6 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, int (**pverify_sig)(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey)); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_ECDSA_strings(void); /* Error codes for the ECDSA functions. */ diff --git a/code/contrib/libfido2/include/openssl/engine.h b/code/contrib/libfido2/include/openssl/engine.h index dc14be8e..5c21647f 100644 --- a/code/contrib/libfido2/include/openssl/engine.h +++ b/code/contrib/libfido2/include/openssl/engine.h @@ -1,4 +1,4 @@ -/* $OpenBSD: engine.h,v 1.33 2019/01/19 01:07:00 tb Exp $ */ +/* $OpenBSD: engine.h,v 1.34 2022/07/12 14:42:49 kn Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -716,10 +716,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, * values. */ void *ENGINE_get_static_state(void); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_ENGINE_strings(void); /* Error codes for the ENGINE functions. */ diff --git a/code/contrib/libfido2/include/openssl/err.h b/code/contrib/libfido2/include/openssl/err.h index 20fa9084..24708c5b 100644 --- a/code/contrib/libfido2/include/openssl/err.h +++ b/code/contrib/libfido2/include/openssl/err.h @@ -1,4 +1,4 @@ -/* $OpenBSD: err.h,v 1.26 2021/11/24 01:12:43 beck Exp $ */ +/* $OpenBSD: err.h,v 1.28 2022/08/29 06:49:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -197,6 +197,7 @@ typedef struct err_state_st { #define ERR_LIB_JPAKE 49 #define ERR_LIB_GOST 50 #define ERR_LIB_CT 51 +#define ERR_LIB_KDF 52 #define ERR_LIB_USER 128 @@ -236,6 +237,7 @@ typedef struct err_state_st { #define GOSTerr(f,r) ERR_PUT_error(ERR_LIB_GOST,(f),(r),__FILE__,__LINE__) #define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) #define CTerr(f, r) ERR_PUT_error(ERR_LIB_CT,(f),(r),__FILE__,__LINE__) +#define KDFerr(f, r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),__FILE__,__LINE__) #endif #ifdef LIBRESSL_INTERNAL @@ -273,6 +275,7 @@ typedef struct err_state_st { #define JPAKEerror(r) ERR_PUT_error(ERR_LIB_JPAKE,(0xfff),(r),__FILE__,__LINE__) #define GOSTerror(r) ERR_PUT_error(ERR_LIB_GOST,(0xfff),(r),__FILE__,__LINE__) #define CTerror(r) ERR_PUT_error(ERR_LIB_CT,(0xfff),(r),__FILE__,__LINE__) +#define KDFerror(r) ERR_PUT_error(ERR_LIB_KDF,(0xfff),(r),__FILE__,__LINE__) #endif #define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)<<24L)| \ @@ -343,11 +346,11 @@ typedef struct err_state_st { #define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) #define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) #define ERR_R_DISABLED (5|ERR_R_FATAL) +#define ERR_R_INIT_FAIL (6|ERR_R_FATAL) /* 99 is the maximum possible ERR_R_... code, higher values * are reserved for the individual libraries */ - typedef struct ERR_string_data_st { unsigned long error; const char *string; diff --git a/code/contrib/libfido2/include/openssl/evp.h b/code/contrib/libfido2/include/openssl/evp.h index a80cf189..d2bb376c 100644 --- a/code/contrib/libfido2/include/openssl/evp.h +++ b/code/contrib/libfido2/include/openssl/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.99 2022/01/14 08:38:05 tb Exp $ */ +/* $OpenBSD: evp.h,v 1.107 2022/09/11 17:29:24 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -112,6 +112,7 @@ #define EVP_PKEY_GOSTIMIT NID_id_Gost28147_89_MAC #define EVP_PKEY_HMAC NID_hmac #define EVP_PKEY_CMAC NID_cmac +#define EVP_PKEY_HKDF NID_hkdf #define EVP_PKEY_GOSTR12_256 NID_id_tc26_gost3410_2012_256 #define EVP_PKEY_GOSTR12_512 NID_id_tc26_gost3410_2012_512 @@ -250,10 +251,11 @@ extern "C" { #define EVP_CTRL_AEAD_SET_IVLEN 0x9 #define EVP_CTRL_AEAD_GET_TAG 0x10 #define EVP_CTRL_AEAD_SET_TAG 0x11 +#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 #define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN #define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG #define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG -#define EVP_CTRL_GCM_SET_IV_FIXED 0x12 +#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED #define EVP_CTRL_GCM_IV_GEN 0x13 #define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN #define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG @@ -280,6 +282,21 @@ extern "C" { /* Length of tag for TLS */ #define EVP_GCM_TLS_TAG_LEN 16 +/* CCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +#define EVP_CCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +#define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +/* Total length of CCM IV length for TLS */ +#define EVP_CCM_TLS_IV_LEN 12 +/* Length of tag for TLS */ +#define EVP_CCM_TLS_TAG_LEN 16 +/* Length of CCM8 tag for TLS */ +#define EVP_CCM8_TLS_TAG_LEN 8 + +/* Length of tag for TLS */ +#define EVP_CHACHAPOLY_TLS_TAG_LEN 16 + typedef struct evp_cipher_info_st { const EVP_CIPHER *cipher; unsigned char iv[EVP_MAX_IV_LENGTH]; @@ -679,6 +696,9 @@ const EVP_CIPHER *EVP_aes_256_ccm(void); const EVP_CIPHER *EVP_aes_256_gcm(void); const EVP_CIPHER *EVP_aes_256_wrap(void); const EVP_CIPHER *EVP_aes_256_xts(void); +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +const EVP_CIPHER *EVP_chacha20_poly1305(void); +#endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); @@ -768,6 +788,7 @@ int EVP_PKEY_type(int type); int EVP_PKEY_id(const EVP_PKEY *pkey); int EVP_PKEY_base_id(const EVP_PKEY *pkey); int EVP_PKEY_bits(const EVP_PKEY *pkey); +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); int EVP_PKEY_size(const EVP_PKEY *pkey); int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); @@ -930,6 +951,8 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, void (*pkey_free)(EVP_PKEY *pkey)); void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)); +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits)(const EVP_PKEY *pkey)); void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_check)(const EVP_PKEY *pk)); @@ -1258,10 +1281,6 @@ int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, void EVP_add_alg_module(void); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ diff --git a/code/contrib/libfido2/include/openssl/gost.h b/code/contrib/libfido2/include/openssl/gost.h index 092f96fb..c7d9d25b 100644 --- a/code/contrib/libfido2/include/openssl/gost.h +++ b/code/contrib/libfido2/include/openssl/gost.h @@ -1,4 +1,4 @@ -/* $OpenBSD: gost.h,v 1.3 2016/09/04 17:02:31 jsing Exp $ */ +/* $OpenBSD: gost.h,v 1.4 2022/07/12 14:42:49 kn Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -199,10 +199,6 @@ size_t GOST_KEY_get_size(const GOST_KEY * r); #define GOST_SIG_FORMAT_SR_BE 0 #define GOST_SIG_FORMAT_RS_LE 1 -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_GOST_strings(void); /* Error codes for the GOST functions. */ diff --git a/code/contrib/libfido2/include/openssl/kdf.h b/code/contrib/libfido2/include/openssl/kdf.h new file mode 100644 index 00000000..f823bf99 --- /dev/null +++ b/code/contrib/libfido2/include/openssl/kdf.h @@ -0,0 +1,111 @@ +/* $OpenBSD: kdf.h,v 1.8 2022/07/12 14:42:49 kn Exp $ */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2016-2018 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_KDF_H +# define HEADER_KDF_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) + +# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 +# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 +# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 + +# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key)) + +# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info)) + +# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MODE, mode, NULL) + +int ERR_load_KDF_strings(void); + +/* + * KDF function codes. + */ +# define KDF_F_PKEY_HKDF_CTRL_STR 103 +# define KDF_F_PKEY_HKDF_DERIVE 102 +# define KDF_F_PKEY_HKDF_INIT 108 + +/* + * KDF reason codes. + */ +# define KDF_R_MISSING_KEY 104 +# define KDF_R_MISSING_MESSAGE_DIGEST 105 +# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 + +# ifdef __cplusplus +} +# endif +#endif diff --git a/code/contrib/libfido2/include/openssl/obj_mac.h b/code/contrib/libfido2/include/openssl/obj_mac.h index 5da2b5df..8c731439 100644 --- a/code/contrib/libfido2/include/openssl/obj_mac.h +++ b/code/contrib/libfido2/include/openssl/obj_mac.h @@ -885,6 +885,10 @@ #define NID_id_ct_ASPA 1017 #define OBJ_id_ct_ASPA OBJ_id_smime_ct,49L +#define SN_id_ct_signedTAL "id-ct-signedTAL" +#define NID_id_ct_signedTAL 1024 +#define OBJ_id_ct_signedTAL OBJ_id_smime_ct,50L + #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" #define NID_id_smime_aa_receiptRequest 212 #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L @@ -1001,6 +1005,10 @@ #define NID_id_smime_aa_dvcs_dvc 240 #define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L +#define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" +#define NID_id_smime_aa_signingCertificateV2 1023 +#define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L + #define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" #define NID_id_smime_alg_ESDHwith3DES 241 #define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L @@ -4250,6 +4258,10 @@ #define NID_ct_cert_scts 1021 #define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1022 + #define SN_teletrust "teletrust" #define NID_teletrust 920 #define OBJ_teletrust OBJ_identified_organization,36L diff --git a/code/contrib/libfido2/include/openssl/objects.h b/code/contrib/libfido2/include/openssl/objects.h index 918928e2..fe3d7774 100644 --- a/code/contrib/libfido2/include/openssl/objects.h +++ b/code/contrib/libfido2/include/openssl/objects.h @@ -1,4 +1,4 @@ -/* $OpenBSD: objects.h,v 1.17 2022/01/14 08:56:00 tb Exp $ */ +/* $OpenBSD: objects.h,v 1.18 2022/07/12 14:42:49 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1038,10 +1038,6 @@ extern int obj_cleanup_defer; void check_defer(int nid); #endif -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_OBJ_strings(void); /* Error codes for the OBJ functions. */ diff --git a/code/contrib/libfido2/include/openssl/ocsp.h b/code/contrib/libfido2/include/openssl/ocsp.h index f869f8aa..691ee4a3 100644 --- a/code/contrib/libfido2/include/openssl/ocsp.h +++ b/code/contrib/libfido2/include/openssl/ocsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp.h,v 1.19 2022/01/14 08:32:26 tb Exp $ */ +/* $OpenBSD: ocsp.h,v 1.20 2022/07/12 14:42:49 kn Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -421,10 +421,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_OCSP_strings(void); /* Error codes for the OCSP functions. */ diff --git a/code/contrib/libfido2/include/openssl/opensslconf.h b/code/contrib/libfido2/include/openssl/opensslconf.h index bb717689..6e88a6e0 100644 --- a/code/contrib/libfido2/include/openssl/opensslconf.h +++ b/code/contrib/libfido2/include/openssl/opensslconf.h @@ -1,7 +1,7 @@ #include /* crypto/opensslconf.h.in */ -#if defined(_MSC_VER) && !defined(__attribute__) +#if defined(_MSC_VER) && !defined(__clang__) && !defined(__attribute__) #define __attribute__(a) #endif diff --git a/code/contrib/libfido2/include/openssl/opensslfeatures.h b/code/contrib/libfido2/include/openssl/opensslfeatures.h index 49a5f15b..48fcf40b 100644 --- a/code/contrib/libfido2/include/openssl/opensslfeatures.h +++ b/code/contrib/libfido2/include/openssl/opensslfeatures.h @@ -3,6 +3,7 @@ * are enabled, rather than not being able to tell when things are * enabled (or possibly not yet not implemented, or removed!). */ +#define LIBRESSL_HAS_QUIC #define LIBRESSL_HAS_TLS1_3 #define LIBRESSL_HAS_DTLS1_2 diff --git a/code/contrib/libfido2/include/openssl/opensslv.h b/code/contrib/libfido2/include/openssl/opensslv.h index f24afb9c..dc38457b 100644 --- a/code/contrib/libfido2/include/openssl/opensslv.h +++ b/code/contrib/libfido2/include/openssl/opensslv.h @@ -1,11 +1,11 @@ -/* $OpenBSD: opensslv.h,v 1.69 2022/03/15 21:15:08 bcook Exp $ */ +/* $OpenBSD: opensslv.h,v 1.70 2022/07/04 12:31:55 tb Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ -#define LIBRESSL_VERSION_NUMBER 0x3050300fL +#define LIBRESSL_VERSION_NUMBER 0x3060200fL /* ^ Patch starts here */ -#define LIBRESSL_VERSION_TEXT "LibreSSL 3.5.3" +#define LIBRESSL_VERSION_TEXT "LibreSSL 3.6.2" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L diff --git a/code/contrib/libfido2/include/openssl/pem.h b/code/contrib/libfido2/include/openssl/pem.h index 95f1e030..a0f7d78c 100644 --- a/code/contrib/libfido2/include/openssl/pem.h +++ b/code/contrib/libfido2/include/openssl/pem.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pem.h,v 1.23 2022/01/14 07:52:24 tb Exp $ */ +/* $OpenBSD: pem.h,v 1.24 2022/07/12 14:42:50 kn Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -516,10 +516,6 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, #endif -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_PEM_strings(void); /* Error codes for the PEM functions. */ diff --git a/code/contrib/libfido2/include/openssl/pkcs12.h b/code/contrib/libfido2/include/openssl/pkcs12.h index 56635f9d..44dbb381 100644 --- a/code/contrib/libfido2/include/openssl/pkcs12.h +++ b/code/contrib/libfido2/include/openssl/pkcs12.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.h,v 1.24 2018/05/30 15:32:11 tb Exp $ */ +/* $OpenBSD: pkcs12.h,v 1.27 2022/09/11 17:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -96,43 +96,16 @@ extern "C" { #define KEY_EX 0x10 #define KEY_SIG 0x80 -typedef struct { - X509_SIG *dinfo; - ASN1_OCTET_STRING *salt; - ASN1_INTEGER *iter; /* defaults to 1 */ -} PKCS12_MAC_DATA; - -typedef struct { - ASN1_INTEGER *version; - PKCS12_MAC_DATA *mac; - PKCS7 *authsafes; -} PKCS12; - -typedef struct { - ASN1_OBJECT *type; - union { - struct pkcs12_bag_st *bag; /* secret, crl and certbag */ - struct pkcs8_priv_key_info_st *keybag; /* keybag */ - X509_SIG *shkeybag; /* shrouded key bag */ - STACK_OF(PKCS12_SAFEBAG) *safes; - ASN1_TYPE *other; - } value; - STACK_OF(X509_ATTRIBUTE) *attrib; -} PKCS12_SAFEBAG; +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; + +typedef struct PKCS12_st PKCS12; + +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; DECLARE_STACK_OF(PKCS12_SAFEBAG) DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) -typedef struct pkcs12_bag_st { - ASN1_OBJECT *type; - union { - ASN1_OCTET_STRING *x509cert; - ASN1_OCTET_STRING *x509crl; - ASN1_OCTET_STRING *octet; - ASN1_IA5STRING *sdsicert; - ASN1_TYPE *other; /* Secret or other bag */ - } value; -} PKCS12_BAGS; +typedef struct pkcs12_bag_st PKCS12_BAGS; #define PKCS12_ERROR 0 #define PKCS12_OK 1 @@ -155,29 +128,55 @@ typedef struct pkcs12_bag_st { #define M_PKCS12_decrypt_skey PKCS12_decrypt_skey #define M_PKCS8_decrypt PKCS8_decrypt -#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) -#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) -#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type - #endif /* !LIBRESSL_INTERNAL */ -#define PKCS12_get_attr(bag, attr_nid) \ - PKCS12_get_attr_gen(bag->attrib, attr_nid) +#define M_PKCS12_bag_type PKCS12_bag_type +#define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +#define M_PKCS12_crl_bag_type PKCS12_cert_bag_type -#define PKCS8_get_attr(p8, attr_nid) \ - PKCS12_get_attr_gen(p8->attributes, attr_nid) +#define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +#define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid -#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) +#define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +#define PKCS12_certbag2x509crl PKCS12_SAFEBAG_get1_crl +#define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +#define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +#define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +#define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt -PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); -PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); -X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); -X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +const STACK_OF(X509_ATTRIBUTE) * + PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); + +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); + +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +int PKCS12_mac_present(const PKCS12 *p12); +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter, + const PKCS12 *p12); + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8); + +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); +const STACK_OF(PKCS12_SAFEBAG) * + PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2); -PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen); PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, @@ -185,9 +184,6 @@ PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); -PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, - int passlen, unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8); PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, @@ -283,10 +279,6 @@ PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_PKCS12_strings(void); /* Error codes for the PKCS12 functions. */ diff --git a/code/contrib/libfido2/include/openssl/pkcs7.h b/code/contrib/libfido2/include/openssl/pkcs7.h index cff7c966..9ba3141c 100644 --- a/code/contrib/libfido2/include/openssl/pkcs7.h +++ b/code/contrib/libfido2/include/openssl/pkcs7.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs7.h,v 1.18 2016/12/27 16:12:47 jsing Exp $ */ +/* $OpenBSD: pkcs7.h,v 1.19 2022/07/12 14:42:50 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -417,10 +417,6 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_PKCS7_strings(void); /* Error codes for the PKCS7 functions. */ diff --git a/code/contrib/libfido2/include/openssl/rand.h b/code/contrib/libfido2/include/openssl/rand.h index fcb2e921..a0e9b479 100644 --- a/code/contrib/libfido2/include/openssl/rand.h +++ b/code/contrib/libfido2/include/openssl/rand.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rand.h,v 1.22 2014/10/22 14:02:52 jsing Exp $ */ +/* $OpenBSD: rand.h,v 1.23 2022/07/12 14:42:50 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -101,10 +101,6 @@ int RAND_status(void); int RAND_poll(void); #endif -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. (no longer used) */ diff --git a/code/contrib/libfido2/include/openssl/rsa.h b/code/contrib/libfido2/include/openssl/rsa.h index d59fd03f..73ec9d5a 100644 --- a/code/contrib/libfido2/include/openssl/rsa.h +++ b/code/contrib/libfido2/include/openssl/rsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.h,v 1.55 2022/01/14 08:34:39 tb Exp $ */ +/* $OpenBSD: rsa.h,v 1.58 2022/07/12 14:42:50 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -372,6 +372,8 @@ int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, int RSA_set_ex_data(RSA *r, int idx, void *arg); void *RSA_get_ex_data(const RSA *r, int idx); +int RSA_security_bits(const RSA *rsa); + void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); @@ -473,10 +475,6 @@ int RSA_meth_set_verify(RSA_METHOD *rsa, int (*verify)(int dtype, unsigned int siglen, const RSA *rsa)); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_RSA_strings(void); /* Error codes for the RSA functions. */ diff --git a/code/contrib/libfido2/include/openssl/safestack.h b/code/contrib/libfido2/include/openssl/safestack.h index e1e7e248..84853efc 100644 --- a/code/contrib/libfido2/include/openssl/safestack.h +++ b/code/contrib/libfido2/include/openssl/safestack.h @@ -1,4 +1,4 @@ -/* $OpenBSD: safestack.h,v 1.21 2022/01/14 08:59:30 tb Exp $ */ +/* $OpenBSD: safestack.h,v 1.22 2022/07/16 19:11:51 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -773,6 +773,30 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) #define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) +#ifdef LIBRESSL_INTERNAL +#define sk_ESS_CERT_ID_V2_new(cmp) SKM_sk_new(ESS_CERT_ID_V2, (cmp)) +#define sk_ESS_CERT_ID_V2_new_null() SKM_sk_new_null(ESS_CERT_ID_V2) +#define sk_ESS_CERT_ID_V2_free(st) SKM_sk_free(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_num(st) SKM_sk_num(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_value(st, i) SKM_sk_value(ESS_CERT_ID_V2, (st), (i)) +#define sk_ESS_CERT_ID_V2_set(st, i, val) SKM_sk_set(ESS_CERT_ID_V2, (st), (i), (val)) +#define sk_ESS_CERT_ID_V2_zero(st) SKM_sk_zero(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_push(st, val) SKM_sk_push(ESS_CERT_ID_V2, (st), (val)) +#define sk_ESS_CERT_ID_V2_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID_V2, (st), (val)) +#define sk_ESS_CERT_ID_V2_find(st, val) SKM_sk_find(ESS_CERT_ID_V2, (st), (val)) +#define sk_ESS_CERT_ID_V2_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID_V2, (st), (val)) +#define sk_ESS_CERT_ID_V2_delete(st, i) SKM_sk_delete(ESS_CERT_ID_V2, (st), (i)) +#define sk_ESS_CERT_ID_V2_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID_V2, (st), (ptr)) +#define sk_ESS_CERT_ID_V2_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID_V2, (st), (val), (i)) +#define sk_ESS_CERT_ID_V2_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID_V2, (st), (cmp)) +#define sk_ESS_CERT_ID_V2_dup(st) SKM_sk_dup(ESS_CERT_ID_V2, st) +#define sk_ESS_CERT_ID_V2_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID_V2, (st), (free_func)) +#define sk_ESS_CERT_ID_V2_shift(st) SKM_sk_shift(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_pop(st) SKM_sk_pop(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_sort(st) SKM_sk_sort(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID_V2, (st)) +#endif /* LIBRESSL_INTERNAL */ + #define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) #define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) #define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) diff --git a/code/contrib/libfido2/include/openssl/ssl.h b/code/contrib/libfido2/include/openssl/ssl.h index e3132682..4a89bfd8 100644 --- a/code/contrib/libfido2/include/openssl/ssl.h +++ b/code/contrib/libfido2/include/openssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.215 2021/11/01 08:14:36 tb Exp $ */ +/* $OpenBSD: ssl.h,v 1.229 2022/09/11 17:39:46 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -361,6 +361,10 @@ typedef struct ssl_method_st SSL_METHOD; typedef struct ssl_cipher_st SSL_CIPHER; typedef struct ssl_session_st SSL_SESSION; +#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) +typedef struct ssl_quic_method_st SSL_QUIC_METHOD; +#endif + DECLARE_STACK_OF(SSL_CIPHER) /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ @@ -823,15 +827,18 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); /* Offset to get an SSL_R_... value from an SSL_AD_... value. */ #define SSL_AD_REASON_OFFSET 1000 -#define SSL_ERROR_NONE 0 -#define SSL_ERROR_SSL 1 -#define SSL_ERROR_WANT_READ 2 -#define SSL_ERROR_WANT_WRITE 3 -#define SSL_ERROR_WANT_X509_LOOKUP 4 -#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ -#define SSL_ERROR_ZERO_RETURN 6 -#define SSL_ERROR_WANT_CONNECT 7 -#define SSL_ERROR_WANT_ACCEPT 8 +#define SSL_ERROR_NONE 0 +#define SSL_ERROR_SSL 1 +#define SSL_ERROR_WANT_READ 2 +#define SSL_ERROR_WANT_WRITE 3 +#define SSL_ERROR_WANT_X509_LOOKUP 4 +#define SSL_ERROR_SYSCALL 5 +#define SSL_ERROR_ZERO_RETURN 6 +#define SSL_ERROR_WANT_CONNECT 7 +#define SSL_ERROR_WANT_ACCEPT 8 +#define SSL_ERROR_WANT_ASYNC 9 +#define SSL_ERROR_WANT_ASYNC_JOB 10 +#define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 #define SSL_CTRL_NEED_TMP_RSA 1 #define SSL_CTRL_SET_TMP_RSA 2 @@ -930,8 +937,8 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); #define SSL_CTRL_SET_GROUPS 91 #define SSL_CTRL_SET_GROUPS_LIST 92 - -#define SSL_CTRL_SET_ECDH_AUTO 94 +#define SSL_CTRL_GET_SHARED_GROUP 93 +#define SSL_CTRL_SET_ECDH_AUTO 94 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) #define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 @@ -1047,6 +1054,10 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); #define SSL_CTX_clear_extra_chain_certs(ctx) \ SSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0, NULL) +#define SSL_get_shared_group(s, n) \ + SSL_ctrl((s), SSL_CTRL_GET_SHARED_GROUP, (n), NULL) +#define SSL_get_shared_curve SSL_get_shared_group + #define SSL_get_server_tmp_key(s, pk) \ SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) @@ -1507,10 +1518,289 @@ int SSL_set_session_secret_cb(SSL *s, void SSL_set_debug(SSL *s, int debug); int SSL_cache_hit(SSL *s); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +#define SSL_SECOP_OTHER_TYPE 0xffff0000 +#define SSL_SECOP_OTHER_NONE 0 +#define SSL_SECOP_OTHER_CIPHER (1 << 16) +#define SSL_SECOP_OTHER_CURVE (2 << 16) +#define SSL_SECOP_OTHER_DH (3 << 16) +#define SSL_SECOP_OTHER_PKEY (4 << 16) +#define SSL_SECOP_OTHER_SIGALG (5 << 16) +#define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +#define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +#define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +#define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +#define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +#define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +#define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +#define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +/* + * XXX: changed in OpenSSL e2b420fdd70 to (7 | SSL_SECOP_OTHER_PKEY) + * Needs switching internal use of DH to EVP_PKEY. The code is not reachable + * from outside the library as long as we do not expose the callback in the API. + */ +#define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_DH) +/* SSL/TLS version */ +#define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +#define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +#define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +#define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +#define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +#define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +#define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +#define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +#define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +#define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +#define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +#define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +#define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *ssl, int level); +int SSL_get_security_level(const SSL *ssl); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +int SSL_CTX_get_security_level(const SSL_CTX *ctx); + +#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) +/* + * QUIC integration. + * + * QUIC acts as an underlying transport for the TLS 1.3 handshake. The following + * functions allow a QUIC implementation to serve as the underlying transport as + * described in RFC 9001. + * + * When configured for QUIC, |SSL_do_handshake| will drive the handshake as + * before, but it will not use the configured |BIO|. It will call functions on + * |SSL_QUIC_METHOD| to configure secrets and send data. If data is needed from + * the peer, it will return |SSL_ERROR_WANT_READ|. As the caller receives data + * it can decrypt, it calls |SSL_provide_quic_data|. Subsequent + * |SSL_do_handshake| calls will then consume that data and progress the + * handshake. After the handshake is complete, the caller should continue to + * call |SSL_provide_quic_data| for any post-handshake data, followed by + * |SSL_process_quic_post_handshake| to process it. It is an error to call + * |SSL_peek|, |SSL_read| and |SSL_write| in QUIC. + * + * To avoid DoS attacks, the QUIC implementation must limit the amount of data + * being queued up. The implementation can call + * |SSL_quic_max_handshake_flight_len| to get the maximum buffer length at each + * encryption level. + * + * QUIC implementations must additionally configure transport parameters with + * |SSL_set_quic_transport_params|. |SSL_get_peer_quic_transport_params| may be + * used to query the value received from the peer. This extension is handled + * as an opaque byte string, which the caller is responsible for serializing + * and parsing. See RFC 9000 section 7.4 for further details. + */ + +/* + * ssl_encryption_level_t specifies the QUIC encryption level used to transmit + * handshake messages. + */ +typedef enum ssl_encryption_level_t { + ssl_encryption_initial = 0, + ssl_encryption_early_data, + ssl_encryption_handshake, + ssl_encryption_application, +} OSSL_ENCRYPTION_LEVEL; + +/* + * ssl_quic_method_st (aka |SSL_QUIC_METHOD|) describes custom QUIC hooks. + * + * Note that we provide both the new (BoringSSL) secrets interface + * (set_read_secret/set_write_secret) along with the old interface + * (set_encryption_secrets), which quictls is still using. + * + * Since some consumers fail to use named initialisers, the order of these + * functions is important. Hopefully all of these consumers use the old version. + */ +struct ssl_quic_method_st { + /* + * set_encryption_secrets configures the read and write secrets for the + * given encryption level. This function will always be called before an + * encryption level other than |ssl_encryption_initial| is used. + * + * When reading packets at a given level, the QUIC implementation must + * send ACKs at the same level, so this function provides read and write + * secrets together. The exception is |ssl_encryption_early_data|, where + * secrets are only available in the client to server direction. The + * other secret will be NULL. The server acknowledges such data at + * |ssl_encryption_application|, which will be configured in the same + * |SSL_do_handshake| call. + * + * This function should use |SSL_get_current_cipher| to determine the TLS + * cipher suite. + */ + int (*set_encryption_secrets)(SSL *ssl, enum ssl_encryption_level_t level, + const uint8_t *read_secret, const uint8_t *write_secret, + size_t secret_len); + + /* + * add_handshake_data adds handshake data to the current flight at the + * given encryption level. It returns one on success and zero on error. + * Callers should defer writing data to the network until |flush_flight| + * to better pack QUIC packets into transport datagrams. + * + * If |level| is not |ssl_encryption_initial|, this function will not be + * called before |level| is initialized with |set_write_secret|. + */ + int (*add_handshake_data)(SSL *ssl, enum ssl_encryption_level_t level, + const uint8_t *data, size_t len); + + /* + * flush_flight is called when the current flight is complete and should + * be written to the transport. Note a flight may contain data at + * several encryption levels. It returns one on success and zero on + * error. + */ + int (*flush_flight)(SSL *ssl); + + /* + * send_alert sends a fatal alert at the specified encryption level. It + * returns one on success and zero on error. + * + * If |level| is not |ssl_encryption_initial|, this function will not be + * called before |level| is initialized with |set_write_secret|. + */ + int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, + uint8_t alert); + + /* + * set_read_secret configures the read secret and cipher suite for the + * given encryption level. It returns one on success and zero to + * terminate the handshake with an error. It will be called at most once + * per encryption level. + * + * Read keys will not be released before QUIC may use them. Once a level + * has been initialized, QUIC may begin processing data from it. + * Handshake data should be passed to |SSL_provide_quic_data| and + * application data (if |level| is |ssl_encryption_early_data| or + * |ssl_encryption_application|) may be processed according to the rules + * of the QUIC protocol. + */ + int (*set_read_secret)(SSL *ssl, enum ssl_encryption_level_t level, + const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); + + /* + * set_write_secret behaves like |set_read_secret| but configures the + * write secret and cipher suite for the given encryption level. It will + * be called at most once per encryption level. + * + * Write keys will not be released before QUIC may use them. If |level| + * is |ssl_encryption_early_data| or |ssl_encryption_application|, QUIC + * may begin sending application data at |level|. + */ + int (*set_write_secret)(SSL *ssl, enum ssl_encryption_level_t level, + const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); +}; + +/* + * SSL_CTX_set_quic_method configures the QUIC hooks. This should only be + * configured with a minimum version of TLS 1.3. |quic_method| must remain valid + * for the lifetime of |ctx|. It returns one on success and zero on error. + */ +int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method); + +/* + * SSL_set_quic_method configures the QUIC hooks. This should only be + * configured with a minimum version of TLS 1.3. |quic_method| must remain valid + * for the lifetime of |ssl|. It returns one on success and zero on error. + */ +int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); + +/* SSL_is_quic returns true if an SSL has been configured for use with QUIC. */ +int SSL_is_quic(const SSL *ssl); + +/* + * SSL_quic_max_handshake_flight_len returns returns the maximum number of bytes + * that may be received at the given encryption level. This function should be + * used to limit buffering in the QUIC implementation. See RFC 9000 section 7.5. + */ +size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, + enum ssl_encryption_level_t level); + +/* + * SSL_quic_read_level returns the current read encryption level. + */ +enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl); + +/* + * SSL_quic_write_level returns the current write encryption level. */ +enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl); + +/* + * SSL_provide_quic_data provides data from QUIC at a particular encryption + * level |level|. It returns one on success and zero on error. Note this + * function will return zero if the handshake is not expecting data from |level| + * at this time. The QUIC implementation should then close the connection with + * an error. + */ +int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, + const uint8_t *data, size_t len); + +/* + * SSL_process_quic_post_handshake processes any data that QUIC has provided + * after the handshake has completed. This includes NewSessionTicket messages + * sent by the server. It returns one on success and zero on error. + */ +int SSL_process_quic_post_handshake(SSL *ssl); + +/* + * SSL_set_quic_transport_params configures |ssl| to send |params| (of length + * |params_len|) in the quic_transport_parameters extension in either the + * ClientHello or EncryptedExtensions handshake message. It is an error to set + * transport parameters if |ssl| is not configured for QUIC. The buffer pointed + * to by |params| only need be valid for the duration of the call to this + * function. This function returns 1 on success and 0 on failure. + */ +int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, + size_t params_len); + +/* + * SSL_get_peer_quic_transport_params provides the caller with the value of the + * quic_transport_parameters extension sent by the peer. A pointer to the buffer + * containing the TransportParameters will be put in |*out_params|, and its + * length in |*params_len|. This buffer will be valid for the lifetime of the + * |SSL|. If no params were received from the peer, |*out_params_len| will be 0. + */ +void SSL_get_peer_quic_transport_params(const SSL *ssl, + const uint8_t **out_params, size_t *out_params_len); + +/* + * SSL_set_quic_use_legacy_codepoint configures whether to use the legacy QUIC + * extension codepoint 0xffa5 as opposed to the official value 57. This is + * unsupported in LibreSSL. + */ +void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy); + +#endif + void ERR_load_SSL_strings(void); /* Error codes for the SSL functions. */ @@ -1787,6 +2077,8 @@ void ERR_load_SSL_strings(void); #define SSL_R_BN_LIB 130 #define SSL_R_CA_DN_LENGTH_MISMATCH 131 #define SSL_R_CA_DN_TOO_LONG 132 +#define SSL_R_CA_KEY_TOO_SMALL 397 +#define SSL_R_CA_MD_TOO_WEAK 398 #define SSL_R_CCS_RECEIVED_EARLY 133 #define SSL_R_CERTIFICATE_VERIFY_FAILED 134 #define SSL_R_CERT_LENGTH_MISMATCH 135 @@ -1808,6 +2100,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_DATA_LENGTH_TOO_LONG 146 #define SSL_R_DECRYPTION_FAILED 147 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +#define SSL_R_DH_KEY_TOO_SMALL 394 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 #define SSL_R_DTLS_MESSAGE_TOO_BIG 334 @@ -1817,6 +2110,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 #define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 +#define SSL_R_EE_KEY_TOO_SMALL 399 #define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 @@ -2031,6 +2325,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_UNSUPPORTED_SSL_VERSION 259 #define SSL_R_UNSUPPORTED_STATUS_TYPE 329 #define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +#define SSL_R_VERSION_TOO_LOW 396 #define SSL_R_WRITE_BIO_NOT_SET 260 #define SSL_R_WRONG_CIPHER_RETURNED 261 #define SSL_R_WRONG_CURVE 378 @@ -2044,6 +2339,8 @@ void ERR_load_SSL_strings(void); #define SSL_R_X509_LIB 268 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 #define SSL_R_PEER_BEHAVING_BADLY 666 +#define SSL_R_QUIC_INTERNAL_ERROR 667 +#define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED 668 #define SSL_R_UNKNOWN 999 /* diff --git a/code/contrib/libfido2/include/openssl/tls1.h b/code/contrib/libfido2/include/openssl/tls1.h index 547fb86e..2bdbd3c1 100644 --- a/code/contrib/libfido2/include/openssl/tls1.h +++ b/code/contrib/libfido2/include/openssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.51 2022/02/05 18:18:18 tb Exp $ */ +/* $OpenBSD: tls1.h,v 1.56 2022/07/17 14:39:09 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -159,6 +159,8 @@ extern "C" { #endif +#define OPENSSL_TLS_SECURITY_LEVEL 1 + #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) @@ -270,6 +272,11 @@ extern "C" { #define TLSEXT_TYPE_key_share 51 #endif +/* ExtensionType value from RFC 9001 section 8.2 */ +#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) +#define TLSEXT_TYPE_quic_transport_parameters 57 +#endif + /* * TLS 1.3 extension names from OpenSSL, where they decided to use a different * name from that given in RFC 8446. diff --git a/code/contrib/libfido2/include/openssl/ts.h b/code/contrib/libfido2/include/openssl/ts.h index fa8eb949..cb372e66 100644 --- a/code/contrib/libfido2/include/openssl/ts.h +++ b/code/contrib/libfido2/include/openssl/ts.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.h,v 1.10 2018/05/13 15:35:46 tb Exp $ */ +/* $OpenBSD: ts.h,v 1.19 2022/09/11 17:31:19 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL * project 2002, 2003, 2004. */ @@ -93,99 +93,12 @@ extern "C" { #include #include -/* -MessageImprint ::= SEQUENCE { - hashAlgorithm AlgorithmIdentifier, - hashedMessage OCTET STRING } -*/ - -typedef struct TS_msg_imprint_st { - X509_ALGOR *hash_algo; - ASN1_OCTET_STRING *hashed_msg; -} TS_MSG_IMPRINT; - -/* -TimeStampReq ::= SEQUENCE { - version INTEGER { v1(1) }, - messageImprint MessageImprint, - --a hash algorithm OID and the hash value of the data to be - --time-stamped - reqPolicy TSAPolicyId OPTIONAL, - nonce INTEGER OPTIONAL, - certReq BOOLEAN DEFAULT FALSE, - extensions [0] IMPLICIT Extensions OPTIONAL } -*/ - -typedef struct TS_req_st { - ASN1_INTEGER *version; - TS_MSG_IMPRINT *msg_imprint; - ASN1_OBJECT *policy_id; /* OPTIONAL */ - ASN1_INTEGER *nonce; /* OPTIONAL */ - ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ - STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ -} TS_REQ; - -/* -Accuracy ::= SEQUENCE { - seconds INTEGER OPTIONAL, - millis [0] INTEGER (1..999) OPTIONAL, - micros [1] INTEGER (1..999) OPTIONAL } -*/ - -typedef struct TS_accuracy_st { - ASN1_INTEGER *seconds; - ASN1_INTEGER *millis; - ASN1_INTEGER *micros; -} TS_ACCURACY; - -/* -TSTInfo ::= SEQUENCE { - version INTEGER { v1(1) }, - policy TSAPolicyId, - messageImprint MessageImprint, - -- MUST have the same value as the similar field in - -- TimeStampReq - serialNumber INTEGER, - -- Time-Stamping users MUST be ready to accommodate integers - -- up to 160 bits. - genTime GeneralizedTime, - accuracy Accuracy OPTIONAL, - ordering BOOLEAN DEFAULT FALSE, - nonce INTEGER OPTIONAL, - -- MUST be present if the similar field was present - -- in TimeStampReq. In that case it MUST have the same value. - tsa [0] GeneralName OPTIONAL, - extensions [1] IMPLICIT Extensions OPTIONAL } -*/ - -typedef struct TS_tst_info_st { - ASN1_INTEGER *version; - ASN1_OBJECT *policy_id; - TS_MSG_IMPRINT *msg_imprint; - ASN1_INTEGER *serial; - ASN1_GENERALIZEDTIME *time; - TS_ACCURACY *accuracy; - ASN1_BOOLEAN ordering; - ASN1_INTEGER *nonce; - GENERAL_NAME *tsa; - STACK_OF(X509_EXTENSION) *extensions; -} TS_TST_INFO; - -/* -PKIStatusInfo ::= SEQUENCE { - status PKIStatus, - statusString PKIFreeText OPTIONAL, - failInfo PKIFailureInfo OPTIONAL } - -From RFC 1510 - section 3.1.1: -PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String - -- text encoded as UTF-8 String (note: each UTF8String SHOULD - -- include an RFC 1766 language tag to indicate the language - -- of the contained text) -*/ - -/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ +typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +typedef struct TS_req_st TS_REQ; +typedef struct TS_accuracy_st TS_ACCURACY; +typedef struct TS_tst_info_st TS_TST_INFO; +/* Possible values for status. */ #define TS_STATUS_GRANTED 0 #define TS_STATUS_GRANTED_WITH_MODS 1 #define TS_STATUS_REJECTION 2 @@ -193,8 +106,7 @@ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String #define TS_STATUS_REVOCATION_WARNING 4 #define TS_STATUS_REVOCATION_NOTIFICATION 5 -/* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c */ - +/* Possible values for failure_info. */ #define TS_INFO_BAD_ALG 0 #define TS_INFO_BAD_REQUEST 2 #define TS_INFO_BAD_DATA_FORMAT 5 @@ -204,66 +116,21 @@ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String #define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 #define TS_INFO_SYSTEM_FAILURE 25 -typedef struct TS_status_info_st { - ASN1_INTEGER *status; - STACK_OF(ASN1_UTF8STRING) *text; - ASN1_BIT_STRING *failure_info; -} TS_STATUS_INFO; +typedef struct TS_status_info_st TS_STATUS_INFO; DECLARE_STACK_OF(ASN1_UTF8STRING) -/* -TimeStampResp ::= SEQUENCE { - status PKIStatusInfo, - timeStampToken TimeStampToken OPTIONAL } -*/ - -typedef struct TS_resp_st { - TS_STATUS_INFO *status_info; - PKCS7 *token; - TS_TST_INFO *tst_info; -} TS_RESP; - -/* The structure below would belong to the ESS component. */ - -/* -IssuerSerial ::= SEQUENCE { - issuer GeneralNames, - serialNumber CertificateSerialNumber - } -*/ - -typedef struct ESS_issuer_serial { - STACK_OF(GENERAL_NAME) *issuer; - ASN1_INTEGER *serial; -} ESS_ISSUER_SERIAL; - -/* -ESSCertID ::= SEQUENCE { - certHash Hash, - issuerSerial IssuerSerial OPTIONAL -} -*/ - -typedef struct ESS_cert_id { - ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ - ESS_ISSUER_SERIAL *issuer_serial; -} ESS_CERT_ID; - +typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +typedef struct ESS_cert_id ESS_CERT_ID; DECLARE_STACK_OF(ESS_CERT_ID) +typedef struct ESS_signing_cert ESS_SIGNING_CERT; -/* -SigningCertificate ::= SEQUENCE { - certs SEQUENCE OF ESSCertID, - policies SEQUENCE OF PolicyInformation OPTIONAL -} -*/ +typedef struct ESS_cert_id_v2 ESS_CERT_ID_V2; +DECLARE_STACK_OF(ESS_CERT_ID_V2) -typedef struct ESS_signing_cert { - STACK_OF(ESS_CERT_ID) *cert_ids; - STACK_OF(POLICYINFO) *policy_info; -} ESS_SIGNING_CERT; +typedef struct ESS_signing_cert_v2 ESS_SIGNING_CERT_V2; +typedef struct TS_resp_st TS_RESP; TS_REQ *TS_REQ_new(void); void TS_REQ_free(TS_REQ *a); @@ -351,8 +218,6 @@ ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, const unsigned char **pp, long length); ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); -void ERR_load_TS_strings(void); - int TS_REQ_set_version(TS_REQ *a, long version); long TS_REQ_get_version(const TS_REQ *a); @@ -389,11 +254,17 @@ void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); int TS_REQ_print_bio(BIO *bio, TS_REQ *a); -/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ +/* Function declarations for TS_RESP defined in ts/ts_rsp_utils.c */ int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); +const ASN1_UTF8STRING *TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *si); +const STACK_OF(ASN1_UTF8STRING) * + TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *si); +const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *si); +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *si, int i); + /* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); PKCS7 *TS_RESP_get_token(TS_RESP *a); @@ -447,7 +318,7 @@ X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); -/* Declarations related to response generation, defined in ts/ts_resp_sign.c. */ +/* Declarations related to response generation, defined in ts/ts_rsp_sign.c. */ /* Optional flags for response generation. */ @@ -482,35 +353,7 @@ typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, time_t *sec, long *usec) */ typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *); -typedef struct TS_resp_ctx { - X509 *signer_cert; - EVP_PKEY *signer_key; - STACK_OF(X509) *certs; /* Certs to include in signed data. */ - STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ - ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ - STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ - ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ - ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ - ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ - unsigned clock_precision_digits; /* fraction of seconds in - time stamp token. */ - unsigned flags; /* Optional info, see values above. */ - - /* Callback functions. */ - TS_serial_cb serial_cb; - void *serial_cb_data; /* User data for serial_cb. */ - - TS_time_cb time_cb; - void *time_cb_data; /* User data for time_cb. */ - - TS_extension_cb extension_cb; - void *extension_cb_data; /* User data for extension_cb. */ - - /* These members are used only while creating the response. */ - TS_REQ *request; - TS_RESP *response; - TS_TST_INFO *tst_info; -} TS_RESP_CTX; +typedef struct TS_resp_ctx TS_RESP_CTX; DECLARE_STACK_OF(EVP_MD) @@ -555,6 +398,9 @@ void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); /* Default callback always returns a constant. */ void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); +/* Default callback uses gettimeofday() and gmtime(). */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + /* Default callback rejects all extensions. The extension callback is called * when the TS_TST_INFO object is already set up and not signed yet. */ /* FIXME: extension handling is not tested yet. */ @@ -585,7 +431,7 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); /* * Declarations related to response verification, - * they are defined in ts/ts_resp_verify.c. + * they are defined in ts/ts_rsp_verify.c. */ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, @@ -629,32 +475,7 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, | TS_VFY_SIGNER \ | TS_VFY_TSA_NAME) -typedef struct TS_verify_ctx { - /* Set this to the union of TS_VFY_... flags you want to carry out. */ - unsigned flags; - - /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ - X509_STORE *store; - STACK_OF(X509) *certs; - - /* Must be set only with TS_VFY_POLICY. */ - ASN1_OBJECT *policy; - - /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, - the algorithm from the response is used. */ - X509_ALGOR *md_alg; - unsigned char *imprint; - unsigned imprint_len; - - /* Must be set only with TS_VFY_DATA. */ - BIO *data; - - /* Must be set only with TS_VFY_TSA_NAME. */ - ASN1_INTEGER *nonce; - - /* Must be set only with TS_VFY_TSA_NAME. */ - GENERAL_NAME *tsa_name; -} TS_VERIFY_CTX; +typedef struct TS_verify_ctx TS_VERIFY_CTX; int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); @@ -670,6 +491,17 @@ void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int flags); +int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int flags); +BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *bio); +X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *store); +/* R$ special */ +#define TS_VERIFY_CTS_set_certs TS_VERIFY_CTX_set_certs +STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, + STACK_OF(X509) *certs); +unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, + unsigned char *imprint, long imprint_len); + /* * If ctx is NULL, it allocates and returns a new object, otherwise * it returns ctx. It initialises all the members as follows: @@ -682,13 +514,13 @@ void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); * imprint, imprint_len = imprint from request * data = NULL * nonce, nonce_len = nonce from the request or NULL if absent (in this case - * TS_VFY_NONCE is cleared from flags as well) + * TS_VFY_NONCE is cleared from flags as well) * tsa_name = NULL * Important: after calling this method TS_VFY_SIGNATURE should be added! */ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); -/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ +/* Function declarations for TS_RESP defined in ts/ts_rsp_print.c */ int TS_RESP_print_bio(BIO *bio, TS_RESP *a); int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); @@ -732,11 +564,6 @@ int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, TS_RESP_CTX *ctx); -/* -------------------------------------------------- */ -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_TS_strings(void); /* Error codes for the TS functions. */ diff --git a/code/contrib/libfido2/include/openssl/ui.h b/code/contrib/libfido2/include/openssl/ui.h index 5ca65b0a..7755cf4a 100644 --- a/code/contrib/libfido2/include/openssl/ui.h +++ b/code/contrib/libfido2/include/openssl/ui.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ui.h,v 1.12 2020/09/24 19:20:32 tb Exp $ */ +/* $OpenBSD: ui.h,v 1.14 2022/07/12 18:43:56 jsing Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ @@ -371,11 +371,6 @@ int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, int verify); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_UI_strings(void); /* Error codes for the UI functions. */ diff --git a/code/contrib/libfido2/include/openssl/x509.h b/code/contrib/libfido2/include/openssl/x509.h index 05872e1a..bac1341a 100644 --- a/code/contrib/libfido2/include/openssl/x509.h +++ b/code/contrib/libfido2/include/openssl/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.89 2022/01/10 14:13:03 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.90 2022/07/12 14:42:50 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1136,10 +1136,6 @@ int X509_TRUST_get_trust(const X509_TRUST *xp); int X509_up_ref(X509 *x); STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_X509_strings(void); /* Error codes for the X509 functions. */ diff --git a/code/contrib/libfido2/include/openssl/x509_vfy.h b/code/contrib/libfido2/include/openssl/x509_vfy.h index 9a649cbb..98b1cf5e 100644 --- a/code/contrib/libfido2/include/openssl/x509_vfy.h +++ b/code/contrib/libfido2/include/openssl/x509_vfy.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.h,v 1.50 2022/01/14 07:53:45 tb Exp $ */ +/* $OpenBSD: x509_vfy.h,v 1.54 2022/07/07 13:01:28 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -205,6 +205,11 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* Issuer lookup error */ #define X509_V_ERR_STORE_LOOKUP 66 +/* Security level errors */ +#define X509_V_ERR_EE_KEY_TOO_SMALL 67 +#define X509_V_ERR_CA_KEY_TOO_SMALL 68 +#define X509_V_ERR_CA_MD_TOO_WEAK 69 + /* Certificate verify flags */ /* Send issuer+subject checks to verify_cb */ @@ -426,6 +431,8 @@ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy); diff --git a/code/contrib/libfido2/include/openssl/x509v3.h b/code/contrib/libfido2/include/openssl/x509v3.h index c82ecae0..2bc87f60 100644 --- a/code/contrib/libfido2/include/openssl/x509v3.h +++ b/code/contrib/libfido2/include/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.14 2022/01/14 09:01:36 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.15 2022/07/12 14:42:50 kn Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -1036,10 +1036,6 @@ int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, #endif /* !OPENSSL_NO_RFC3779 */ -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_X509V3_strings(void); /* Error codes for the X509V3 functions. */ diff --git a/code/contrib/libfido2/include/zconf.h b/code/contrib/libfido2/include/zconf.h index 352f552b..2271dc5f 100644 --- a/code/contrib/libfido2/include/zconf.h +++ b/code/contrib/libfido2/include/zconf.h @@ -40,6 +40,9 @@ # define crc32 z_crc32 # define crc32_combine z_crc32_combine # define crc32_combine64 z_crc32_combine64 +# define crc32_combine_gen z_crc32_combine_gen +# define crc32_combine_gen64 z_crc32_combine_gen64 +# define crc32_combine_op z_crc32_combine_op # define crc32_z z_crc32_z # define deflate z_deflate # define deflateBound z_deflateBound @@ -351,6 +354,9 @@ # ifdef FAR # undef FAR # endif +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif # include /* No need for _export, use ZLIB.DEF instead. */ /* For complete Windows compatibility, use WINAPI, not __stdcall. */ @@ -469,11 +475,18 @@ typedef uLong FAR uLongf; # undef _LARGEFILE64_SOURCE #endif -#if defined(__WATCOMC__) && !defined(Z_HAVE_UNISTD_H) -# define Z_HAVE_UNISTD_H +#ifndef Z_HAVE_UNISTD_H +# ifdef __WATCOMC__ +# define Z_HAVE_UNISTD_H +# endif +#endif +#ifndef Z_HAVE_UNISTD_H +# if defined(_LARGEFILE64_SOURCE) && !defined(_WIN32) +# define Z_HAVE_UNISTD_H +# endif #endif #ifndef Z_SOLO -# if defined(Z_HAVE_UNISTD_H) || defined(_LARGEFILE64_SOURCE) +# if defined(Z_HAVE_UNISTD_H) # include /* for SEEK_*, off_t, and _LFS64_LARGEFILE */ # ifdef VMS # include /* for off_t */ diff --git a/code/contrib/libfido2/include/zlib.h b/code/contrib/libfido2/include/zlib.h index 4a98e38b..953cb501 100644 --- a/code/contrib/libfido2/include/zlib.h +++ b/code/contrib/libfido2/include/zlib.h @@ -1,5 +1,5 @@ /* zlib.h -- interface of the 'zlib' general purpose compression library - version 1.2.12, March 11th, 2022 + version 1.2.13, October 13th, 2022 Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler @@ -37,11 +37,11 @@ extern "C" { #endif -#define ZLIB_VERSION "1.2.12" -#define ZLIB_VERNUM 0x12c0 +#define ZLIB_VERSION "1.2.13" +#define ZLIB_VERNUM 0x12d0 #define ZLIB_VER_MAJOR 1 #define ZLIB_VER_MINOR 2 -#define ZLIB_VER_REVISION 12 +#define ZLIB_VER_REVISION 13 #define ZLIB_VER_SUBREVISION 0 /* @@ -276,7 +276,7 @@ ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush)); == 0), or after each call of deflate(). If deflate returns Z_OK and with zero avail_out, it must be called again after making room in the output buffer because there might be more output pending. See deflatePending(), - which can be used if desired to determine whether or not there is more ouput + which can be used if desired to determine whether or not there is more output in that case. Normally the parameter flush is set to Z_NO_FLUSH, which allows deflate to @@ -660,7 +660,7 @@ ZEXTERN int ZEXPORT deflateGetDictionary OF((z_streamp strm, to dictionary. dictionary must have enough space, where 32768 bytes is always enough. If deflateGetDictionary() is called with dictionary equal to Z_NULL, then only the dictionary length is returned, and nothing is copied. - Similary, if dictLength is Z_NULL, then it is not set. + Similarly, if dictLength is Z_NULL, then it is not set. deflateGetDictionary() may return a length less than the window size, even when more than the window size in input has been provided. It may return up @@ -915,7 +915,7 @@ ZEXTERN int ZEXPORT inflateGetDictionary OF((z_streamp strm, to dictionary. dictionary must have enough space, where 32768 bytes is always enough. If inflateGetDictionary() is called with dictionary equal to Z_NULL, then only the dictionary length is returned, and nothing is copied. - Similary, if dictLength is Z_NULL, then it is not set. + Similarly, if dictLength is Z_NULL, then it is not set. inflateGetDictionary returns Z_OK on success, or Z_STREAM_ERROR if the stream state is inconsistent. @@ -1437,12 +1437,12 @@ ZEXTERN z_size_t ZEXPORT gzfread OF((voidp buf, z_size_t size, z_size_t nitems, In the event that the end of file is reached and only a partial item is available at the end, i.e. the remaining uncompressed data length is not a - multiple of size, then the final partial item is nevetheless read into buf + multiple of size, then the final partial item is nevertheless read into buf and the end-of-file flag is set. The length of the partial item read is not provided, but could be inferred from the result of gztell(). This behavior is the same as the behavior of fread() implementations in common libraries, but it prevents the direct use of gzfread() to read a concurrently written - file, reseting and retrying on end-of-file, when size is not 1. + file, resetting and retrying on end-of-file, when size is not 1. */ ZEXTERN int ZEXPORT gzwrite OF((gzFile file, voidpc buf, unsigned len)); @@ -1913,7 +1913,7 @@ ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp)); ZEXTERN const z_crc_t FAR * ZEXPORT get_crc_table OF((void)); ZEXTERN int ZEXPORT inflateUndermine OF((z_streamp, int)); ZEXTERN int ZEXPORT inflateValidate OF((z_streamp, int)); -ZEXTERN unsigned long ZEXPORT inflateCodesUsed OF ((z_streamp)); +ZEXTERN unsigned long ZEXPORT inflateCodesUsed OF((z_streamp)); ZEXTERN int ZEXPORT inflateResetKeep OF((z_streamp)); ZEXTERN int ZEXPORT deflateResetKeep OF((z_streamp)); #if defined(_WIN32) && !defined(Z_SOLO) diff --git a/code/contrib/libfido2/lib/x64/cbor.lib b/code/contrib/libfido2/lib/x64/cbor.lib index 039c145f..a1169bf4 100644 Binary files a/code/contrib/libfido2/lib/x64/cbor.lib and b/code/contrib/libfido2/lib/x64/cbor.lib differ diff --git a/code/contrib/libfido2/lib/x64/crypto-49.lib b/code/contrib/libfido2/lib/x64/crypto-49.lib deleted file mode 100644 index a04e3e00..00000000 Binary files a/code/contrib/libfido2/lib/x64/crypto-49.lib and /dev/null differ diff --git a/code/contrib/libfido2/lib/x64/fido2.lib b/code/contrib/libfido2/lib/x64/fido2.lib index f5f38e35..1b365f55 100644 Binary files a/code/contrib/libfido2/lib/x64/fido2.lib and b/code/contrib/libfido2/lib/x64/fido2.lib differ diff --git a/code/contrib/libfido2/lib/x64/zlib1.lib b/code/contrib/libfido2/lib/x64/zlib1.lib index 07e4b106..094891d7 100644 Binary files a/code/contrib/libfido2/lib/x64/zlib1.lib and b/code/contrib/libfido2/lib/x64/zlib1.lib differ diff --git a/code/crypto/hmac.c b/code/crypto/hmac.c index adeccd29..cc255829 100644 --- a/code/crypto/hmac.c +++ b/code/crypto/hmac.c @@ -160,6 +160,22 @@ static const char *hmac_text_name(ssh2_mac *mac) return ctx->text_name->s; } +static const struct hmac_extra ssh_hmac_sha512_extra = { &ssh_sha512, "" }; +const ssh2_macalg ssh_hmac_sha512 = { + .new = hmac_new, + .free = hmac_free, + .setkey = hmac_key, + .start = hmac_start, + .genresult = hmac_genresult, + .next_message = nullmac_next_message, + .text_name = hmac_text_name, + .name = "hmac-sha2-512", + .etm_name = "hmac-sha2-512-etm@openssh.com", + .len = 64, + .keylen = 64, + .extra = &ssh_hmac_sha512_extra, +}; + static const struct hmac_extra ssh_hmac_sha256_extra = { &ssh_sha256, "" }; const ssh2_macalg ssh_hmac_sha256 = { .new = hmac_new, diff --git a/code/crypto/openssh-certs.c b/code/crypto/openssh-certs.c index cf0c2af3..4cd984e8 100644 --- a/code/crypto/openssh-certs.c +++ b/code/crypto/openssh-certs.c @@ -1033,12 +1033,14 @@ static bool opensshcert_check_cert( */ if (time < ck->valid_after) { put_fmt(error, "Certificate is not valid until "); - opensshcert_time_to_iso8601(BinarySink_UPCAST(error), time); + opensshcert_time_to_iso8601(BinarySink_UPCAST(error), + ck->valid_after); goto out; } if (time >= ck->valid_before) { put_fmt(error, "Certificate expired at "); - opensshcert_time_to_iso8601(BinarySink_UPCAST(error), time); + opensshcert_time_to_iso8601(BinarySink_UPCAST(error), + ck->valid_before); goto out; } diff --git a/code/doc/CMakeLists.txt b/code/doc/CMakeLists.txt index 79b1ba1f..293cd6f1 100644 --- a/code/doc/CMakeLists.txt +++ b/code/doc/CMakeLists.txt @@ -109,6 +109,13 @@ if(HALIBUT AND PERL_EXECUTABLE) WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} DEPENDS ${manual_sources} ${manual_dependencies}) list(APPEND doc_outputs puttydoc.txt) + + # PDF. (We don't ship this; so it's only built on explicit request.) + add_custom_command(OUTPUT putty.pdf + COMMAND ${HALIBUT} --pdf ${manual_sources} + WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + DEPENDS ${manual_sources} ${manual_dependencies}) + add_custom_target(pdf DEPENDS putty.pdf) endif() macro(register_manpage title section) diff --git a/code/doc/blurb.but b/code/doc/blurb.but index c68a6262..84105d0f 100644 --- a/code/doc/blurb.but +++ b/code/doc/blurb.but @@ -23,6 +23,7 @@ page.

} \cfg{winhelp-filename}{putty.hlp} \cfg{info-filename}{putty.info} \cfg{chm-filename}{putty.chm} +\cfg{pdf-filename}{putty.pdf} PuTTY is a free (MIT-licensed) Windows Telnet and SSH client. This manual documents PuTTY, and its companion utilities PSCP, PSFTP, diff --git a/code/doc/config.but b/code/doc/config.but index f258a356..8b3191fa 100644 --- a/code/doc/config.but +++ b/code/doc/config.but @@ -214,12 +214,15 @@ digits. \b \c{&T} will be replaced by the current time, as six digits (HHMMSS) with no punctuation. -\b \c{&H} will be replaced by the host name you are connecting to. +\b \c{&H} will be replaced by the host name you are connecting to +(or the serial line, for a serial connection). \b \c{&P} will be replaced by the port number you are connecting to on the target host. -For example, if you enter the host name +(These are all case-insensitive.) + +For example, if you enter the file name \c{c:\\puttylogs\\log-&h-&y&m&d-&t.dat}, you will end up with files looking like @@ -3030,6 +3033,9 @@ PuTTY can't fall back to using this file itself. \S{config-ssh-cert} \q{\ii{Certificate} to use with the private key} +(This is optional. If you don't know you need it, you can leave this +blank.) + In some environments, user authentication keys can be signed in turn by a \q{certifying authority} (\q{CA} for short), and user accounts on an SSH server can be configured to automatically trust any key that's @@ -3521,6 +3527,9 @@ not available for bugs that \e{cannot} be detected from the server version, e.g. because they must be acted on before the server version is known.) +(The PuTTY project has a defined policy about when we're prepared to +add auto-detection for a bug workaround. See \k{feedback-workarounds}.) + \S{config-ssh-bug-ignore2} \q{Chokes on SSH-2 \i{ignore message}s} An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol @@ -3661,6 +3670,23 @@ connection would deadlock. We don't know of any servers that do this, but if there is one, then this flag will make PuTTY unable to speak to them at all. +\S{config-ssh-bug-rsa-sha2-cert-userauth} \q{Old RSA/SHA2 cert +algorithm naming} + +If PuTTY is trying to do SSH-2 user authentication using an RSA key, +and the server is using one of the newer SHA-2 based versions of the +SSH RSA protocol, and the user's key is also a certificate, then +earlier versions of OpenSSH (up to 7.7) disagree with later versions +about the right key algorithm string to send in the +\cw{SSH2_MSG_USERAUTH_REQUEST} packet. Modern versions send a string +that indicates both the SHA-2 nature and the certificate nature of the +key, such as \cq{rsa-sha2-512-cert-v01@openssh.com}. Earlier versions +would reject that, and insist on seeing +\cq{ssh-rsa-cert-v01@openssh.com} followed by a SHA-2 based signature. + +PuTTY should auto-detect the presence of this bug in earlier OpenSSH +and adjust to send the right string. + \S{config-ssh-bug-sig} \q{Requires padding on SSH-2 \i{RSA} \i{signatures}} Versions below 3.3 of \i{OpenSSH} require SSH-2 RSA signatures to be @@ -4071,7 +4097,7 @@ at the bottom of the screen, until a space is typed. \S{supdup-scroll} \q{Terminal scrolling} -This controls whether the terminal will perform scrolling then the +This controls whether the terminal will perform scrolling when the cursor goes below the last line, or if the cursor will return to the first line. diff --git a/code/doc/errors.but b/code/doc/errors.but index a35a7256..ca1a53e0 100644 --- a/code/doc/errors.but +++ b/code/doc/errors.but @@ -374,6 +374,10 @@ Check that you are connecting with the correct protocol (SSH, Telnet, etc), and check that the port number is correct. If that fails, consult the administrator of your server. +This error can also be caused by a firewall in between you and the +server, which rejects the connection and sends back the same type of +error packet as the real server would have sent. + \H{errors-conntimedout} \q{Network error: Connection timed out} This error means that the network connection PuTTY tried to make to diff --git a/code/doc/faq.but b/code/doc/faq.but index 9a8deea2..61d2a5a2 100644 --- a/code/doc/faq.but +++ b/code/doc/faq.but @@ -1084,6 +1084,24 @@ sending of the \cw{IUTF8} mode: on the SSH / TTY panel, select \cw{IUTF8} on the list, select \q{Nothing}, and press \q{Set}. (It's not possible to disable sending this mode in 0.68.) +\S{faq-privkey-control-moved}{Question} Since 0.78, I can't find where +to configure my SSH private key. + +In PuTTY 0.78, the \q{\ii{Private key} file for authentication} control, +where you specify a \c{.\i{PPK}} file for SSH public key authentication, +moved to a new \q{Credentials} panel in the configuration dialog. You can +find this by opening the \q{SSH} category in the tree view on the left, +then opening the \q{Auth} subcategory under that, then clicking on +\q{Credentials}. On this page you'll find the \q{Browse...} button you +need to select a \c{.PPK} file for authentication, as described in +\k{config-ssh-privkey}. + +(This control had previously been on the \q{Auth} panel since public +key authentication was first released in 2002, so many online how-to +guides still describe it there. The configuration controls were +reorganised to make room for features added in 0.78, such as OpenSSH +certificates.) + \H{faq-secure} Security questions \S{faq-publicpc}{Question} Is it safe for me to download PuTTY and diff --git a/code/doc/feedback.but b/code/doc/feedback.but index b7aa9c87..d4f58c09 100644 --- a/code/doc/feedback.but +++ b/code/doc/feedback.but @@ -297,6 +297,54 @@ high-quality software to the users comes first.) way to get a feature implemented quickly, if it's a big one that we don't have time to do ourselves. +\H{feedback-workarounds} Workarounds for SSH server bugs + +It's normal for SSH implementations to automatically enable +workarounds for each other's bugs, using the software version strings +that are exchanged at the start of the connection. Typically an SSH +client will have a list of server version strings that it believes to +have particular bugs, and auto-enable the appropriate set of +workarounds when it sees one of those strings. (And servers will have +a similar list of workarounds for \e{client} software they believe to +be buggy.) + +If you've found a bug in an SSH server, and you'd like us to add an +auto-detected workaround for it, our policy is that \s{the server +implementor should fix it first}. + +If the server implementor has fixed it in the latest version, and can +give us a complete description of the version strings that go with the +bug, then we're happy to use those version strings as a trigger to +automatically enable our workaround (assuming one is possible). We +\e{won't} accept requests to auto-enable workarounds for an open-ended +set of version strings, such as \q{any version of FooServer, including +future ones not yet released}. + +The aim of this policy is to encourage implementors to gradually +converge on the actual standardised SSH protocol. If we enable people +to continue violating the spec, by installing open-ended workarounds +in PuTTY for bugs they're never going to fix, then we're contributing +to an ecosystem in which everyone carries on having bugs and everyone +else carries on having to work around them. + +An exception: if an SSH server is no longer maintained \e{at all} +(e.g. the company that produced it has gone out of business), and +every version of it that was ever released has a bug, then that's one +situation in which we may be prepared to add a workaround rule that +matches all versions of that software. (The aim is to stop +implementors from continuing to release software with the bug \dash +and if they're not releasing it \e{at all} any more, then that's +already done!) + +We do recognise that sometimes it will be difficult to get the server +maintainer to fix a bug, or even to answer support requests at all. Or +it might take them a very long time to get round to doing anything +about it. We're not completely unwilling to compromise: we're prepared +to add \e{manually enabled} workarounds to PuTTY even for bugs that an +implementation hasn't fixed yet. We just won't \e{automatically} +enable the workaround unless the server maintainer has also done their +part. + \H{feedback-support} \ii{Support requests} If you're trying to make PuTTY do something for you and it isn't diff --git a/code/doc/html/AppendixA.html b/code/doc/html/AppendixA.html index 0ab11040..1a6b9905 100644 --- a/code/doc/html/AppendixA.html +++ b/code/doc/html/AppendixA.html @@ -96,6 +96,7 @@
  • A.7.21 PuTTY fails to start up. Windows claims that ‘the application configuration is incorrect’.
  • A.7.22 When I put 32-bit PuTTY in C:\WINDOWS\SYSTEM32 on my 64-bit Windows system, ‘Duplicate Session’ doesn't work.
  • A.7.23 After I upgraded PuTTY to 0.68, I can no longer connect to my embedded device or appliance.
    • +
  • A.7.24 Since 0.78, I can't find where to configure my SSH private key.
  • A.8 Security questions
      @@ -758,6 +759,13 @@

      A.7.23 After I upgraded PuTTY

      If you think you have such a server, from 0.69 onwards you can disable sending of the IUTF8 mode: on the SSH / TTY panel, select IUTF8 on the list, select ‘Nothing’, and press ‘Set’. (It's not possible to disable sending this mode in 0.68.)

      +

      A.7.24 Since 0.78, I can't find where to configure my SSH private key.

      +

      +In PuTTY 0.78, the ‘Private key file for authentication’ control, where you specify a .PPK file for SSH public key authentication, moved to a new ‘Credentials’ panel in the configuration dialog. You can find this by opening the ‘SSH’ category in the tree view on the left, then opening the ‘Auth’ subcategory under that, then clicking on ‘Credentials’. On this page you'll find the ‘Browse...’ button you need to select a .PPK file for authentication, as described in section 4.22.1. +

      +

      +(This control had previously been on the ‘Auth’ panel since public key authentication was first released in 2002, so many online how-to guides still describe it there. The configuration controls were reorganised to make room for features added in 0.78, such as OpenSSH certificates.) +

      A.8 Security questions

      A.8.1 Is it safe for me to download PuTTY and use it on a public PC?

      @@ -766,17 +774,17 @@

      A.8.1 Is it safe for me to d

      If you do trust the PC, then it's probably OK to use PuTTY on it (but if you don't trust the network, then the PuTTY download might be tampered with, so it would be better to carry PuTTY with you on a USB stick).

      -

      A.8.2 What does PuTTY leave on a system? How can I clean up after it?

      +

      A.8.2 What does PuTTY leave on a system? How can I clean up after it?

      PuTTY will leave some Registry entries, and a random seed file, on the PC (see question A.5.2). Windows 7 and up also remember some information about recently launched sessions for the ‘jump list’ feature.

      -If you are using PuTTY on a public PC, or somebody else's PC, you might want to clean this information up when you leave. You can do that automatically, by running the command putty -cleanup. See section 3.11.2 in the documentation for more detail. (Note that this only removes settings for the currently logged-in user on multi-user systems.) +If you are using PuTTY on a public PC, or somebody else's PC, you might want to clean this information up when you leave. You can do that automatically, by running the command putty -cleanup. See section 3.11.2 in the documentation for more detail. (Note that this only removes settings for the currently logged-in user on multi-user systems.)

      If PuTTY was installed from the installer package, it will also appear in ‘Add/Remove Programs’. Current versions of the installer do not offer to remove the above-mentioned items, so if you want them removed you should run putty -cleanup before uninstalling.

      -

      A.8.3 How come PuTTY now supports DSA, when the website used to say how insecure it was?

      +

      A.8.3 How come PuTTY now supports DSA, when the website used to say how insecure it was?

      DSA has a major weakness if badly implemented: it relies on a random number generator to far too great an extent. If the random number generator produces a number an attacker can predict, the DSA private key is exposed - meaning that the attacker can log in as you on all systems that accept that key.

      @@ -790,7 +798,7 @@

      A.8.4 Couldn't Pageant us

      Unfortunately not. The VirtualLock() function in the Windows API doesn't do a proper job: it may prevent small pieces of a process's memory from being paged to disk while the process is running, but it doesn't stop the process's memory as a whole from being swapped completely out to disk when the process is long-term inactive. And Pageant spends most of its time inactive.

      -

      A.8.5 Is the version of PuTTY in the Microsoft Store legit?

      +

      A.8.5 Is the version of PuTTY in the Microsoft Store legit?

      The free-of-charge ‘PuTTY’ application at this link is published and maintained by us. The copy there is the latest release, usually updated within a few days of us publishing it on our own website.

      @@ -871,7 +879,7 @@

      A.9.9 Can I have permissio Yes. For most things, you need not bother asking us explicitly for permission; our licence already grants you permission.

      -See section B.8 for more details. +See section B.9 for more details.

      A.9.10 Can you sign an agreement indemnifying us against security problems in PuTTY?

      @@ -994,7 +1002,7 @@

      A.9.17 The sha1sums<

    A.10 Miscellaneous questions

    -

    A.10.1 Is PuTTY a port of OpenSSH, or based on OpenSSH or OpenSSL?

    +

    A.10.1 Is PuTTY a port of OpenSSH, or based on OpenSSH or OpenSSL?

    No, it isn't. PuTTY is almost completely composed of code written from scratch for PuTTY. The only code we share with OpenSSH is the detector for SSH-1 CRC compensation attacks, written by CORE SDI S.A; we share no code at all with OpenSSL.

    @@ -1015,5 +1023,5 @@

    A.10.4 How do I pronounce

    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.

    -[PuTTY release 0.78]
    +[PuTTY release 0.79] diff --git a/code/doc/html/AppendixB.html b/code/doc/html/AppendixB.html index 6cb4a329..8a7a533a 100644 --- a/code/doc/html/AppendixB.html +++ b/code/doc/html/AppendixB.html @@ -25,12 +25,13 @@
  • B.3 Reporting security vulnerabilities
  • B.4 Requesting extra features
  • B.5 Requesting features that have already been requested
    • -
  • B.6 Support requests
    • -
  • B.7 Web server administration
    • -
  • B.8 Asking permission for things
    • -
  • B.9 Mirroring the PuTTY web site
    • -
  • B.10 Praise and compliments
    • -
  • B.11 E-mail address
    • +
  • B.6 Workarounds for SSH server bugs
    • +
  • B.7 Support requests
    • +
  • B.8 Web server administration
    • +
  • B.9 Asking permission for things
    • +
  • B.10 Mirroring the PuTTY web site
    • +
  • B.11 Praise and compliments
    • +
  • B.12 E-mail address

    • Appendix B: Feedback and bug reporting

    @@ -45,7 +46,7 @@

    B.1 General guidelines

    lot of mail. If you can possibly solve your own problem by reading the manual, reading the FAQ, reading the web site, asking a fellow user, perhaps posting to a newsgroup (see section B.1.2), or some other means, then it would make our lives much easier.

    -We get so much e-mail that we literally do not have time to answer it all. We regret this, but there's nothing we can do about it. So if you can possibly avoid sending mail to the PuTTY team, we recommend you do so. In particular, support requests (section B.6) are probably better sent to newsgroups, or passed to a local expert if possible. +We get so much e-mail that we literally do not have time to answer it all. We regret this, but there's nothing we can do about it. So if you can possibly avoid sending mail to the PuTTY team, we recommend you do so. In particular, support requests (section B.7) are probably better sent to newsgroups, or passed to a local expert if possible.

    The PuTTY contact email address is a private mailing list containing four or five core developers. Don't be put off by it being a mailing list: if you need to send confidential data as part of a bug report, you can trust the people on the list to respect that confidence. Also, the archives aren't publicly available, so you shouldn't be letting yourself in for any spam by sending us mail. @@ -191,7 +192,26 @@

    B.5 Requesting fe Offer to help us write the code. This is probably the only way to get a feature implemented quickly, if it's a big one that we don't have time to do ourselves. -

    B.6 Support requests

    +

    B.6 Workarounds for SSH server bugs

    +

    +It's normal for SSH implementations to automatically enable workarounds for each other's bugs, using the software version strings that are exchanged at the start of the connection. Typically an SSH client will have a list of server version strings that it believes to have particular bugs, and auto-enable the appropriate set of workarounds when it sees one of those strings. (And servers will have a similar list of workarounds for client software they believe to be buggy.) +

    +

    +If you've found a bug in an SSH server, and you'd like us to add an auto-detected workaround for it, our policy is that the server implementor should fix it first. +

    +

    +If the server implementor has fixed it in the latest version, and can give us a complete description of the version strings that go with the bug, then we're happy to use those version strings as a trigger to automatically enable our workaround (assuming one is possible). We won't accept requests to auto-enable workarounds for an open-ended set of version strings, such as ‘any version of FooServer, including future ones not yet released’. +

    +

    +The aim of this policy is to encourage implementors to gradually converge on the actual standardised SSH protocol. If we enable people to continue violating the spec, by installing open-ended workarounds in PuTTY for bugs they're never going to fix, then we're contributing to an ecosystem in which everyone carries on having bugs and everyone else carries on having to work around them. +

    +

    +An exception: if an SSH server is no longer maintained at all (e.g. the company that produced it has gone out of business), and every version of it that was ever released has a bug, then that's one situation in which we may be prepared to add a workaround rule that matches all versions of that software. (The aim is to stop implementors from continuing to release software with the bug – and if they're not releasing it at all any more, then that's already done!) +

    +

    +We do recognise that sometimes it will be difficult to get the server maintainer to fix a bug, or even to answer support requests at all. Or it might take them a very long time to get round to doing anything about it. We're not completely unwilling to compromise: we're prepared to add manually enabled workarounds to PuTTY even for bugs that an implementation hasn't fixed yet. We just won't automatically enable the workaround unless the server maintainer has also done their part. +

    +

    B.7 Support requests

    If you're trying to make PuTTY do something for you and it isn't working, but you're not sure whether it's a bug or not, then please consider looking for help somewhere else. This is one of the most common types of mail the PuTTY team receives, and we simply don't have time to answer all the questions. Questions of this type include:

    @@ -211,7 +231,7 @@

    B.6 Suppo

    If you absolutely cannot get a support question answered any other way, you can try mailing it to us, but we can't guarantee to have time to answer it.

    -

    B.7 Web server administration

    +

    B.8 Web server administration

    If the PuTTY web site is down (Connection Timed Out), please don't bother mailing us to tell us about it. Most of us read our e-mail on the same machines that host the web site, so if those machines are down then we will notice before we read our e-mail. So there's no point telling us our servers are down.

    @@ -221,7 +241,7 @@

    B.7 Web server administra

    If you want to report a problem with our web site, check that you're looking at our real web site and not a mirror. The real web site is at https://www.chiark.greenend.org.uk/~sgtatham/putty/; if that's not where you're reading this, then don't report the problem to us until you've checked that it's really a problem with the main site. If it's only a problem with the mirror, you should try to contact the administrator of that mirror site first, and only contact us if that doesn't solve the problem (in case we need to remove the mirror from our list).

    -

    B.8 Asking permission for things

    +

    B.9 Asking permission for things

    PuTTY is distributed under the MIT Licence (see appendix D for details). This means you can do almost anything you like with our software, our source code, and our documentation. The only things you aren't allowed to do are to remove our copyright notices or the licence text itself, or to hold us legally responsible if something goes wrong.

    @@ -237,7 +257,7 @@

    B.8 Asking permission f

    If you just want to link to our web site, just go ahead. (It's not clear that we could stop you doing this, even if we wanted to!)

    -

    B.9 Mirroring the PuTTY web site

    +

    B.10 Mirroring the PuTTY web site

    If you want to set up a mirror of the PuTTY website, go ahead and set one up. Please don't bother asking us for permission before setting up a mirror. You already have permission.

    @@ -253,7 +273,7 @@

    B.9 Mirroring the PuTTY we

    If you have technical questions about the process of mirroring, then you might want to mail us before setting up the mirror (see also the guidelines on the Mirrors page); but if you just want to ask for permission, you don't need to. You already have permission.

    -

    B.10 Praise and compliments

    +

    B.11 Praise and compliments

    One of the most rewarding things about maintaining free software is getting e-mails that just say ‘thanks’. We are always happy to receive e-mails of this type.

    @@ -263,11 +283,11 @@

    B.10 Praise and compl

    To everyone who's ever sent us praise and compliments, in the past and the future: you're welcome!

    -

    B.11 E-mail address

    +

    B.12 E-mail address

    The actual address to mail is <putty@projects.tartarus.org>.

    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.

    -[PuTTY release 0.78]
    +[PuTTY release 0.79] diff --git a/code/doc/html/AppendixC.html b/code/doc/html/AppendixC.html index a68be37b..aac77ed5 100644 --- a/code/doc/html/AppendixC.html +++ b/code/doc/html/AppendixC.html @@ -350,5 +350,5 @@

    C.5.2 Version 1

    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.

    -[PuTTY release 0.78]
    +[PuTTY release 0.79] diff --git a/code/doc/html/AppendixD.html b/code/doc/html/AppendixD.html index 4ca34731..7650da9b 100644 --- a/code/doc/html/AppendixD.html +++ b/code/doc/html/AppendixD.html @@ -14,7 +14,7 @@

    Previous | Contents | Index | Next

    Appendix D: PuTTY Licence

    -PuTTY is copyright 1997-2022 Simon Tatham. +PuTTY is copyright 1997-2023 Simon Tatham.

    Portions copyright Robert de Bath, Joris van Rantwijk, Delian Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry, Justin Bradford, Ben Harris, Malcolm Smith, Ahmad Khalifa, Markus Kuhn, Colin Watson, Christopher Staite, Lorenz Diener, Christian Brabandt, Jeff Smith, Pavel Kryukov, Maxim Kuznetsov, Svyatoslav Kuzmich, Nico Williams, Viktor Dukhovni, Josh Dersch, Lars Brinkhoff, and CORE SDI S.A. @@ -30,5 +30,5 @@

    Appendix D: PuTTY Li

    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.

    -[PuTTY release 0.78]
    +[PuTTY release 0.79] diff --git a/code/doc/html/AppendixE.html b/code/doc/html/AppendixE.html index 8dc00f56..10e7bd36 100644 --- a/code/doc/html/AppendixE.html +++ b/code/doc/html/AppendixE.html @@ -417,5 +417,5 @@

    E.13 Do as we say, not as w

    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.

    -[PuTTY release 0.78]
    +[PuTTY release 0.79] diff --git a/code/doc/html/AppendixF.html b/code/doc/html/AppendixF.html index ed5d1c28..dbe0ebd9 100644 --- a/code/doc/html/AppendixF.html +++ b/code/doc/html/AppendixF.html @@ -76,28 +76,28 @@

    F.1 Public keys

    The current issue of those keys are available for download from the PuTTY website, and are also available on PGP keyservers using the key IDs listed below.

    -Master Key (2021) +Master Key (2023)
    -RSA, 3072-bit. Key ID: DD4355EAAC1119DE. Fingerprint: A872 D42F 1660 890F 0E05 223E DD43 55EA AC11 19DE +RSA, 4096-bit. Key ID: B15D9EFC216B06A1. Fingerprint: 28D4 7C46 55E7 65A6 D827 AC66 B15D 9EFC 216B 06A1
    -Release Key (2021) +Release Key (2023)
    -RSA, 3072-bit. Key ID: E4F83EA2AA4915EC. Fingerprint: 2CF6 134B D3F7 7A65 88EB D668 E4F8 3EA2 AA49 15EC +RSA, 3072-bit. Key ID: 1993D21BCAD1AA77. Fingerprint: F412 BA3A A30F DC0E 77B4 E387 1993 D21B CAD1 AA77
    -Snapshot Key (2021) +Snapshot Key (2023)
    -RSA, 3072-bit. Key ID: B43979F89F446CFD. Fingerprint: 1FD3 BCAC E532 FBE0 6A8C 09E2 B439 79F8 9F44 6CFD +RSA, 3072-bit. Key ID: 10625E553F53FAAD. Fingerprint: 74CC 6DD9 ABA7 31D4 C5A0 C2D0 1062 5E55 3F53 FAAD
    -Secure Contact Key (2021) +Secure Contact Key (2023)
    -RSA, 3072-bit. Key ID: 012C59D4211BD62A. Fingerprint: E30F 1354 2A04 BE0E 56F0 5801 012C 59D4 211B D62A +RSA, 3072-bit. Key ID: 1559F6A8929F5EFC. Fingerprint: 01F5 A2B1 1388 D64B 707F 897F 1559 F6A8 929F 5EFC

    F.2 Security details

    @@ -163,7 +163,7 @@

    F.2.4 The Master Keys

    F.3 Key rollover

    -Our current keys were generated in August 2018. +Our current keys were generated in July 2023.

    Each new Master Key is signed with the old one, to show that it really is owned by the same people and not substituted by an attacker. @@ -178,6 +178,34 @@

    F.3 Key rollover

    The details of all previous keys are given here.

    +Keys generated in the 2021 rollover +

    +
    +Master Key (2021) +
    +
    +RSA, 3072-bit. Key ID: DD4355EAAC1119DE. Fingerprint: A872 D42F 1660 890F 0E05 223E DD43 55EA AC11 19DE +
    +
    +Release Key (2021) +
    +
    +RSA, 3072-bit. Key ID: E4F83EA2AA4915EC. Fingerprint: 2CF6 134B D3F7 7A65 88EB D668 E4F8 3EA2 AA49 15EC +
    +
    +Snapshot Key (2021) +
    +
    +RSA, 3072-bit. Key ID: B43979F89F446CFD. Fingerprint: 1FD3 BCAC E532 FBE0 6A8C 09E2 B439 79F8 9F44 6CFD +
    +
    +Secure Contact Key (2021) +
    +
    +RSA, 3072-bit. Key ID: 012C59D4211BD62A. Fingerprint: E30F 1354 2A04 BE0E 56F0 5801 012C 59D4 211B D62A +
    +
    +

    Keys generated in the 2018 rollover

    @@ -279,5 +307,5 @@

    F.3 Key rollover

    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.

    -[PuTTY release 0.78]
    +[PuTTY release 0.79] diff --git a/code/doc/html/AppendixG.html b/code/doc/html/AppendixG.html index 9d482390..cde74ff8 100644 --- a/code/doc/html/AppendixG.html +++ b/code/doc/html/AppendixG.html @@ -149,5 +149,5 @@

    G.4 Agent extension request

    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.

    -[PuTTY release 0.78]
    +[PuTTY release 0.79] diff --git a/code/doc/html/AppendixH.html b/code/doc/html/AppendixH.html index 6b47b670..3be83520 100644 --- a/code/doc/html/AppendixH.html +++ b/code/doc/html/AppendixH.html @@ -455,5 +455,5 @@

    H.7 References

    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.

    -[PuTTY release 0.78]
    +[PuTTY release 0.79] diff --git a/code/doc/html/Chapter1.html b/code/doc/html/Chapter1.html index b2ae008b..813e2eb8 100644 --- a/code/doc/html/Chapter1.html +++ b/code/doc/html/Chapter1.html @@ -85,5 +85,5 @@

    1.2 How do SSH, Telnet, Rlogin, a

    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.

    -[PuTTY release 0.78]
    +[PuTTY release 0.79] diff --git a/code/doc/html/Chapter10.html b/code/doc/html/Chapter10.html index 427df03f..99461888 100644 --- a/code/doc/html/Chapter10.html +++ b/code/doc/html/Chapter10.html @@ -177,7 +177,7 @@

    10.11 ‘Access It may be worth checking the Event Log for diagnostic messages from the server giving more detail.

    -This error can be caused by buggy SSH-1 servers that fail to cope with the various strategies we use for camouflaging passwords in transit. Upgrade your server, or use the workarounds described in section 4.27.13 and possibly section 4.27.14. +This error can be caused by buggy SSH-1 servers that fail to cope with the various strategies we use for camouflaging passwords in transit. Upgrade your server, or use the workarounds described in section 4.27.14 and possibly section 4.27.15.

    10.12 ‘No supported authentication methods available’

    @@ -191,7 +191,7 @@

    10.13 ‘Incorrect

    -Occasionally this has been caused by server bugs. An example is the bug described at section 4.27.10, although you're very unlikely to encounter that one these days. +Occasionally this has been caused by server bugs. An example is the bug described at section 4.27.11, although you're very unlikely to encounter that one these days.

    In this context MAC stands for Message Authentication Code. It's a cryptographic term, and it has nothing at all to do with Ethernet MAC (Media Access Control) addresses, or with the Apple computer. @@ -201,7 +201,7 @@

    10.14 ‘Incoming pack This error occurs when PuTTY decrypts an SSH packet and the decrypted data makes no sense. This probably means something has gone wrong in the encryption or decryption process. It's difficult to tell from this error message whether the problem is in the client, in the server, or in between.

    -If you get this error, one thing you could try would be to fiddle with the setting of ‘Miscomputes SSH-2 encryption keys’ (see section 4.27.12) or ‘Ignores SSH-2 maximum packet size’ (see section 4.27.5) on the Bugs panel. +If you get this error, one thing you could try would be to fiddle with the setting of ‘Miscomputes SSH-2 encryption keys’ (see section 4.27.13) or ‘Ignores SSH-2 maximum packet size’ (see section 4.27.5) on the Bugs panel.

    10.15 ‘PuTTY X11 proxy: various errors

    @@ -246,6 +246,9 @@

    10.18 ‘Network e

    Check that you are connecting with the correct protocol (SSH, Telnet, etc), and check that the port number is correct. If that fails, consult the administrator of your server.

    +

    +This error can also be caused by a firewall in between you and the server, which rejects the connection and sends back the same type of error packet as the real server would have sent. +

    10.19 ‘Network error: Connection timed out’

    This error means that the network connection PuTTY tried to make to your server received no response at all from the server. Usually this happens because the server machine is completely isolated from the network, or because it is turned off. @@ -265,5 +268,5 @@

    10.20 ‘N

    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.

    -[PuTTY release 0.78]
    +[PuTTY release 0.79] diff --git a/code/doc/html/Chapter2.html b/code/doc/html/Chapter2.html index e2766107..4a4ba102 100644 --- a/code/doc/html/Chapter2.html +++ b/code/doc/html/Chapter2.html @@ -120,5 +120,5 @@

    2.5 Logging out

    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.

    -[PuTTY release 0.78]
    +[PuTTY release 0.79] diff --git a/code/doc/html/Chapter3.html b/code/doc/html/Chapter3.html index 70863cb2..6e7a3f64 100644 --- a/code/doc/html/Chapter3.html +++ b/code/doc/html/Chapter3.html @@ -809,5 +809,5 @@

    3.11.3.29

    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.

    -[PuTTY release 0.78]
    +[PuTTY release 0.79] diff --git a/code/doc/html/Chapter4.html b/code/doc/html/Chapter4.html index eee53dcc..6c28808b 100644 --- a/code/doc/html/Chapter4.html +++ b/code/doc/html/Chapter4.html @@ -223,14 +223,15 @@
  • 4.27.5 ‘Ignores SSH-2 maximum packet size’
  • 4.27.6 ‘Discards data sent before its greeting’
  • 4.27.7 ‘Chokes on PuTTY's full KEXINIT
    • -
  • 4.27.8 ‘Requires padding on SSH-2 RSA signatures’
    • -
  • 4.27.9 ‘Only supports pre-RFC4419 SSH-2 DH GEX’
    • -
  • 4.27.10 ‘Miscomputes SSH-2 HMAC keys’
    • -
  • 4.27.11 ‘Misuses the session ID in SSH-2 PK auth’
    • -
  • 4.27.12 ‘Miscomputes SSH-2 encryption keys’
    • -
  • 4.27.13 ‘Chokes on SSH-1 ignore messages’
    • -
  • 4.27.14 ‘Refuses all SSH-1 password camouflage’
    • -
  • 4.27.15 ‘Chokes on SSH-1 RSA authentication’
    • +
  • 4.27.8 ‘Old RSA/SHA2 cert algorithm naming’
    • +
  • 4.27.9 ‘Requires padding on SSH-2 RSA signatures’
    • +
  • 4.27.10 ‘Only supports pre-RFC4419 SSH-2 DH GEX’
    • +
  • 4.27.11 ‘Miscomputes SSH-2 HMAC keys’
    • +
  • 4.27.12 ‘Misuses the session ID in SSH-2 PK auth’
    • +
  • 4.27.13 ‘Miscomputes SSH-2 encryption keys’
    • +
  • 4.27.14 ‘Chokes on SSH-1 ignore messages’
    • +
  • 4.27.15 ‘Refuses all SSH-1 password camouflage’
    • +
  • 4.27.16 ‘Chokes on SSH-1 RSA authentication’
  • 4.28 The ‘Bare ssh-connection’ protocol
  • 4.29 The Serial panel @@ -413,14 +414,17 @@

    4.2.1 ‘Log file &T will be replaced by the current time, as six digits (HHMMSS) with no punctuation.

  • -&H will be replaced by the host name you are connecting to. +&H will be replaced by the host name you are connecting to (or the serial line, for a serial connection).
  • &P will be replaced by the port number you are connecting to on the target host.

    • -For example, if you enter the host name c:\puttylogs\log-&h-&y&m&d-&t.dat, you will end up with files looking like +(These are all case-insensitive.) +

    +

    +For example, if you enter the file name c:\puttylogs\log-&h-&y&m&d-&t.dat, you will end up with files looking like 

    log-server1.example.com-20010528-110859.dat
 log-unixbox.somewhere.org-20010611-221001.dat
@@ -1314,7 +1318,7 @@ 
    4.14.1 Using section 4.14.3.)
 
    
 
    
-Note that if you are using SSH-1 and the server has a bug that makes it unable to deal with SSH-1 ignore messages (see section 4.27.13), enabling keepalives will have no effect.
+Note that if you are using SSH-1 and the server has a bug that makes it unable to deal with SSH-1 ignore messages (see section 4.27.14), enabling keepalives will have no effect.
 
    
 
    4.14.2 ‘Disable Nagle's algorithm’
    
 
    
@@ -2113,6 +2117,9 @@ 
    4.22.1 ‘
 
    4.22.2 ‘Certificate to use with the private key’
    
 
    
+(This is optional. If you don't know you need it, you can leave this blank.)
+
    
+
    
 In some environments, user authentication keys can be signed in turn by a ‘certifying authority’ (‘CA’ for short), and user accounts on an SSH server can be configured to automatically trust any key that's certified by the right signature.
 
    
 
    
@@ -2403,6 +2410,9 @@ 
    4.27 Th
 ‘Auto’: PuTTY will use the server's version number announcement to try to guess whether or not the server has the bug. (This option is not available for bugs that cannot be detected from the server version, e.g. because they must be acted on before the server version is known.)
 
 
+
    
+(The PuTTY project has a defined policy about when we're prepared to add auto-detection for a bug workaround. See section B.6.)
+
    
 
    4.27.1 ‘Chokes on SSH-2 ignore messages’
    
 
    
 An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol which can be sent from the client to the server, or from the server to the client, at any time. Either side is required to ignore the message whenever it receives it. PuTTY uses ignore messages in SSH-2 to confuse the encrypted data stream and make it harder to cryptanalyse. It also uses ignore messages for connection keepalives (see section 4.14.1).
@@ -2470,7 +2480,14 @@ 
    4.27.7 
 
    
 This flag is a minor violation of the SSH protocol, because both sides are supposed to send KEXINIT proactively. It still works provided one side sends its KEXINIT without waiting, but if both client and server waited for the other one to speak first, the connection would deadlock. We don't know of any servers that do this, but if there is one, then this flag will make PuTTY unable to speak to them at all.
 
    
-
    4.27.8 ‘Requires padding on SSH-2 RSA signatures’
    
+
    4.27.8 ‘Old RSA/SHA2 cert algorithm naming’
    
+
    
+If PuTTY is trying to do SSH-2 user authentication using an RSA key, and the server is using one of the newer SHA-2 based versions of the SSH RSA protocol, and the user's key is also a certificate, then earlier versions of OpenSSH (up to 7.7) disagree with later versions about the right key algorithm string to send in the SSH2_MSG_USERAUTH_REQUEST packet. Modern versions send a string that indicates both the SHA-2 nature and the certificate nature of the key, such as ‘rsa-sha2-512-cert-v01@openssh.com’. Earlier versions would reject that, and insist on seeing ‘ssh-rsa-cert-v01@openssh.com’ followed by a SHA-2 based signature.
+
    
+
    
+PuTTY should auto-detect the presence of this bug in earlier OpenSSH and adjust to send the right string.
+
    
+
    4.27.9 ‘Requires padding on SSH-2 RSA signatures’
    
 
    
 Versions below 3.3 of OpenSSH require SSH-2 RSA signatures to be padded with zero bytes to the same length as the RSA key modulus. The SSH-2 specification says that an unpadded signature MUST be accepted, so this is a bug. A typical symptom of this problem is that PuTTY mysteriously fails RSA authentication once in every few hundred attempts, and falls back to passwords.
 
    
@@ -2480,7 +2497,7 @@ 
    4.27.8 ‘Require
 
    
 This is an SSH-2-specific bug.
 
    
-
    4.27.9 ‘Only supports pre-RFC4419 SSH-2 DH GEX’
    
+
    4.27.10 ‘Only supports pre-RFC4419 SSH-2 DH GEX’
    
 
    
 The SSH key exchange method that uses Diffie-Hellman group exchange was redesigned after its original release, to use a slightly more sophisticated setup message. Almost all SSH implementations switched over to the new version. (PuTTY was one of the last.) A few old servers still only support the old one.
 
    
@@ -2490,7 +2507,7 @@ 
    4.27.9 ‘Onl
 
    
 This is an SSH-2-specific bug.
 
    
-
    4.27.10 ‘Miscomputes SSH-2 HMAC keys’
    
+
    4.27.11 ‘Miscomputes SSH-2 HMAC keys’
    
 
    
 Versions 2.3.0 and below of the SSH server software from ssh.com compute the keys for their HMAC message authentication codes incorrectly. A typical symptom of this problem is that PuTTY dies unexpectedly at the beginning of the session, saying ‘Incorrect MAC received on packet’.
 
    
@@ -2500,7 +2517,7 @@ 
    4.27.10 ‘Mis
 
    
 This is an SSH-2-specific bug.
 
    
-
    4.27.11 ‘Misuses the session ID in SSH-2 PK auth’
    
+
    4.27.12 ‘Misuses the session ID in SSH-2 PK auth’
    
 
    
 Versions below 2.3 of OpenSSH require SSH-2 public-key authentication to be done slightly differently: the data to be signed by the client contains the session ID formatted in a different way. If public-key authentication mysteriously does not work but the Event Log (see section 3.1.3.1) thinks it has successfully sent a signature, it might be worth enabling the workaround for this bug to see if it helps.
 
    
@@ -2510,7 +2527,7 @@ 
    4.27.11 ‘
 
    
 This is an SSH-2-specific bug.
 
    
-
    4.27.12 ‘Miscomputes SSH-2 encryption keys’
    
+
    4.27.13 ‘Miscomputes SSH-2 encryption keys’
    
 
    
 Versions below 2.0.11 of the SSH server software from ssh.com compute the keys for the session encryption incorrectly. This problem can cause various error messages, such as ‘Incoming packet was garbled on decryption’, or possibly even ‘Out of memory’.
 
    
@@ -2520,16 +2537,16 @@ 
    4.27.12 ̵
 
    
 This is an SSH-2-specific bug.
 
    
-
    4.27.13 ‘Chokes on SSH-1 ignore messages’
    
+
    4.27.14 ‘Chokes on SSH-1 ignore messages’
    
 
    
 An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol which can be sent from the client to the server, or from the server to the client, at any time. Either side is required to ignore the message whenever it receives it. PuTTY uses ignore messages to hide the password packet in SSH-1, so that a listener cannot tell the length of the user's password; it also uses ignore messages for connection keepalives (see section 4.14.1).
 
    
 
    
-If this bug is detected, PuTTY will stop using ignore messages. This means that keepalives will stop working, and PuTTY will have to fall back to a secondary defence against SSH-1 password-length eavesdropping. See section 4.27.14. If this bug is enabled when talking to a correct server, the session will succeed, but keepalives will not work and the session might be more vulnerable to eavesdroppers than it could be.
+If this bug is detected, PuTTY will stop using ignore messages. This means that keepalives will stop working, and PuTTY will have to fall back to a secondary defence against SSH-1 password-length eavesdropping. See section 4.27.15. If this bug is enabled when talking to a correct server, the session will succeed, but keepalives will not work and the session might be more vulnerable to eavesdroppers than it could be.
 
    
-
    4.27.14 ‘Refuses all SSH-1 password camouflage’
    
+
    4.27.15 ‘Refuses all SSH-1 password camouflage’
    
 
    
-When talking to an SSH-1 server which cannot deal with ignore messages (see section 4.27.13), PuTTY will attempt to disguise the length of the user's password by sending additional padding within the password packet. This is technically a violation of the SSH-1 specification, and so PuTTY will only do it when it cannot use standards-compliant ignore messages as camouflage. In this sense, for a server to refuse to accept a padded password packet is not really a bug, but it does make life inconvenient if the server can also not handle ignore messages.
+When talking to an SSH-1 server which cannot deal with ignore messages (see section 4.27.14), PuTTY will attempt to disguise the length of the user's password by sending additional padding within the password packet. This is technically a violation of the SSH-1 specification, and so PuTTY will only do it when it cannot use standards-compliant ignore messages as camouflage. In this sense, for a server to refuse to accept a padded password packet is not really a bug, but it does make life inconvenient if the server can also not handle ignore messages.
 
    
 
    
 If this ‘bug’ is detected, PuTTY will assume that neither ignore messages nor padding are acceptable, and that it thus has no choice but to send the user's password with no form of camouflage, so that an eavesdropping user will be easily able to find out the exact length of the password. If this bug is enabled when talking to a correct server, the session will succeed, but will be more vulnerable to eavesdroppers than it could be.
@@ -2537,7 +2554,7 @@ 
    4.27.14 ‘
 
    
 This is an SSH-1-specific bug. SSH-2 is secure against this type of attack.
 
    
-
    4.27.15 ‘Chokes on SSH-1 RSA authentication’
    
+
    4.27.16 ‘Chokes on SSH-1 RSA authentication’
    
 
    
 Some SSH-1 servers cannot deal with RSA authentication messages at all. If Pageant is running and contains any SSH-1 keys, PuTTY will normally automatically try RSA authentication before falling back to passwords, so these servers will crash when they see the RSA attempt.
 
    
@@ -2734,7 +2751,7 @@ 
    4.32.3 ‘**MORE** proce
 
    
 
    4.32.4 ‘Terminal scrolling’
    
 
    
-This controls whether the terminal will perform scrolling then the cursor goes below the last line, or if the cursor will return to the first line.
+This controls whether the terminal will perform scrolling when the cursor goes below the last line, or if the cursor will return to the first line.
 
    
 
    4.33 Storing configuration in a file
    
 
    
@@ -2775,5 +2792,5 @@ 
    4.33 Storin
 
    
 
 
    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.
    
-[PuTTY release 0.78]
    
+[PuTTY release 0.79]
 
diff --git a/code/doc/html/Chapter5.html b/code/doc/html/Chapter5.html
index bce297c3..94548bed 100644
--- a/code/doc/html/Chapter5.html
+++ b/code/doc/html/Chapter5.html
@@ -51,7 +51,7 @@ 
    5.2 PSCP Usage
    
 
    
 
    C:\>pscp
 PuTTY Secure Copy client
-Release 0.78
+Release 0.79
 Usage: pscp [options] [user@]host:source target
        pscp [options] source [source...] [user@]host:target
        pscp [options] -ls [user@]host:filespec
@@ -271,5 +271,5 @@ 
    5.2.4 Using 
 
 
    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.
    
-[PuTTY release 0.78]
    
+[PuTTY release 0.79]
 
diff --git a/code/doc/html/Chapter6.html b/code/doc/html/Chapter6.html
index f80d5943..1570e60f 100644
--- a/code/doc/html/Chapter6.html
+++ b/code/doc/html/Chapter6.html
@@ -535,5 +535,5 @@ 
    6.3 Using pu
 
    
 
 
    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.
    
-[PuTTY release 0.78]
    
+[PuTTY release 0.79]
 
diff --git a/code/doc/html/Chapter7.html b/code/doc/html/Chapter7.html
index fa46b5f2..9bbfce9c 100644
--- a/code/doc/html/Chapter7.html
+++ b/code/doc/html/Chapter7.html
@@ -56,7 +56,7 @@ 
    7.2 Using Plink
    
 
    
 
    C:\>plink
 Plink: command-line connection utility
-Release 0.78
+Release 0.79
 Usage: plink [options] [user@]host [command]
        ("host" can also be a PuTTY saved session name)
 Options:
@@ -233,7 +233,7 @@ 
    7.2.3.2 
 
    7.2.3.3 -share: Test and try to share an existing connection.
    
 
    
-This option tris to detect if an existing connection can be shared (See section 4.17.5 for more information about SSH connection sharing.) and reuses that connection.
+This option tries to detect if an existing connection can be shared (See section 4.17.5 for more information about SSH connection sharing.) and reuses that connection.
 
    
 
    
 A Plink invocation of the form:
@@ -382,5 +382,5 @@ 
    7.5 Using Plink with Feedback page.
    
-[PuTTY release 0.78]
    
+[PuTTY release 0.79]
 
diff --git a/code/doc/html/Chapter8.html b/code/doc/html/Chapter8.html
index 2c38a098..f7121c59 100644
--- a/code/doc/html/Chapter8.html
+++ b/code/doc/html/Chapter8.html
@@ -252,7 +252,7 @@ 
    8.2.10 Saving your pri
 This file is in PuTTY's native format (*.PPK); it is the one you will need to tell PuTTY to use for authentication (see section 4.22.1) or tell Pageant to load (see section 9.2.2).
 
    
 
    
-(You can optionally change some details of the PPK format for your saved key files; see section 8.2.13. But The defaults should be fine for most purposes.)
+(You can optionally change some details of the PPK format for your saved key files; see section 8.2.13. But the defaults should be fine for most purposes.)
 
    
 
    8.2.11 Saving your public key to a disk file
    
 
    
@@ -347,7 +347,7 @@ 
    8.2.15 Dealing with
 PuTTYgen can also export private keys in OpenSSH format and in ssh.com format. To do so, select one of the ‘Export’ options from the ‘Conversions’ menu. Exporting a key works exactly like saving it (see section 8.2.10) - you need to have typed your passphrase in beforehand, and you will be warned if you are about to save a key without a passphrase.
 
    
 
    
-For OpenSSH there are two options. Modern OpenSSH actually has two formats it uses for storing private keys. ‘Export OpenSSH key’ will automatically choose the oldest format supported for the key type, for maximum backward compatibility with older versions of OpenSSH; for newer key types like Ed25519, it will use the newer format as that is the only legal option. If you have some specific reason for wanting to use OpenSSH's newer format even for RSA, DSA, or ECDSA keys, you can choose ‘Export OpenSSH key (force new file format)’.
+For OpenSSH there are two options. Modern OpenSSH actually has two formats it uses for storing private keys: an older (‘PEM-style’) format, and a newer ‘native’ format with better resistance to passphrase guessing and support for comments. ‘Export OpenSSH key’ will automatically choose the oldest format supported for the key type, for maximum backward compatibility with older versions of OpenSSH; for newer key types like Ed25519, it will use the newer format as that is the only legal option. If you have some specific reason for wanting to use OpenSSH's newer format even for RSA, DSA, or ECDSA keys – for instance, you know your file will only be used by OpenSSH 6.5 or newer (released in 2014), and want the extra security – you can choose ‘Export OpenSSH key (force new file format)’.
 
    
 
    
 Most clients for the older SSH-1 protocol use a standard format for storing private keys on disk. PuTTY uses this format as well; so if you have generated an SSH-1 private key using OpenSSH or ssh.com's client, you can use it with PuTTY, and vice versa. Hence, the export options are not available if you have generated an SSH-1 key.
@@ -442,14 +442,14 @@ 
    8.3 Getting ready for p
 Connect to your SSH server using PuTTY with the SSH protocol. When the connection succeeds you will be prompted for your user name and password to login. Once logged in, you must configure the server to accept your public key for authentication:
 
    
 
    • 
-If your server is OpenSSH, you should change into the .ssh directory under your home directory, and open the file authorized_keys with your favourite editor. (You may have to create this file, if this is the first key you have put in it.) Then switch to the PuTTYgen window, select all of the text in the ‘Public key for pasting into OpenSSH authorized_keys file’ box (see section 8.2.12), and copy it to the clipboard (Ctrl+C). Then, switch back to the PuTTY window and insert the data into the open file, making sure it ends up all on one line. Save the file.
+If your server is OpenSSH, you should change into the .ssh directory under your home directory, and open the file authorized_keys with your favourite editor. (You may have to create this file, if this is the first key you have put in it.) Then switch to the PuTTYgen window, select all of the text in the ‘Public key for pasting into OpenSSH authorized_keys file’ box (see section 8.2.12), and copy it to the clipboard (Ctrl+C). Then, switch back to the PuTTY window and insert the data into the open file, making sure it ends up all on one line. Save the file.
 
      
 (In very old versions of OpenSSH, SSH-2 keys had to be put in a separate file called authorized_keys2. In all current versions, the same authorized_keys file is used for both SSH-1 and SSH-2 keys.) 
 
      
 
 
      • 
 
    • 
-If your server is ssh.com's product and is using SSH-2, you need to save a public key file from PuTTYgen (see section 8.2.11), and copy that into the .ssh2 directory on the server. Then you should go into that .ssh2 directory, and edit (or create) a file called authorization. In this file you should put a line like Key mykey.pub, with mykey.pub replaced by the name of your key file.
+If your server is ssh.com's product and is using SSH-2, you need to save a public key file from PuTTYgen (see section 8.2.11), and copy that into the .ssh2 directory on the server. Then you should go into that .ssh2 directory, and edit (or create) a file called authorization. In this file you should put a line like Key mykey.pub, with mykey.pub replaced by the name of your key file.
 
      • 
 
    • 
 For other SSH server software, you should refer to the manual for that server.
@@ -475,5 +475,5 @@ 
      8.3 Getting ready for p
 
    
 
 
    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.
    
-[PuTTY release 0.78]
    
+[PuTTY release 0.79]
 
diff --git a/code/doc/html/Chapter9.html b/code/doc/html/Chapter9.html
index 200be8ad..6e1c86a3 100644
--- a/code/doc/html/Chapter9.html
+++ b/code/doc/html/Chapter9.html
@@ -325,5 +325,5 @@ 
    9.6 Security consideration
 
    
 
 
    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.
    
-[PuTTY release 0.78]
    
+[PuTTY release 0.79]
 
diff --git a/code/doc/html/IndexPage.html b/code/doc/html/IndexPage.html
index 7aa1c093..02fc6cf5 100644
--- a/code/doc/html/IndexPage.html
+++ b/code/doc/html/IndexPage.html
@@ -68,11 +68,11 @@ 
    Index
    
 authentication agent forwarding: Section 3.11.3.10, Section 4.21.7, Section 9.4
    
 authentication, challenge/response: Section 4.21.5, Section 4.21.6
    
 authentication, keyboard-interactive: Section 4.21.6
    
-authentication, public key: Section 3.11.3.18, Section 4.22.1, Section 4.27.11, Section 5.2.4, Section 6.3, Section 7.2.2, Section 8.1
    
+authentication, public key: Section 3.11.3.18, Section 4.22.1, Section 4.27.12, Section 5.2.4, Section 6.3, Section 7.2.2, Section 8.1
    
 authentication, to proxy: Section 4.16.4
    
 authentication, X11: Section 4.25.1
    
 Authenticode: Appendix F
    
-authorized_keys file: Section 8.2.12, Section 8.3
    
+authorized_keys file: Section 8.2.12, Section 8.3
    
 AUTOEXEC.BAT: Section 5.1, Section 7.1
    
 automated operations: Chapter 7
    
 auto wrap mode: Section 4.3.1, Question A.7.7
    
@@ -147,7 +147,7 @@ 
    Index
    
 Cisco: Section 3.11.3.6
    
 CJK: Section 4.10.2
    
 CJK ambiguous characters: Section 4.10.2
    
-clean up after PuTTY: Question A.8.2
    
+clean up after PuTTY: Question A.8.2
    
 -cleanup command-line option: Section 3.11.2
    
 clear screen: Section 4.3.5
    
 ‘Clear Scrollback’: Section 3.1.3.6
    
@@ -256,8 +256,8 @@ 
    Index
    
 Diffie-Hellman key exchange: Section 4.18.1
    
 Diffie-Hellman key exchange, with elliptic curves: Section 4.18.1
    
 ‘digest’ authentication (HTTP): Section 4.16.4
    
-digital signature: Section 4.27.8, Section 8.1
    
-Digital Signature Standard: Section 4.19.1, Section 4.19.1, Section 8.1, Section 8.2.2, Question A.8.3
    
+digital signature: Section 4.27.9, Section 8.1
    
+Digital Signature Standard: Section 4.19.1, Section 4.19.1, Section 8.1, Section 8.2.2, Question A.8.3
    
 directories, creating: Section 6.2.16
    
 directories, removing: Section 6.2.17
    
 display corruption: Section 4.6.10, Section 4.6.11
    
@@ -272,8 +272,8 @@ 
    Index
    
 double-width character: Section 4.10.2
    
 downloading files: Section 5.2.1, Section 6.2.9
    
 Dragon NaturallySpeaking: Section 4.9.4
    
-DSA: Section 4.19.1, Section 4.19.1, Section 8.1, Section 8.2.2, Question A.8.3
    
-DSA authentication: Section 3.11.3.18, Section 4.22.1, Section 4.27.11, Section 5.2.4, Section 6.3, Section 7.2.2, Section 8.1
    
+DSA: Section 4.19.1, Section 4.19.1, Section 8.1, Section 8.2.2, Question A.8.3
    
+DSA authentication: Section 3.11.3.18, Section 4.22.1, Section 4.27.12, Section 5.2.4, Section 6.3, Section 7.2.2, Section 8.1
    
 DSS: Section 8.1
    
 ‘Duplicate Session’: Section 3.1.3.3, Question A.7.22
    
 dynamic port forwarding: Section 3.5, Section 3.11.3.5, Section 4.26
    
@@ -291,7 +291,7 @@ 
    Index
    
 elliptic-curve DSA: Section 8.1, Section 8.2.2
    
 elliptic curves, NIST-standardised: Section 4.19.1, Section 8.2.3, Section 9.2.1, Section C.3.3
    
 emulation, terminal: Section 3.1.3.6, Section 4.3, Section 4.3.7, Section 4.4, Section 4.6, Section 4.15.3
    
-encryption: Section 4.27.12, Section 8.1, Section 8.2.8
    
+encryption: Section 4.27.13, Section 8.1, Section 8.2.8
    
 encryption algorithm: Section 4.20
    
 End key: Section 4.4.2
    
 End Of File, Telnet special command: Section 3.1.3.2
    
@@ -357,7 +357,7 @@ 
    Index
    
 half-open connections: Section 4.14.3
    
 Hebrew: Section 4.6.11
    
 history: Section 3.1.2
    
-HMAC: Section 4.27.10
    
+HMAC: Section 4.27.11
    
 home directory: Section 5.2.1.3
    
 Home key: Section 4.4.2
    
 -host-ca: Section 3.11.3.29
    
@@ -381,7 +381,7 @@ 
    Index
    
 icon, PuTTY's: Section 2.3, Section A.5.3
    
 icon title: Section 4.9.1
    
 idle connections: Section 4.14.1, Question A.7.8
    
-‘ignore’ messages, in SSH: Section 3.1.3.2, Section 4.27.1, Section 4.27.13
    
+‘ignore’ messages, in SSH: Section 3.1.3.2, Section 4.27.1, Section 4.27.14
    
 IGNORE message, SSH special command: Section 3.1.3.2
    
 importing private keys: Section 8.2.15
    
 inactive window: Section 4.1.3
    
@@ -405,7 +405,7 @@ 
    Index
    
 IUTF8 terminal mode: Section 4.24.2
    
 Japanese: Section 4.10.2
    
 jump host: Section 4.16.1
    
-keepalives, application: Section 4.14.1, Section 4.18.2, Section 4.27.1, Section 4.27.13
    
+keepalives, application: Section 4.14.1, Section 4.18.2, Section 4.27.1, Section 4.27.14
    
 keepalives, TCP: Section 4.14.3
    
 Kerberos: Section 4.23
    
 kex: Section 4.18
    
@@ -481,7 +481,7 @@ 
    Index
    
 loopback IP address: Section 3.5, Section 4.16.2
    
 low-numbered port: Section 3.5, Section 4.26, Section 4.31.1
    
 -ls PSCP command-line option: Section 5.2.2.1
    
-MAC (message authentication code): Section 4.20, Section 4.27.10, Section 10.13, Section 10.13
    
+MAC (message authentication code): Section 4.20, Section 4.27.11, Section 10.13, Section 10.13
    
 Mac OS: Question A.3.6
    
 magic cookie: Section 4.25.1
    
 mailing list: Section B.1
    
@@ -494,8 +494,8 @@ 
    Index
    
 MD5 fingerprint, of SSH host key: Section 2.2, Section 4.19.3
    
 menu, context: Section 3.1.1, Section 3.1.3, Section 4.11.1
    
 menu, system: Section 3.1.3, Section 3.1.3.7, Section 4.9.4, Section 4.9.5, Section 4.9.7
    
-message authentication code (MAC): Section 4.20, Section 4.27.10, Section 10.13, Section 10.13
    
-Microsoft Store: Question A.8.5
    
+message authentication code (MAC): Section 4.20, Section 4.27.11, Section 10.13, Section 10.13
    
+Microsoft Store: Question A.8.5
    
 middle mouse button: Section 3.1.1, Section 4.11.1, Section 4.11.4
    
 Midnight Commander: Section 4.6.2
    
 minimise window: Section 4.9.1
    
@@ -509,7 +509,7 @@ 
    Index
    
 moving files: Section 6.2.18
    
 MS-DOS Prompt: Section 1.1, Section 1.1, Section 3.11, Section 5.1, Section 7.1
    
 MUDs: Section 1.1, Section 2.1, Section 4.3.9
    
-multi-user systems: Section 3.11.2, Question A.8.2
    
+multi-user systems: Section 3.11.2, Question A.8.2
    
 Nagle's algorithm: Section 4.14.2
    
 name resolution: Section 4.16.3
    
 name resolution, with proxy: Section 4.16.2, Section 4.16.3
    
@@ -544,24 +544,25 @@ 
    Index
    
 Num Lock: Section 4.4.6, Section 4.4.7
    
 OLD_ENVIRON: Section 4.30.1
    
 one-time passwords: Section 4.21.5
    
-OpenSSH: Section 3.5, Section 4.21.8, Section 4.26, Section 4.26.1, Section 4.27.8, Section 4.27.11, Section 8.2.12, Section 8.3, Section 9.4, Section 10.6, Question A.7.18, Question A.10.1
    
+OpenSSH: Section 3.5, Section 4.21.8, Section 4.26, Section 4.26.1, Section 4.27.9, Section 4.27.12, Section 8.2.12, Section 8.3, Section 9.4, Section 10.6, Question A.7.18, Question A.10.1
    
 OpenSSH certificates: Section 3.11.3.19, Section 3.11.3.29, Section 4.19.4, Section 4.22.2, Section 8.2.9, Section 10.3
    
 --openssh-config Pageant command-line option: Section 9.3.3
    
 OpenSSH, on Windows: Section 9.3.3
    
 OpenSSH private key file format: Section 8.2.15
    
+OpenSSH private key format, PEM-style: Section 8.2.15
    
 option negotiation, Telnet: Section 4.30.2
    
 options, command-line: Section 3.11, Section 9.3
    
 out of memory: Section 10.7, Question A.7.3, Question A.7.4
    
 overriding host keys: Section 3.11.3.22, Section 4.19.3
    
 packet log, SSH: Section 4.2, Section 4.2.5
    
-Pageant: Section 3.11.3.9, Section 3.11.3.10, Section 4.21.7, Section 4.22.1, Section 4.27.15, Section 8.1, Chapter 9
    
+Pageant: Section 3.11.3.9, Section 3.11.3.10, Section 4.21.7, Section 4.22.1, Section 4.27.16, Section 8.1, Chapter 9
    
 palettes, logical: Section 4.13.5
    
 passive Telnet negotiation: Section 4.30.2
    
 passphrase: Section 8.1, Section 8.2.8, Chapter 9
    
 passphrase hashing, for private key files: Section 8.2.13.2
    
 passthrough printing: Section 4.3.10
    
 password: Section 2.3, Section 3.11.3.8
    
-password camouflage: Section 4.27.13, Section 4.27.14
    
+password camouflage: Section 4.27.14, Section 4.27.15
    
 password expiry: Section 4.21.6
    
 password, for proxy: Section 4.16.4
    
 password hashing, for private key files: Section 8.2.13.2
    
@@ -576,6 +577,7 @@ 
    Index
    
 PATH environment variable: Section 5.1, Section 6.1, Section 7.1
    
 -P command-line option: Section 3.11.3.7
    
 PC speaker: Section 4.5.1
    
+PEM-style OpenSSH private key format: Section 8.2.15
    
 Pentium 4: Question A.3.1
    
 permissions on files, changing: Section 6.2.14
    
 -pgpfp command-line option: Section 3.11.3.23, Appendix F
    
@@ -591,7 +593,7 @@ 
    Index
    
 port number: Section 3.5, Section 3.11.3.7, Section 4.1.1, Section 4.26
    
 port, privileged: Section 3.5, Section 4.26, Section 4.31.1
    
 POSIX: Section 4.24.2, Section 6.2.2
    
-PPK file: Section 3.11.3.18, Section 4.22.1, Section 8.2.10, Section 8.2.15, Section 9.1
    
+PPK file: Section 3.11.3.18, Section 4.22.1, Section 8.2.10, Section 8.2.15, Section 9.1, Question A.7.24
    
 -p PSCP command-line option: Section 5.2.2.2
    
 preserve file attributes: Section 5.2.2.2
    
 PRIMARY selection: Section 4.11.4
    
@@ -599,9 +601,9 @@ 
    Index
    
 primes, probable: Section 8.2.4
    
 primes, proven: Section 8.2.4
    
 printing, remote-controlled: Section 4.3.10
    
-private key: Section 3.11.3.18, Section 4.22.1, Section 8.1, Chapter 9
    
+private key: Section 3.11.3.18, Section 4.22.1, Section 8.1, Chapter 9, Question A.7.24
    
 private key file, OpenSSH: Section 8.2.15
    
-private key file, PuTTY: Section 3.11.3.18, Section 4.22.1, Section 8.2.10, Section 8.2.15, Section 9.1
    
+private key file, PuTTY: Section 3.11.3.18, Section 4.22.1, Section 8.2.10, Section 8.2.15, Section 9.1, Question A.7.24
    
 private key file, ssh.com: Section 8.2.15
    
 private keys, generating: Section 8.2
    
 privileged port: Section 3.5, Section 4.26, Section 4.31.1
    
@@ -633,7 +635,7 @@ 
    Index
    
 pty allocation: Section 3.11.3.12, Section 4.24.1
    
 public key: Section 8.1
    
 public-key algorithm: Section 8.1
    
-public key authentication: Section 3.11.3.18, Section 4.22.1, Section 4.27.11, Section 5.2.4, Section 6.3, Section 7.2.2, Section 8.1
    
+public key authentication: Section 3.11.3.18, Section 4.22.1, Section 4.27.12, Section 5.2.4, Section 6.3, Section 7.2.2, Section 8.1
    
 public key file, SSH-2: Section 8.2.11
    
 public key fingerprint (SSH): Section 8.2.6, Section 9.2.1
    
 public keys, generating: Section 8.2
    
@@ -705,8 +707,8 @@ 
    Index
    
 routers, NAT: Section 10.17, Question A.7.8
    
 rows, in terminal window: Section 4.7.1
    
 -r PSCP command-line option: Section 5.2.2.4
    
-RSA: Section 4.19.1, Section 4.27.8, Section 4.27.15, Section 8.1, Section 8.2.2
    
-RSA authentication: Section 3.11.3.18, Section 4.22.1, Section 4.27.11, Section 5.2.4, Section 6.3, Section 7.2.2, Section 8.1
    
+RSA: Section 4.19.1, Section 4.27.9, Section 4.27.16, Section 8.1, Section 8.2.2
    
+RSA authentication: Section 3.11.3.18, Section 4.22.1, Section 4.27.12, Section 5.2.4, Section 6.3, Section 7.2.2, Section 8.1
    
 RSA-based key exchange: Section 4.18.1
    
 RTF: Section 4.12.2
    
 Russian: Section 4.10.3
    
@@ -758,7 +760,7 @@ 
    Index
    
 server, proxy: Section 4.14.4, Section 4.16
    
 server, SOCKS: Section 4.16.1
    
 service names: Section 4.26
    
-session ID: Section 4.27.11
    
+session ID: Section 4.27.12
    
 session log: Section 3.2
    
 -sessionlog: Section 3.11.3.25
    
 @sessionname command-line argument: Section 3.11.3.1
    
@@ -787,7 +789,7 @@ 
    Index
    
 shortcut, Windows: Section 3.11, Section 3.11.3.1, Section 9.3, Question A.6.4
    
 side-channel attacks: Section 8.2.4, Section 8.2.13.2
    
 Signal, SSH special command: Section 3.1.3.2
    
-signature: Section 4.27.8, Section 8.1
    
+signature: Section 4.27.9, Section 8.1
    
 signatures, of PuTTY binaries: Appendix F
    
 single-DES: Section 4.20, Section 10.5
    
 single sign-on: Section 4.15.2, Section 4.23
    
@@ -815,17 +817,17 @@ 
    Index
    
 ssh-add: Section 9.4
    
 SSH agent forwarding: Section 3.11.3.10, Section 4.21.7, Section 9.4
    
 SSH certificates: Section 3.11.3.19, Section 3.11.3.29, Section 4.19.4, Section 4.22.2, Section 8.2.9, Section 10.3
    
-ssh.com: Section 4.27.12, Section 8.2.11, Section 8.3, Section 9.4
    
+ssh.com: Section 4.27.13, Section 8.2.11, Section 8.3, Section 9.4
    
 -ssh command-line option: Section 3.11.1, Section 3.11.3.2
    
 ssh.com private key file format: Section 8.2.15
    
 -ssh-connection command-line option: Section 3.11.1, Section 3.11.3.2
    
 ssh-connection protocol, bare: Section 4.28
    
 SSH, differences from other protocols: Section 1.2
    
-.ssh directory: Section 8.3
    
-.ssh2 directory: Section 8.3
    
+.ssh directory: Section 8.3
    
+.ssh2 directory: Section 8.3
    
 SSH file transfer protocol: Section 5.2.1, Section 5.2.2.6, Chapter 6
    
 SSH host key fingerprint: Section 2.2
    
-SSH ‘ignore’ messages: Section 3.1.3.2, Section 4.27.1, Section 4.27.13
    
+SSH ‘ignore’ messages: Section 3.1.3.2, Section 4.27.1, Section 4.27.14
    
 SSH key exchange, forcing repeat: Section 3.1.3.2
    
 ssh-keygen: Section 9.2.1
    
 -sshlog: Section 3.11.3.25
    
@@ -862,7 +864,7 @@ 
    Index
    
 -supdup command-line option: Section 3.11.1, Section 3.11.3.2
    
 SUPDUP, differences from other protocols: Section 1.2
    
 supported features: Section A.2
    
-support requests: Section B.6
    
+support requests: Section B.7
    
 Suspend Process, Telnet special command: Section 3.1.3.2, Section 4.30.3
    
 swap file: Section 9.6
    
 switches, command-line: Section 3.11, Section 9.3
    
@@ -919,7 +921,7 @@ 
    Index
    
 typeface: Section 4.8.2, Section 4.10.4, Section 4.12.2, Section 4.13.4
    
 UDP: Section 4.26
    
 Unicode: Section 4.6.10, Section 4.10.1, Section 4.10.4, Section 4.10.5
    
-uninstalling: Question A.8.2
    
+uninstalling: Question A.8.2
    
 Unix: Section 4.4, Section 4.4.1, Section 4.15.3, Section 4.24.1, Section 6.2.14, Section 10.19, Question A.7.13
    
 Unix version of PuTTY tools: PuTTY User Manual, Question A.3.2
    
 -unsafe PSCP command-line option: Section 5.2.1
    
@@ -952,7 +954,7 @@ 
    Index
    
 WAV file: Section 4.5.1
    
 web browser: Section 3.5, Section 3.11.1
    
 web server: Section 1.1
    
-web site: Section B.7
    
+web site: Section B.8
    
 white space: Section 4.12.1
    
 wildcards: Section 5.2.1, Section 5.2.1.3, Section 5.2.2.6, Section 6.2.2, Section 6.2.11
    
 WinCVS: Section 7.5
    
@@ -976,7 +978,7 @@ 
    Index
    
 Windows process ACL: Section 3.11.3.28, Section 9.3.6
    
 Windows Registry: Section 2.2, Section 4.1.2, Section 4.33, Question A.5.2
    
 Windows shortcut: Section 3.11, Section 3.11.3.1, Section 9.3, Question A.6.4
    
-Windows Store: Question A.8.5
    
+Windows Store: Question A.8.5
    
 Windows Terminal Services: Question A.7.17
    
 Windows XP: Question A.7.17, Question A.7.21
    
 window, terminal: Section 2.3, Section 3.1.1, Section 3.1.3, Section 4.1.3, Section 4.7, Section 4.8, Section 4.9, Section 4.13.7
    
@@ -999,5 +1001,5 @@ 
    Index
    
 xterm: Section 3.1.1, Section 4.4.2, Section 4.4.3, Section 4.4.3, Section 4.11.1, Section 4.15.3
    
 xterm mouse reporting: Section 3.1.1, Section 4.6.2, Section 4.11.2
    
 
    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.
    
-[PuTTY release 0.78]
    
+[PuTTY release 0.79]
 
diff --git a/code/doc/html/index.html b/code/doc/html/index.html
index 99cb0ac7..2d3199da 100644
--- a/code/doc/html/index.html
+++ b/code/doc/html/index.html
@@ -17,7 +17,7 @@ 
    PuTTY User Manual
    
 Note to Unix users: this manual currently primarily documents the Windows versions of the PuTTY utilities. Some options are therefore mentioned that are absent from the Unix version; the Unix version has features not described here; and the pterm and command-line puttygen and pageant utilities are not described at all. The only Unix-specific documentation that currently exists is the man pages.
 
    
 
    
-This manual is copyright 1997-2022 Simon Tatham. All rights reserved. You may distribute this documentation under the MIT licence. See appendix D for the licence text in full.
+This manual is copyright 1997-2023 Simon Tatham. All rights reserved. You may distribute this documentation under the MIT licence. See appendix D for the licence text in full.
 
    
 
 
 
  • Appendix C: PPK file format
 
      
@@ -220,5 +221,5 @@ 
      PuTTY User Manual
      
 
    
 
 
    If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.
    
-[PuTTY release 0.78]
    
+[PuTTY release 0.79]
 
diff --git a/code/doc/index.but b/code/doc/index.but
index 187f5a1e..86c6f931 100644
--- a/code/doc/index.but
+++ b/code/doc/index.but
@@ -869,6 +869,9 @@ saved sessions from
 \IM{ssh.com private key format} \cw{ssh.com} private key file format
 \IM{ssh.com private key format} private key file, \cw{ssh.com}
 
+\IM{PEM-style} PEM-style OpenSSH private key format
+\IM{PEM-style} OpenSSH private key format, PEM-style
+
 \IM{importing keys} importing private keys
 \IM{importing keys} loading private keys
 
diff --git a/code/doc/pgpkeys.but b/code/doc/pgpkeys.but
index 7dc62f89..9e25e208 100644
--- a/code/doc/pgpkeys.but
+++ b/code/doc/pgpkeys.but
@@ -56,25 +56,25 @@ The current issue of those keys are available for download from the
 PuTTY website, and are also available on PGP keyservers using the key
 IDs listed below.
 
-\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2021.asc}{\s{Master Key} (2021)}
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2023.asc}{\s{Master Key} (2023)}
 
-\dd RSA, 3072-bit. Key ID: \cw{DD4355EAAC1119DE}. Fingerprint:
-\cw{A872\_D42F\_1660\_890F\_0E05\_223E\_DD43\_55EA\_AC11\_19DE}
+\dd RSA, 4096-bit. Key ID: \cw{B15D9EFC216B06A1}. Fingerprint:
+\cw{28D4\_7C46\_55E7\_65A6\_D827\_AC66\_B15D\_9EFC\_216B\_06A1}
 
-\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2021.asc}{\s{Release Key} (2021)}
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2023.asc}{\s{Release Key} (2023)}
 
-\dd RSA, 3072-bit. Key ID: \cw{E4F83EA2AA4915EC}. Fingerprint:
-\cw{2CF6\_134B\_D3F7\_7A65\_88EB\_D668\_E4F8\_3EA2\_AA49\_15EC}
+\dd RSA, 3072-bit. Key ID: \cw{1993D21BCAD1AA77}. Fingerprint:
+\cw{F412\_BA3A\_A30F\_DC0E\_77B4\_E387\_1993\_D21B\_CAD1\_AA77}
 
-\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2021.asc}{\s{Snapshot Key} (2021)}
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2023.asc}{\s{Snapshot Key} (2023)}
 
-\dd RSA, 3072-bit. Key ID: \cw{B43979F89F446CFD}. Fingerprint:
-\cw{1FD3\_BCAC\_E532\_FBE0\_6A8C\_09E2\_B439\_79F8\_9F44\_6CFD}
+\dd RSA, 3072-bit. Key ID: \cw{10625E553F53FAAD}. Fingerprint:
+\cw{74CC\_6DD9\_ABA7\_31D4\_C5A0\_C2D0\_1062\_5E55\_3F53\_FAAD}
 
-\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2021.asc}{\s{Secure Contact Key} (2021)}
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2023.asc}{\s{Secure Contact Key} (2023)}
 
-\dd RSA, 3072-bit. Key ID: \cw{012C59D4211BD62A}. Fingerprint:
-\cw{E30F\_1354\_2A04\_BE0E\_56F0\_5801\_012C\_59D4\_211B\_D62A}
+\dd RSA, 3072-bit. Key ID: \cw{1559F6A8929F5EFC}. Fingerprint:
+\cw{01F5\_A2B1\_1388\_D64B\_707F\_897F\_1559\_F6A8\_929F\_5EFC}
 
 \H{pgpkeys-security} Security details
 
@@ -153,7 +153,7 @@ once.
 
 \H{pgpkeys-rollover} Key rollover
 
-Our current keys were generated in August 2018.
+Our current keys were generated in July 2023.
 
 Each new Master Key is signed with the old one, to show that it really
 is owned by the same people and not substituted by an attacker.
@@ -169,6 +169,28 @@ generated keys.
 
 The details of all previous keys are given here.
 
+\s{Keys generated in the 2021 rollover}
+
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2021.asc}{\s{Master Key} (2021)}
+
+\dd RSA, 3072-bit. Key ID: \cw{DD4355EAAC1119DE}. Fingerprint:
+\cw{A872\_D42F\_1660\_890F\_0E05\_223E\_DD43\_55EA\_AC11\_19DE}
+
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2021.asc}{\s{Release Key} (2021)}
+
+\dd RSA, 3072-bit. Key ID: \cw{E4F83EA2AA4915EC}. Fingerprint:
+\cw{2CF6\_134B\_D3F7\_7A65\_88EB\_D668\_E4F8\_3EA2\_AA49\_15EC}
+
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2021.asc}{\s{Snapshot Key} (2021)}
+
+\dd RSA, 3072-bit. Key ID: \cw{B43979F89F446CFD}. Fingerprint:
+\cw{1FD3\_BCAC\_E532\_FBE0\_6A8C\_09E2\_B439\_79F8\_9F44\_6CFD}
+
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2021.asc}{\s{Secure Contact Key} (2021)}
+
+\dd RSA, 3072-bit. Key ID: \cw{012C59D4211BD62A}. Fingerprint:
+\cw{E30F\_1354\_2A04\_BE0E\_56F0\_5801\_012C\_59D4\_211B\_D62A}
+
 \s{Keys generated in the 2018 rollover}
 
 \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2018.asc}{\s{Master Key} (2018)}
diff --git a/code/doc/plink.but b/code/doc/plink.but
index 39b14f2b..e91a295a 100644
--- a/code/doc/plink.but
+++ b/code/doc/plink.but
@@ -41,7 +41,7 @@ use Plink:
 
 \c C:\>plink
 \c Plink: command-line connection utility
-\c Release 0.78
+\c Release 0.79
 \c Usage: plink [options] [user@]host [command]
 \c        ("host" can also be a PuTTY saved session name)
 \c Options:
@@ -254,7 +254,7 @@ line.
 \S2{plink-option-share} \I{-share-plink}\c{-share}:
 Test and try to share an existing connection.
 
-This option tris to detect if an existing connection can be shared
+This option tries to detect if an existing connection can be shared
 (See \k{config-ssh-sharing} for more information about SSH connection
 sharing.) and reuses that connection.
 
diff --git a/code/doc/pscp.but b/code/doc/pscp.but
index 96a2d4b9..e788ffde 100644
--- a/code/doc/pscp.but
+++ b/code/doc/pscp.but
@@ -39,7 +39,7 @@ use PSCP:
 
 \c C:\>pscp
 \c PuTTY Secure Copy client
-\c Release 0.78
+\c Release 0.79
 \c Usage: pscp [options] [user@]host:source target
 \c        pscp [options] source [source...] [user@]host:target
 \c        pscp [options] -ls [user@]host:filespec
diff --git a/code/doc/pubkey.but b/code/doc/pubkey.but
index 5ac59390..c421cedb 100644
--- a/code/doc/pubkey.but
+++ b/code/doc/pubkey.but
@@ -367,7 +367,7 @@ will need to tell PuTTY to use for authentication (see
 \k{pageant-mainwin-addkey}).
 
 (You can optionally change some details of the PPK format for your saved
-key files; see \k{puttygen-save-params}. But The defaults should be
+key files; see \k{puttygen-save-params}. But the defaults should be
 fine for most purposes.)
 
 \S{puttygen-savepub} Saving your public key to a disk file
@@ -507,13 +507,17 @@ passphrase in beforehand, and you will be warned if you are about to
 save a key without a passphrase.
 
 For OpenSSH there are two options. Modern OpenSSH actually has two
-formats it uses for storing private keys. \q{Export OpenSSH key}
+formats it uses for storing private keys: an older (\q{\i{PEM-style}})
+format, and a newer \q{native} format with better resistance to
+passphrase guessing and support for comments. \q{Export OpenSSH key}
 will automatically choose the oldest format supported for the key
 type, for maximum backward compatibility with older versions of
 OpenSSH; for newer key types like Ed25519, it will use the newer
 format as that is the only legal option. If you have some specific
 reason for wanting to use OpenSSH's newer format even for RSA, DSA,
-or ECDSA keys, you can choose \q{Export OpenSSH key (force new file
+or ECDSA keys \dash for instance, you know your file will only be
+used by OpenSSH 6.5 or newer (released in 2014), and want the extra
+security \dash you can choose \q{Export OpenSSH key (force new file
 format)}.
 
 Most clients for the older SSH-1 protocol use a standard format for
diff --git a/code/doc/putty.chm b/code/doc/putty.chm
index a0067ae0..372e46ab 100644
Binary files a/code/doc/putty.chm and b/code/doc/putty.chm differ
diff --git a/code/doc/puttydoc.txt b/code/doc/puttydoc.txt
index c7e3db6c..39818c4c 100644
--- a/code/doc/puttydoc.txt
+++ b/code/doc/puttydoc.txt
@@ -12,7 +12,7 @@ not described here; and the pterm and command-line puttygen and pageant
 utilities are not described at all. The only Unix-specific documentation
 that currently exists is the man pages.
 
-This manual is copyright 1997-2022 Simon Tatham. All rights reserved. You
+This manual is copyright 1997-2023 Simon Tatham. All rights reserved. You
 may distribute this documentation under the MIT licence. See appendix D for
 the licence text in full.
 
@@ -1623,12 +1623,15 @@ Chapter 4: Configuring PuTTY
         -  `&T' will be replaced by the current time, as six digits
            (HHMMSS) with no punctuation.
 
-        -  `&H' will be replaced by the host name you are connecting to.
+        -  `&H' will be replaced by the host name you are connecting to (or
+           the serial line, for a serial connection).
 
         -  `&P' will be replaced by the port number you are connecting to
            on the target host.
 
-       For example, if you enter the host name `c:\puttylogs\log-&h-&y&m&d-
+       (These are all case-insensitive.)
+
+       For example, if you enter the file name `c:\puttylogs\log-&h-&y&m&d-
        &t.dat', you will end up with files looking like
 
          log-server1.example.com-20010528-110859.dat
@@ -3106,7 +3109,7 @@ Chapter 4: Configuring PuTTY
        alternative, see section 4.14.3.)
 
        Note that if you are using SSH-1 and the server has a bug that makes
-       it unable to deal with SSH-1 ignore messages (see section 4.27.13),
+       it unable to deal with SSH-1 ignore messages (see section 4.27.14),
        enabling keepalives will have no effect.
 
 4.14.2 `Disable Nagle's algorithm'
@@ -4396,6 +4399,9 @@ Chapter 4: Configuring PuTTY
 
 4.22.2 `Certificate to use with the private key'
 
+       (This is optional. If you don't know you need it, you can leave this
+       blank.)
+
        In some environments, user authentication keys can be signed in turn
        by a `certifying authority' (`CA' for short), and user accounts
        on an SSH server can be configured to automatically trust any key
@@ -4872,6 +4878,9 @@ Chapter 4: Configuring PuTTY
            the server version, e.g. because they must be acted on before
            the server version is known.)
 
+       (The PuTTY project has a defined policy about when we're prepared to
+       add auto-detection for a bug workaround. See section B.6.)
+
 4.27.1 `Chokes on SSH-2 ignore messages'
 
        An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol
@@ -5009,7 +5018,23 @@ Chapter 4: Configuring PuTTY
        this, but if there is one, then this flag will make PuTTY unable to
        speak to them at all.
 
-4.27.8 `Requires padding on SSH-2 RSA signatures'
+4.27.8 `Old RSA/SHA2 cert algorithm naming'
+
+       If PuTTY is trying to do SSH-2 user authentication using an RSA
+       key, and the server is using one of the newer SHA-2 based versions
+       of the SSH RSA protocol, and the user's key is also a certificate,
+       then earlier versions of OpenSSH (up to 7.7) disagree with later
+       versions about the right key algorithm string to send in the
+       SSH2_MSG_USERAUTH_REQUEST packet. Modern versions send a string
+       that indicates both the SHA-2 nature and the certificate nature
+       of the key, such as `rsa-sha2-512-cert-v01@openssh.com'. Earlier
+       versions would reject that, and insist on seeing `ssh-rsa-cert-
+       v01@openssh.com' followed by a SHA-2 based signature.
+
+       PuTTY should auto-detect the presence of this bug in earlier OpenSSH
+       and adjust to send the right string.
+
+4.27.9 `Requires padding on SSH-2 RSA signatures'
 
        Versions below 3.3 of OpenSSH require SSH-2 RSA signatures to be
        padded with zero bytes to the same length as the RSA key modulus.
@@ -5026,7 +5051,7 @@ Chapter 4: Configuring PuTTY
 
        This is an SSH-2-specific bug.
 
-4.27.9 `Only supports pre-RFC4419 SSH-2 DH GEX'
+4.27.10 `Only supports pre-RFC4419 SSH-2 DH GEX'
 
        The SSH key exchange method that uses Diffie-Hellman group exchange
        was redesigned after its original release, to use a slightly more
@@ -5041,7 +5066,7 @@ Chapter 4: Configuring PuTTY
 
        This is an SSH-2-specific bug.
 
-4.27.10 `Miscomputes SSH-2 HMAC keys'
+4.27.11 `Miscomputes SSH-2 HMAC keys'
 
        Versions 2.3.0 and below of the SSH server software from ssh.com
        compute the keys for their HMAC message authentication codes
@@ -5056,7 +5081,7 @@ Chapter 4: Configuring PuTTY
 
        This is an SSH-2-specific bug.
 
-4.27.11 `Misuses the session ID in SSH-2 PK auth'
+4.27.12 `Misuses the session ID in SSH-2 PK auth'
 
        Versions below 2.3 of OpenSSH require SSH-2 public-key
        authentication to be done slightly differently: the data to be
@@ -5072,7 +5097,7 @@ Chapter 4: Configuring PuTTY
 
        This is an SSH-2-specific bug.
 
-4.27.12 `Miscomputes SSH-2 encryption keys'
+4.27.13 `Miscomputes SSH-2 encryption keys'
 
        Versions below 2.0.11 of the SSH server software from ssh.com
        compute the keys for the session encryption incorrectly. This
@@ -5086,7 +5111,7 @@ Chapter 4: Configuring PuTTY
 
        This is an SSH-2-specific bug.
 
-4.27.13 `Chokes on SSH-1 ignore messages'
+4.27.14 `Chokes on SSH-1 ignore messages'
 
        An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol
        which can be sent from the client to the server, or from the server
@@ -5099,15 +5124,15 @@ Chapter 4: Configuring PuTTY
        If this bug is detected, PuTTY will stop using ignore messages.
        This means that keepalives will stop working, and PuTTY will
        have to fall back to a secondary defence against SSH-1 password-
-       length eavesdropping. See section 4.27.14. If this bug is enabled
+       length eavesdropping. See section 4.27.15. If this bug is enabled
        when talking to a correct server, the session will succeed, but
        keepalives will not work and the session might be more vulnerable to
        eavesdroppers than it could be.
 
-4.27.14 `Refuses all SSH-1 password camouflage'
+4.27.15 `Refuses all SSH-1 password camouflage'
 
        When talking to an SSH-1 server which cannot deal with ignore
-       messages (see section 4.27.13), PuTTY will attempt to disguise the
+       messages (see section 4.27.14), PuTTY will attempt to disguise the
        length of the user's password by sending additional padding _within_
        the password packet. This is technically a violation of the SSH-
        1 specification, and so PuTTY will only do it when it cannot use
@@ -5127,7 +5152,7 @@ Chapter 4: Configuring PuTTY
        This is an SSH-1-specific bug. SSH-2 is secure against this type of
        attack.
 
-4.27.15 `Chokes on SSH-1 RSA authentication'
+4.27.16 `Chokes on SSH-1 RSA authentication'
 
        Some SSH-1 servers cannot deal with RSA authentication messages at
        all. If Pageant is running and contains any SSH-1 keys, PuTTY will
@@ -5416,7 +5441,7 @@ Chapter 4: Configuring PuTTY
 
 4.32.4 `Terminal scrolling'
 
-       This controls whether the terminal will perform scrolling then the
+       This controls whether the terminal will perform scrolling when the
        cursor goes below the last line, or if the cursor will return to the
        first line.
 
@@ -5505,7 +5530,7 @@ Chapter 5: Using PSCP to transfer files securely
 
          C:\>pscp
          PuTTY Secure Copy client
-         Release 0.78
+         Release 0.79
          Usage: pscp [options] [user@]host:source target
                 pscp [options] source [source...] [user@]host:target
                 pscp [options] -ls [user@]host:filespec
@@ -6427,7 +6452,7 @@ Chapter 7: Using the command-line connection tool Plink
 
          C:\>plink
          Plink: command-line connection utility
-         Release 0.78
+         Release 0.79
          Usage: plink [options] [user@]host [command]
                 ("host" can also be a PuTTY saved session name)
          Options:
@@ -6635,7 +6660,7 @@ Chapter 7: Using the command-line connection tool Plink
 
 7.2.3.3 `-share': Test and try to share an existing connection.
 
-       This option tris to detect if an existing connection can be shared
+       This option tries to detect if an existing connection can be shared
        (See section 4.17.5 for more information about SSH connection
        sharing.) and reuses that connection.
 
@@ -7187,7 +7212,7 @@ Chapter 8: Using public keys for SSH authentication
        4.22.1) or tell Pageant to load (see section 9.2.2).
 
        (You can optionally change some details of the PPK format for your
-       saved key files; see section 8.2.13. But The defaults should be fine
+       saved key files; see section 8.2.13. But the defaults should be fine
        for most purposes.)
 
 8.2.11 Saving your public key to a disk file
@@ -7325,13 +7350,18 @@ Chapter 8: Using public keys for SSH authentication
        without a passphrase.
 
        For OpenSSH there are two options. Modern OpenSSH actually has two
-       formats it uses for storing private keys. `Export OpenSSH key' will
-       automatically choose the oldest format supported for the key type,
-       for maximum backward compatibility with older versions of OpenSSH;
-       for newer key types like Ed25519, it will use the newer format as
-       that is the only legal option. If you have some specific reason for
-       wanting to use OpenSSH's newer format even for RSA, DSA, or ECDSA
-       keys, you can choose `Export OpenSSH key (force new file format)'.
+       formats it uses for storing private keys: an older (`PEM-style')
+       format, and a newer `native' format with better resistance to
+       passphrase guessing and support for comments. `Export OpenSSH key'
+       will automatically choose the oldest format supported for the key
+       type, for maximum backward compatibility with older versions of
+       OpenSSH; for newer key types like Ed25519, it will use the newer
+       format as that is the only legal option. If you have some specific
+       reason for wanting to use OpenSSH's newer format even for RSA,
+       DSA, or ECDSA keys - for instance, you know your file will only
+       be used by OpenSSH 6.5 or newer (released in 2014), and want the
+       extra security - you can choose `Export OpenSSH key (force new file
+       format)'.
 
        Most clients for the older SSH-1 protocol use a standard format for
        storing private keys on disk. PuTTY uses this format as well; so if
@@ -8151,7 +8181,7 @@ Chapter 10: Common error messages
        This error can be caused by buggy SSH-1 servers that fail to cope
        with the various strategies we use for camouflaging passwords in
        transit. Upgrade your server, or use the workarounds described in
-       section 4.27.13 and possibly section 4.27.14.
+       section 4.27.14 and possibly section 4.27.15.
 
  10.12 `No supported authentication methods available'
 
@@ -8178,7 +8208,7 @@ Chapter 10: Common error messages
        which may not be noticed.
 
        Occasionally this has been caused by server bugs. An example is the
-       bug described at section 4.27.10, although you're very unlikely to
+       bug described at section 4.27.11, although you're very unlikely to
        encounter that one these days.
 
        In this context MAC stands for Message Authentication Code. It's a
@@ -8195,7 +8225,7 @@ Chapter 10: Common error messages
 
        If you get this error, one thing you could try would be to fiddle
        with the setting of `Miscomputes SSH-2 encryption keys' (see section
-       4.27.12) or `Ignores SSH-2 maximum packet size' (see section 4.27.5)
+       4.27.13) or `Ignores SSH-2 maximum packet size' (see section 4.27.5)
        on the Bugs panel.
 
  10.15 `PuTTY X11 proxy: _various errors_'
@@ -8283,6 +8313,10 @@ Chapter 10: Common error messages
        Telnet, etc), and check that the port number is correct. If that
        fails, consult the administrator of your server.
 
+       This error can also be caused by a firewall in between you and the
+       server, which rejects the connection and sends back the same type of
+       error packet as the real server would have sent.
+
  10.19 `Network error: Connection timed out'
 
        This error means that the network connection PuTTY tried to make to
@@ -9348,6 +9382,23 @@ A.7.23 After I upgraded PuTTY to 0.68, I can no longer connect to my
        IUTF8 on the list, select `Nothing', and press `Set'. (It's not
        possible to disable sending this mode in 0.68.)
 
+A.7.24 Since 0.78, I can't find where to configure my SSH private key.
+
+       In PuTTY 0.78, the `Private key file for authentication' control,
+       where you specify a `.PPK' file for SSH public key authentication,
+       moved to a new `Credentials' panel in the configuration dialog. You
+       can find this by opening the `SSH' category in the tree view on the
+       left, then opening the `Auth' subcategory under that, then clicking
+       on `Credentials'. On this page you'll find the `Browse...' button
+       you need to select a `.PPK' file for authentication, as described in
+       section 4.22.1.
+
+       (This control had previously been on the `Auth' panel since public
+       key authentication was first released in 2002, so many online how-
+       to guides still describe it there. The configuration controls were
+       reorganised to make room for features added in 0.78, such as OpenSSH
+       certificates.)
+
    A.8 Security questions
 
  A.8.1 Is it safe for me to download PuTTY and use it on a public PC?
@@ -9567,7 +9618,7 @@ A.7.23 After I upgraded PuTTY to 0.68, I can no longer connect to my
        Yes. For most things, you need not bother asking us explicitly for
        permission; our licence already grants you permission.
 
-       See section B.8 for more details.
+       See section B.9 for more details.
 
 A.9.10 Can you sign an agreement indemnifying us against security problems
        in PuTTY?
@@ -9892,7 +9943,7 @@ Appendix B: Feedback and bug reporting
        We get so much e-mail that we literally do not have time to answer
        it all. We regret this, but there's nothing we can do about it.
        So if you can _possibly_ avoid sending mail to the PuTTY team, we
-       recommend you do so. In particular, support requests (section B.6)
+       recommend you do so. In particular, support requests (section B.7)
        are probably better sent to newsgroups, or passed to a local expert
        if possible.
 
@@ -10165,7 +10216,55 @@ Appendix B: Feedback and bug reporting
            to get a feature implemented quickly, if it's a big one that we
            don't have time to do ourselves.
 
-   B.6 Support requests
+   B.6 Workarounds for SSH server bugs
+
+       It's normal for SSH implementations to automatically enable
+       workarounds for each other's bugs, using the software version
+       strings that are exchanged at the start of the connection. Typically
+       an SSH client will have a list of server version strings that it
+       believes to have particular bugs, and auto-enable the appropriate
+       set of workarounds when it sees one of those strings. (And servers
+       will have a similar list of workarounds for _client_ software they
+       believe to be buggy.)
+
+       If you've found a bug in an SSH server, and you'd like us to add
+       an auto-detected workaround for it, our policy is that *the server
+       implementor should fix it first*.
+
+       If the server implementor has fixed it in the latest version, and
+       can give us a complete description of the version strings that go
+       with the bug, then we're happy to use those version strings as a
+       trigger to automatically enable our workaround (assuming one is
+       possible). We _won't_ accept requests to auto-enable workarounds
+       for an open-ended set of version strings, such as `any version of
+       FooServer, including future ones not yet released'.
+
+       The aim of this policy is to encourage implementors to gradually
+       converge on the actual standardised SSH protocol. If we enable
+       people to continue violating the spec, by installing open-ended
+       workarounds in PuTTY for bugs they're never going to fix, then we're
+       contributing to an ecosystem in which everyone carries on having
+       bugs and everyone else carries on having to work around them.
+
+       An exception: if an SSH server is no longer maintained _at all_
+       (e.g. the company that produced it has gone out of business), and
+       every version of it that was ever released has a bug, then that's
+       one situation in which we may be prepared to add a workaround rule
+       that matches all versions of that software. (The aim is to stop
+       implementors from continuing to release software with the bug - and
+       if they're not releasing it _at all_ any more, then that's already
+       done!)
+
+       We do recognise that sometimes it will be difficult to get the
+       server maintainer to fix a bug, or even to answer support requests
+       at all. Or it might take them a very long time to get round to doing
+       anything about it. We're not completely unwilling to compromise:
+       we're prepared to add _manually enabled_ workarounds to PuTTY even
+       for bugs that an implementation hasn't fixed yet. We just won't
+       _automatically_ enable the workaround unless the server maintainer
+       has also done their part.
+
+   B.7 Support requests
 
        If you're trying to make PuTTY do something for you and it isn't
        working, but you're not sure whether it's a bug or not, then
@@ -10206,7 +10305,7 @@ Appendix B: Feedback and bug reporting
        way, you can try mailing it to us, but we can't guarantee to have
        time to answer it.
 
-   B.7 Web server administration
+   B.8 Web server administration
 
        If the PuTTY web site is down (Connection Timed Out), please don't
        bother mailing us to tell us about it. Most of us read our e-mail on
@@ -10228,7 +10327,7 @@ Appendix B: Feedback and bug reporting
        contact us if that doesn't solve the problem (in case we need to
        remove the mirror from our list).
 
-   B.8 Asking permission for things
+   B.9 Asking permission for things
 
        PuTTY is distributed under the MIT Licence (see appendix D for
        details). This means you can do almost _anything_ you like with our
@@ -10258,7 +10357,7 @@ Appendix B: Feedback and bug reporting
        If you just want to link to our web site, just go ahead. (It's not
        clear that we _could_ stop you doing this, even if we wanted to!)
 
-   B.9 Mirroring the PuTTY web site
+  B.10 Mirroring the PuTTY web site
 
        If you want to set up a mirror of the PuTTY website, go ahead and
        set one up. Please don't bother asking us for permission before
@@ -10282,7 +10381,7 @@ Appendix B: Feedback and bug reporting
        guidelines on the Mirrors page); but if you just want to ask for
        permission, you don't need to. You already have permission.
 
-  B.10 Praise and compliments
+  B.11 Praise and compliments
 
        One of the most rewarding things about maintaining free software
        is getting e-mails that just say `thanks'. We are always happy to
@@ -10296,7 +10395,7 @@ Appendix B: Feedback and bug reporting
        To everyone who's ever sent us praise and compliments, in the past
        and the future: _you're welcome_!
 
-  B.11 E-mail address
+  B.12 E-mail address
 
        The actual address to mail is .
 
@@ -10690,7 +10789,7 @@ Appendix C: PPK file format
 Appendix D: PuTTY Licence
 -------------------------
 
-       PuTTY is copyright 1997-2022 Simon Tatham.
+       PuTTY is copyright 1997-2023 Simon Tatham.
 
        Portions copyright Robert de Bath, Joris van Rantwijk, Delian
        Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
@@ -11525,25 +11624,25 @@ Appendix F: PuTTY download keys and signatures
        PuTTY website, and are also available on PGP keyservers using the
        key IDs listed below.
 
-       *Master Key* (2021)
+       *Master Key* (2023)
 
-           RSA, 3072-bit. Key ID: DD4355EAAC1119DE. Fingerprint:
-           A872 D42F 1660 890F 0E05 223E DD43 55EA AC11 19DE
+           RSA, 4096-bit. Key ID: B15D9EFC216B06A1. Fingerprint:
+           28D4 7C46 55E7 65A6 D827 AC66 B15D 9EFC 216B 06A1
 
-       *Release Key* (2021)
+       *Release Key* (2023)
 
-           RSA, 3072-bit. Key ID: E4F83EA2AA4915EC. Fingerprint:
-           2CF6 134B D3F7 7A65 88EB D668 E4F8 3EA2 AA49 15EC
+           RSA, 3072-bit. Key ID: 1993D21BCAD1AA77. Fingerprint:
+           F412 BA3A A30F DC0E 77B4 E387 1993 D21B CAD1 AA77
 
-       *Snapshot Key* (2021)
+       *Snapshot Key* (2023)
 
-           RSA, 3072-bit. Key ID: B43979F89F446CFD. Fingerprint:
-           1FD3 BCAC E532 FBE0 6A8C 09E2 B439 79F8 9F44 6CFD
+           RSA, 3072-bit. Key ID: 10625E553F53FAAD. Fingerprint:
+           74CC 6DD9 ABA7 31D4 C5A0 C2D0 1062 5E55 3F53 FAAD
 
-       *Secure Contact Key* (2021)
+       *Secure Contact Key* (2023)
 
-           RSA, 3072-bit. Key ID: 012C59D4211BD62A. Fingerprint:
-           E30F 1354 2A04 BE0E 56F0 5801 012C 59D4 211B D62A
+           RSA, 3072-bit. Key ID: 1559F6A8929F5EFC. Fingerprint:
+           01F5 A2B1 1388 D64B 707F 897F 1559 F6A8 929F 5EFC
 
    F.2 Security details
 
@@ -11623,7 +11722,7 @@ Appendix F: PuTTY download keys and signatures
 
    F.3 Key rollover
 
-       Our current keys were generated in August 2018.
+       Our current keys were generated in July 2023.
 
        Each new Master Key is signed with the old one, to show that it
        really is owned by the same people and not substituted by an
@@ -11640,6 +11739,28 @@ Appendix F: PuTTY download keys and signatures
 
        The details of all previous keys are given here.
 
+       *Keys generated in the 2021 rollover*
+
+       *Master Key* (2021)
+
+           RSA, 3072-bit. Key ID: DD4355EAAC1119DE. Fingerprint:
+           A872 D42F 1660 890F 0E05 223E DD43 55EA AC11 19DE
+
+       *Release Key* (2021)
+
+           RSA, 3072-bit. Key ID: E4F83EA2AA4915EC. Fingerprint:
+           2CF6 134B D3F7 7A65 88EB D668 E4F8 3EA2 AA49 15EC
+
+       *Snapshot Key* (2021)
+
+           RSA, 3072-bit. Key ID: B43979F89F446CFD. Fingerprint:
+           1FD3 BCAC E532 FBE0 6A8C 09E2 B439 79F8 9F44 6CFD
+
+       *Secure Contact Key* (2021)
+
+           RSA, 3072-bit. Key ID: 012C59D4211BD62A. Fingerprint:
+           E30F 1354 2A04 BE0E 56F0 5801 012C 59D4 211B D62A
+
        *Keys generated in the 2018 rollover*
 
        *Master Key* (2018)
@@ -12358,4 +12479,4 @@ H.6.12 PLUGIN_AUTH_FAILURE
        Secure Shell Protocol (SSH)' (better known by its wire id `keyboard-
        interactive').
 
-[PuTTY release 0.78]
+[PuTTY release 0.79]
diff --git a/code/doc/version.but b/code/doc/version.but
index 229426d5..8e590f2f 100644
--- a/code/doc/version.but
+++ b/code/doc/version.but
@@ -1 +1 @@
-\versionid PuTTY release 0.78
+\versionid PuTTY release 0.79
diff --git a/code/ldisc.c b/code/ldisc.c
index caff52d0..27f41a6f 100644
--- a/code/ldisc.c
+++ b/code/ldisc.c
@@ -442,6 +442,8 @@ void ldisc_send(Ldisc *ldisc, const void *vbuf, int len, bool interactive)
                         bsb(ldisc, plen(ldisc, ldisc->buf[ldisc->buflen - 1]));
                     ldisc->buflen--;
                 }
+                if (c == CTRL('U'))
+                    break;             /* ^U *just* erases a line */
                 ldisc_to_backend_special(ldisc, SS_EL, 0);
                 /*
                  * We don't send IP, SUSP or ABORT if the user has
diff --git a/code/logging.c b/code/logging.c
index e065f1a4..031aae4a 100644
--- a/code/logging.c
+++ b/code/logging.c
@@ -22,8 +22,9 @@ struct LogContext {
     int logtype;                       /* cached out of conf */
 };
 
-static Filename *xlatlognam(Filename *s, char *hostname, int port,
-                            struct tm *tm);
+static Filename *xlatlognam(const Filename *s,
+                            const char *hostname, int port,
+                            const struct tm *tm);
 
 /*
  * Internal wrapper function which must be called for _all_ output
@@ -173,7 +174,7 @@ void logfopen(LogContext *ctx)
         filename_free(ctx->currlogfilename);
     ctx->currlogfilename =
         xlatlognam(conf_get_filename(ctx->conf, CONF_logfilename),
-                   conf_get_str(ctx->conf, CONF_host),
+                   conf_dest(ctx->conf),    /* hostname or serial line */
                    conf_get_int(ctx->conf, CONF_port), &tm);
 
     if (open_for_write_would_lose_data(ctx->currlogfilename)) {
@@ -451,10 +452,12 @@ void log_reconfig(LogContext *ctx, Conf *conf)
  *
  * "&Y":YYYY   "&m":MM   "&d":DD   "&T":hhmmss   "&h":   "&&":&
  */
-static Filename *xlatlognam(Filename *src, char *hostname, int port,
-                            struct tm *tm)
+static Filename *xlatlognam(const Filename *src,
+                            const char *hostname, int port,
+                            const struct tm *tm)
 {
-    char buf[32], *bufp;
+    char buf[32];
+    const char *bufp;
     int size;
     strbuf *buffer;
     const char *s;
diff --git a/code/otherbackends/raw.c b/code/otherbackends/raw.c
index c9a32e05..c95db970 100644
--- a/code/otherbackends/raw.c
+++ b/code/otherbackends/raw.c
@@ -285,7 +285,8 @@ static void raw_special(Backend *be, SessionSpecialCode code, int arg)
 {
     Raw *raw = container_of(be, Raw, backend);
     if (code == SS_EOF && raw->s) {
-        sk_write_eof(raw->s);
+        if (!raw->sent_socket_eof)
+            sk_write_eof(raw->s);
         raw->sent_socket_eof= true;
         raw_check_close(raw);
     }
diff --git a/code/psftp.c b/code/psftp.c
index d8b5c400..587e2177 100644
--- a/code/psftp.c
+++ b/code/psftp.c
@@ -1024,7 +1024,7 @@ int sftp_cmd_close(struct sftp_command *cmd)
     }
     do_sftp_cleanup();
 
-    return 0;
+    return 1;
 }
 
 void list_directory_from_sftp_warn_unsorted(void)
@@ -2386,6 +2386,10 @@ static void do_sftp_cleanup(void)
         sfree(homedir);
         homedir = NULL;
     }
+    if (psftp_logctx) {
+        log_free(psftp_logctx);
+        psftp_logctx = NULL;
+    }
 }
 
 int do_sftp(int mode, int modeflags, char *batchfile)
diff --git a/code/putty.h b/code/putty.h
index 2a785337..e80fd1c6 100644
--- a/code/putty.h
+++ b/code/putty.h
@@ -21,14 +21,14 @@
  * Fingerprints of the current and previous PGP master keys, to
  * establish a trust path between an executable and other files.
  */
-#define PGP_MASTER_KEY_YEAR "2021"
-#define PGP_MASTER_KEY_DETAILS "RSA, 3072-bit"
+#define PGP_MASTER_KEY_YEAR "2023"
+#define PGP_MASTER_KEY_DETAILS "RSA, 4096-bit"
 #define PGP_MASTER_KEY_FP                                  \
-    "A872 D42F 1660 890F 0E05  223E DD43 55EA AC11 19DE"
-#define PGP_PREV_MASTER_KEY_YEAR "2018"
-#define PGP_PREV_MASTER_KEY_DETAILS "RSA, 4096-bit"
+    "28D4 7C46 55E7 65A6 D827  AC66 B15D 9EFC 216B 06A1"
+#define PGP_PREV_MASTER_KEY_YEAR "2021"
+#define PGP_PREV_MASTER_KEY_DETAILS "RSA, 3072-bit"
 #define PGP_PREV_MASTER_KEY_FP                                  \
-    "24E1 B1C5 75EA 3C9F F752  A922 76BC 7FE4 EBFD 2D9E"
+    "A872 D42F 1660 890F 0E05  223E DD43 55EA AC11 19DE"
 
 /*
  * Definitions of three separate indexing schemes for colour palette
@@ -363,11 +363,12 @@ typedef enum {
     MBT_NOTHING,
     MBT_LEFT, MBT_MIDDLE, MBT_RIGHT,   /* `raw' button designations */
     MBT_SELECT, MBT_EXTEND, MBT_PASTE, /* `cooked' button designations */
-    MBT_WHEEL_UP, MBT_WHEEL_DOWN       /* mouse wheel */
+    MBT_WHEEL_UP, MBT_WHEEL_DOWN,      /* vertical mouse wheel */
+    MBT_WHEEL_LEFT, MBT_WHEEL_RIGHT    /* horizontal mouse wheel */
 } Mouse_Button;
 
 typedef enum {
-    MA_NOTHING, MA_CLICK, MA_2CLK, MA_3CLK, MA_DRAG, MA_RELEASE
+    MA_NOTHING, MA_CLICK, MA_2CLK, MA_3CLK, MA_DRAG, MA_RELEASE, MA_MOVE
 } Mouse_Action;
 
 /* Keyboard modifiers -- keys the user is actually holding down */
@@ -2028,6 +2029,7 @@ NORETURN void cleanup_exit(int);
     X(INT, NONE, sshbug_chanreq) \
     X(INT, NONE, sshbug_dropstart) \
     X(INT, NONE, sshbug_filter_kexinit) \
+    X(INT, NONE, sshbug_rsa_sha2_cert_userauth) \
     /*                                                                \
      * ssh_simple means that we promise never to open any channel     \
      * other than the main one, which means it can safely use a very  \
diff --git a/code/settings.c b/code/settings.c
index f78ea301..02922633 100644
--- a/code/settings.c
+++ b/code/settings.c
@@ -693,12 +693,12 @@ void save_open_settings(settings_w *sesskey, Conf *conf)
     write_setting_b(sesskey, "BellOverload", conf_get_bool(conf, CONF_bellovl));
     write_setting_i(sesskey, "BellOverloadN", conf_get_int(conf, CONF_bellovl_n));
     write_setting_i(sesskey, "BellOverloadT", conf_get_int(conf, CONF_bellovl_t)
-#ifdef PUTTY_UNIX_H
+#ifdef PUTTY_UNIX_PLATFORM_H
                     * 1000
 #endif
                     );
     write_setting_i(sesskey, "BellOverloadS", conf_get_int(conf, CONF_bellovl_s)
-#ifdef PUTTY_UNIX_H
+#ifdef PUTTY_UNIX_PLATFORM_H
                     * 1000
 #endif
                     );
@@ -792,6 +792,7 @@ void save_open_settings(settings_w *sesskey, Conf *conf)
     write_setting_i(sesskey, "BugOldGex2", 2-conf_get_int(conf, CONF_sshbug_oldgex2));
     write_setting_i(sesskey, "BugWinadj", 2-conf_get_int(conf, CONF_sshbug_winadj));
     write_setting_i(sesskey, "BugChanReq", 2-conf_get_int(conf, CONF_sshbug_chanreq));
+    write_setting_i(sesskey, "BugRSASHA2CertUserauth", 2-conf_get_int(conf, CONF_sshbug_rsa_sha2_cert_userauth));
     write_setting_i(sesskey, "BugDropStart", 2-conf_get_int(conf, CONF_sshbug_dropstart));
     write_setting_i(sesskey, "BugFilterKexinit", 2-conf_get_int(conf, CONF_sshbug_filter_kexinit));
     write_setting_b(sesskey, "StampUtmp", conf_get_bool(conf, CONF_stamp_utmp));
@@ -1135,22 +1136,22 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
     gppb(sesskey, "BellOverload", true, conf, CONF_bellovl);
     gppi(sesskey, "BellOverloadN", 5, conf, CONF_bellovl_n);
     i = gppi_raw(sesskey, "BellOverloadT", 2*TICKSPERSEC
-#ifdef PUTTY_UNIX_H
+#ifdef PUTTY_UNIX_PLATFORM_H
                                    *1000
 #endif
                                    );
     conf_set_int(conf, CONF_bellovl_t, i
-#ifdef PUTTY_UNIX_H
+#ifdef PUTTY_UNIX_PLATFORM_H
                  / 1000
 #endif
                  );
     i = gppi_raw(sesskey, "BellOverloadS", 5*TICKSPERSEC
-#ifdef PUTTY_UNIX_H
+#ifdef PUTTY_UNIX_PLATFORM_H
                                    *1000
 #endif
                                    );
     conf_set_int(conf, CONF_bellovl_s, i
-#ifdef PUTTY_UNIX_H
+#ifdef PUTTY_UNIX_PLATFORM_H
                  / 1000
 #endif
                  );
@@ -1282,6 +1283,7 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
     i = gppi_raw(sesskey, "BugOldGex2", 0); conf_set_int(conf, CONF_sshbug_oldgex2, 2-i);
     i = gppi_raw(sesskey, "BugWinadj", 0); conf_set_int(conf, CONF_sshbug_winadj, 2-i);
     i = gppi_raw(sesskey, "BugChanReq", 0); conf_set_int(conf, CONF_sshbug_chanreq, 2-i);
+    i = gppi_raw(sesskey, "BugRSASHA2CertUserauth", 0); conf_set_int(conf, CONF_sshbug_rsa_sha2_cert_userauth, 2-i);
     i = gppi_raw(sesskey, "BugDropStart", 1); conf_set_int(conf, CONF_sshbug_dropstart, 2-i);
     i = gppi_raw(sesskey, "BugFilterKexinit", 1); conf_set_int(conf, CONF_sshbug_filter_kexinit, 2-i);
     conf_set_bool(conf, CONF_ssh_simple, false);
diff --git a/code/sign.sh b/code/sign.sh
index b40c2d47..06e1c17f 100644
--- a/code/sign.sh
+++ b/code/sign.sh
@@ -9,14 +9,14 @@
 
 set -e
 
-keyname=B43979F89F446CFD
+keyname=10625E553F53FAAD
 preliminary=false
 
 while :; do
     case "$1" in
         -r)
             shift
-            keyname=E4F83EA2AA4915EC
+            keyname=1993D21BCAD1AA77
             ;;
         -p)
             shift
diff --git a/code/ssh.h b/code/ssh.h
index 003e77e6..b34d764d 100644
--- a/code/ssh.h
+++ b/code/ssh.h
@@ -1223,6 +1223,7 @@ extern const ssh2_macalg ssh_hmac_sha1_buggy;
 extern const ssh2_macalg ssh_hmac_sha1_96;
 extern const ssh2_macalg ssh_hmac_sha1_96_buggy;
 extern const ssh2_macalg ssh_hmac_sha256;
+extern const ssh2_macalg ssh_hmac_sha512;
 extern const ssh2_macalg ssh2_poly1305;
 extern const ssh2_macalg ssh2_aesgcm_mac;
 extern const ssh2_macalg ssh2_aesgcm_mac_sw;
@@ -1899,6 +1900,7 @@ void old_keyfile_warning(void);
     X(BUG_SENDS_LATE_REQUEST_REPLY)             \
     X(BUG_SSH2_OLDGEX)                          \
     X(BUG_REQUIRES_FILTERED_KEXINIT)            \
+    X(BUG_RSA_SHA2_CERT_USERAUTH)               \
     /* end of list */
 #define TMP_DECLARE_LOG2_ENUM(thing) log2_##thing,
 enum { SSH_IMPL_BUG_LIST(TMP_DECLARE_LOG2_ENUM) };
diff --git a/code/ssh/common.c b/code/ssh/common.c
index a1b4d77d..ad2d4632 100644
--- a/code/ssh/common.c
+++ b/code/ssh/common.c
@@ -742,6 +742,10 @@ size_t ssh_ppl_default_queued_data_size(PacketProtocolLayer *ppl)
     return ppl->out_pq->pqb.total_size;
 }
 
+void ssh_ppl_default_final_output(PacketProtocolLayer *ppl)
+{
+}
+
 static void ssh_ppl_prompts_callback(void *ctx)
 {
     ssh_ppl_process_queue((PacketProtocolLayer *)ctx);
@@ -1023,6 +1027,12 @@ SeatPromptResult verify_ssh_host_key(
             text, SDT_PARA, "If you trust this host, %s to add the key to "
             "%s's cache and carry on connecting.",
             pds->hk_accept_action, appname);
+        if (key && ssh_key_alg(key)->is_certificate) {
+            seat_dialog_text_append(
+                text, SDT_PARA, "(Storing this certified key in the cache "
+                "will NOT cause its certification authority to be trusted "
+                "for any other key or host.)");
+        }
         seat_dialog_text_append(
             text, SDT_PARA, "If you want to carry on connecting just once, "
             "without adding the key to the cache, %s.",
diff --git a/code/ssh/connection1.c b/code/ssh/connection1.c
index 0b5485f8..7204450a 100644
--- a/code/ssh/connection1.c
+++ b/code/ssh/connection1.c
@@ -40,6 +40,7 @@ static const PacketProtocolLayerVtable ssh1_connection_vtable = {
     .special_cmd = ssh1_connection_special_cmd,
     .reconfigure = ssh1_connection_reconfigure,
     .queued_data_size = ssh_ppl_default_queued_data_size,
+    .final_output = ssh_ppl_default_final_output,
     .name = NULL, /* no layer names in SSH-1 */
 };
 
diff --git a/code/ssh/connection2.c b/code/ssh/connection2.c
index 77b8d0ec..b08dab5f 100644
--- a/code/ssh/connection2.c
+++ b/code/ssh/connection2.c
@@ -27,6 +27,7 @@ static const PacketProtocolLayerVtable ssh2_connection_vtable = {
     .special_cmd = ssh2_connection_special_cmd,
     .reconfigure = ssh2_connection_reconfigure,
     .queued_data_size = ssh_ppl_default_queued_data_size,
+    .final_output = ssh_ppl_default_final_output,
     .name = "ssh-connection",
 };
 
diff --git a/code/ssh/login1-server.c b/code/ssh/login1-server.c
index d01c7f4c..661a4a17 100644
--- a/code/ssh/login1-server.c
+++ b/code/ssh/login1-server.c
@@ -61,6 +61,7 @@ static const PacketProtocolLayerVtable ssh1_login_server_vtable = {
     .special_cmd = ssh1_login_server_special_cmd,
     .reconfigure = ssh1_login_server_reconfigure,
     .queued_data_size = ssh_ppl_default_queued_data_size,
+    .final_output = ssh_ppl_default_final_output,
     .name = NULL, /* no layer names in SSH-1 */
 };
 
diff --git a/code/ssh/login1.c b/code/ssh/login1.c
index 52aaea0b..aa731848 100644
--- a/code/ssh/login1.c
+++ b/code/ssh/login1.c
@@ -81,6 +81,7 @@ static const PacketProtocolLayerVtable ssh1_login_vtable = {
     .special_cmd = ssh1_login_special_cmd,
     .reconfigure = ssh1_login_reconfigure,
     .queued_data_size = ssh_ppl_default_queued_data_size,
+    .final_output = ssh_ppl_default_final_output,
     .name = NULL, /* no layer names in SSH-1 */
 };
 
diff --git a/code/ssh/ppl.h b/code/ssh/ppl.h
index 78b08efa..cb9e044d 100644
--- a/code/ssh/ppl.h
+++ b/code/ssh/ppl.h
@@ -19,6 +19,7 @@ struct PacketProtocolLayerVtable {
         PacketProtocolLayer *ppl, SessionSpecialCode code, int arg);
     void (*reconfigure)(PacketProtocolLayer *ppl, Conf *conf);
     size_t (*queued_data_size)(PacketProtocolLayer *ppl);
+    void (*final_output)(PacketProtocolLayer *ppl);
 
     /* Protocol-level name of this layer. */
     const char *name;
@@ -68,6 +69,8 @@ static inline void ssh_ppl_reconfigure(PacketProtocolLayer *ppl, Conf *conf)
 { ppl->vt->reconfigure(ppl, conf); }
 static inline size_t ssh_ppl_queued_data_size(PacketProtocolLayer *ppl)
 { return ppl->vt->queued_data_size(ppl); }
+static inline void ssh_ppl_final_output(PacketProtocolLayer *ppl)
+{ ppl->vt->final_output(ppl); }
 
 static inline InteractionReadySeat ppl_get_iseat(PacketProtocolLayer *ppl)
 { return interactor_announce(ppl->interactor); }
@@ -93,6 +96,9 @@ void ssh_ppl_replace(PacketProtocolLayer *old, PacketProtocolLayer *new);
  * has other things to take into account as well. */
 size_t ssh_ppl_default_queued_data_size(PacketProtocolLayer *ppl);
 
+/* Default implementation of final_output which outputs nothing. */
+void ssh_ppl_default_final_output(PacketProtocolLayer *ppl);
+
 PacketProtocolLayer *ssh1_login_new(
     Conf *conf, const char *host, int port,
     PacketProtocolLayer *successor_layer);
diff --git a/code/ssh/sesschan.c b/code/ssh/sesschan.c
index 9776eaf2..cb5f0af1 100644
--- a/code/ssh/sesschan.c
+++ b/code/ssh/sesschan.c
@@ -425,7 +425,8 @@ bool sesschan_enable_x11_forwarding(
         const unsigned char *hex = authdata_hex.ptr;
         char hexbuf[3];
 
-        if (!isxdigit(hex[i]) || !isxdigit(hex[i+1])) {
+        if (!isxdigit((unsigned char)hex[i]) ||
+            !isxdigit((unsigned char)hex[i+1])) {
             strbuf_free(authdata_bin);
             return false;              /* not hex */
         }
diff --git a/code/ssh/sharing.c b/code/ssh/sharing.c
index 97337229..7d338a3b 100644
--- a/code/ssh/sharing.c
+++ b/code/ssh/sharing.c
@@ -1770,7 +1770,7 @@ static void share_receive(Plug *plug, int urgent, const char *data, size_t len)
             char *buf = dupprintf("Version string far too long\n");
             share_disconnect(cs, buf);
             sfree(buf);
-            goto dead;
+            return;
         }
         cs->recvbuf[cs->recvlen++] = c;
     }
@@ -1785,7 +1785,7 @@ static void share_receive(Plug *plug, int urgent, const char *data, size_t len)
         char *buf = dupprintf("Version string did not have expected prefix\n");
         share_disconnect(cs, buf);
         sfree(buf);
-        goto dead;
+        return;
     }
     if (cs->recvlen > 0 && cs->recvbuf[cs->recvlen-1] == '\015')
         cs->recvlen--;                 /* trim off \r before \n */
@@ -1810,7 +1810,7 @@ static void share_receive(Plug *plug, int urgent, const char *data, size_t len)
                                   (unsigned)cs->curr_packetlen);
             share_disconnect(cs, buf);
             sfree(buf);
-            goto dead;
+            return;
         }
         while (cs->recvlen < cs->curr_packetlen) {
             crGetChar(c);
@@ -1821,7 +1821,6 @@ static void share_receive(Plug *plug, int urgent, const char *data, size_t len)
                                       cs->recvbuf + 5, cs->recvlen - 5);
     }
 
-  dead:;
     crFinishV;
 }
 
diff --git a/code/ssh/ssh.c b/code/ssh/ssh.c
index 7a625971..2b610391 100644
--- a/code/ssh/ssh.c
+++ b/code/ssh/ssh.c
@@ -489,6 +489,9 @@ void ssh_remote_error(Ssh *ssh, const char *fmt, ...)
     if (ssh->base_layer || !ssh->session_started) {
         GET_FORMATTED_MSG;
 
+        if (ssh->base_layer)
+            ssh_ppl_final_output(ssh->base_layer);
+
         /* Error messages sent by the remote don't count as clean exits */
         ssh->exitcode = 128;
 
@@ -507,6 +510,9 @@ void ssh_remote_eof(Ssh *ssh, const char *fmt, ...)
     if (ssh->base_layer || !ssh->session_started) {
         GET_FORMATTED_MSG;
 
+        if (ssh->base_layer)
+            ssh_ppl_final_output(ssh->base_layer);
+
         /* EOF from the remote, if we were expecting it, does count as
          * a clean exit */
         ssh->exitcode = 0;
@@ -530,6 +536,9 @@ void ssh_proto_error(Ssh *ssh, const char *fmt, ...)
     if (ssh->base_layer || !ssh->session_started) {
         GET_FORMATTED_MSG;
 
+        if (ssh->base_layer)
+            ssh_ppl_final_output(ssh->base_layer);
+
         ssh->exitcode = 128;
 
         ssh_bpp_queue_disconnect(ssh->bpp, msg,
@@ -547,6 +556,9 @@ void ssh_sw_abort(Ssh *ssh, const char *fmt, ...)
     if (ssh->base_layer || !ssh->session_started) {
         GET_FORMATTED_MSG;
 
+        if (ssh->base_layer)
+            ssh_ppl_final_output(ssh->base_layer);
+
         ssh->exitcode = 128;
 
         ssh_initiate_connection_close(ssh);
@@ -564,6 +576,9 @@ void ssh_user_close(Ssh *ssh, const char *fmt, ...)
     if (ssh->base_layer || !ssh->session_started) {
         GET_FORMATTED_MSG;
 
+        if (ssh->base_layer)
+            ssh_ppl_final_output(ssh->base_layer);
+
         /* Closing the connection due to user action, even if the
          * action is the user aborting during authentication prompts,
          * does count as a clean exit - except that this is also how
@@ -1053,7 +1068,8 @@ static void ssh_reconfig(Backend *be, Conf *conf)
     if (ssh->pinger)
         pinger_reconfig(ssh->pinger, ssh->conf, conf);
 
-    ssh_ppl_reconfigure(ssh->base_layer, conf);
+    if (ssh->base_layer)
+        ssh_ppl_reconfigure(ssh->base_layer, conf);
 
     conf_free(ssh->conf);
     ssh->conf = conf_copy(conf);
diff --git a/code/ssh/transport2.c b/code/ssh/transport2.c
index ce6318aa..d1c255fc 100644
--- a/code/ssh/transport2.c
+++ b/code/ssh/transport2.c
@@ -20,7 +20,8 @@ const struct ssh_signkey_with_user_pref_id ssh2_hostkey_algs[] = {
 };
 
 const static ssh2_macalg *const macs[] = {
-    &ssh_hmac_sha256, &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5
+    &ssh_hmac_sha256, &ssh_hmac_sha512,
+    &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5
 };
 const static ssh2_macalg *const buggymacs[] = {
     &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5
@@ -79,6 +80,7 @@ static size_t ssh2_transport_queued_data_size(PacketProtocolLayer *ppl);
 static void ssh2_transport_set_max_data_size(struct ssh2_transport_state *s);
 static unsigned long sanitise_rekey_time(int rekey_time, unsigned long def);
 static void ssh2_transport_higher_layer_packet_callback(void *context);
+static void ssh2_transport_final_output(PacketProtocolLayer *ppl);
 
 static const PacketProtocolLayerVtable ssh2_transport_vtable = {
     .free = ssh2_transport_free,
@@ -87,6 +89,7 @@ static const PacketProtocolLayerVtable ssh2_transport_vtable = {
     .special_cmd = ssh2_transport_special_cmd,
     .reconfigure = ssh2_transport_reconfigure,
     .queued_data_size = ssh2_transport_queued_data_size,
+    .final_output = ssh2_transport_final_output,
     .name = NULL, /* no protocol name for this layer */
 };
 
@@ -2405,3 +2408,11 @@ static size_t ssh2_transport_queued_data_size(PacketProtocolLayer *ppl)
     return (ssh_ppl_default_queued_data_size(ppl) +
             ssh_ppl_queued_data_size(s->higher_layer));
 }
+
+static void ssh2_transport_final_output(PacketProtocolLayer *ppl)
+{
+    struct ssh2_transport_state *s =
+        container_of(ppl, struct ssh2_transport_state, ppl);
+
+    ssh_ppl_final_output(s->higher_layer);
+}
diff --git a/code/ssh/userauth2-client.c b/code/ssh/userauth2-client.c
index 8a6b72a6..7491a453 100644
--- a/code/ssh/userauth2-client.c
+++ b/code/ssh/userauth2-client.c
@@ -135,6 +135,11 @@ static bool ssh2_userauth_ki_setup_prompts(
 static bool ssh2_userauth_ki_run_prompts(struct ssh2_userauth_state *s);
 static void ssh2_userauth_ki_write_responses(
     struct ssh2_userauth_state *s, BinarySink *bs);
+static void ssh2_userauth_final_output(PacketProtocolLayer *ppl);
+
+static void ssh2_userauth_print_banner(struct ssh2_userauth_state *s);
+static ptrlen workaround_rsa_sha2_cert_userauth(
+    struct ssh2_userauth_state *s, ptrlen id);
 
 static const PacketProtocolLayerVtable ssh2_userauth_vtable = {
     .free = ssh2_userauth_free,
@@ -143,6 +148,7 @@ static const PacketProtocolLayerVtable ssh2_userauth_vtable = {
     .special_cmd = ssh2_userauth_special_cmd,
     .reconfigure = ssh2_userauth_reconfigure,
     .queued_data_size = ssh_ppl_default_queued_data_size,
+    .final_output = ssh2_userauth_final_output,
     .name = "ssh-userauth",
 };
 
@@ -243,33 +249,38 @@ static void ssh2_userauth_free(PacketProtocolLayer *ppl)
     sfree(s);
 }
 
+static void ssh2_userauth_handle_banner_packet(struct ssh2_userauth_state *s,
+                                               PktIn *pktin)
+{
+    if (!s->show_banner)
+        return;
+
+    ptrlen string = get_string(pktin);
+    if (string.len > BANNER_LIMIT - bufchain_size(&s->banner))
+        string.len = BANNER_LIMIT - bufchain_size(&s->banner);
+
+    if (!s->banner_scc_initialised) {
+        s->banner_scc = seat_stripctrl_new(
+            s->ppl.seat, BinarySink_UPCAST(&s->banner_bs), SIC_BANNER);
+        if (s->banner_scc)
+            stripctrl_enable_line_limiting(s->banner_scc);
+        s->banner_scc_initialised = true;
+    }
+
+    if (s->banner_scc)
+        put_datapl(s->banner_scc, string);
+    else
+        put_datapl(&s->banner_bs, string);
+}
+
 static void ssh2_userauth_filter_queue(struct ssh2_userauth_state *s)
 {
     PktIn *pktin;
-    ptrlen string;
 
     while ((pktin = pq_peek(s->ppl.in_pq)) != NULL) {
         switch (pktin->type) {
           case SSH2_MSG_USERAUTH_BANNER:
-            if (!s->show_banner) {
-                pq_pop(s->ppl.in_pq);
-                break;
-            }
-
-            string = get_string(pktin);
-            if (string.len > BANNER_LIMIT - bufchain_size(&s->banner))
-                string.len = BANNER_LIMIT - bufchain_size(&s->banner);
-            if (!s->banner_scc_initialised) {
-                s->banner_scc = seat_stripctrl_new(
-                    s->ppl.seat, BinarySink_UPCAST(&s->banner_bs), SIC_BANNER);
-                if (s->banner_scc)
-                    stripctrl_enable_line_limiting(s->banner_scc);
-                s->banner_scc_initialised = true;
-            }
-            if (s->banner_scc)
-                put_datapl(s->banner_scc, string);
-            else
-                put_datapl(&s->banner_bs, string);
+            ssh2_userauth_handle_banner_packet(s, pktin);
             pq_pop(s->ppl.in_pq);
             break;
 
@@ -840,35 +851,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
              * point, but we still need to precede and follow it with
              * anti-spoofing header lines.
              */
-            if (bufchain_size(&s->banner) &&
-                (seat_verbose(s->ppl.seat) || seat_interactive(s->ppl.seat))) {
-                if (s->banner_scc) {
-                    seat_antispoof_msg(
-                        ppl_get_iseat(&s->ppl),
-                        "Pre-authentication banner message from server:");
-                    seat_set_trust_status(s->ppl.seat, false);
-                }
-
-                bool mid_line = false;
-                while (bufchain_size(&s->banner) > 0) {
-                    ptrlen data = bufchain_prefix(&s->banner);
-                    seat_banner_pl(ppl_get_iseat(&s->ppl), data);
-                    mid_line =
-                        (((const char *)data.ptr)[data.len-1] != '\n');
-                    bufchain_consume(&s->banner, data.len);
-                }
-                bufchain_clear(&s->banner);
-
-                if (mid_line)
-                    seat_banner_pl(ppl_get_iseat(&s->ppl),
-                                   PTRLEN_LITERAL("\r\n"));
-
-                if (s->banner_scc) {
-                    seat_set_trust_status(s->ppl.seat, true);
-                    seat_antispoof_msg(ppl_get_iseat(&s->ppl),
-                                       "End of banner message from server");
-                }
-            }
+            ssh2_userauth_print_banner(s);
 
             if (pktin && pktin->type == SSH2_MSG_USERAUTH_SUCCESS) {
                 ppl_logevent("Access granted");
@@ -2106,6 +2089,39 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
     crFinishV;
 }
 
+static void ssh2_userauth_print_banner(struct ssh2_userauth_state *s)
+{
+    if (bufchain_size(&s->banner) &&
+        (seat_verbose(s->ppl.seat) || seat_interactive(s->ppl.seat))) {
+        if (s->banner_scc) {
+            seat_antispoof_msg(
+                ppl_get_iseat(&s->ppl),
+                "Pre-authentication banner message from server:");
+            seat_set_trust_status(s->ppl.seat, false);
+        }
+
+        bool mid_line = false;
+        while (bufchain_size(&s->banner) > 0) {
+            ptrlen data = bufchain_prefix(&s->banner);
+            seat_banner_pl(ppl_get_iseat(&s->ppl), data);
+            mid_line =
+                (((const char *)data.ptr)[data.len-1] != '\n');
+            bufchain_consume(&s->banner, data.len);
+        }
+        bufchain_clear(&s->banner);
+
+        if (mid_line)
+            seat_banner_pl(ppl_get_iseat(&s->ppl),
+                           PTRLEN_LITERAL("\r\n"));
+
+        if (s->banner_scc) {
+            seat_set_trust_status(s->ppl.seat, true);
+            seat_antispoof_msg(ppl_get_iseat(&s->ppl),
+                               "End of banner message from server");
+        }
+    }
+}
+
 static bool ssh2_userauth_ki_setup_prompts(
     struct ssh2_userauth_state *s, BinarySource *src, bool plugin)
 {
@@ -2384,7 +2400,28 @@ static void ssh2_userauth_add_alg_and_publickey(
             ppl_logevent("Sending public key with certificate from \"%s\"",
                          filename_to_str(s->detached_cert_file));
         }
-        put_stringz(pkt, ssh_keyalg_related_alg(certalg, pkalg)->ssh_id);
+        {
+            /* Strip off any existing certificate-nature from pkalg,
+             * for the case where we're replacing a cert embedded in
+             * the key with the detached one. The second argument of
+             * ssh_keyalg_related_alg is expected to be one of the
+             * bare key algorithms, or nothing useful will happen. */
+            const ssh_keyalg *pkalg_base =
+                pkalg->base_alg ? pkalg->base_alg : pkalg;
+
+            /* Construct an algorithm string that includes both the
+             * signature subtype (e.g. rsa-sha2-512) and the
+             * certificate-ness. Exception: in earlier versions of
+             * OpenSSH we don't want to do that, and must send just
+             * ssh-rsa-cert-... even when we're delivering a non-SHA-1
+             * signature. */
+            const ssh_keyalg *output_alg =
+                ssh_keyalg_related_alg(certalg, pkalg_base);
+            ptrlen output_id = ptrlen_from_asciz(output_alg->ssh_id);
+            output_id = workaround_rsa_sha2_cert_userauth(s, output_id);
+
+            put_stringpl(pkt, output_id);
+        }
         put_stringpl(pkt, ptrlen_from_strbuf(s->detached_cert_blob));
         done = true;
         goto out;
@@ -2430,11 +2467,30 @@ static void ssh2_userauth_add_alg_and_publickey(
             return;
     }
 
-    /* In all other cases, just put in what we were given. */
+    /* In all other cases, basically just put in what we were given -
+     * except for the same bug workaround as above. */
+    alg = workaround_rsa_sha2_cert_userauth(s, alg);
     put_stringpl(pkt, alg);
     put_stringpl(pkt, pkblob);
 }
 
+static ptrlen workaround_rsa_sha2_cert_userauth(
+    struct ssh2_userauth_state *s, ptrlen id)
+{
+    if (!(s->ppl.remote_bugs & BUG_RSA_SHA2_CERT_USERAUTH))
+        return id;
+    /*
+     * No need to try to do this in a general way based on the
+     * relations between ssh_keyalgs; we know there are a limited
+     * number of affected versions of OpenSSH, so this doesn't have to
+     * be futureproof against later additions to the family.
+     */
+    if (ptrlen_eq_string(id, "rsa-sha2-256-cert-v01@openssh.com") ||
+        ptrlen_eq_string(id, "rsa-sha2-512-cert-v01@openssh.com"))
+        return PTRLEN_LITERAL("ssh-rsa-cert-v01@openssh.com");
+    return id;
+}
+
 /*
  * Helper function to add an SSH-2 signature blob to a packet. Expects
  * to be shown the public key blob as well as the signature blob.
@@ -2563,3 +2619,23 @@ static void ssh2_userauth_reconfigure(PacketProtocolLayer *ppl, Conf *conf)
         container_of(ppl, struct ssh2_userauth_state, ppl);
     ssh_ppl_reconfigure(s->successor_layer, conf);
 }
+
+static void ssh2_userauth_final_output(PacketProtocolLayer *ppl)
+{
+    struct ssh2_userauth_state *s =
+        container_of(ppl, struct ssh2_userauth_state, ppl);
+
+    /*
+     * Check for any unconsumed banner packets that might have landed
+     * in our queue just before the server closed the connection, and
+     * add them to our banner buffer.
+     */
+    for (PktIn *pktin = pq_first(s->ppl.in_pq); pktin != NULL;
+         pktin = pq_next(s->ppl.in_pq, pktin)) {
+        if (pktin->type == SSH2_MSG_USERAUTH_BANNER)
+            ssh2_userauth_handle_banner_packet(s, pktin);
+    }
+
+    /* And now make sure we've shown the banner, before exiting */
+    ssh2_userauth_print_banner(s);
+}
diff --git a/code/ssh/userauth2-server.c b/code/ssh/userauth2-server.c
index bfe258ce..7e231a8e 100644
--- a/code/ssh/userauth2-server.c
+++ b/code/ssh/userauth2-server.c
@@ -42,6 +42,7 @@ static const PacketProtocolLayerVtable ssh2_userauth_server_vtable = {
     .free = ssh2_userauth_server_free,
     .process_queue = ssh2_userauth_server_process_queue,
     .queued_data_size = ssh_ppl_default_queued_data_size,
+    .final_output = ssh_ppl_default_final_output,
     .name = "ssh-userauth",
     /* other methods are NULL */
 };
diff --git a/code/ssh/verstring.c b/code/ssh/verstring.c
index aa4c2c20..b63810ef 100644
--- a/code/ssh/verstring.c
+++ b/code/ssh/verstring.c
@@ -612,6 +612,28 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
         bpp_logevent("We believe remote version requires us to "
                      "filter our KEXINIT");
     }
+
+    if (conf_get_int(s->conf, CONF_sshbug_rsa_sha2_cert_userauth) == FORCE_ON ||
+        (conf_get_int(s->conf, CONF_sshbug_rsa_sha2_cert_userauth) == AUTO &&
+         (wc_match("OpenSSH_7.[2-7]*", imp)))) {
+        /*
+         * These versions have the bug in which using RSA/SHA-2
+         * authentication with a certified key requires the key
+         * algorithm to be sent as ssh-rsa-cert-... instead of
+         * rsa-sha2-NNN-cert-...
+         *
+         * OpenSSH 7.8 wants rsa-sha2-NNN-cert-...:
+         * https://github.com/openssh/openssh-portable/commit/4ba0d54794814ec0de1ec87987d0c3b89379b436
+         * (also labelled "OpenBSD-Commit-ID:
+         * c6e9f6d45eed8962ad502d315d7eaef32c419dde")
+         *
+         * OpenSSH 7.2 was the first release supporting RSA/SHA-2
+         * at all, so this bug is irrelevant to anything before that.
+         */
+        s->remote_bugs |= BUG_RSA_SHA2_CERT_USERAUTH;
+        bpp_logevent("We believe remote version has SSH-2 "
+                     "RSA/SHA-2/certificate userauth bug");
+    }
 }
 
 const char *ssh_verstring_get_remote(BinaryPacketProtocol *bpp)
diff --git a/code/ssh/x11fwd.c b/code/ssh/x11fwd.c
index c5698f9b..c0ae59f1 100644
--- a/code/ssh/x11fwd.c
+++ b/code/ssh/x11fwd.c
@@ -168,10 +168,10 @@ int x11_authcmp(void *av, void *bv)
 
 #define XDM_MAXSKEW 20*60      /* 20 minute clock skew should be OK */
 
-static const char *x11_verify(unsigned long peer_ip, int peer_port,
-                              tree234 *authtree, char *proto,
-                              unsigned char *data, int dlen,
-                              struct X11FakeAuth **auth_ret)
+static char *x11_verify(unsigned long peer_ip, int peer_port,
+                        tree234 *authtree, char *proto,
+                        unsigned char *data, int dlen,
+                        struct X11FakeAuth **auth_ret)
 {
     struct X11FakeAuth match_dummy;    /* for passing to find234 */
     struct X11FakeAuth *auth;
@@ -197,12 +197,21 @@ static const char *x11_verify(unsigned long peer_ip, int peer_port,
          */
         match_dummy.proto = X11_XDM;
         match_dummy.xa1_firstblock = data;
+    } else if (!proto[0]) {
+        /*
+         * If the user has attempted to connect to the forwarded X
+         * display with no authority at all, we can give a better
+         * error message than the generic "unsupported protocol". We
+         * at least _recognise_ the null auth protocol, even if we
+         * don't _accept_ it.
+         */
+        return dupstr("No authorisation provided");
     } else {
-        return "Unsupported authorisation protocol";
+        return dupprintf("Unsupported authorisation protocol '%s'", proto);
     }
 
     if ((auth = find234(authtree, &match_dummy, 0)) == NULL)
-        return "Authorisation not recognised";
+        return dupstr("Authorisation not recognised");
 
     /*
      * If we're using MIT-MAGIC-COOKIE-1, that was all we needed. If
@@ -216,24 +225,34 @@ static const char *x11_verify(unsigned long peer_ip, int peer_port,
         struct XDMSeen *seen, *ret;
 
         if (dlen != 24)
-            return "XDM-AUTHORIZATION-1 data was wrong length";
+            return dupprintf("XDM-AUTHORIZATION-1 data was wrong length "
+                             "(%d, expected 24)", dlen);
         if (peer_port == -1)
-            return "cannot do XDM-AUTHORIZATION-1 without remote address data";
+            return dupstr("cannot do XDM-AUTHORIZATION-1 without remote "
+                          "address data");
         des_decrypt_xdmauth(auth->data+9, data, 24);
-        if (memcmp(auth->data, data, 8) != 0)
-            return "XDM-AUTHORIZATION-1 data failed check"; /* cookie wrong */
-        if (GET_32BIT_MSB_FIRST(data+8) != peer_ip)
-            return "XDM-AUTHORIZATION-1 data failed check";   /* IP wrong */
-        if ((int)GET_16BIT_MSB_FIRST(data+12) != peer_port)
-            return "XDM-AUTHORIZATION-1 data failed check";   /* port wrong */
-        t = GET_32BIT_MSB_FIRST(data+14);
+
+        /* Bitwise-OR together any mismatches in the fixed parts of
+         * the data, to allow checking it all at once */
+        uint32_t mismatches = 0;
+        /* Check non-key half of auth cookie */
+        for (i = 0; i < 8; i++)
+            mismatches |= auth->data[i] ^ data[i];
+        /* Check IP address and port */
+        mismatches |= GET_32BIT_MSB_FIRST(data+8) ^ peer_ip;
+        mismatches |= (unsigned short)(GET_16BIT_MSB_FIRST(data+12) ^
+                                       peer_port);
+        /* Check zero padding */
         for (i = 18; i < 24; i++)
-            if (data[i] != 0)          /* zero padding wrong */
-                return "XDM-AUTHORIZATION-1 data failed check";
+            mismatches |= data[i];
+        if (mismatches)
+            return dupstr("XDM-AUTHORIZATION-1 data failed check");
+
+        t = GET_32BIT_MSB_FIRST(data+14);
         tim = time(NULL);
         if (((unsigned long)t - (unsigned long)tim
              + XDM_MAXSKEW) > 2*XDM_MAXSKEW)
-            return "XDM-AUTHORIZATION-1 time stamp was too far out";
+            return dupstr("XDM-AUTHORIZATION-1 time stamp was too far out");
         seen = snew(struct XDMSeen);
         seen->time = t;
         memcpy(seen->clientid, data+8, 6);
@@ -241,7 +260,7 @@ static const char *x11_verify(unsigned long peer_ip, int peer_port,
         ret = add234(auth->xdmseen, seen);
         if (ret != seen) {
             sfree(seen);
-            return "XDM-AUTHORIZATION-1 data replayed";
+            return dupstr("XDM-AUTHORIZATION-1 data replayed");
         }
         /* While we're here, purge entries too old to be replayed. */
         for (;;) {
@@ -504,6 +523,7 @@ static size_t x11_send(
      */
     if (!xconn->verified) {
         const char *err;
+        char *errmut;
         struct X11FakeAuth *auth_matched = NULL;
         unsigned long peer_ip;
         int peer_port;
@@ -529,11 +549,12 @@ static size_t x11_send(
         else
             peer_port = -1; /* signal no peer address data available */
 
-        err = x11_verify(peer_ip, peer_port,
-                         xconn->authtree, xconn->auth_protocol,
-                         xconn->auth_data, xconn->auth_dlen, &auth_matched);
-        if (err) {
-            x11_send_init_error(xconn, err);
+        errmut = x11_verify(peer_ip, peer_port,
+                            xconn->authtree, xconn->auth_protocol,
+                            xconn->auth_data, xconn->auth_dlen, &auth_matched);
+        if (errmut) {
+            x11_send_init_error(xconn, errmut);
+            sfree(errmut);
             return 0;
         }
         assert(auth_matched);
diff --git a/code/sshpubk.c b/code/sshpubk.c
index 1e34b790..699d508e 100644
--- a/code/sshpubk.c
+++ b/code/sshpubk.c
@@ -519,24 +519,18 @@ static char *read_body(BinarySource *src)
 
 static bool read_blob(BinarySource *src, int nlines, BinarySink *bs)
 {
-    unsigned char *blob;
     char *line;
     int linelen;
     int i, j, k;
 
     /* We expect at most 64 base64 characters, ie 48 real bytes, per line. */
-    assert(nlines < MAX_KEY_BLOB_LINES);
-    blob = snewn(48 * nlines, unsigned char);
 
     for (i = 0; i < nlines; i++) {
         line = read_body(src);
-        if (!line) {
-            sfree(blob);
+        if (!line)
             return false;
-        }
         linelen = strlen(line);
         if (linelen % 4 != 0 || linelen > 64) {
-            sfree(blob);
             sfree(line);
             return false;
         }
@@ -545,14 +539,12 @@ static bool read_blob(BinarySource *src, int nlines, BinarySink *bs)
             k = base64_decode_atom(line + j, decoded);
             if (!k) {
                 sfree(line);
-                sfree(blob);
                 return false;
             }
             put_data(bs, decoded, k);
         }
         sfree(line);
     }
-    sfree(blob);
     return true;
 }
 
diff --git a/code/terminal/terminal.c b/code/terminal/terminal.c
index 37fa3513..c5af4dc6 100644
--- a/code/terminal/terminal.c
+++ b/code/terminal/terminal.c
@@ -398,6 +398,8 @@ static void move_termchar(termline *line, termchar *dest, termchar *src)
 #endif
 }
 
+#ifndef NO_SCROLLBACK_COMPRESSION
+
 /*
  * Compress and decompress a termline into an RLE-based format for
  * storing in scrollback. (Since scrollback almost never needs to
@@ -688,11 +690,12 @@ static void makeliteral_cc(strbuf *b, termchar *c, unsigned long *state)
 
 typedef struct compressed_scrollback_line {
     size_t len;
+    /* compressed data follows after this */
 } compressed_scrollback_line;
 
-static termline *decompressline(compressed_scrollback_line *line);
+static termline *decompressline_no_free(compressed_scrollback_line *line);
 
-static compressed_scrollback_line *compressline(termline *ldata)
+static compressed_scrollback_line *compressline_no_free(termline *ldata)
 {
     strbuf *b = strbuf_new();
 
@@ -768,7 +771,7 @@ static compressed_scrollback_line *compressline(termline *ldata)
         printf("\n");
 #endif
 
-        dcl = decompressline(line);
+        dcl = decompressline_no_free(line);
         assert(ldata->cols == dcl->cols);
         assert(ldata->lattr == dcl->lattr);
         for (i = 0; i < ldata->cols; i++)
@@ -788,6 +791,13 @@ static compressed_scrollback_line *compressline(termline *ldata)
     return line;
 }
 
+static compressed_scrollback_line *compressline_and_free(termline *ldata)
+{
+    compressed_scrollback_line *cline = compressline_no_free(ldata);
+    freetermline(ldata);
+    return cline;
+}
+
 static void readrle(BinarySource *bs, termline *ldata,
                     void (*readliteral)(BinarySource *bs, termchar *c,
                                         termline *ldata, unsigned long *state))
@@ -921,7 +931,7 @@ static void readliteral_cc(BinarySource *bs, termchar *c, termline *ldata,
     }
 }
 
-static termline *decompressline(compressed_scrollback_line *line)
+static termline *decompressline_no_free(compressed_scrollback_line *line)
 {
     int ncols, byte, shift;
     BinarySource bs[1];
@@ -988,6 +998,66 @@ static termline *decompressline(compressed_scrollback_line *line)
     return ldata;
 }
 
+static inline void free_compressed_line(compressed_scrollback_line *cline)
+{
+    sfree(cline);
+}
+
+static termline *decompressline_and_free(compressed_scrollback_line *cline)
+{
+    termline *ldata = decompressline_no_free(cline);
+    free_compressed_line(cline);
+    return ldata;
+}
+
+#else /* NO_SCROLLBACK_COMPRESSION */
+
+static termline *duptermline(termline *oldline)
+{
+    termline *newline = snew(termline);
+    *newline = *oldline;               /* copy the POD structure fields */
+    newline->chars = snewn(newline->size, termchar);
+    for (int j = 0; j < newline->size; j++)
+        newline->chars[j] = oldline->chars[j];
+    return newline;
+}
+
+typedef termline compressed_scrollback_line;
+
+static inline compressed_scrollback_line *compressline_and_free(
+    termline *ldata)
+{
+    return ldata;
+}
+
+static inline compressed_scrollback_line *compressline_no_free(termline *ldata)
+{
+    return duptermline(ldata);
+}
+
+static inline termline *decompressline_no_free(
+    compressed_scrollback_line *line)
+{
+    /* This will return a line without the 'temporary' flag, which
+     * means that unlineptr() is already set up to avoid freeing it */
+    return line;
+}
+
+static inline termline *decompressline_and_free(
+    compressed_scrollback_line *line)
+{
+    /* Same as decompressline_no_free, because the caller will free
+     * our returned termline, and that does all the freeing necessary */
+    return line;
+}
+
+static inline void free_compressed_line(compressed_scrollback_line *line)
+{
+    freetermline(line);
+}
+
+#endif /* NO_SCROLLBACK_COMPRESSION */
+
 /*
  * Resize a line to make it `cols' columns wide.
  */
@@ -1134,7 +1204,7 @@ static termline *lineptr(Terminal *term, int y, int lineno, int screen)
         compressed_scrollback_line *cline = index234(whichtree, treeindex);
         if (!cline)
             null_line_error(term, y, lineno, whichtree, treeindex, "cline");
-        line = decompressline(cline);
+        line = decompressline_no_free(cline);
     } else {
         line = index234(whichtree, treeindex);
     }
@@ -1374,6 +1444,8 @@ static void power_on(Terminal *term, bool clear)
     term->xterm_mouse = 0;
     term->xterm_extended_mouse = false;
     term->urxvt_extended_mouse = false;
+    term->raw_mouse_reported_x = 0;
+    term->raw_mouse_reported_y = 0;
     win_set_raw_mouse_mode(term->win, false);
     term->win_pointer_shape_pending = true;
     term->win_pointer_shape_raw = false;
@@ -2064,12 +2136,13 @@ Terminal *term_init(Conf *myconf, struct unicode_data *ucsdata, TermWin *win)
 
 void term_free(Terminal *term)
 {
+    compressed_scrollback_line *cline;
     termline *line;
     struct beeptime *beep;
     int i;
 
-    while ((line = delpos234(term->scrollback, 0)) != NULL)
-        sfree(line);                   /* compressed data, not a termline */
+    while ((cline = delpos234(term->scrollback, 0)) != NULL)
+        free_compressed_line(cline);
     freetree234(term->scrollback);
     while ((line = delpos234(term->screen, 0)) != NULL)
         freetermline(line);
@@ -2193,8 +2266,7 @@ void term_size(Terminal *term, int newrows, int newcols, int newsavelines)
             /* Insert a line from the scrollback at the top of the screen. */
             assert(sblen >= term->tempsblines);
             cline = delpos234(term->scrollback, --sblen);
-            line = decompressline(cline);
-            sfree(cline);
+            line = decompressline_and_free(cline);
             line->temporary = false;   /* reconstituted line is now real */
             term->tempsblines -= 1;
             addpos234(term->screen, line, 0);
@@ -2218,8 +2290,7 @@ void term_size(Terminal *term, int newrows, int newcols, int newsavelines)
         } else {
             /* push top row to scrollback */
             line = delpos234(term->screen, 0);
-            addpos234(term->scrollback, compressline(line), sblen++);
-            freetermline(line);
+            addpos234(term->scrollback, compressline_and_free(line), sblen++);
             term->tempsblines += 1;
             term->curs.y -= 1;
             term->savecurs.y -= 1;
@@ -2595,15 +2666,15 @@ static void scroll(Terminal *term, int topline, int botline,
                  * the scrollback is full.
                  */
                 if (sblen == term->savelines) {
-                    unsigned char *cline;
+                    compressed_scrollback_line *cline;
 
                     sblen--;
                     cline = delpos234(term->scrollback, 0);
-                    sfree(cline);
+                    free_compressed_line(cline);
                 } else
                     term->tempsblines += 1;
 
-                addpos234(term->scrollback, compressline(line), sblen);
+                addpos234(term->scrollback, compressline_no_free(line), sblen);
 
                 /* now `line' itself can be reused as the bottom line */
 
@@ -3068,6 +3139,10 @@ static void toggle_mode(Terminal *term, int mode, int query, bool state)
             term->xterm_mouse = state ? 2 : 0;
             term_update_raw_mouse_mode(term);
             break;
+          case 1003:                   /* xterm mouse any-event tracking */
+            term->xterm_mouse = state ? 3 : 0;
+            term_update_raw_mouse_mode(term);
+            break;
           case 1006:                   /* xterm extended mouse */
             term->xterm_extended_mouse = state;
             break;
@@ -3256,34 +3331,43 @@ static void term_display_graphic_char(Terminal *term, unsigned long c)
         linecols -= TRUST_SIGIL_WIDTH;
 
     /*
-     * Preliminary check: if the terminal is only one character cell
-     * wide, then we cannot display any double-width character at all.
-     * Substitute single-width REPLACEMENT CHARACTER instead.
+     * Before we switch on the character width, do a preliminary check for
+     * cases where we might have no room at all to display a double-width
+     * character. Our fallback is to substitute REPLACEMENT CHARACTER,
+     * which is single-width, and it's easiest to do that _before_ having
+     * to 'goto' from one switch case to another.
      */
-    if (width == 2 && linecols < 2) {
-        width = 1;
-        c = 0xFFFD;
+    if (width == 2 && term->curs.x >= linecols-1) {
+        /*
+         * If we're in wrapping mode and the terminal is at least 2 cells
+         * wide, it's OK, we have a fallback. But otherwise, substitute.
+         */
+        if (linecols < 2 || !term->wrap) {
+            width = 1;
+            c = 0xFFFD;
+        }
     }
 
     switch (width) {
       case 2:
         /*
-         * If we're about to display a double-width character starting
-         * in the rightmost column, then we do something special
-         * instead. We must print a space in the last column of the
-         * screen, then wrap; and we also set LATTR_WRAPPED2 which
-         * instructs subsequent cut-and-pasting not only to splice
-         * this line to the one after it, but to ignore the space in
-         * the last character position as well. (Because what was
-         * actually output to the terminal was presumably just a
-         * sequence of CJK characters, and we don't want a space to be
-         * pasted in the middle of those just because they had the
-         * misfortune to start in the wrong parity column. xterm
-         * concurs.)
+         * If we're about to display a double-width character starting in
+         * the rightmost column (and we're in wrapping mode - the other
+         * case was disposed of above), then we do something special
+         * instead. We must print a space in the last column of the screen,
+         * then wrap; and we also set LATTR_WRAPPED2 which instructs
+         * subsequent cut-and-pasting not only to splice this line to the
+         * one after it, but to ignore the space in the last character
+         * position as well. (Because what was actually output to the
+         * terminal was presumably just a sequence of CJK characters, and
+         * we don't want a space to be pasted in the middle of those just
+         * because they had the misfortune to start in the wrong parity
+         * column. xterm concurs.)
          */
         check_boundary(term, term->curs.x, term->curs.y);
         check_boundary(term, term->curs.x+2, term->curs.y);
         if (term->curs.x >= linecols-1) {
+            assert(term->wrap);    /* we handled the non-wrapping case above */
             copy_termchar(cline, term->curs.x,
                           &term->erase_char);
             cline->lattr |= LATTR_WRAPPED | LATTR_WRAPPED2;
@@ -3890,14 +3974,36 @@ static void term_out(Terminal *term, bool called_from_term_data)
                 break;
               }
               case '\b':              /* BS: Back space */
-                if (term->curs.x == 0 && (term->curs.y == 0 || !term->wrap))
-                    /* do nothing */ ;
-                else if (term->curs.x == 0 && term->curs.y > 0)
-                    term->curs.x = term->cols - 1, term->curs.y--;
-                else if (term->wrapnext)
+                if (term->wrapnext) {
                     term->wrapnext = false;
-                else
+                } else if (term->curs.x == 0 &&
+                           (term->curs.y == 0 || !term->wrap)) {
+                    /* do nothing */
+                } else if (term->curs.x == 0 && term->curs.y > 0) {
+                    term->curs.x = term->cols - 1, term->curs.y--;
+
+                    /*
+                     * If the line we've just wrapped back on to had the
+                     * LATTR_WRAPPED2 flag set, it means that the line wrapped
+                     * because a double-width character was printed with the
+                     * cursor in the rightmost column, and the best handling
+                     * available was to leave that column empty and move the
+                     * whole character to the next line. In that situation,
+                     * backspacing needs to put the cursor on the previous
+                     * _logical_ character, i.e. skip the empty space left by
+                     * the wrapping. This arranges that if an application
+                     * unaware of the terminal width or cursor position prints
+                     * a number of printing characters and then tries to return
+                     * to a particular one of them by emitting the right number
+                     * of backspaces, it's still the right number even if a
+                     * line break appeared in a maximally awkward position.
+                     */
+                    termline *ldata = scrlineptr(term->curs.y);
+                    if (term->curs.x > 0 && (ldata->lattr & LATTR_WRAPPED2))
+                        term->curs.x--;
+                } else {
                     term->curs.x--;
+                }
                 seen_disp_event(term);
                 break;
               case '\016':            /* LS1: Locking-shift one */
@@ -7055,6 +7161,13 @@ void term_mouse(Terminal *term, Mouse_Button braw, Mouse_Button bcooked,
                       !(term->mouse_override && shift));
     int default_seltype;
 
+    // Don't do anything if mouse movement events weren't requested;
+    // Note: return early to avoid doing all of this code on every mouse move
+    // event only to throw it away.
+    if (a == MA_MOVE && (!raw_mouse || term->xterm_mouse < 3)) {
+        return;
+    }
+
     if (y < 0) {
         y = 0;
         if (a == MA_DRAG && !raw_mouse)
@@ -7141,6 +7254,19 @@ void term_mouse(Terminal *term, Mouse_Button braw, Mouse_Button bcooked,
                 encstate = 0x41;
                 wheel = true;
                 break;
+              case MBT_WHEEL_LEFT:
+                encstate = 0x42;
+                wheel = true;
+                break;
+              case MBT_WHEEL_RIGHT:
+                encstate = 0x43;
+                wheel = true;
+                break;
+              case MBT_NOTHING:
+                assert( a == MA_MOVE );
+                encstate = 0x03; // release; no buttons pressed
+                wheel = false;
+                break;
               default:
                 return;
             }
@@ -7155,7 +7281,21 @@ void term_mouse(Terminal *term, Mouse_Button braw, Mouse_Button bcooked,
               case MA_DRAG:
                 if (term->xterm_mouse == 1)
                     return;
-                encstate += 0x20;
+                encstate += 0x20; // motion indicator
+                break;
+              case MA_MOVE:    // mouse move without buttons
+                assert( braw == MBT_NOTHING && bcooked == MBT_NOTHING  );
+                if (term->xterm_mouse < 3)
+                    return;
+
+                if (selpoint.x == term->raw_mouse_reported_x &&
+                    selpoint.y == term->raw_mouse_reported_y)
+                    return;
+
+                term->raw_mouse_reported_x = x;
+                term->raw_mouse_reported_y = y;
+
+                encstate += 0x20; // motion indicator
                 break;
               case MA_RELEASE:
                 /* If multiple extensions are enabled, the xterm 1006 is used, so it's okay to check for only that */
diff --git a/code/terminal/terminal.h b/code/terminal/terminal.h
index 3f918b22..87441855 100644
--- a/code/terminal/terminal.h
+++ b/code/terminal/terminal.h
@@ -155,6 +155,8 @@ struct terminal_tag {
     bool xterm_extended_mouse;
     bool urxvt_extended_mouse;
     int mouse_is_down;                 /* used while tracking mouse buttons */
+    int raw_mouse_reported_x;
+    int raw_mouse_reported_y;
 
     bool bracketed_paste, bracketed_paste_active;
 
diff --git a/code/test/cryptsuite.py b/code/test/cryptsuite.py
index 69b492e8..9d2c215c 100644
--- a/code/test/cryptsuite.py
+++ b/code/test/cryptsuite.py
@@ -3579,30 +3579,41 @@ def testArgon2(self):
 
     def testHmacSHA(self):
         # Test cases from RFC 6234 section 8.5.
-        def vector(key, message, s1=None, s256=None):
+        def vector(key, message, s1=None, s256=None, s512=None):
             if s1 is not None:
                 self.assertEqualBin(
                     mac_str('hmac_sha1', key, message), unhex(s1))
             if s256 is not None:
                 self.assertEqualBin(
                     mac_str('hmac_sha256', key, message), unhex(s256))
+            if s512 is not None:
+                self.assertEqualBin(
+                    mac_str('hmac_sha512', key, message), unhex(s512))
         vector(
             unhex("0b"*20), "Hi There",
             "b617318655057264e28bc0b6fb378c8ef146be00",
-            "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7")
+            "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7",
+            "87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cde"
+            "daa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854")
         vector(
             "Jefe", "what do ya want for nothing?",
             "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79",
-            "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843")
+            "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843",
+            "164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea250554"
+            "9758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737")
         vector(
             unhex("aa"*20), unhex('dd'*50),
             "125d7342b9ac11cd91a39af48aa17b4f63f175d3",
-            "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565FE")
+            "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565FE",
+            "fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39"
+            "bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb")
         vector(
             unhex("0102030405060708090a0b0c0d0e0f10111213141516171819"),
             unhex("cd"*50),
             "4c9007f4026250c6bc8414f9bf50c86c2d7235da",
-            "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b")
+            "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b",
+            "b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3db"
+            "a91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd")
         vector(
             unhex("aa"*80),
             "Test Using Larger Than Block-Size Key - Hash Key First",
@@ -3611,7 +3622,9 @@ def vector(key, message, s1=None, s256=None):
             unhex("aa"*131),
             "Test Using Larger Than Block-Size Key - Hash Key First",
             s256="60e431591ee0b67f0d8a26aacbf5b77f"
-            "8e0bc6213728c5140546040f0ee37f54")
+            "8e0bc6213728c5140546040f0ee37f54", s512=
+            "80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f352"
+            "6b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598")
         vector(
             unhex("aa"*80),
             "Test Using Larger Than Block-Size Key and "
@@ -3622,7 +3635,10 @@ def vector(key, message, s1=None, s256=None):
             "This is a test using a larger than block-size key and a "
             "larger than block-size data. The key needs to be hashed "
             "before being used by the HMAC algorithm.",
-            s256="9B09FFA71B942FCB27635FBCD5B0E944BFDC63644F0713938A7F51535C3A35E2")
+            s256="9b09ffa71b942fcb27635fbcd5b0e944"
+            "bfdc63644f0713938a7f51535c3a35e2", s512=
+            "e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944"
+            "b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58")
 
     def testEd25519(self):
         def vector(privkey, pubkey, message, signature):
diff --git a/code/test/testcrypt-enum.h b/code/test/testcrypt-enum.h
index d81f46c7..4e93c786 100644
--- a/code/test/testcrypt-enum.h
+++ b/code/test/testcrypt-enum.h
@@ -35,6 +35,7 @@ BEGIN_ENUM_TYPE(macalg)
     ENUM_VALUE("hmac_sha1_96", &ssh_hmac_sha1_96)
     ENUM_VALUE("hmac_sha1_96_buggy", &ssh_hmac_sha1_96_buggy)
     ENUM_VALUE("hmac_sha256", &ssh_hmac_sha256)
+    ENUM_VALUE("hmac_sha512", &ssh_hmac_sha512)
     ENUM_VALUE("poly1305", &ssh2_poly1305)
     ENUM_VALUE("aesgcm", &ssh2_aesgcm_mac)
     ENUM_VALUE("aesgcm", &ssh2_aesgcm_mac)
diff --git a/code/test/testsc.c b/code/test/testsc.c
index 0a643e97..d6807c41 100644
--- a/code/test/testsc.c
+++ b/code/test/testsc.c
@@ -339,6 +339,7 @@ VOLATILE_WRAPPED_DEFN(static, size_t, looplimit, (size_t x))
     X(Y, ssh_hmac_sha1_96)                      \
     X(Y, ssh_hmac_sha1_96_buggy)                \
     X(Y, ssh_hmac_sha256)                       \
+    X(Y, ssh_hmac_sha512)                       \
     /* end of list */
 
 #define ALL_MACS(X, Y)                                      \
diff --git a/code/unix/dialog.c b/code/unix/dialog.c
index 5846466a..5663ca92 100644
--- a/code/unix/dialog.c
+++ b/code/unix/dialog.c
@@ -3448,26 +3448,6 @@ static GtkWidget *create_message_box_general(
     dp->retval = 0;
     dp->window = window;
 
-    if (selectable) {
-#if GTK_CHECK_VERSION(2,0,0)
-        struct uctrl *uc = dlg_find_byctrl(dp, textctrl);
-        gtk_label_set_selectable(GTK_LABEL(uc->text), true);
-
-        /*
-         * GTK selectable labels have a habit of selecting their
-         * entire contents when they gain focus. It's ugly to have
-         * text in a message box start up all selected, so we suppress
-         * this by manually selecting none of it - but we must do this
-         * when the widget _already has_ focus, otherwise our work
-         * will be undone when it gains it shortly.
-         */
-        gtk_widget_grab_focus(uc->text);
-        gtk_label_select_region(GTK_LABEL(uc->text), 0, 0);
-#else
-        (void)textctrl;                /* placate warning */
-#endif
-    }
-
     if (parentwin) {
         set_transient_window_pos(parentwin, window);
         gtk_window_set_transient_for(GTK_WINDOW(window),
@@ -3478,6 +3458,34 @@ static GtkWidget *create_message_box_general(
     gtk_widget_show(window);
     gtk_window_set_focus(GTK_WINDOW(window), NULL);
 
+#if GTK_CHECK_VERSION(2,0,0)
+    if (selectable) {
+        /*
+         * GTK selectable labels have a habit of selecting their
+         * entire contents when they gain focus. As far as I can see,
+         * an individual GtkLabel has no way to turn this off - source
+         * diving suggests that the only configurable option for it is
+         * "gtk-label-select-on-focus" in the cross-application
+         * GtkSettings, and there's no per-label or even
+         * per-application override.
+         *
+         * It's ugly to have text in a message box start up all
+         * selected, and also it interferes with any PRIMARY selection
+         * you might already have had. So for this purpose we'd prefer
+         * that the text doesn't _start off_ selected, but it should
+         * be selectable later.
+         *
+         * So we make the label selectable _now_, after the widget is
+         * shown and the focus has already gone wherever it's going.
+         */
+        struct uctrl *uc = dlg_find_byctrl(dp, textctrl);
+        gtk_label_select_region(GTK_LABEL(uc->text), 0, 0);
+        gtk_label_set_selectable(GTK_LABEL(uc->text), true);
+    }
+#else
+    (void)textctrl;                    /* placate warning */
+#endif
+
 #if !GTK_CHECK_VERSION(2,0,0)
     dp->currtreeitem = NULL;
     dp->treeitems = NULL;
diff --git a/code/unix/sftpserver.c b/code/unix/sftpserver.c
index 453a3ee0..fe3c2501 100644
--- a/code/unix/sftpserver.c
+++ b/code/unix/sftpserver.c
@@ -602,7 +602,7 @@ static void uss_readdir(SftpServer *srv, SftpReplyBuilder *reply,
         char *longnamebuf = NULL;
         struct fxp_attrs attrs = no_attrs;
 
-#if defined HAVE_FSTATAT && defined HAVE_DIRFD
+#if HAVE_FSTATAT && HAVE_DIRFD
         struct stat st;
         if (!fstatat(dirfd(udh->dp), de->d_name, &st, AT_SYMLINK_NOFOLLOW)) {
             char perms[11], *uidbuf = NULL, *gidbuf = NULL;
diff --git a/code/unix/window.c b/code/unix/window.c
index 18cce475..1ca52833 100644
--- a/code/unix/window.c
+++ b/code/unix/window.c
@@ -169,7 +169,7 @@ struct GtkFrontend {
     guint32 input_event_time; /* Timestamp of the most recent input event. */
     GtkWidget *dialogs[DIALOG_SLOT_LIMIT];
 #if GTK_CHECK_VERSION(3,4,0)
-    gdouble cumulative_scroll;
+    gdouble cumulative_hscroll, cumulative_vscroll;
 #endif
     /* Cached things out of conf that we refer to a lot */
     int bold_style;
@@ -495,6 +495,8 @@ static Mouse_Button translate_button(Mouse_Button button)
         return MBT_PASTE;
     if (button == MBT_RIGHT)
         return MBT_EXTEND;
+    if (button == MBT_NOTHING)
+        return MBT_NOTHING;
     return 0;                          /* shouldn't happen */
 }
 
@@ -779,10 +781,11 @@ static void drawing_area_setup(GtkFrontend *inst, int width, int height)
     inst->drawing_area_setup_called = true;
     if (inst->term)
         term_size(inst->term, h, w, conf_get_int(inst->conf, CONF_savelines));
-    if (inst->term_resize_notification_required)
-        term_resize_request_completed(inst->term);
-    if (inst->win_resize_pending)
+    if (inst->win_resize_pending) {
+        if (inst->term_resize_notification_required)
+            term_resize_request_completed(inst->term);
         inst->win_resize_pending = false;
+    }
 
     if (!inst->drawing_area_setup_needed)
         return;
@@ -2108,8 +2111,8 @@ void input_method_commit_event(GtkIMContext *imc, gchar *str, gpointer data)
 #define SCROLL_INCREMENT_LINES 5
 
 #if GTK_CHECK_VERSION(3,4,0)
-gboolean scroll_internal(GtkFrontend *inst, gdouble delta, guint state,
-                         gdouble ex, gdouble ey)
+gboolean scroll_internal(GtkFrontend *inst, gdouble xdelta, gdouble ydelta,
+                         guint state, gdouble ex, gdouble ey)
 {
     int x, y;
     bool shift, ctrl, alt, raw_mouse_mode;
@@ -2127,22 +2130,22 @@ gboolean scroll_internal(GtkFrontend *inst, gdouble delta, guint state,
                       !(shift && conf_get_bool(inst->conf,
                                                CONF_mouse_override)));
 
-    inst->cumulative_scroll += delta * SCROLL_INCREMENT_LINES;
+    inst->cumulative_vscroll += ydelta * SCROLL_INCREMENT_LINES;
 
     if (!raw_mouse_mode) {
-        int scroll_lines = (int)inst->cumulative_scroll; /* rounds toward 0 */
+        int scroll_lines = (int)inst->cumulative_vscroll; /* rounds toward 0 */
         if (scroll_lines) {
             term_scroll(inst->term, 0, scroll_lines);
-            inst->cumulative_scroll -= scroll_lines;
+            inst->cumulative_vscroll -= scroll_lines;
         }
         return true;
     } else {
-        int scroll_events = (int)(inst->cumulative_scroll /
+        int scroll_events = (int)(inst->cumulative_vscroll /
                                   SCROLL_INCREMENT_LINES);
         if (scroll_events) {
             int button;
 
-            inst->cumulative_scroll -= scroll_events * SCROLL_INCREMENT_LINES;
+            inst->cumulative_vscroll -= scroll_events * SCROLL_INCREMENT_LINES;
 
             if (scroll_events > 0) {
                 button = MBT_WHEEL_DOWN;
@@ -2156,6 +2159,35 @@ gboolean scroll_internal(GtkFrontend *inst, gdouble delta, guint state,
                            MA_CLICK, x, y, shift, ctrl, alt);
             }
         }
+
+        /*
+         * Now do the same for horizontal scrolling. But because we
+         * _only_ use that for passing through to mouse reporting, we
+         * don't even collect the scroll deltas while not in
+         * raw_mouse_mode. (Otherwise there would likely be a huge
+         * unexpected lurch when raw_mouse_mode was enabled!)
+         */
+        inst->cumulative_hscroll += xdelta * SCROLL_INCREMENT_LINES;
+        scroll_events = (int)(inst->cumulative_hscroll /
+                              SCROLL_INCREMENT_LINES);
+        if (scroll_events) {
+            int button;
+
+            inst->cumulative_hscroll -= scroll_events * SCROLL_INCREMENT_LINES;
+
+            if (scroll_events > 0) {
+                button = MBT_WHEEL_RIGHT;
+            } else {
+                button = MBT_WHEEL_LEFT;
+                scroll_events = -scroll_events;
+            }
+
+            while (scroll_events-- > 0) {
+                term_mouse(inst->term, button, translate_button(button),
+                           MA_CLICK, x, y, shift, ctrl, alt);
+            }
+        }
+
         return true;
     }
 }
@@ -2257,7 +2289,7 @@ gboolean scroll_event(GtkWidget *widget, GdkEventScroll *event, gpointer data)
 #if GTK_CHECK_VERSION(3,4,0)
     gdouble dx, dy;
     if (gdk_event_get_scroll_deltas((GdkEvent *)event, &dx, &dy)) {
-        return scroll_internal(inst, dy, event->state, event->x, event->y);
+        return scroll_internal(inst, dx, dy, event->state, event->x, event->y);
     } else if (!gdk_event_get_scroll_direction((GdkEvent *)event, &dir)) {
         return false;
     }
@@ -2298,7 +2330,9 @@ gint motion_event(GtkWidget *widget, GdkEventMotion *event, gpointer data)
 {
     GtkFrontend *inst = (GtkFrontend *)data;
     bool shift, ctrl, alt;
-    int x, y, button;
+    Mouse_Action action = MA_DRAG;
+    Mouse_Button button = MBT_NOTHING;
+    int x, y;
 
     /* Remember the timestamp. */
     inst->input_event_time = event->time;
@@ -2318,12 +2352,12 @@ gint motion_event(GtkWidget *widget, GdkEventMotion *event, gpointer data)
     else if (event->state & GDK_BUTTON3_MASK)
         button = MBT_RIGHT;
     else
-        return false;                  /* don't even know what button! */
+        action = MA_MOVE;
 
     x = (event->x - inst->window_border) / inst->font_width;
     y = (event->y - inst->window_border) / inst->font_height;
 
-    term_mouse(inst->term, button, translate_button(button), MA_DRAG,
+    term_mouse(inst->term, button, translate_button(button), action,
                x, y, shift, ctrl, alt);
 
     return true;
@@ -2568,7 +2602,8 @@ static void request_resize_internal(GtkFrontend *inst, bool from_terminal,
 #endif
                      0)) {
             queue_toplevel_callback(gtkwin_deny_term_resize, inst);
-            term_resize_request_completed(inst->term);
+            if (from_terminal)
+                term_resize_request_completed(inst->term);
             return;
         }
     }
@@ -5271,7 +5306,8 @@ void new_session_window(Conf *conf, const char *geometry_string)
     inst->wintitle = inst->icontitle = NULL;
     inst->drawtype = DRAWTYPE_DEFAULT;
 #if GTK_CHECK_VERSION(3,4,0)
-    inst->cumulative_scroll = 0.0;
+    inst->cumulative_vscroll = 0.0;
+    inst->cumulative_hscroll = 0.0;
 #endif
     inst->drawing_area_setup_needed = true;
 
diff --git a/code/utils/buildinfo.c b/code/utils/buildinfo.c
index 6dd92322..703ddbdc 100644
--- a/code/utils/buildinfo.c
+++ b/code/utils/buildinfo.c
@@ -44,6 +44,12 @@ char *buildinfo(const char *newline)
      * cases, two different compiler versions have the same _MSC_VER
      * value, and have to be distinguished by _MSC_FULL_VER.
      */
+#elif _MSC_VER == 1937
+    put_fmt(buf, " 2022 (17.7)");
+#elif _MSC_VER == 1935
+    put_fmt(buf, " 2022 (17.6)");
+#elif _MSC_VER == 1935
+    put_fmt(buf, " 2022 (17.5)");	
 #elif _MSC_VER == 1934
     put_fmt(buf, " 2022 (17.4)");
 #elif _MSC_VER == 1933
diff --git a/code/utils/validate_manual_hostkey.c b/code/utils/validate_manual_hostkey.c
index 7c5d1b88..dd7c1aee 100644
--- a/code/utils/validate_manual_hostkey.c
+++ b/code/utils/validate_manual_hostkey.c
@@ -63,7 +63,7 @@ bool validate_manual_hostkey(char *key)
                 if (r[3*i+2] != ':')
                     goto not_fingerprint; /* sorry */
             for (i = 0; i < 16*3 - 1; i++)
-                key[i] = tolower(r[i]);
+                key[i] = tolower((unsigned char)r[i]);
             key[16*3 - 1] = '\0';
             return true;
         }
diff --git a/code/version.h b/code/version.h
index 8bc5ca7c..e0b5c98d 100644
--- a/code/version.h
+++ b/code/version.h
@@ -1,6 +1,6 @@
 /* Generated by automated build script */
-#define RELEASE 0.78-1
-#define TEXTVER "Release 0.78-1"
-#define SSHVER "-Release-0.78-1"
-#define BINARY_VERSION 0,78,0,1
+#define RELEASE 0.79
+#define TEXTVER "Release 0.79"
+#define SSHVER "-Release-0.79"
+#define BINARY_VERSION 0,79,0,0
 #define SOURCE_COMMIT "See https://github.com/NoMoreFood/putty-cac"
diff --git a/code/windows/help.c b/code/windows/help.c
index d087c722..5160b0d4 100644
--- a/code/windows/help.c
+++ b/code/windows/help.c
@@ -118,7 +118,7 @@ static bool load_chm_resource(void)
     created = true;
 
     const uint8_t *p = (const uint8_t *)chm_resource;
-    for (DWORD pos = 0; pos < chm_resource_size; pos++) {
+    for (DWORD pos = 0; pos < chm_resource_size ;) {
         DWORD to_write = chm_resource_size - pos;
         DWORD written = 0;
 
diff --git a/code/windows/help.h b/code/windows/help.h
index de6ec0be..cfca4e1c 100644
--- a/code/windows/help.h
+++ b/code/windows/help.h
@@ -167,6 +167,7 @@ typedef const char *HelpCtx;
 #define WINHELP_CTX_ssh_bugs_pksessid2 "config-ssh-bug-pksessid2"
 #define WINHELP_CTX_ssh_bugs_rekey2 "config-ssh-bug-rekey"
 #define WINHELP_CTX_ssh_bugs_maxpkt2 "config-ssh-bug-maxpkt2"
+#define WINHELP_CTX_ssh_bugs_rsa_sha2_cert_userauth "config-ssh-bug-rsa-sha2-cert-userauth"
 #define WINHELP_CTX_ssh_bugs_winadj "config-ssh-bug-winadj"
 #define WINHELP_CTX_ssh_bugs_chanreq "config-ssh-bug-chanreq"
 #define WINHELP_CTX_ssh_bugs_oldgex2 "config-ssh-bug-oldgex2"
diff --git a/code/windows/installer.wxs b/code/windows/installer.wxs
index acd3bf26..7a2dd812 100644
--- a/code/windows/installer.wxs
+++ b/code/windows/installer.wxs
@@ -124,6 +124,16 @@
       Language="1033" Codepage="1252" Version="$(var.Winver)">