summaryrefslogtreecommitdiffstats
path: root/dh.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: highly polished whitespace, mostly fixing spaces-for-tabdjm@openbsd.org2021-04-031-2/+2
| | | | | | and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* upstream: Add ModuliFile keyword to sshd_config to specify thedtucker@openbsd.org2021-03-131-5/+18
| | | | | | | | location of the "moduli" file containing the groups for DH-GEX. This will allow us to run tests against arbitrary moduli files without having to install them. ok djm@ OpenBSD-Commit-ID: 8df99d60b14ecaaa28f3469d01fc7f56bff49f66
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-3/+3
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: typo in previousdjm@openbsd.org2019-09-081-1/+1
| | | | OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e
* upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@djm@openbsd.org2019-09-061-4/+4
| | | | OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
* upstream: correct local variable name; from yawang AT microsoft.comdjm@openbsd.org2018-11-161-3/+3
| | | | OpenBSD-Commit-ID: a0c228390856a215bb66319c89cb3959d3af8c87
* upstream: When choosing a prime from the moduli file, avoidmillert@openbsd.org2018-09-201-6/+8
| | | | | | | | | re-using the linenum variable for something that is not a line number to avoid the confusion that resulted in the bug in rev. 1.64. This also lets us pass the actual linenum to parse_prime() so the error messages include the correct line number. OK markus@ some time ago. OpenBSD-Commit-ID: 4d8e5d3e924d6e8eb70053e3defa23c151a00084
* adapt -portable to OpenSSL 1.1x APIDamien Miller2018-09-131-0/+2
| | | | Polyfill missing API with replacement functions extracted from LibreSSL
* upstream: hold our collective noses and use the openssl-1.1.x API indjm@openbsd.org2018-09-131-23/+37
| | | | | | OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
* upstream: invalidate dh->priv_key after freeing it in error path;djm@openbsd.org2018-08-061-1/+2
| | | | | | | avoids unlikely double-free later. Reported by Viktor Dukhovni via https://github.com/openssh/openssh-portable/pull/96 feedback jsing@ tb@ OpenBSD-Commit-ID: e317eb17c3e05500ae851f279ef6486f0457c805
* upstream: Fix "WARNING: line 6 disappeared in /etc/moduli, giving up"millert@openbsd.org2018-07-031-2/+1
| | | | | | | when choosing a prime. An extra increment of linenum snuck in as part of the conversion to getline(). OK djm@ markus@ OpenBSD-Commit-ID: 0019225cb52ed621b71cd9f19ee2e78e57e3dd38
* upstream: switch config file parsing to getline(3) as this avoidsmarkus@openbsd.org2018-06-061-6/+12
| | | | | | static limits noted by gerhard@; ok dtucker@, djm@ OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
* upstream commitjsing@openbsd.org2018-02-071-5/+3
| | | | | | | | | | | | Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@ OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
* only enable functions in dh.c when openssl is usedMarcus Folkesson2017-11-031-0/+3
| | | | Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
* upstream commitdtucker@openbsd.org2016-12-161-2/+2
| | | | | | | Fix text in error message. Patch from zev at bewilderbeest.net. Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6
* upstream commitderaadt@openbsd.org2016-09-121-3/+2
| | | | | | | | Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
* upstream commitdjm@openbsd.org2016-05-021-11/+72
| | | | | | | | | | | | | | add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@ Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
* upstream commitdtucker@openbsd.org2016-04-011-7/+7
| | | | | | | | Remove fallback from moduli to "primes" file that was deprecated in 2001 and fix log messages referring to primes file. Based on patch from xnox at ubuntu.com via bz#2559. "kill it" deraadt@ Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713
* upstream commitdjm@openbsd.org2016-03-041-7/+16
| | | | | | | | | | | rearrange DH public value tests to be a little more clear rearrange DH private value generation to explain rationale more clearly and include an extra sanity check. ok deraadt Upstream-ID: 9ad8a07e1a12684e1b329f9bd88941b249d4b2ad
* upstream commitdtucker@openbsd.org2015-05-281-4/+43
| | | | | | | | Add a stronger (4k bit) fallback group that sshd can use when the moduli file is missing or broken, sourced from RFC3526. bz#2302, ok markus@ (earlier version), djm@ Upstream-ID: b635215746a25a829d117673d5e5a76d4baee7f4
* upstream commitdjm@openbsd.org2015-03-271-2/+2
| | | | | | relax bits needed check to allow diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was selected as symmetric cipher; ok markus
* upstream commitderaadt@openbsd.org2015-01-261-2/+3
| | | | | Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
* upstream commitmarkus@openbsd.org2015-01-191-29/+30
| | | | adapt kex to sshbuf and struct ssh; ok djm@
* - djm@cvs.openbsd.org 2013/11/21 00:45:44Damien Miller2013-11-211-26/+12
| | | | | | | | | | | | | | | | | | | [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
* - dtucker@cvs.openbsd.org 2013/10/08 11:42:13Darren Tucker2013-10-101-7/+10
| | | | | | | | [dh.c dh.h] Increase the size of the Diffie-Hellman groups requested for a each symmetric key size. New values from NIST Special Publication 800-57 with the upper limit specified by RFC4419. Pointed out by Peter Backes, ok djm@.
* - markus@cvs.openbsd.org 2013/07/02 12:31:43Damien Miller2013-07-181-2/+2
| | | | | [dh.c] remove extra whitespace
* - djm@cvs.openbsd.org 2013/06/21 05:42:32Damien Miller2013-07-181-27/+47
| | | | | [dh.c] sprinkle in some error() to explain moduli(5) parse failures
* - djm@cvs.openbsd.org 2011/12/07 05:44:38Damien Miller2011-12-191-1/+3
| | | | | | [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] fix some harmless and/or unreachable int overflows; reported Xi Wang, ok markus@
* - grunk@cvs.openbsd.org 2009/10/01 11:37:33Darren Tucker2009-10-071-2/+2
| | | | | | [dh.c] fix a cast ok djm@ markus@
* - djm@cvs.openbsd.org 2008/06/26 09:19:40Damien Miller2008-06-291-1/+14
| | | | | | | | [dh.c dh.h moduli.c] when loading moduli from /etc/moduli in sshd(8), check that they are of the expected "safe prime" structure and have had appropriate primality tests performed; feedback and ok dtucker@
* - (djm) OpenBSD CVS SyncDamien Miller2008-05-191-2/+2
| | | | | | | | | - djm@cvs.openbsd.org 2008/04/13 00:22:17 [dh.c sshd.c] Use arc4random_buf() when requesting more than a single word of output Use arc4random_uniform() when the desired random number upper bound is not a power of two ok deraadt@ millert@
* - ray@cvs.openbsd.org 2007/09/27 00:15:57Damien Miller2007-10-261-4/+6
| | | | | | | | | [dh.c] Don't return -1 on error in dh_pub_is_valid(), since it evaluates to true. Also fix a typo. Initial diff from Matthew Dempsky, input from djm. OK djm, markus.
* - markus@cvs.openbsd.org 2006/11/07 13:02:07Darren Tucker2006-11-081-3/+3
| | | | | [dh.c] BN_hex2bn returns int; from dtucker@
* - markus@cvs.openbsd.org 2006/11/06 21:25:28Darren Tucker2006-11-071-3/+3
| | | | | | [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] add missing checks for openssl return codes; with & ok djm@
* - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]Damien Miller2006-09-011-0/+1
| | | | | | | | | | | | | | | | | [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c rc4.diff] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - stevesk@cvs.openbsd.org 2006/08/01 23:22:48Damien Miller2006-08-051-1/+2
| | | | | | | | | | | | | [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] [uuencode.h xmalloc.c] move #include <stdio.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/26 13:57:17Damien Miller2006-08-051-1/+2
| | | | | | | | | [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] [sshconnect1.c sshd.c xmalloc.c] move #include <stdlib.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/26 02:35:17Damien Miller2006-08-051-1/+3
| | | | | | | | | [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c] [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c] [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c] [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c] [uidswap.c xmalloc.c] move #include <sys/param.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/22 20:48:23Damien Miller2006-07-241-1/+3
| | | | | | | | | | | | | | | | | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/18 22:27:55Damien Miller2006-07-241-7/+1
| | | | | [dh.c] remove unneeded includes; ok djm@
* - djm@cvs.openbsd.org 2006/05/04 14:55:23Darren Tucker2006-05-061-2/+19
| | | | | [dh.c] tighter DH exponent checks here too; feedback and ok markus@
* - deraadt@cvs.openbsd.org 2006/03/27 13:03:54Damien Miller2006-03-311-2/+4
| | | | | [dh.c] use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
* - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller2006-03-261-0/+1
| | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
* - djm@cvs.openbsd.org 2006/03/19 02:24:05Damien Miller2006-03-261-1/+2
| | | | | | [dh.c readconf.c servconf.c] potential NULL pointer dereferences detected by Coverity via elad AT netbsd.org; ok deraadt@
* - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller2006-03-251-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
* - djm@cvs.openbsd.org 2004/08/04 10:37:52Darren Tucker2004-08-121-2/+2
| | | | | | [dh.c] return group14 when no primes found - fixes hang on empty /etc/moduli; ok markus@
* - djm@cvs.openbsd.org 2004/06/13 12:53:24Damien Miller2004-06-151-4/+24
| | | | | | | [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h] [ssh-keyscan.c sshconnect2.c sshd.c] implement diffie-hellman-group14-sha1 kex method (trivial extension to existing diffie-hellman-group1-sha1); ok markus@
* - dtucker@cvs.openbsd.org 2004/02/27 22:49:27Darren Tucker2004-02-291-3/+3
| | | | | | [dh.c] Reset bit counter at the right time, fixes debug output in the case where the DH group is rejected. ok markus@
* - dtucker@cvs.openbsd.org 2004/02/27 22:44:56Darren Tucker2004-02-291-2/+2
| | | | | | [dh.c] Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone ever uses one. ok markus@