diff options
| -rw-r--r-- | cipher.c | 8 | ||||
| -rw-r--r-- | cipher.h | 4 | ||||
| -rw-r--r-- | kex.c | 7 | ||||
| -rw-r--r-- | kex.h | 21 | ||||
| -rw-r--r-- | mac.c | 8 | ||||
| -rw-r--r-- | mac.h | 4 | ||||
| -rw-r--r-- | servconf.c | 9 | ||||
| -rw-r--r-- | ssh.c | 8 |
8 files changed, 45 insertions, 24 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.90 2013/11/07 11:58:27 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -100,9 +100,9 @@ static const struct Cipher ciphers[] = { /*--*/ -/* Returns a comma-separated list of supported ciphers. */ +/* Returns a list of supported ciphers separated by the specified char. */ char * -cipher_alg_list(void) +cipher_alg_list(char sep) { char *ret = NULL; size_t nlen, rlen = 0; @@ -112,7 +112,7 @@ cipher_alg_list(void) if (c->number != SSH_CIPHER_SSH2) continue; if (ret != NULL) - ret[rlen++] = '\n'; + ret[rlen++] = sep; nlen = strlen(c->name); ret = xrealloc(ret, 1, rlen + nlen + 2); memcpy(ret + rlen, c->name, nlen + 1); @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.40 2013/04/19 01:06:50 djm Exp $ */ +/* $OpenBSD: cipher.h,v 1.41 2013/11/07 11:58:27 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -75,7 +75,7 @@ const Cipher *cipher_by_number(int); int cipher_number(const char *); char *cipher_name(int); int ciphers_valid(const char *); -char *cipher_alg_list(void); +char *cipher_alg_list(char); void cipher_init(CipherContext *, const Cipher *, const u_char *, u_int, const u_char *, u_int, int); void cipher_crypt(CipherContext *, u_char *, const u_char *, @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.91 2013/05/17 00:13:13 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.93 2013/11/07 11:58:27 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -80,11 +80,12 @@ static const struct kexalg kexalgs[] = { { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 }, { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 }, #endif + { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, EVP_sha256 }, { NULL, -1, -1, NULL}, }; char * -kex_alg_list(void) +kex_alg_list(char sep) { char *ret = NULL; size_t nlen, rlen = 0; @@ -92,7 +93,7 @@ kex_alg_list(void) for (k = kexalgs; k->name != NULL; k++) { if (ret != NULL) - ret[rlen++] = '\n'; + ret[rlen++] = sep; nlen = strlen(k->name); ret = xrealloc(ret, 1, rlen + nlen + 2); memcpy(ret + rlen, k->name, nlen + 1); @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.56 2013/07/19 07:37:48 markus Exp $ */ +/* $OpenBSD: kex.h,v 1.58 2013/11/07 11:58:27 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -43,6 +43,7 @@ #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" +#define KEX_CURVE25519_SHA256 "curve25519-sha256@libssh.org" #define COMP_NONE 0 #define COMP_ZLIB 1 @@ -74,6 +75,7 @@ enum kex_exchange { KEX_DH_GEX_SHA1, KEX_DH_GEX_SHA256, KEX_ECDH_SHA2, + KEX_C25519_SHA256, KEX_MAX }; @@ -144,7 +146,7 @@ struct Kex { }; int kex_names_valid(const char *); -char *kex_alg_list(void); +char *kex_alg_list(char); Kex *kex_setup(char *[PROPOSAL_MAX]); void kex_finish(Kex *); @@ -161,6 +163,8 @@ void kexgex_client(Kex *); void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); +void kexc25519_client(Kex *); +void kexc25519_server(Kex *); void kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, @@ -175,6 +179,19 @@ kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int, char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char **, u_int *); #endif +void +kex_c25519_hash(const EVP_MD *, char *, char *, char *, int, + char *, int, u_char *, int, const u_char *, const u_char *, + const BIGNUM *, u_char **, u_int *); + +#define CURVE25519_SIZE 32 +void kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE]) + __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) + __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); +BIGNUM *kexc25519_shared_key(const u_char[CURVE25519_SIZE], + const u_char[CURVE25519_SIZE]) + __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) + __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); void derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.24 2013/06/03 00:03:18 dtucker Exp $ */ +/* $OpenBSD: mac.c,v 1.25 2013/11/07 11:58:27 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -91,9 +91,9 @@ static const struct macalg macs[] = { { NULL, 0, NULL, 0, 0, 0, 0 } }; -/* Returns a comma-separated list of supported MACs. */ +/* Returns a list of supported MACs separated by the specified char. */ char * -mac_alg_list(void) +mac_alg_list(char sep) { char *ret = NULL; size_t nlen, rlen = 0; @@ -101,7 +101,7 @@ mac_alg_list(void) for (m = macs; m->name != NULL; m++) { if (ret != NULL) - ret[rlen++] = '\n'; + ret[rlen++] = sep; nlen = strlen(m->name); ret = xrealloc(ret, 1, rlen + nlen + 2); memcpy(ret + rlen, m->name, nlen + 1); @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.h,v 1.7 2013/04/19 01:06:50 djm Exp $ */ +/* $OpenBSD: mac.h,v 1.8 2013/11/07 11:58:27 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -24,7 +24,7 @@ */ int mac_valid(const char *); -char *mac_alg_list(void); +char *mac_alg_list(char); int mac_setup(Mac *, char *); int mac_init(Mac *); u_char *mac_compute(Mac *, u_int32_t, u_char *, int); @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.244 2013/10/29 09:48:02 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.245 2013/11/07 11:58:27 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -2037,8 +2037,9 @@ dump_config(ServerOptions *o) /* string arguments */ dump_cfg_string(sPidFile, o->pid_file); dump_cfg_string(sXAuthLocation, o->xauth_location); - dump_cfg_string(sCiphers, o->ciphers); - dump_cfg_string(sMacs, o->macs); + dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : + cipher_alg_list(',')); + dump_cfg_string(sMacs, o->macs ? o->macs : mac_alg_list(',')); dump_cfg_string(sBanner, o->banner); dump_cfg_string(sForceCommand, o->adm_forced_command); dump_cfg_string(sChrootDirectory, o->chroot_directory); @@ -2050,6 +2051,8 @@ dump_config(ServerOptions *o) dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); dump_cfg_string(sHostKeyAgent, o->host_key_agent); + dump_cfg_string(sKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : + kex_alg_list(',')); /* string arguments requiring a lookup */ dump_cfg_string(sLogLevel, log_level_name(o->log_level)); @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.391 2013/10/25 23:04:51 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.392 2013/11/07 11:58:27 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -520,11 +520,11 @@ main(int ac, char **av) case 'Q': /* deprecated */ cp = NULL; if (strcasecmp(optarg, "cipher") == 0) - cp = cipher_alg_list(); + cp = cipher_alg_list('\n'); else if (strcasecmp(optarg, "mac") == 0) - cp = mac_alg_list(); + cp = mac_alg_list('\n'); else if (strcasecmp(optarg, "kex") == 0) - cp = kex_alg_list(); + cp = kex_alg_list('\n'); else if (strcasecmp(optarg, "key") == 0) cp = key_alg_list(); if (cp == NULL) |