Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.14, Mon Jan 21 10:24:09 2019 UTC (5 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.13: +1 -1 lines
FILE REMOVED
use KEM API for vanilla c25519 KEX
Revision 1.13 / (download) - annotate - [select for diffs], Mon Jan 21 10:20:12 2019 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.12: +5 -5 lines
Diff to previous 1.12 (colored)
Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@
Revision 1.12 / (download) - annotate - [select for diffs], Mon Jan 21 10:07:22 2019 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.11: +2 -15 lines
Diff to previous 1.11 (colored)
factor out kex_verify_hostkey() - again, duplicated almost exactly across client and server for several KEX methods. from markus@ ok djm@
Revision 1.11 / (download) - annotate - [select for diffs], Mon Jan 21 09:55:52 2019 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.10: +1 -12 lines
Diff to previous 1.10 (colored)
save the derived session id in kex_derive_keys() rather than making each kex method implementation do it. from markus@ ok djm@
Revision 1.10 / (download) - annotate - [select for diffs], Thu Dec 27 03:25:25 2018 UTC (5 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored)
move client/server SSH-* banners to buffers under ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
Revision 1.9 / (download) - annotate - [select for diffs], Mon Dec 18 02:25:15 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
Revision 1.8 / (download) - annotate - [select for diffs], Wed May 31 04:17:12 2017 UTC (7 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.7: +3 -4 lines
Diff to previous 1.7 (colored)
one more void *ctx => struct ssh *ssh conversion
Revision 1.7 / (download) - annotate - [select for diffs], Mon Jan 26 06:10:03 2015 UTC (9 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.6: +4 -2 lines
Diff to previous 1.6 (colored)
correctly match ECDSA subtype (== curve) for offered/recevied host keys. Fixes connection-killing host key mismatches when a server offers multiple ECDSA keys with different curve type (an extremely unlikely configuration). ok markus, "looks mechanical" deraadt@
Revision 1.6 / (download) - annotate - [select for diffs], Mon Jan 19 20:16:15 2015 UTC (9 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.5: +99 -60 lines
Diff to previous 1.5 (colored)
adapt kex to sshbuf and struct ssh; ok djm@
Revision 1.5 / (download) - annotate - [select for diffs], Mon Jan 19 19:52:16 2015 UTC (9 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.4: +3 -3 lines
Diff to previous 1.4 (colored)
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
Revision 1.4 / (download) - annotate - [select for diffs], Sun Jan 12 08:13:13 2014 UTC (10 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.3: +8 -7 lines
Diff to previous 1.3 (colored)
avoid use of OpenSSL BIGNUM type and functions for KEX with Curve25519 by adding a buffer_put_bignum2_from_string() that stores a string using the bignum encoding rules. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in the future; ok markus@
Revision 1.3 / (download) - annotate - [select for diffs], Thu Jan 9 23:20:00 2014 UTC (10 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@
Revision 1.2 / (download) - annotate - [select for diffs], Sat Nov 2 22:02:14 2013 UTC (10 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.1: +1 -0 lines
Diff to previous 1.1 (colored)
add missing $OpenBSD$ tags
Revision 1.1 / (download) - annotate - [select for diffs], Sat Nov 2 21:59:15 2013 UTC (10 years, 7 months ago) by markus
Branch: MAIN
use curve25519 for default key exchange (curve25519-sha256@libssh.org); initial patch from Aris Adamantiadis; ok djm@