| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
of OpenSSH's internals to make them usable as a standalone library.
This includes a set of wrappers to make it compatible with the
existing buffer API so replacement can occur incrementally.
With and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review.
|
| |
|
|
|
| |
callers that futzing with it will futz with the actual buffer
contents
|
| |
|
|
|
|
|
| |
Curve25519 by adding a buffer_put_bignum2_from_string() that stores
a string using the bignum encoding rules. Will make it easier to
build a reduced-feature OpenSSH without OpenSSL in the future;
ok markus@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.
Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).
Certificate host and user keys using the new ECDSA key types are supported.
Note that this code has not been tested for interoperability and may be
subject to change.
feedback and ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
string extracted from the buffer contains no embedded \0 characters*
This prevents random (possibly malicious) crap from being appended to
strings where it would not be noticed if the string is used with
a string(3) function.
Use the new API in a few sensitive places.
* actually, we allow a single one at the end of the string for now because
we don't know how many deployed implementations get this wrong, but don't
count on this to remain indefinitely.
|
| | |
|
| |
|
|
| |
buffer_get_string_ptr() but does not fatal() on error; ok dtucker@
|
| |
|
|
| |
~10% speedup for localhost-scp; ok djm@
|
| |
|
|
|
| |
ok djm, sort of ok stevesk
makes the pain stop in one easy step
|
| |
|
|
|
|
|
|
|
| |
buffer became too large and the remote end had advertised a big window.
The problem was a mismatch in the backoff math between the channels code
and the buffer code, so make a buffer_check_alloc() function that the
channels code can use to propsectivly check whether an incremental
allocation will succeed. bz #1131, debugged with the assistance of
cove AT wildpackets.com; ok dtucker@ deraadt@
|
| | |
|
| | |
|
| |
|
|
| |
presented with bad data; ok markus@
|
| |
|
|
|
| |
missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
files. ok markus@
|
| | |
|
| |
|
|
| |
and out of sync
|
| |
|
|
|
| |
- () -> (void)
- no variable names
|
| |
|
|
| |
with u_char.
|
| |
|
|
|
|
|
| |
the details. everything is now under Tatu's licence (which I copied from his
readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd
developers under a 2-term bsd licence. We're not changing any rules, just
being accurate.
|
| | |
|
| | |
|
| | |
|
| | |
|
|
|
well, except for the patent issues. someone in sweden (forget their
name at the moment) cleaned out most of the patented code, and now
this code removes rsa code. when this is done, it will link against
libssl, but the work isn't completely done yet. then we need to bring
this up to modern days, featurewise.
|
markus
djm
deraadt
stevesk
itojun