[blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
[ge25519_base.data hash.c sc25519.c sc25519.h verify.c]
Add Authors for the public domain ed25519/nacl code.
see also http://nacl.cr.yp.to/features.html
All of the NaCl software is in the public domain.
and http://ed25519.cr.yp.to/software.html
The Ed25519 software is in the public domain.
[authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
[ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
default; details in PROTOCOL.key; feedback and lots help from djm;
ok djm@
[ssh-keygen.c]
remove duplicated character ('g') in getopt() string;
document the (few) remaining option characters so we don't have to
rummage next time.
[servconf.c servconf.h]
bz#2161 - fix AuthorizedKeysCommand inside a Match block and
rearrange things so the same error is harder to make next time;
with and ok dtucker@
[cipher.c]
correct bzero of chacha20+poly1305 key context. bz#2177 from
Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
[ssh.1 ssh.c]
- put -Q in the right place
- Ar was a poor choice for the arguments to -Q. i've chosen an
admittedly equally poor Cm, at least consistent with the rest
of the docs. also no need for multiple instances
- zap a now redundant Nm
- usage() sync
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
[regress/try-ciphers.sh]
use new "ssh -Q cipher-auth" query to obtain lists of authenticated
encryption ciphers instead of specifying them manually; ensures that
the new chacha20poly1305@openssh.com mode is tested;
ok markus@ and naddy@ as part of the diff to add
chacha20poly1305@openssh.com
[regress/forward-control.sh]
bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164)
to successfully run this; ok djm@
(ID sync only; our timeouts are already longer)
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
[chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
[dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
[ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
cipher "chacha20-poly1305@openssh.com" that combines Daniel
Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS:
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
but differs in layout used for the MAC calculation and the use of a
second ChaCha20 instance to separately encrypt packet lengths.
Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
ok markus@ naddy@
[sshd.c]
delay closure of in/out fds until after "Bad protocol version
identification..." message, as get_remote_ipaddr/get_remote_port
require them open.
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
latter actually works before using it. Fedora (at least) has NID_secp521r1
that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
Damien Miller
Darren Tucker