History log of /openssh-portable/kexdh.c (Results 1 – 25 of 40)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: V_8_6_P1, V_8_5_P1
# 3b98b6e2 03-Dec-2020 djm@openbsd.org

upstream: memleak of DH public bignum; found with libfuzzer

OpenBSD-Commit-ID: 0e913b542c3764b100b1571fdb0d0e5cc086fe97


Revision tags: V_8_4_P1, V_8_3_P1
# ecb2c02d 08-May-2020 djm@openbsd.org

upstream: fix compilation with DEBUG_KEXDH; bz#3160 ok dtucker@

OpenBSD-Commit-ID: 832e771948fb45f2270e8b8895aac36d176ba17a


Revision tags: V_8_2_P1, V_8_1_P1, V_8_0_P1
# d5520393 21-Jan-2019 Damien Miller

typo


# 2de9cec5 21-Jan-2019 Damien Miller

add missing header


# aaca72d6 21-Jan-2019 djm@openbsd.org

upstream: rename kex->kem_client_pub -> kex->client_pub now that

KEM has been renamed to kexgen

from markus@ ok djm@

OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8


# 71e67fff 21-Jan-2019 djm@openbsd.org

upstream: pass values used in KEX hash computation as sshbuf

rather than pointer+len

suggested by me; implemented by markus@ ok me

OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0


# b7235721 21-Jan-2019 Damien Miller

fixup missing ssherr.h


# 9c9c97e1 21-Jan-2019 djm@openbsd.org

upstream: use KEM API for vanilla DH KEX

from markus@ ok djm@

OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9


# dec5e9d3 21-Jan-2019 djm@openbsd.org

upstream: factor out kex_dh_compute_key() - it's shared between

plain DH KEX and DH GEX in both the client and server implementations

from markus@ ok djm@

OpenBSD-Commit-ID: 12186e18791fffcd4642c8

upstream: factor out kex_dh_compute_key() - it's shared between

plain DH KEX and DH GEX in both the client and server implementations

from markus@ ok djm@

OpenBSD-Commit-ID: 12186e18791fffcd4642c82e7e0cfdd7ea37e2ec

show more ...


# e93bd98e 21-Jan-2019 djm@openbsd.org

upstream: factor out DH keygen; it's identical between the client

and the server

from markus@ ok djm@

OpenBSD-Commit-ID: 2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9


# 0a843d9a 26-Dec-2018 djm@openbsd.org

upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handl

upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b

show more ...


Revision tags: V_7_9_P1
# 48f54b9d 12-Sep-2018 Damien Miller

adapt -portable to OpenSSL 1.1x API

Polyfill missing API with replacement functions extracted from LibreSSL


Revision tags: V_7_8_P1, V_7_7_P1, V_7_6_P1, V_7_5_P1, V_7_4_P1, V_7_3_P1
# 0e8eeec8 02-May-2016 djm@openbsd.org

upstream commit

add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03

diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-g

upstream commit

add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03

diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)

based on patch from Mark D. Baushke and Darren Tucker
ok markus@

Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f

show more ...


Revision tags: V_7_2_P2, V_7_2_P1, V_7_1_P2, V_7_1_P1, V_7_0_P1, V_6_9_P1, V_6_8_P1
# 57d10cbe 19-Jan-2015 markus@openbsd.org

upstream commit

adapt kex to sshbuf and struct ssh; ok djm@


# 72ef7c14 14-Jan-2015 Damien Miller

support --without-openssl at configure time

Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system wi

support --without-openssl at configure time

Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.

show more ...


Revision tags: V_6_7_P1, V_6_6_P1, V_6_5_P1
# b3051d01 09-Jan-2014 Damien Miller

- djm@cvs.openbsd.org 2014/01/09 23:20:00
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
[kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]

- djm@cvs.openbsd.org 2014/01/09 23:20:00
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
[kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
[kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
[schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@

show more ...


Revision tags: V_6_4_P1, V_6_3_P1, V_6_2_P2, V_6_2_P1, V_6_1_P1, V_6_0_P1, V_5_9_P1, V_5_8_P2, V_5_8_P1, V_5_7_P1, V_5_6_P1, V_5_5_P1, V_5_4_P1, V_5_3_P1, V_5_2_P1, V_5_1_P1, V_5_0_P1, V_4_9_P1, V_4_7_P1, V_4_6_P1, V_4_5_P1, V_4_4_P1
# d7834353 04-Aug-2006 Damien Miller

- deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts

- deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
[auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
[buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
[groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
[key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
[monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
[readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
[serverloop.c session.c session.h sftp-client.c sftp-common.c]
[sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
[ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
[uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
[loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step
NB. portable commit contains everything *except* removing includes.h, as
that will take a fair bit more work as we move headers that are required
for portability workarounds to defines.h. (also, this step wasn't "easy")

show more ...


# 57c30117 25-Mar-2006 Damien Miller

- djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[aut

- djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
[buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
[cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
[deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
[kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
[readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
[sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c]
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files

show more ...


# b0fb6872 25-Mar-2006 Damien Miller

- deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[aut

- deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die

show more ...


Revision tags: V_4_3_P2, V_4_3_P1
# 19bb3a57 04-Nov-2005 Damien Miller

- djm@cvs.openbsd.org 2005/11/04 05:15:59
[kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
remove hardcoded hash lengths in key exchange code, allowing
implementati

- djm@cvs.openbsd.org 2005/11/04 05:15:59
[kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
remove hardcoded hash lengths in key exchange code, allowing
implementation of KEX methods with different hashes (e.g. SHA-256);
ok markus@ dtucker@ stevesk@

show more ...


Revision tags: V_4_2_P1, V_4_1_P1, V_4_0_P1, V_3_9_P1, V_3_8_1_P1, V_3_8_P1, V_3_7_1_P2, V_3_7_1_P1, V_3_7_P1, AFTER_KRB5_GSSAPI_MERGE, BEFORE_KRB5_GSSAPI_MERGE, POST_KRB4_REMOVAL, PRE_KRB4_REMOVAL, AFTER_FREEBSD_PAM_MERGE, BEFORE_FREEBSD_PAM_MERGE, V_3_6_1_P2, V_3_6_1_P1, V_3_6_P1
# 8e7fb335 23-Feb-2003 Damien Miller

- markus@cvs.openbsd.org 2003/02/16 17:09:57
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
split kex into client and server code, no need to link
server code into t

- markus@cvs.openbsd.org 2003/02/16 17:09:57
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
split kex into client and server code, no need to link
server code into the client; ok provos@

show more ...


Revision tags: V_3_5_P1, V_3_4_P1, V_3_3_P1, V_3_2_3_P1, V_3_2_2_P1, PRE_SW_KRBV
# 7a2073c5 21-Mar-2002 Ben Lindstrom

- provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.

- provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!

show more ...


# 3a5b0233 12-Mar-2002 Damien Miller

Stupid djm commits experimental code to head instead of branch

revert


# 646e7cf3 12-Mar-2002 Damien Miller

Import of Niels Provos' 20020312 ssh-complete.diff

PAM, Cygwin and OSF SIA will not work for sure


Revision tags: V_3_1_P1
# 80cb27dd 04-Mar-2002 Ben Lindstrom

- markus@cvs.openbsd.org 2002/02/28 15:46:33
[authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c]
add some const EVP_MD for openssl-0.9.7


12