path: root/kex.h
AgeCommit message (Collapse)Author
2001-07-04 - 2001/06/26 17:27:25Ben Lindstrom
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h compat.h compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h tildexpand.h uidswap.h uuencode.h xmalloc.h] remove comments from .h, since they are cut&paste from the .c files and out of sync
2001-07-04 - 2001/06/26 06:32:58Ben Lindstrom
[atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h compat.h compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h radix.h readconf.h readpass.h rsa.h] prototype pedant. not very creative... - () -> (void) - no variable names
2001-07-04 - 2001/06/25 08:25:41Ben Lindstrom
[channels.c channels.h cipher.c clientloop.c compat.c compat.h hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h] update copyright for 2001
2001-06-25 - 2001/06/23 02:34:33Ben Lindstrom
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1 sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8] get rid of known_hosts2, use it for hostkey lookup, but do not modify.
2001-04-04 - 2001/04/04 20:25:38Ben Lindstrom
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c] more robust rekeying don't send channel data after rekeying is started.
2001-04-04 - 2001/04/04 14:34:58Ben Lindstrom
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c] enable server side rekeying + some rekey related clientup. todo: we should not send any non-KEX messages after we send KEXINIT
2001-04-04 - 2001/04/04 09:48:35Ben Lindstrom
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c] don't sent multiple kexinit-requests. send newkeys, block while waiting for newkeys. fix comments.
2001-04-04 - 2001/04/03 23:32:12Ben Lindstrom
[kex.c kex.h packet.c sshconnect2.c sshd.c] undo parts of recent my changes: main part of keyexchange does not need dispatch-callbacks, since application data is delayed until the keyexchange completes (if i understand the drafts correctly). add some infrastructure for re-keying.
2001-04-04 - 2001/04/03 19:53:29Ben Lindstrom
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c] move kex to kex*.c, used dispatch_set() callbacks for kex. should make rekeying easier.
2001-03-30 - OpenBSD CVS SyncDamien Miller
- 2001/03/29 21:17:40 [dh.c dh.h kex.c kex.h] prepare for rekeying: move DH code to dh.c
2001-03-30 - (djm) OpenBSD CVS SyncDamien Miller
- 2001/03/28 21:59:41 [kex.c kex.h sshconnect2.c sshd.c] forgot to include min and max params in hash, okay markus@
2001-03-06 - 2001/03/05 17:17:21Ben Lindstrom
[kex.c kex.h sshconnect2.c sshd.c] generate a 2*need size (~300 instead of 1024/2048) random private exponent during the DH key agreement. according to Niels (the great german advisor) this is safe since /etc/primes contains strong primes only. References: P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key agreement with short exponents, In Advances in Cryptology - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
2001-02-15 - 2001/02/11 12:59:25Ben Lindstrom
[ sshd.8 sshconnect2.c readconf.h readconf.c packet.c sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c] 1) clean up the MAC support for SSH-2 2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@
2001-02-05RCSIDKevin Steves
2001-02-05 - 2001/02/04 08:32:27Kevin Steves
[many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2001-01-29 - 2001/01/2001Ben Lindstrom
[atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h key.h log.h login.h match.h misc.h myproposal.h pathnames.h radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1 ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h] $OpenBSD$
2000-12-22One way to massive patch. <sigh> It compiles and works under Linux..Ben Lindstrom
And I think I have all the bits right from the OpenBSD tree. 20001222 - Updated RCSID for pty.c - (bal) OpenBSD CVS Updates: - 2000/12/21 15:10:16 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - 2000/12/20 19:26:56 [authfile.c] allow ssh -i userkey for root - 2000/12/20 19:37:21 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] fix prototypes; from - 2000/12/20 19:32:08 [sshd.c] init pointer to NULL; report from - 2000/12/19 23:17:54 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char unsigned' with u_char.
2000-12-15 - 2000/12/15 10:30:15Kevin Steves
[kex.c kex.h sshconnect2.c sshd.c] compute diffie-hellman in parallel between server and client. okay markus@
2000-11-13 - (djm) Merge OpenBSD changes:Damien Miller
- 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from - 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from - 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from - 2000/11/09 18:04:40 [auth1.c] typo; from - 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version
2000-10-14 - (djm) Big OpenBSD sync:Damien Miller
- 2000/09/30 10:27:44 [log.c] allow loglevel debug - 2000/10/03 11:59:57 [packet.c] hmac->mac - 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private DSA keys, too. - 2000/10/09 15:32:34 auth-options.c clear options on every call. - 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <> - 2000/10/10 14:20:45 compat.c use rexexp for version string matching - 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from - 2000/10/11 14:11:35 [dh.c] Wall - 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by and me - 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - 2000/10/11 14:45:21 [cipher.c] remove DES - 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - 2000/10/12 08:21:13 [kex.h packet.c] remove unused - 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; - 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - 2000/10/13 13:10:54 [sshd.8] more info about -V - 2000/10/13 13:12:02 [myproposal.h] prefer no compression
2000-09-16 - (djm) Merge OpenBSD changes:Damien Miller
- 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - 2000/09/05 13:20:49 [sftp-server.c] cleanup - 2000/09/06 03:46:41 [authfile.h] prototype - 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - 2000/09/07 14:53:00 [scp.c] typo - 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - 2000/09/08 03:02:51 [README.openssh2] bye bye - 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - 2000/09/14 14:25:15 [clientloop.c] typo - 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately
2000-05-30 - OpenBSD CVS updates:Damien Miller
- [session.c] make x11-fwd work w/ localhost (xauth add host/unix:11) [cipher.c compat.c readconf.c servconf.c] check strtok() != NULL; ok niels@ [key.c] fix key_read() for uuencoded keys w/o '=' [serverloop.c] group ssh1 vs. ssh2 in serverloop [kex.c kex.h myproposal.h sshconnect2.c sshd.c] split kexinit/kexdh, factor out common code [readconf.c ssh.1 ssh.c] forwardagent defaults to no, add ssh -A - [session.c] just some line shortening
2000-04-16 - Reduce diff against OpenBSD sourceDamien Miller
- All OpenSSL includes are now unconditionally referenced as openssl/foo.h - Pick up formatting changes - Other minor changed (typecasts, etc) that I missed
2000-04-12 - OpenBSD CVS updates:Damien Miller
- [channels.c] repair x11-fwd - [sshconnect.c] fix passwd prompt for ssh2, less debugging output. - [clientloop.c compat.c dsa.c kex.c sshd.c] less debugging output - [kex.c kex.h sshconnect.c sshd.c] check for reasonable public DH values - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c] [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c] add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc' - [sshd.c] print 1.99 only if server supports both
2000-04-06 - OpenBSD CVS update:Damien Miller
- [channels.c] close efd on eof - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h] ssh2 client implementation, interops w/ and lsh servers. - [sshconnect.c] missing free. - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c] remove unused argument, split cipher_mask() - [clientloop.c] re-order: group ssh1 vs. ssh2 - Make Redhat spec require openssl >= 0.9.5a
2000-04-04 - OpenBSD CVS update:Damien Miller
- [packet.h packet.c] ssh2 packet format - [packet.h packet.c nchan.h compat.h compat.c] [channels.h channels.c] channel layer support for ssh2 - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h] DSA, keyexchange, algorithm agreement for ssh2