summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* add SSH1 Makefile knob to make it easier to build without SSH1 support;djm2015-03-031-2/+6
| | | | ok markus@
* add experimental api for packet layer; ok djm@markus2015-01-191-4/+10
|
* update packet.c & isolate, introduce struct sshmarkus2015-01-191-3/+3
| | | | | | | | a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
* avoid BIGNUM in KRL code by using a simple bitmap;djm2015-01-141-4/+5
| | | | feedback and ok markus
* New key API: refactor key-related functions to be more library-like,djm2014-06-241-5/+8
| | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
* UMAC can use our local fallback implementation of AES when OpenSSL isn'tnaddy2014-04-301-3/+3
| | | | | available. Glue code straight from Ted Krovetz's original umac.c. ok markus@
* New buffer API; the first installment of the conversion/replacementdjm2014-04-301-2/+15
| | | | | | | | | | | | of OpenSSH's internals to make them usable as a standalone library. This includes a set of wrappers to make it compatible with the existing buffer API so replacement can occur incrementally. With and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review.
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-9/+16
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* comment out the .if (${KERBEROS5:L} block for now, breaks the buildhenning2014-04-221-6/+6
| | | | | once the bsd.own.mk KERBEROS5 is removed otherwise. this way suggested by theo.
* remove experimental, never-enabled JPAKE code; ok markus@djm2014-01-291-2/+2
|
* rename digest.c to digest-openssl.c and add libc variant; ok djm@markus2014-01-281-2/+3
|
* replace openssl HMAC with an implementation based on our ssh_digest_*markus2014-01-271-2/+2
| | | | ok and feedback djm@
* Introduce digest API and use it to perform all hashing operationsdjm2014-01-091-2/+2
| | | | | | rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@
* support ed25519 keys (hostkeys and user identities) using the public domainmarkus2013-12-061-2/+5
| | | | | ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
* Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com"djm2013-11-211-2/+3
| | | | | | | | | | | | | | that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
* use curve25519 for default key exchange (curve25519-sha256@libssh.org);markus2013-11-021-2/+2
| | | | initial patch from Aris Adamantiadis; ok djm@
* add support for Key Revocation Lists (KRLs). These are a compact way todjm2013-01-171-2/+3
| | | | | | | | represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@
* use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rollednaddy2012-12-121-2/+2
| | | | counter mode code; ok djm@
* add umac128 variant; ok djm@ at n2k12markus2012-10-041-1/+12
|
* remove leftover NOLINT, WANTLINT, LINTFLAGS, LOBJ vars and lint targets.okan2012-08-021-2/+1
| | | | ok guenther@
* linting this library is not helping anythingderaadt2011-04-251-2/+2
|
* Implement Elliptic Curve Cryptography modes for key exchange (ECDH) anddjm2010-08-311-5/+5
| | | | | | | | | | | | | | | | | host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* unbreak build for NOPIC systems; noticed, help and ok deraadt@markus2010-02-201-1/+2
|
* remove scardmarkus2010-02-081-2/+2
|
* replace our obsolete smartcard code with PKCS#11.markus2010-02-081-2/+2
| | | | | | | | | ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev
* Add support for an experimental zero-knowledge password authenticationdjm2008-11-041-2/+2
| | | | | | | | | | | | | | | | method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
* OpenSSL 0.9.8h supplies a real EVP_sha256 so we do not need ourdjm2008-09-061-2/+2
| | | | replacement anymore
* support CIDR address matching in sshd_config "Match address" blocks, withdjm2008-06-101-2/+2
| | | | | | | | | | | | full support for negation and fall-back to classic wildcard matching. For example: Match address 192.0.2.0/24,3ffe:ffff::/32,!10.* PasswordAuthentication yes addrmatch.c code mostly lifted from flowd's addr.c feedback and ok dtucker@
* Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, mustpvalchev2007-06-071-2/+2
| | | | | | | | | | specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
* build a lint library for us to use abovederaadt2006-05-281-1/+2
|
* Move Buffer bignum functions into their own file, bufbn.c. This means thatdtucker2006-04-181-2/+2
| | | | | sftp and sftp-server (which use the Buffer functions in bufaux.c but not the bignum ones) no longer need to be linked with libcrypto. ok markus@
* Implement the diffie-hellman-group-exchange-sha256 key exchange methoddjm2006-03-071-2/+2
| | | | | using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY
* replace tilde_expand_filename with a simpler implementation, ahead of moredjm2005-04-091-2/+2
| | | | whacking; ok deraadt@
* remove fallback AES support for old OpenSSL, as OpenBSD has had it for manydjm2004-12-221-3/+3
| | | | years now; ok deraadt@
* Use permanently_set_uid() in ssh and ssh-keysign for consistency, matchesdtucker2004-08-231-2/+2
| | | | change in Portable; ok markus@
* implement session multiplexing in the client (the server has supported thisdjm2004-06-131-2/+3
| | | | since 2.0); ok markus@
* kill it here toodjm2004-05-091-2/+2
|
* unexpand and delete whitespace at EOL; ok markus@djm2003-11-211-3/+3
|
* replace fatal_cleanup() and linked list of fatal callbacks with staticmarkus2003-09-231-2/+2
| | | | | | cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
* support GSS API user authentication; patches from Simon Wilkinson,markus2003-08-221-1/+4
| | | | stripped down and tested by Jakob and myself.
* experimental support for aes-ctr modes frommarkus2003-05-171-2/+2
| | | | | http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
* split out custom EVP ciphersmarkus2003-05-151-2/+3
|
* add experimental support for verifying hos keys using DNS as describedjakob2003-05-141-2/+2
| | | | | in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
* Disable Kerberos 4 support.hin2003-04-091-9/+1
| | | | ok markus@
* move server only kex and monitor code to sshd.markus2003-02-211-3/+2
|
* split kex into client and server code, no need to linkmarkus2003-02-161-1/+2
| | | | server code into the client; ok provos@
* move progressmeter.c to libssh; ok djm/fgs@markus2003-01-121-2/+2
|
* Make sure kerberosV/kafs.h is picked up if kerberosIV/kafs.h is not removed.hin2002-06-111-5/+5
| | | | ok markus@
* no longer use uidswap.[ch] from the ssh clientmarkus2002-06-111-2/+2
| | | | | | run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@
* add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authenticationmarkus2002-05-231-2/+2
| | | | in protocol v2 (needs to access the hostkeys).
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.