summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/dh.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* highly polished whitespace, mostly fixing spaces-for-tab and baddjm2021-04-031-2/+2
| | | | indentation on continuation lines. Prompted by GHPR#185
* Add ModuliFile keyword to sshd_config to specify the location of thedtucker2021-03-121-5/+18
| | | | | | "moduli" file containing the groups for DH-GEX. This will allow us to run tests against arbitrary moduli files without having to install them. ok djm@
* use the new variant log macros instead of prepending __func__ anddjm2020-10-181-3/+3
| | | | appending ssh_err(r) manually; ok markus@
* typo in previousdjm2019-09-061-2/+2
|
* fixes for !WITH_OPENSSL compilation; ok dtucker@djm2019-09-061-6/+5
|
* correct local variable name; from yawang AT microsoft.comdjm2018-11-091-3/+3
|
* When choosing a prime from the moduli file, avoid re-using themillert2018-09-171-6/+8
| | | | | | | linenum variable for something that is not a line number to avoid the confusion that resulted in the bug in rev. 1.64. This also lets us pass the actual linenum to parse_prime() so the error messages include the correct line number. OK markus@ some time ago.
* hold our collective noses and use the openssl-1.1.x API in OpenSSH;djm2018-09-131-24/+38
| | | | feedback and ok tb@ jsing@ markus@
* invalidate dh->priv_key after freeing it in error path; avoidsdjm2018-08-041-1/+2
| | | | | | unlikely double-free later. Reported by Viktor Dukhovni via https://github.com/openssh/openssh-portable/pull/96 feedback jsing@ tb@
* Fix "WARNING: line 6 disappeared in /etc/moduli, giving up" whenmillert2018-06-261-2/+1
| | | | | choosing a prime. An extra increment of linenum snuck in as part of the conversion to getline(). OK djm@ markus@
* switch config file parsing to getline(3) as this avoids static limitsmarkus2018-06-061-6/+12
| | | | noted by gerhard@; ok dtucker@, djm@
* Remove all guards for calls to OpenSSL free functions - all of thesejsing2018-02-071-5/+3
| | | | | | | | | functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@
* Fix text in error message. Patch from zev at bewilderbeest.net.dtucker2016-12-151-2/+2
|
* Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitionsderaadt2016-09-121-3/+2
| | | | | rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
* add support for additional fixed DH groups fromdjm2016-05-021-11/+72
| | | | | | | | | | | draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@
* Remove fallback from moduli to "primes" file that was deprecated in 2001dtucker2016-03-311-7/+7
| | | | | and fix log messages referring to primes file. Based on patch from xnox at ubuntu.com via bz#2559. "kill it" deraadt@
* rearrange DH public value tests to be a little more cleardjm2016-02-281-7/+16
| | | | | | | rearrange DH private value generation to explain rationale more clearly and include an extra sanity check. ok deraadt
* Add a stronger (4k bit) fallback group that sshd can use when the modulidtucker2015-05-271-4/+43
| | | | | file is missing or broken, sourced from RFC3526. bz#2302, ok markus@ (earlier version), djm@
* relax bits needed check to allow diffie-hellman-group1-sha1 keydjm2015-03-261-2/+2
| | | | | exchange to complete for chacha20-poly1305 was selected as symmetric cipher; ok markus
* Reduce use of <sys/param.h> and transition to <limits.h> throughout.deraadt2015-01-201-2/+3
| | | | ok djm markus
* adapt kex to sshbuf and struct ssh; ok djm@markus2015-01-191-29/+30
|
* Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com"djm2013-11-211-26/+12
| | | | | | | | | | | | | | that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
* Increase the size of the Diffie-Hellman groups requested for a each symmetricdtucker2013-10-081-7/+10
| | | | | key size. New values from NIST Special Publication 800-57 with the upper limit specified by RFC4419. Pointed out by Peter Backes, ok djm@.
* remove extra whitespacemarkus2013-07-021-2/+2
|
* sprinkle in some error() to explain moduli(5) parse failuresdjm2013-06-211-27/+47
|
* fix some harmless and/or unreachable int overflows;djm2011-12-071-1/+3
| | | | reported Xi Wang, ok markus@
* fix a castgrunk2009-10-011-2/+2
| | | | ok djm@ markus@
* when loading moduli from /etc/moduli in sshd(8), check that theydjm2008-06-261-1/+14
| | | | | | are of the expected "safe prime" structure and have had appropriate primality tests performed; feedback and ok dtucker@
* Use arc4random_buf() when requesting more than a single word of outputdjm2008-04-131-2/+2
| | | | | | | Use arc4random_uniform() when the desired random number upper bound is not a power of two ok deraadt@ millert@
* Don't return -1 on error in dh_pub_is_valid(), since it evaluatesray2007-09-271-4/+6
| | | | | | | | | | to true. Also fix a typo. Initial diff from Matthew Dempsky, input from djm. OK djm, markus.
* BN_hex2bn returns int; from dtucker@markus2006-11-071-3/+3
|
* add missing checks for openssl return codes; with & ok djm@markus2006-11-061-3/+3
|
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-3/+1
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <sys/param.h> out of includes.hstevesk2006-07-261-1/+3
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+3
|
* remove unneeded includes; ok djm@stevesk2006-07-181-7/+1
|
* tighter DH exponent checks here too; feedback and ok markus@djm2006-05-041-2/+19
|
* use strtonum() instead of atoi(), limit dhg size to 64k; ok djmderaadt2006-03-271-2/+4
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* RCSID() can diederaadt2006-03-191-1/+0
|
* potential NULL pointer dereferences detected by Coveritydjm2006-03-191-2/+3
| | | | via elad AT netbsd.org; ok deraadt@
* return group14 when no primes found - fixes hang on empty /etc/moduli;djm2004-08-041-2/+2
| | | | ok markus@
* implement diffie-hellman-group14-sha1 kex method (trivial extension todjm2004-06-131-4/+24
| | | | existing diffie-hellman-group1-sha1); ok markus@
* Reset bit counter at the right time, fixes debug output in the case wheredtucker2004-02-271-3/+3
| | | | the DH group is rejected. ok markus@
* Make /etc/moduli line buffer big enough for 8kbit primes, in case anyonedtucker2004-02-271-2/+2
| | | | ever uses one. ok markus@
* Prevent sshd from sending DH groups with a primitive generator of zero ordtucker2004-02-271-1/+4
| | | | one, even if they are listed in /etc/moduli. ok markus@
* use <= instead of < in dh_estimate; ok provos/hshoexer; do not return < DH_GRP_MINmarkus2003-12-161-5/+3
|
* A few signedness fixes for harmless situations; markus@ okmiod2003-09-181-2/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.