summaryrefslogtreecommitdiff
path: root/kexdh.c
Commit message (Collapse)AuthorAgeFilesLines
* Move signal.h up include order to match upstream.Darren Tucker2021-07-031-1/+1
|
* upstream: memleak of DH public bignum; found with libfuzzerdjm@openbsd.org2020-12-041-1/+2
| | | | OpenBSD-Commit-ID: 0e913b542c3764b100b1571fdb0d0e5cc086fe97
* upstream: fix compilation with DEBUG_KEXDH; bz#3160 ok dtucker@djm@openbsd.org2020-05-271-1/+2
| | | | OpenBSD-Commit-ID: 832e771948fb45f2270e8b8895aac36d176ba17a
* typoDamien Miller2019-01-221-1/+1
|
* add missing headerDamien Miller2019-01-221-0/+3
|
* upstream: rename kex->kem_client_pub -> kex->client_pub now thatdjm@openbsd.org2019-01-211-2/+2
| | | | | | | | KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
* upstream: pass values used in KEX hash computation as sshbufdjm@openbsd.org2019-01-211-10/+6
| | | | | | | | rather than pointer+len suggested by me; implemented by markus@ ok me OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0
* fixup missing ssherr.hDamien Miller2019-01-211-0/+1
|
* upstream: use KEM API for vanilla DH KEXdjm@openbsd.org2019-01-211-52/+88
| | | | | | from markus@ ok djm@ OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
* upstream: factor out kex_dh_compute_key() - it's shared betweendjm@openbsd.org2019-01-211-3/+46
| | | | | | | | plain DH KEX and DH GEX in both the client and server implementations from markus@ ok djm@ OpenBSD-Commit-ID: 12186e18791fffcd4642c82e7e0cfdd7ea37e2ec
* upstream: factor out DH keygen; it's identical between the clientdjm@openbsd.org2019-01-211-1/+27
| | | | | | | | and the server from markus@ ok djm@ OpenBSD-Commit-ID: 2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9
* upstream: move client/server SSH-* banners to buffers underdjm@openbsd.org2018-12-271-5/+5
| | | | | | | | | | | | | ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@ OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
* adapt -portable to OpenSSL 1.1x APIDamien Miller2018-09-131-0/+2
| | | | Polyfill missing API with replacement functions extracted from LibreSSL
* upstream commitdjm@openbsd.org2016-05-021-4/+5
| | | | | | | | | | | | | | add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@ Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
* upstream commitmarkus@openbsd.org2015-01-201-42/+45
| | | | adapt kex to sshbuf and struct ssh; ok djm@
* support --without-openssl at configure timeDamien Miller2015-01-151-0/+3
| | | | | | | | Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
* - djm@cvs.openbsd.org 2014/01/09 23:20:00Damien Miller2014-01-101-9/+8
| | | | | | | | | | | [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c] [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c] [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c] [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c] Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller2006-03-261-0/+1
| | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
* - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller2006-03-261-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
* - djm@cvs.openbsd.org 2005/11/04 05:15:59Damien Miller2005-11-051-4/+6
| | | | | | | [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c] remove hardcoded hash lengths in key exchange code, allowing implementation of KEX methods with different hashes (e.g. SHA-256); ok markus@ dtucker@ stevesk@
* - markus@cvs.openbsd.org 2003/02/16 17:09:57Damien Miller2003-02-241-230/+4
| | | | | | [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c] split kex into client and server code, no need to link server code into the client; ok provos@
* - provos@cvs.openbsd.org 2002/03/18 17:50:31Ben Lindstrom2002-03-221-2/+3
| | | | | | | | | | | [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c session.h servconf.h serverloop.c session.c sshd.c] integrate privilege separated openssh; its turned off by default for now. work done by me and markus@ applied, but outside of ensure that smaller code bits migrated with their owners.. no work was tried to 'fix' it to work. =) Later project!
* Stupid djm commits experimental code to head instead of branchDamien Miller2002-03-131-12/+1
| | | | revert
* Import of Niels Provos' 20020312 ssh-complete.diffDamien Miller2002-03-131-1/+12
| | | | PAM, Cygwin and OSF SIA will not work for sure
* - markus@cvs.openbsd.org 2002/02/28 15:46:33Ben Lindstrom2002-03-051-2/+2
| | | | | [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c] add some const EVP_MD for openssl-0.9.7
* - markus@cvs.openbsd.org 2002/02/24 19:14:59Ben Lindstrom2002-02-261-2/+2
| | | | | | [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c] signed vs. unsigned: make size arguments u_int, ok stevesk@
* - markus@cvs.openbsd.org 2002/02/23 17:59:02Ben Lindstrom2002-02-261-1/+2
| | | | | [kex.c kexdh.c kexgex.c] don't allow garbage after payload.
* - markus@cvs.openbsd.org 2002/01/31 13:35:11Damien Miller2002-02-051-2/+3
| | | | | [kexdh.c kexgex.c] cross check announced key type and type from key blob
* - markus@cvs.openbsd.org 2002/01/25 22:07:40Damien Miller2002-02-051-2/+2
| | | | | [kex.c kexdh.c kexgex.c key.c mac.c] use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@
* - markus@cvs.openbsd.org 2001/12/28 14:50:54Damien Miller2002-01-221-5/+4
| | | | | [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c] packet_read* no longer return the packet length, since it's not used.
* - markus@cvs.openbsd.org 2001/12/28 13:57:33Damien Miller2002-01-221-5/+5
| | | | | [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c] packet_get_bignum* no longer returns a size
* - markus@cvs.openbsd.org 2001/12/27 20:39:58Damien Miller2002-01-221-2/+2
| | | | | [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c] get rid of packet_integrity_check, use packet_done() instead.
* - markus@cvs.openbsd.org 2001/12/27 19:37:23Damien Miller2002-01-221-3/+3
| | | | | [dh.c kexdh.c kexgex.c] always use BN_clear_free instead of BN_free
* - markus@cvs.openbsd.org 2001/12/27 18:22:16Damien Miller2002-01-221-7/+7
| | | | | [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c] call fatal() for openssl allocation failures
* - stevesk@cvs.openbsd.org 2001/09/17 19:27:15Ben Lindstrom2001-09-181-7/+7
| | | | | [kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-keygen.c ssh-rsa.c] u_char*/char* cleanup; ok markus
* - itojun@cvs.openbsd.org 2001/06/23 15:12:20Ben Lindstrom2001-06-251-4/+4
| | | | | | | | | | | | | [auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c canohost.c channels.c cipher.c clientloop.c deattack.c dh.c hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c readpass.c scp.c servconf.c serverloop.c session.c sftp.c sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c ssh-keygen.c ssh-keyscan.c] more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
* - markus@cvs.openbsd.org 2001/06/23 02:34:33Ben Lindstrom2001-06-251-4/+5
| | | | | | | [kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1 sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8] get rid of known_hosts2, use it for hostkey lookup, but do not modify.
* - markus@cvs.openbsd.org 2001/06/07 20:23:05Ben Lindstrom2001-06-091-3/+3
| | | | | | [authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c sshconnect.c sshconnect1.c] use xxx_put_cstring()
* - markus@cvs.openbsd.org 2001/04/04 09:48:35Ben Lindstrom2001-04-041-7/+7
| | | | | | | [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c] don't sent multiple kexinit-requests. send newkeys, block while waiting for newkeys. fix comments.
* - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync.Ben Lindstrom2001-04-041-0/+304