djm@openbsd.org
b8afbe2c1a
upstream commit
...
relax bits needed check to allow
diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was
selected as symmetric cipher; ok markus
2015-03-27 12:02:23 +11:00
deraadt@openbsd.org
087266ec33
upstream commit
...
Reduce use of <sys/param.h> and transition to <limits.h>
throughout. ok djm markus
2015-01-26 23:58:53 +11:00
markus@openbsd.org
57d10cbe86
upstream commit
...
adapt kex to sshbuf and struct ssh; ok djm@
2015-01-20 09:19:39 +11:00
Damien Miller
0fde8acdad
- djm@cvs.openbsd.org 2013/11/21 00:45:44
...
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
[chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
[dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
[ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
cipher "chacha20-poly1305@openssh.com" that combines Daniel
Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS:
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
but differs in layout used for the MAC calculation and the use of a
second ChaCha20 instance to separately encrypt packet lengths.
Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
ok markus@ naddy@
2013-11-21 14:12:23 +11:00
Darren Tucker
df62d71e64
- dtucker@cvs.openbsd.org 2013/10/08 11:42:13
...
[dh.c dh.h]
Increase the size of the Diffie-Hellman groups requested for a each
symmetric key size. New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
djm@.
2013-10-10 10:32:39 +11:00
Damien Miller
0d02c3e10e
- markus@cvs.openbsd.org 2013/07/02 12:31:43
...
[dh.c]
remove extra whitespace
2013-07-18 16:12:06 +10:00
Damien Miller
bbeb1dac55
- djm@cvs.openbsd.org 2013/06/21 05:42:32
...
[dh.c]
sprinkle in some error() to explain moduli(5) parse failures
2013-07-18 16:10:49 +10:00
Damien Miller
8ed4de8f1d
- djm@cvs.openbsd.org 2011/12/07 05:44:38
...
[auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
fix some harmless and/or unreachable int overflows;
reported Xi Wang, ok markus@
2011-12-19 10:52:50 +11:00
Darren Tucker
759cb2a49a
- grunk@cvs.openbsd.org 2009/10/01 11:37:33
...
[dh.c]
fix a cast
ok djm@ markus@
2009-10-07 09:01:50 +11:00
Damien Miller
2e9cf49069
- djm@cvs.openbsd.org 2008/06/26 09:19:40
...
[dh.c dh.h moduli.c]
when loading moduli from /etc/moduli in sshd(8), check that they
are of the expected "safe prime" structure and have had
appropriate primality tests performed;
feedback and ok dtucker@
2008-06-29 22:47:04 +10:00
Damien Miller
354c48c641
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2008/04/13 00:22:17
[dh.c sshd.c]
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@
2008-05-19 14:50:00 +10:00
Damien Miller
603077ab4c
- ray@cvs.openbsd.org 2007/09/27 00:15:57
...
[dh.c]
Don't return -1 on error in dh_pub_is_valid(), since it evaluates
to true.
Also fix a typo.
Initial diff from Matthew Dempsky, input from djm.
OK djm, markus.
2007-10-26 14:25:55 +10:00
Darren Tucker
b0781f79db
- markus@cvs.openbsd.org 2006/11/07 13:02:07
...
[dh.c]
BN_hex2bn returns int; from dtucker@
2006-11-08 10:01:36 +11:00
Darren Tucker
0bc85579a9
- markus@cvs.openbsd.org 2006/11/06 21:25:28
...
[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
add missing checks for openssl return codes; with & ok djm@
2006-11-07 23:14:41 +11:00
Damien Miller
ded319cca2
- (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
...
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
[auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
[cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
[dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
[md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
[scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
[ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c rc4.diff]
[openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
[openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
[openbsd-compat/port-uw.c]
Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Damien Miller
d783435315
- deraadt@cvs.openbsd.org 2006/08/03 03:34:42
...
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
[auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
[buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
[groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
[key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
[monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
[readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
[serverloop.c session.c session.h sftp-client.c sftp-common.c]
[sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
[ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
[uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
[loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step
NB. portable commit contains everything *except* removing includes.h, as
that will take a fair bit more work as we move headers that are required
for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
a7a73ee35d
- stevesk@cvs.openbsd.org 2006/08/01 23:22:48
...
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
[auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
[channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
[kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
[monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
[servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
[uuencode.h xmalloc.c]
move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
Damien Miller
e7a1e5cf63
- stevesk@cvs.openbsd.org 2006/07/26 13:57:17
...
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
[hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
[scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
[sshconnect1.c sshd.c xmalloc.c]
move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
Damien Miller
8dbffe7904
- stevesk@cvs.openbsd.org 2006/07/26 02:35:17
...
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
[groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
[packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
[sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
[uidswap.c xmalloc.c]
move #include <sys/param.h> out of includes.h
2006-08-05 11:02:17 +10:00
Damien Miller
e3476ed03b
- stevesk@cvs.openbsd.org 2006/07/22 20:48:23
...
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
[auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
[authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
[cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
[compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
[includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
[progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller
f757d22e8b
- stevesk@cvs.openbsd.org 2006/07/18 22:27:55
...
[dh.c]
remove unneeded includes; ok djm@
2006-07-24 14:05:24 +10:00
Darren Tucker
31cde6828d
- djm@cvs.openbsd.org 2006/05/04 14:55:23
...
[dh.c]
tighter DH exponent checks here too; feedback and ok markus@
2006-05-06 17:43:33 +10:00
Damien Miller
5a73c1a34d
- deraadt@cvs.openbsd.org 2006/03/27 13:03:54
...
[dh.c]
use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
2006-03-31 23:09:41 +11:00
Damien Miller
57c30117c1
- djm@cvs.openbsd.org 2006/03/25 13:17:03
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
[buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
[cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
[deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
[kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
[readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
[sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c]
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller
928b23684a
- djm@cvs.openbsd.org 2006/03/19 02:24:05
...
[dh.c readconf.c servconf.c]
potential NULL pointer dereferences detected by Coverity
via elad AT netbsd.org; ok deraadt@
2006-03-26 13:53:32 +11:00
Damien Miller
b0fb6872ed
- deraadt@cvs.openbsd.org 2006/03/19 18:51:18
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die
2006-03-26 00:03:21 +11:00
Darren Tucker
9a2bd1116b
- djm@cvs.openbsd.org 2004/08/04 10:37:52
...
[dh.c]
return group14 when no primes found - fixes hang on empty /etc/moduli;
ok markus@
2004-08-12 22:40:59 +10:00
Damien Miller
f675fc4948
- djm@cvs.openbsd.org 2004/06/13 12:53:24
...
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
[ssh-keyscan.c sshconnect2.c sshd.c]
implement diffie-hellman-group14-sha1 kex method (trivial extension to
existing diffie-hellman-group1-sha1); ok markus@
2004-06-15 10:30:09 +10:00
Darren Tucker
effc84ce5b
- dtucker@cvs.openbsd.org 2004/02/27 22:49:27
...
[dh.c]
Reset bit counter at the right time, fixes debug output in the case where
the DH group is rejected. ok markus@
2004-02-29 20:15:08 +11:00
Darren Tucker
c56c7ef592
- dtucker@cvs.openbsd.org 2004/02/27 22:44:56
...
[dh.c]
Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone
ever uses one. ok markus@
2004-02-29 20:13:34 +11:00
Darren Tucker
fc113c97a3
- dtucker@cvs.openbsd.org 2004/02/27 22:42:47
...
[dh.c]
Prevent sshd from sending DH groups with a primitive generator of zero or
one, even if they are listed in /etc/moduli. ok markus@
2004-02-29 20:12:33 +11:00
Damien Miller
8975ddf11b
- markus@cvs.openbsd.org 2003/12/16 15:51:54
...
[dh.c]
use <= instead of < in dh_estimate; ok provos/hshoexer;
do not return < DH_GRP_MIN
2003-12-17 16:33:53 +11:00
Darren Tucker
c0815c927e
- miod@cvs.openbsd.org 2003/09/18 13:02:21
...
[authfd.c bufaux.c dh.c mac.c ssh-keygen.c]
A few signedness fixes for harmless situations; markus@ ok
2003-09-22 21:05:50 +10:00
Damien Miller
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
Damien Miller
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
Ben Lindstrom
1f53083fc4
- markus@cvs.openbsd.org 2002/11/21 22:22:50
...
[dh.c]
debug->debug2
2002-12-23 02:03:02 +00:00
Ben Lindstrom
04f9af7dfc
- markus@cvs.openbsd.org 2002/06/27 08:49:44
...
[dh.c ssh-keyscan.c sshconnect.c]
more checks for NULL pointers; from grendel@zeitbombe.org ; ok deraadt@
2002-07-04 00:03:56 +00:00
Damien Miller
6d6c5d202f
- markus@cvs.openbsd.org 2002/03/06 00:23:27
...
[compat.c dh.c]
undo
2002-03-07 12:58:42 +11:00
Damien Miller
6ba693f70e
- OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2002/03/06 00:20:54
[compat.c dh.c]
compat.c
2002-03-07 12:58:24 +11:00
Damien Miller
9ef95ddcaf
- markus@cvs.openbsd.org 2001/12/27 19:37:23
...
[dh.c kexdh.c kexgex.c]
always use BN_clear_free instead of BN_free
2002-01-22 23:10:33 +11:00
Damien Miller
da7551677b
- markus@cvs.openbsd.org 2001/12/27 18:22:16
...
[auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
call fatal() for openssl allocation failures
2002-01-22 23:09:22 +11:00
Ben Lindstrom
bba81213b9
- itojun@cvs.openbsd.org 2001/06/23 15:12:20
...
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
readpass.c scp.c servconf.c serverloop.c session.c sftp.c
sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
ssh-keygen.c ssh-keyscan.c]
more strict prototypes. raise warning level in Makefile.inc.
markus ok'ed
TODO; cleanup headers
2001-06-25 05:01:22 +00:00
Ben Lindstrom
af7388046d
- provos@cvs.openbsd.org 2001/06/22 21:57:59
...
[dh.c]
increase linebuffer to deal with larger moduli; use rewind instead of
close/open
2001-06-25 04:18:59 +00:00
Ben Lindstrom
93a29e046e
- provos@cvs.openbsd.org 2001/06/22 21:27:08
...
[dh.c pathnames.h]
use /etc/moduli instead of /etc/primes, okay markus@
2001-06-25 04:13:25 +00:00
Ben Lindstrom
206941fdd8
- markus@cvs.openbsd.org 2001/04/15 08:43:47
...
[dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
some unused variable and typos; from tomh@po.crl.go.jp
2001-04-15 14:27:16 +00:00
Ben Lindstrom
5ba23b39bf
- markus@cvs.openbsd.org 2001/04/04 23:09:18
...
[dh.c kex.c packet.c]
clear+free keys,iv for rekeying.
+ fix DH mem leaks. ok niels@
2001-04-05 02:05:21 +00:00
Ben Lindstrom
20d7c7b02c
- markus@cvs.openbsd.org 2001/04/03 19:53:29
...
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
move kex to kex*.c, used dispatch_set() callbacks for kex. should
make rekeying easier.
2001-04-04 01:56:17 +00:00
Damien Miller
9709f90684
- OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2001/03/29 21:17:40
[dh.c dh.h kex.c kex.h]
prepare for rekeying: move DH code to dh.c
2001-03-30 10:50:10 +10:00
Damien Miller
23e526e271
- OpenBSD CVS Sync
...
- provos@cvs.openbsd.org 2001/03/28 22:04:57
[dh.c]
more sanity checking on primes file
2001-03-30 10:47:43 +10:00
Ben Lindstrom
df221391e6
- provos@cvs.openbsd.org 2001/03/27 17:46:50
...
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
make dh group exchange more flexible, allow min and max group size,
okay markus@, deraadt@
2001-03-29 00:36:16 +00:00