summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/kex.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* make this -Wsign-compare clean; ok avsm@ markus@djm2005-06-171-16/+17
|
* make ssh -Wshadow clean, no functional changesavsm2004-06-211-5/+5
| | | | markus@ ok
* implement diffie-hellman-group14-sha1 kex method (trivial extension todjm2004-06-131-1/+3
| | | | existing diffie-hellman-group1-sha1); ok markus@
* don't overwrite what we are trying to computedjm2004-05-091-2/+2
|
* kill some more tiny files; ok deraadt@djm2004-05-091-1/+34
|
* unexpand and delete whitespace at EOL; ok markus@djm2003-11-211-3/+3
|
* bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@; tested by ho@ and myselfmarkus2003-04-011-2/+3
|
* split kex into client and server code, no need to linkmarkus2003-02-161-16/+7
| | | | server code into the client; ok provos@
* add support for key exchange guesses; based on work bymarkus2003-02-021-4/+37
| | | | avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@
* debug->debug2, unify debug messagesmarkus2002-11-211-3/+3
|
* cat to (void) when output from buffer_get_X is ignoredmarkus2002-06-241-3/+3
|
* 'monitor' variable clashes with at least one lame platform (NeXT). Renamedmouring2002-05-151-2/+2
| | | | to 'pmonitor'. provos@
* generate a new cookie for each SSH2_MSG_KEXINIT message we send outmarkus2002-03-261-8/+22
|
* integrate privilege separated openssh; its turned off by default for now.provos2002-03-181-1/+7
| | | | work done by me and markus@
* add some const EVP_MD for openssl-0.9.7markus2002-02-281-2/+2
|
* don't allow garbage after payload.markus2002-02-231-1/+2
|
* hide some more implementation details of cipher.[ch] and prepares for movemarkus2002-02-141-7/+8
| | | | to EVP, ok deraadt@
* restore kexinit handler if we reset the dispatcher, this unbreaks rekeyingmarkus2002-02-111-5/+5
| | | | s/kex_clear_dispatch/kex_reset_dispatch/
* use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@markus2002-01-251-2/+2
|
* a single dispatch_protocol_error() that sends a message of type 'UNIMPLEMENTED'markus2002-01-111-6/+3
| | | | | | | dispatch_range(): set handler for a ranges message types use dispatch_protocol_ignore() for authentication requests after successful authentication (the drafts requirement). serverloop/clientloop now send a 'UNIMPLEMENTED' message instead of exiting.
* remove plen from the dispatch fn. it's no longer used.markus2001-12-281-4/+4
|
* packet_read* no longer return the packet length, since it's not used.markus2001-12-281-4/+2
|
* s/packet_done/packet_check_eom/ (end-of-message); ok djm@markus2001-12-281-2/+2
|
* Conformance fix: we should send failing packet sequence number whendjm2001-12-201-3/+3
| | | | | responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by yakk@yakk.dot.net; ok markus@
* minor KNFderaadt2001-12-051-3/+3
|
* update copyright for 2001markus2001-06-251-2/+2
|
* more strict prototypes. raise warning level in Makefile.inc. markus ok'editojun2001-06-231-16/+17
| | | | TODO; cleanup headers
* allow interop with weaker key generation used by ssh-2.0.x, x < 10markus2001-04-301-3/+5
|
* fix whitespace: unexpand + trailing spaces.markus2001-04-051-4/+4
|
* clear+free keys,iv for rekeying.markus2001-04-041-1/+4
| | | | + fix DH mem leaks. ok niels@
* parse full kexinit packet.markus2001-04-041-1/+11
| | | | make server-side more robust, too.
* more robust rekeyingmarkus2001-04-041-18/+28
| | | | don't send channel data after rekeying is started.
* enable server side rekeying + some rekey related clientup.markus2001-04-041-9/+22
| | | | todo: we should not send any non-KEX messages after we send KEXINIT
* don't sent multiple kexinit-requests.markus2001-04-041-11/+11
| | | | | send newkeys, block while waiting for newkeys. fix comments.
* undo parts of recent my changes: main part of keyexchange does notmarkus2001-04-031-36/+49
| | | | | | | need dispatch-callbacks, since application data is delayed until the keyexchange completes (if i understand the drafts correctly). add some infrastructure for re-keying.
* move kex to kex*.c, used dispatch_set() callbacks for kex. shouldmarkus2001-04-031-194/+192
| | | | make rekeying easier.
* prepare for rekeying: move DH code to dh.cmarkus2001-03-291-109/+1
|
* forgot to include min and max params in hash, okay markus@provos2001-03-281-3/+9
|
* add PreferredAuthenticationsmarkus2001-03-101-45/+8
|
* generate a 2*need size (~300 instead of 1024/2048) random privatemarkus2001-03-051-4/+22
| | | | | | | | | | | exponent during the DH key agreement. according to Niels (the great german advisor) this is safe since /etc/primes contains strong primes only. References: P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key agreement with short exponents, In Advances in Cryptology - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
* 1) clean up the MAC support for SSH-2markus2001-02-111-11/+6
| | | | | | | 2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@
* sync with netbsd tree changes.itojun2001-02-081-1/+3
| | | | | | - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
* unexpand and remove end-of-line whitespace; ok markus@stevesk2001-02-041-6/+6
|
* split ssh.h and try to cleanup the #include mess. remove unnecessary #includes.markus2001-01-211-12/+9
| | | | rename util.[ch] -> misc.[ch]
* missing free; thanks stevesk@pobox.commarkus2001-01-081-1/+2
|
* fix prototypes; from stevesk@pobox.commarkus2000-12-201-2/+2
|
* replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned'markus2000-12-191-12/+12
| | | | with u_char.
* compute diffie-hellman in parallel between server and client. okay markus@provos2000-12-151-5/+9
|
* add support for RSA to SSH2. please test.markus2000-11-121-5/+7
| | | | | | | | | | | | | | | there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication.
* new cipher frameworkmarkus2000-10-111-28/+8
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.