| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
blocksize; ok dtucker@
|
| |
|
|
|
| |
The debug output now labels the client and server offers and the
negotiated options. ok markus@
|
| |
|
|
|
|
|
| |
by a '+' to indicate that the specified items be appended to the
default rather than replacing it.
approach suggested by dtucker@, feedback dlg@, ok markus@
|
| |
|
|
| |
host key algorithms negotiation
|
| |
|
|
|
| |
mutual set of algorithms (kex, pubkey, ciphers, etc.)
ok markus@
|
| |
|
|
| |
found by Jukka Taimisto and Markus Hietava
|
| | |
|
| |
|
|
|
|
|
|
| |
host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with different curve type
(an extremely unlikely configuration).
ok markus, "looks mechanical" deraadt@
|
| |
|
|
| |
ok djm markus
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
a) switch packet.c to buffer api and isolate per-connection info into struct ssh
b) (de)serialization of the state is moved from monitor to packet.c
c) the old packet.c API is implemented in opacket.[ch]
d) compress.c/h is removed and integrated into packet.c
with and ok djm@
|
| |
|
|
|
| |
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm
|
| | |
|
| |
|
|
| |
ok dtucker@, noted by mancha
|
| |
|
|
|
|
|
|
| |
effective strength much lower than the key size. This causes problems
with some cryptlib implementations, which don't support group sizes larger
than 4k but also don't use the largest group size it does support as
specified in the RFC. Based on a patch from Petr Lautrbach at Redhat,
reduced by me with input from Markus. ok djm@ markus@
|
| |
|
|
|
|
|
| |
Curve25519 by adding a buffer_put_bignum2_from_string() that stores
a string using the bignum encoding rules. Will make it easier to
build a reduced-feature OpenSSH without OpenSSL in the future;
ok markus@
|
| |
|
|
|
|
| |
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@
|
| |
|
|
| |
the default has not been overridden. ok markus@
|
| |
|
|
| |
initial patch from Aris Adamantiadis; ok djm@
|
| | |
|
| | |
|
| |
|
|
|
| |
algorithms to ssh. Includes some refactoring of KEX and key type handling
to be table-driven; ok markus@
|
| |
|
|
| |
ok and feedback djm@
|
| |
|
|
| |
from the server. Nothing uses these right now. No binary change
|
| |
|
|
|
|
|
| |
selection of which key exchange methods are used by ssh(1) and sshd(8)
and their order of preference.
ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(SHA256/384/512) depending on the length of the curve in use. The previous
code incorrectly used SHA256 in all cases.
This fix will cause authentication failure when using 384 or 521-bit curve
keys if one peer hasn't been upgraded and the other has. (256-bit curve
keys work ok). In particular you may need to specify HostkeyAlgorithms
when connecting to a server that has not been upgraded from an upgraded
client.
ok naddy@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.
Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).
Certificate host and user keys using the new ECDSA key types are supported.
Note that this code has not been tested for interoperability and may be
subject to change.
feedback and ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
string extracted from the buffer contains no embedded \0 characters*
This prevents random (possibly malicious) crap from being appended to
strings where it would not be noticed if the string is used with
a string(3) function.
Use the new API in a few sensitive places.
* actually, we allow a single one at the end of the string for now because
we don't know how many deployed implementations get this wrong, but don't
count on this to remain indefinitely.
|
| |
|
|
|
| |
for the resume@appgate.com kex algorithm.
ok markus@
|
| |
|
|
| |
ok markus@
|
| |
|
|
| |
replacement anymore
|
| |
|
|
|
|
|
| |
Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5
patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm
committing at his request)
|
| | |
|
| | |
|
| |
|
|
|
| |
ok djm, sort of ok stevesk
makes the pain stop in one easy step
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Theo nuked - our scripts to sync -portable need them in the files
|
| |
|
|
|
|
|
|
|
|
| |
and use them throughout openssh
xcalloc is particularly important because malloc(nmemb * size) is a
dangerous idiom (subject to integer overflow) and it is time for it to
die
feedback and ok deraadt@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
using the SHA256 code in libc (and wrapper to make it into an OpenSSL
EVP), interop tested against CVS PuTTY
|
| |
|
|
|
| |
implementation of KEX methods with different hashes (e.g. SHA-256);
ok markus@ dtucker@ stevesk@
|
| |
|
|
|
|
|
|
|
| |
has been authenticated successfully and set compression to 'delayed'
for sshd.
this breaks older openssh clients (< 3.5) if they insist on
compression, so you have to re-enable compression in sshd_config.
ok djm@
|
| | |
|
| | |
|
djm
deraadt
markus
dtucker
andreas
stevesk