summaryrefslogtreecommitdiffstats
path: root/kex.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* - djm@cvs.openbsd.org 2010/09/22 05:01:30Damien Miller2010-09-241-2/+5
| | | | | | | | | [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@
* - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefsDarren Tucker2010-09-101-0/+2
| | | | for missing headers and compiler warnings.
* - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]Damien Miller2010-09-101-1/+4
| | | | | | [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on platforms that don't have the requisite OpenSSL support. ok dtucker@
* - djm@cvs.openbsd.org 2010/09/09 10:45:45Damien Miller2010-09-101-2/+3
| | | | | | | | | | | | | | | [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] ECDH/ECDSA compliance fix: these methods vary the hash function they use (SHA256/384/512) depending on the length of the curve in use. The previous code incorrectly used SHA256 in all cases. This fix will cause authentication failure when using 384 or 521-bit curve keys if one peer hasn't been upgraded and the other has. (256-bit curve keys work ok). In particular you may need to specify HostkeyAlgorithms when connecting to a server that has not been upgraded from an upgraded client. ok naddy@
* - djm@cvs.openbsd.org 2010/08/31 11:54:45Damien Miller2010-08-311-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* - OpenBSD CVS SyncDamien Miller2010-02-261-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - djm@cvs.openbsd.org 2010/02/26 20:29:54 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c] [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c] [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c] [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c] [sshconnect2.c sshd.8 sshd.c sshd_config.5] Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as sh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
* - andreas@cvs.openbsd.org 2009/10/24 11:13:54Darren Tucker2010-01-081-1/+3
| | | | | | | [sshconnect2.c kex.h kex.c] Let the client detect if the server supports roaming by looking for the resume@appgate.com kex algorithm. ok markus@
* - andreas@cvs.openbsd.org 2009/05/27 06:36:07Darren Tucker2009-06-211-1/+3
| | | | | | [packet.h packet.c] Add packet_put_int64() and packet_get_int64(), part of a larger change from Martin Forssen.
* - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34Damien Miller2007-06-111-3/+5
| | | | | | | | | | | | [kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1] [ssh_config.5 sshd.8 sshd_config.5] Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
* - djm@cvs.openbsd.org 2007/06/05 06:52:37Darren Tucker2007-06-051-1/+3
| | | | | | | | [kex.c monitor_wrap.c packet.c mac.h kex.h mac.c] Preserve MAC ctx between packets, saving 2xhash calls per-packet. Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm committing at his request)
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-7/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - stevesk@cvs.openbsd.org 2006/07/23 01:11:05Damien Miller2006-07-241-1/+4
| | | | | | [auth.h dispatch.c kex.h sftp-client.c] #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h> move
* - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to getDamien Miller2006-04-231-0/+1
| | | | sig_atomic_t
* - djm@cvs.openbsd.org 2006/04/20 09:27:09Damien Miller2006-04-231-2/+2
| | | | | | | [auth.h clientloop.c dispatch.c dispatch.h kex.h] replace the last non-sig_atomic_t flag used in a signal handler with a sig_atomic_t, unfortunately with some knock-on effects in other (non- signal) contexts in which it is used; ok markus@
* - djm@cvs.openbsd.org 2006/03/25 22:22:43Damien Miller2006-03-261-1/+1
| | | | | | | | | | | | | | [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] [ttymodes.h uidswap.h uuencode.h xmalloc.h] standardise spacing in $OpenBSD$ tags; requested by deraadt@
* - deraadt@cvs.openbsd.org 2006/03/19 18:53:12Damien Miller2006-03-251-2/+2
| | | | | [kex.h myproposal.h] spacing
* - djm@cvs.openbsd.org 2006/03/07 09:07:40Damien Miller2006-03-151-1/+3
| | | | | | | | [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] Implement the diffie-hellman-group-exchange-sha256 key exchange method using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY NB. no portability bits committed yet
* - djm@cvs.openbsd.org 2005/11/04 05:15:59Damien Miller2005-11-051-10/+12
| | | | | | | [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c] remove hardcoded hash lengths in key exchange code, allowing implementation of KEX methods with different hashes (e.g. SHA-256); ok markus@ dtucker@ stevesk@
* - markus@cvs.openbsd.org 2005/07/25 11:59:40Damien Miller2005-07-261-1/+5
| | | | | | | | | | | [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] [sshconnect2.c sshd.c sshd_config sshd_config.5] add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
* - djm@cvs.openbsd.org 2005/06/17 02:44:33Damien Miller2005-06-171-4/+4
| | | | | | | | | | | [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean
* - djm@cvs.openbsd.org 2004/06/13 12:53:24Damien Miller2004-06-151-1/+3
| | | | | | | [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h] [ssh-keyscan.c sshconnect2.c sshd.c] implement diffie-hellman-group14-sha1 kex method (trivial extension to existing diffie-hellman-group1-sha1); ok markus@
* - markus@cvs.openbsd.org 2004/05/21 08:43:03Darren Tucker2004-05-241-1/+4
| | | | | [kex.h moduli.c tildexpand.c] add prototypes for -Wall; ok djm
* - markus@cvs.openbsd.org 2003/02/16 17:09:57Damien Miller2003-02-241-6/+17
| | | | | | [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c] split kex into client and server code, no need to link server code into the client; ok provos@
* - markus@cvs.openbsd.org 2002/09/09 14:54:15Damien Miller2002-09-121-2/+2
| | | | | [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c] signed vs unsigned from -pedantic; ok henning@
* - markus@cvs.openbsd.org 2002/05/16 22:02:50Ben Lindstrom2002-06-061-2/+2
| | | | | [cipher.c kex.h mac.c] fix warnings (openssl 0.9.7 requires const)
* - provos@cvs.openbsd.org 2002/03/18 17:50:31Ben Lindstrom2002-03-221-1/+2
| | | | | | | | | | | [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c session.h servconf.h serverloop.c session.c sshd.c] integrate privilege separated openssh; its turned off by default for now. work done by me and markus@ applied, but outside of ensure that smaller code bits migrated with their owners.. no work was tried to 'fix' it to work. =) Later project!
* Stupid djm commits experimental code to head instead of branchDamien Miller2002-03-131-1/+0
| | | | revert
* Import of Niels Provos' 20020312 ssh-complete.diffDamien Miller2002-03-131-0/+1
| | | | PAM, Cygwin and OSF SIA will not work for sure
* - markus@cvs.openbsd.org 2002/02/14 23:41:01Damien Miller2002-02-191-1/+3
| | | | | | [authfile.c cipher.c cipher.h kex.c kex.h packet.c] hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
* - markus@cvs.openbsd.org 2001/12/28 15:06:00Damien Miller2002-01-221-2/+2
| | | | | [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c] remove plen from the dispatch fn. it's no longer used.
* - djm@cvs.openbsd.org 2001/12/20 22:50:24Damien Miller2001-12-211-2/+2
| | | | | | | | | [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c] [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c] [sshconnect2.c] Conformance fix: we should send failing packet sequence number when responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by yakk@yakk.dot.net; ok markus@
* - markus@cvs.openbsd.org 2001/06/26 17:27:25Ben Lindstrom2001-07-041-7/+7
| | | | | | | | | | | | | [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h compat.h compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h tildexpand.h uidswap.h uuencode.h xmalloc.h] remove comments from .h, since they are cut&paste from the .c files and out of sync
* - itojun@cvs.openbsd.org 2001/06/26 06:32:58Ben Lindstrom2001-07-041-10/+10
| | | | | | | | | | | [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h compat.h compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h radix.h readconf.h readpass.h rsa.h] prototype pedant. not very creative... - () -> (void) - no variable names
* - markus@cvs.openbsd.org 2001/06/25 08:25:41Ben Lindstrom2001-07-041-2/+2
| | | | | | | [channels.c channels.h cipher.c clientloop.c compat.c compat.h hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h] update copyright for 2001
* - markus@cvs.openbsd.org 2001/06/23 02:34:33Ben Lindstrom2001-06-251-2/+2
| | | | | | | [kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1 sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8] get rid of known_hosts2, use it for hostkey lookup, but do not modify.
* - markus@cvs.openbsd.org 2001/04/04 20:25:38Ben Lindstrom2001-04-051-3/+3
| | | | | | | [channels.c channels.h clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c] more robust rekeying don't send channel data after rekeying is started.
* - markus@cvs.openbsd.org 2001/04/04 14:34:58Ben Lindstrom2001-04-041-2/+2
| | | | | | [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c] enable server side rekeying + some rekey related clientup. todo: we should not send any non-KEX messages after we send KEXINIT
* - markus@cvs.openbsd.org 2001/04/04 09:48:35Ben Lindstrom2001-04-041-3/+4
| | | | | | | [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c] don't sent multiple kexinit-requests. send newkeys, block while waiting for newkeys. fix comments.
* - markus@cvs.openbsd.org 2001/04/03 23:32:12Ben Lindstrom2001-04-041-35/+40
| | | | | | | | [kex.c kex.h packet.c sshconnect2.c sshd.c] undo parts of recent my changes: main part of keyexchange does not need dispatch-callbacks, since application data is delayed until the keyexchange completes (if i understand the drafts correctly). add some infrastructure for re-keying.
* - markus@cvs.openbsd.org 2001/04/03 19:53:29Ben Lindstrom2001-04-041-32/+26
| | | | | | [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c] move kex to kex*.c, used dispatch_set() callbacks for kex. should make rekeying easier.
* - OpenBSD CVS SyncDamien Miller2001-03-301-6/+1
| | | | | | - markus@cvs.openbsd.org 2001/03/29 21:17:40 [dh.c dh.h kex.c kex.h] prepare for rekeying: move DH code to dh.c
* - (djm) OpenBSD CVS SyncDamien Miller2001-03-301-2/+3
| | | | | | - provos@cvs.openbsd.org 2001/03/28 21:59:41 [kex.c kex.h sshconnect2.c sshd.c] forgot to include min and max params in hash, okay markus@
* - markus@cvs.openbsd.org 2001/03/05 17:17:21Ben Lindstrom2001-03-061-2/+2
| | | | | | | | | | | | | [kex.c kex.h sshconnect2.c sshd.c] generate a 2*need size (~300 instead of 1024/2048) random private exponent during the DH key agreement. according to Niels (the great german advisor) this is safe since /etc/primes contains strong primes only. References: P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key agreement with short exponents, In Advances in Cryptology - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
* - markus@cvs.openbsd.org 2001/02/11 12:59:25Ben Lindstrom2001-02-151-2/+4
| | | | | | | | | | [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c] 1) clean up the MAC support for SSH-2 2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@
* RCSIDKevin Steves2001-02-051-1/+1
|
* - stevesk@cvs.openbsd.org 2001/02/04 08:32:27Kevin Steves2001-02-051-1/+1
| | | | | [many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
* - niklas@cvs.openbsd.org 2001/01/2001Ben Lindstrom2001-01-291-0/+2
| | | | | | | | | | [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1 ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h] $OpenBSD$
* One way to massive patch. <sigh> It compiles and works under Linux..Ben Lindstrom2000-12-221-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | And I think I have all the bits right from the OpenBSD tree. 20001222 - Updated RCSID for pty.c - (bal) OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/12/21 15:10:16 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - markus@cvs.openbsd.org 2000/12/20 19:26:56 [authfile.c] allow ssh -i userkey for root - markus@cvs.openbsd.org 2000/12/20 19:37:21 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] fix prototypes; from stevesk@pobox.com - markus@cvs.openbsd.org 2000/12/20 19:32:08 [sshd.c] init pointer to NULL; report from Jan.Ivan@cern.ch - markus@cvs.openbsd.org 2000/12/19 23:17:54 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char unsigned' with u_char.
* - provos@cvs.openbsd.org 2000/12/15 10:30:15Kevin Steves2000-12-161-0/+1
| | | | | [kex.c kex.h sshconnect2.c sshd.c] compute diffie-hellman in parallel between server and client. okay markus@
* - (djm) Merge OpenBSD changes:Damien Miller2000-11-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - markus@cvs.openbsd.org 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi - markus@cvs.openbsd.org 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - markus@cvs.openbsd.org 2000/11/09 18:04:40 [auth1.c] typo; from mouring@pconline.com - markus@cvs.openbsd.org 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - markus@cvs.openbsd.org 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version