![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.22, Mon Jan 21 10:29:56 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.21: +1 -1 lines
FILE REMOVED
use KEM API for vanilla ECDH from markus@ ok djm@
Revision 1.21 / (download) - annotate - [select for diffs], Mon Jan 21 10:05:09 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.20: +3 -13 lines
Diff to previous 1.20 (colored)
factor out kex_load_hostkey() - this is duplicated in both the client and server implementations for most KEX methods. from markus@ ok djm@
Revision 1.20 / (download) - annotate - [select for diffs], Mon Jan 21 09:55:52 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.19: +1 -12 lines
Diff to previous 1.19 (colored)
save the derived session id in kex_derive_keys() rather than making each kex method implementation do it. from markus@ ok djm@
Revision 1.19 / (download) - annotate - [select for diffs], Sat Jan 19 21:43:56 2019 UTC (5 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 (colored)
remove last references to active_state with & ok markus@
Revision 1.18 / (download) - annotate - [select for diffs], Thu Dec 27 03:25:25 2018 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)
move client/server SSH-* banners to buffers under ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
Revision 1.17 / (download) - annotate - [select for diffs], Wed Feb 7 02:06:51 2018 UTC (6 years, 3 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.16: +5 -9 lines
Diff to previous 1.16 (colored)
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@
Revision 1.16 / (download) - annotate - [select for diffs], Tue May 30 14:23:52 2017 UTC (6 years, 11 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.15: +3 -4 lines
Diff to previous 1.15 (colored)
protocol handlers all get struct ssh passed; ok djm@
Revision 1.15 / (download) - annotate - [select for diffs], Fri Dec 4 16:41:28 2015 UTC (8 years, 5 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.14: +3 -3 lines
Diff to previous 1.14 (colored)
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@
Revision 1.14 / (download) - annotate - [select for diffs], Mon Jan 26 06:10:03 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.13: +5 -3 lines
Diff to previous 1.13 (colored)
correctly match ECDSA subtype (== curve) for offered/recevied host keys. Fixes connection-killing host key mismatches when a server offers multiple ECDSA keys with different curve type (an extremely unlikely configuration). ok markus, "looks mechanical" deraadt@
Revision 1.13 / (download) - annotate - [select for diffs], Tue Jan 20 07:55:33 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.12: +4 -5 lines
Diff to previous 1.12 (colored)
fix hostkeys in agent; ok markus@
Revision 1.12 / (download) - annotate - [select for diffs], Mon Jan 19 20:16:15 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.11: +119 -68 lines
Diff to previous 1.11 (colored)
adapt kex to sshbuf and struct ssh; ok djm@
Revision 1.11 / (download) - annotate - [select for diffs], Mon Jan 19 19:52:16 2015 UTC (9 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.10: +3 -3 lines
Diff to previous 1.10 (colored)
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
Revision 1.10 / (download) - annotate - [select for diffs], Sun Feb 2 03:44:31 2014 UTC (10 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
convert memset of potentially-private data to explicit_bzero()
Revision 1.9 / (download) - annotate - [select for diffs], Sun Jan 12 08:13:13 2014 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)
avoid use of OpenSSL BIGNUM type and functions for KEX with Curve25519 by adding a buffer_put_bignum2_from_string() that stores a string using the bignum encoding rules. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in the future; ok markus@
Revision 1.8 / (download) - annotate - [select for diffs], Thu Jan 9 23:20:00 2014 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@
Revision 1.7 / (download) - annotate - [select for diffs], Sat Nov 2 22:24:24 2013 UTC (10 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.6: +1 -4 lines
Diff to previous 1.6 (colored)
no need to include ssh-gss.h
Revision 1.6 / (download) - annotate - [select for diffs], Sat Nov 2 22:10:15 2013 UTC (10 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.5: +1 -3 lines
Diff to previous 1.5 (colored)
no need to include monitor_wrap.h
Revision 1.5 / (download) - annotate - [select for diffs], Fri Jul 19 07:37:48 2013 UTC (10 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.4: +3 -7 lines
Diff to previous 1.4 (colored)
add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974 ok djm@
Revision 1.4 / (download) - annotate - [select for diffs], Fri May 17 00:13:13 2013 UTC (11 years ago) by djm
Branch: MAIN
Changes since 1.3: +4 -4 lines
Diff to previous 1.3 (colored)
bye, bye xfree(); ok markus@
Revision 1.3 / (download) - annotate - [select for diffs], Fri Apr 19 01:06:50 2013 UTC (11 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.2: +2 -5 lines
Diff to previous 1.2 (colored)
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
Revision 1.2 / (download) - annotate - [select for diffs], Wed Sep 22 05:01:29 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.1: +3 -2 lines
Diff to previous 1.1 (colored)
add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@
Revision 1.1 / (download) - annotate - [select for diffs], Tue Aug 31 11:54:45 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@