path: root/dh.c
AgeCommit message (Collapse)Author
2001-06-25 - 2001/06/23 15:12:20Ben Lindstrom
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c canohost.c channels.c cipher.c clientloop.c deattack.c dh.c hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c readpass.c scp.c servconf.c serverloop.c session.c sftp.c sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c ssh-keygen.c ssh-keyscan.c] more strict prototypes. raise warning level in markus ok'ed TODO; cleanup headers
2001-06-25 - 2001/06/22 21:57:59Ben Lindstrom
[dh.c] increase linebuffer to deal with larger moduli; use rewind instead of close/open
2001-06-25 - 2001/06/22 21:27:08Ben Lindstrom
[dh.c pathnames.h] use /etc/moduli instead of /etc/primes, okay markus@
2001-04-15 - 2001/04/15 08:43:47Ben Lindstrom
[dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c] some unused variable and typos; from
2001-04-05 - 2001/04/04 23:09:18Ben Lindstrom
[dh.c kex.c packet.c] clear+free keys,iv for rekeying. + fix DH mem leaks. ok niels@
2001-04-04 - 2001/04/03 19:53:29Ben Lindstrom
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c] move kex to kex*.c, used dispatch_set() callbacks for kex. should make rekeying easier.
2001-03-30 - OpenBSD CVS SyncDamien Miller
- 2001/03/29 21:17:40 [dh.c dh.h kex.c kex.h] prepare for rekeying: move DH code to dh.c
2001-03-30 - OpenBSD CVS SyncDamien Miller
- 2001/03/28 22:04:57 [dh.c] more sanity checking on primes file
2001-03-29 - 2001/03/27 17:46:50Ben Lindstrom
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h] make dh group exchange more flexible, allow min and max group size, okay markus@, deraadt@
2001-03-06 - 2001/03/05 17:58:22Ben Lindstrom
[dh.c] spelling
2001-03-05 - 2001/03/04 17:42:28Ben Lindstrom
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c ssh.c sshconnect.c sshd.c] log functions should not be passed strings that end in newline as they get passed on to syslog() and when logging to stderr, do_log() appends its own newline.
2001-01-22Hopefully things did not get mixed around too much. It compiles underBen Lindstrom
Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by - 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from - 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.
2001-01-18NOTE: This update changes the RSA key generation. *NEW RSA KEYSBen Lindstrom
NEED TO BE GENERATED* =) Refer to to entry "2001/01/16 19:20:06" for more details. 20010118 - (bal) Super Sized OpenBSD Resync - 2001/01/11 22:14:20 GMT 2001 by markus [sshd.c] maxfd+1 - 2001/01/13 17:59:18 [ssh-keygen.1] small ssh-keygen manpage cleanup; - 2001/01/13 18:03:07 [scp.c ssh-keygen.c sshd.c] getopt() returns -1 not EOF; - 2001/01/13 18:06:54 [ssh-keyscan.c] use SSH_DEFAULT_PORT; from - 2001/01/13 18:12:47 [ssh-keyscan.c] free() -> xfree(); fix memory leak; from - 2001/01/13 18:14:13 [ssh-add.c] typo, from - 2001/01/13 18:32:50 [packet.c session.c ssh.c sshconnect.c sshd.c] split out keepalive from packet_interactive (from set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too. - 2001/01/13 18:36:45 [packet.c packet.h] reorder, typo - 2001/01/13 18:38:00 [auth-options.c] fix comment - 2001/01/13 18:43:31 [session.c] Wall - 2001/01/13 19:14:08 [clientloop.h clientloop.c ssh.c] move callback to headerfile - 2001/01/15 21:40:10 [ssh.c] use log() instead of stderr - 2001/01/15 21:43:51 [dh.c] use error() not stderr! - 2001/01/15 21:45:29 [sftp-server.c] rename must fail if newpath exists, debug off by default - 2001/01/15 21:46:38 [sftp-server.c] readable long listing for sftp-server, ok deraadt@ - 2001/01/16 19:20:06 [key.c ssh-rsa.c] make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from note that you have to delete older ssh2-rsa keys, since they are in the wrong format, too. they must be removed from .ssh/authorized_keys2 and .ssh/known_hosts2, etc. (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2) additionally, we now check that BN_num_bits(rsa->n) >= 768. - 2001/01/16 20:54:27 [sftp-server.c] remove some statics. simpler handles; idea from - 2001/01/16 23:58:08 [bufaux.c radix.c sshconnect.h sshconnect1.c] indent - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may be missing such feature.
2000-11-2120001123Ben Lindstrom
- (bal) Merge OpenBSD changes: - 2000/11/15 22:31:36 [auth-options.c] case insensitive key options; from - 2000/11/16 17:55:43 [dh.c] do not use perror() in sshd, after child is forked() - 2000/11/14 23:42:40 [auth-rsa.c] parse option only if key matches; fix some confusing seen by the client - 2000/11/14 23:44:19 [session.c] check no_agent_forward_flag for ssh-2, too - 2000/11/15 [ssh-agent.1] reorder SYNOPSIS; typo, use .It - 2000/11/14 23:48:55 [ssh-agent.c] do not reorder keys if a key is removed - 2000/11/15 19:58:08 [ssh.c] just ignore non existing user keys - 200/11/15 20:24:43 [ssh-keygen.c] Add missing \n at end of error message.
2000-10-14 - (djm) Big OpenBSD sync:Damien Miller
- 2000/09/30 10:27:44 [log.c] allow loglevel debug - 2000/10/03 11:59:57 [packet.c] hmac->mac - 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private DSA keys, too. - 2000/10/09 15:32:34 auth-options.c clear options on every call. - 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <> - 2000/10/10 14:20:45 compat.c use rexexp for version string matching - 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from - 2000/10/11 14:11:35 [dh.c] Wall - 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by and me - 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - 2000/10/11 14:45:21 [cipher.c] remove DES - 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - 2000/10/12 08:21:13 [kex.h packet.c] remove unused - 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; - 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - 2000/10/13 13:10:54 [sshd.8] more info about -V - 2000/10/13 13:12:02 [myproposal.h] prefer no compression