1. 07 Dec, 2013 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2013/12/06 13:39:49 · 5be9d9e3
      Damien Miller authored
           [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
           [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
           [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
           [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
           [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
           support ed25519 keys (hostkeys and user identities) using the public
           domain ed25519 reference code from SUPERCOP, see
           http://ed25519.cr.yp.to/software.html
           feedback, help & ok djm@
      5be9d9e3
  2. 21 Nov, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/11/21 00:45:44 · 0fde8acd
      Damien Miller authored
           [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
           [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
           [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
           [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
           cipher "chacha20-poly1305@openssh.com" that combines Daniel
           Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
           authenticated encryption mode.
      
           Inspired by and similar to Adam Langley's proposal for TLS:
           http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
           but differs in layout used for the MAC calculation and the use of a
           second ChaCha20 instance to separately encrypt packet lengths.
           Details are in the PROTOCOL.chacha20poly1305 file.
      
           Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
           ok markus@ naddy@
      0fde8acd
  3. 09 Nov, 2013 1 commit
  4. 08 Nov, 2013 1 commit
  5. 03 Nov, 2013 1 commit
  6. 11 Jun, 2013 2 commits
  7. 05 Jun, 2013 1 commit
  8. 09 Jan, 2013 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2013/01/08 18:49:04 · 1d75abfe
      Damien Miller authored
           [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
           [myproposal.h packet.c ssh_config.5 sshd_config.5]
           support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
           ok and feedback djm@
      1d75abfe
  9. 11 Dec, 2012 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2012/12/11 22:31:18 · af43a7ac
      Damien Miller authored
           [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
           [packet.c ssh_config.5 sshd_config.5]
           add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
           that change the packet format and compute the MAC over the encrypted
           message (including the packet size) instead of the plaintext data;
           these EtM modes are considered more secure and used by default.
           feedback and ok djm@
      af43a7ac
  10. 05 Oct, 2012 2 commits
  11. 30 Jun, 2012 1 commit
  12. 29 Jun, 2012 1 commit
    • Damien Miller's avatar
      - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 · db4f8e86
      Damien Miller authored
           [mac.c myproposal.h ssh_config.5 sshd_config.5]
           Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
           from draft6 of the spec and will not be in the RFC when published.  Patch
           from mdb at juniper net via bz#2023, ok markus.
      db4f8e86
  13. 17 Aug, 2011 1 commit
  14. 05 Aug, 2011 1 commit
  15. 13 Jan, 2011 1 commit
  16. 10 Sep, 2010 2 commits
  17. 31 Aug, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/31 11:54:45 · eb8b60e3
      Damien Miller authored
           [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
           [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
           [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
           [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
           [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
           [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
           [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
           Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
           host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
           better performance than plain DH and DSA at the same equivalent symmetric
           key length, as well as much shorter keys.
      
           Only the mandatory sections of RFC5656 are implemented, specifically the
           three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
           ECDSA. Point compression (optional in RFC5656 is NOT implemented).
      
           Certificate host and user keys using the new ECDSA key types are supported.
      
           Note that this code has not been tested for interoperability and may be
           subject to change.
      
           feedback and ok markus@
      eb8b60e3
  18. 16 Apr, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/04/16 01:47:26 · 4e270b05
      Damien Miller authored
           [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
           [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
           [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
           [sshconnect.c sshconnect2.c sshd.c]
           revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
           following changes:
      
           move the nonce field to the beginning of the certificate where it can
           better protect against chosen-prefix attacks on the signature hash
      
           Rename "constraints" field to "critical options"
      
           Add a new non-critical "extensions" field
      
           Add a serial number
      
           The older format is still support for authentication and cert generation
           (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
      
           ok markus@
      4e270b05
  19. 26 Feb, 2010 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Sync · 0a80ca19
      Damien Miller authored
         - djm@cvs.openbsd.org 2010/02/26 20:29:54
           [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
           [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
           [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
           [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
           [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
           [sshconnect2.c sshd.8 sshd.c sshd_config.5]
           Add support for certificate key types for users and hosts.
      
           OpenSSH certificate key types are not X.509 certificates, but a much
           simpler format that encodes a public key, identity information and
           some validity constraints and signs it with a CA key. CA keys are
           regular SSH keys. This certificate style avoids the attack surface
           of X.509 certificates and is very easy to deploy.
      
           Certified host keys allow automatic acceptance of new host keys
           when a CA certificate is marked as sh/known_hosts.
           see VERIFYING HOST KEYS in ssh(1) for details.
      
           Certified user keys allow authentication of users when the signing
           CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
           FILE FORMAT" in sshd(8) for details.
      
           Certificates are minted using ssh-keygen(1), documentation is in
           the "CERTIFICATES" section of that manpage.
      
           Documentation on the format of certificates is in the file
           PROTOCOL.certkeys
      
           feedback and ok markus@
      0a80ca19
  20. 28 Jan, 2009 1 commit
  21. 11 Jun, 2007 1 commit
    • Damien Miller's avatar
      - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34 · e45796f7
      Damien Miller authored
           [kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
           [ssh_config.5 sshd.8 sshd_config.5]
           Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
           must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
           compared to hmac-md5. Represents a different approach to message
           authentication to that of HMAC that may be beneficial if HMAC based on
           one of its underlying hash algorithms is found to be vulnerable to a
           new attack.  http://www.ietf.org/rfc/rfc4418.txt
           in conjunction with and OK djm@
      e45796f7
  22. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 22:22:43 · 51096383
      Damien Miller authored
           [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
           [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
           [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
           [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
           [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
           [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
           [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
           [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
           [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
           [ttymodes.h uidswap.h uuencode.h xmalloc.h]
           standardise spacing in $OpenBSD$ tags; requested by deraadt@
      51096383
  23. 25 Mar, 2006 1 commit
  24. 16 Mar, 2006 1 commit
  25. 15 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/07 09:07:40 · a63128d1
      Damien Miller authored
           [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
           Implement the diffie-hellman-group-exchange-sha256 key exchange method
           using the SHA256 code in libc (and wrapper to make it into an OpenSSL
           EVP), interop tested against CVS PuTTY
           NB. no portability bits committed yet
      a63128d1
  26. 26 Jul, 2005 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2005/07/25 11:59:40 · 9786e6e2
      Damien Miller authored
           [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
           [sshconnect2.c sshd.c sshd_config sshd_config.5]
           add a new compression method that delays compression until the user
           has been authenticated successfully and set compression to 'delayed'
           for sshd.
           this breaks older openssh clients (< 3.5) if they insist on
           compression, so you have to re-enable compression in sshd_config.
           ok djm@
      9786e6e2
  27. 26 May, 2005 1 commit
  28. 15 Jun, 2004 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2004/06/13 12:53:24 · f675fc49
      Damien Miller authored
           [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
           [ssh-keyscan.c sshconnect2.c sshd.c]
           implement diffie-hellman-group14-sha1 kex method (trivial extension to
           existing diffie-hellman-group1-sha1); ok markus@
      f675fc49
  29. 18 May, 2003 1 commit
  30. 04 Apr, 2002 1 commit
  31. 22 Jan, 2002 1 commit
  32. 06 Oct, 2001 1 commit
  33. 22 Jul, 2001 1 commit
  34. 06 Mar, 2001 1 commit
  35. 15 Feb, 2001 1 commit
    • Ben Lindstrom's avatar
      - markus@cvs.openbsd.org 2001/02/11 12:59:25 · 06b33aa0
      Ben Lindstrom authored
           [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
            sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
           1) clean up the MAC support for SSH-2
           2) allow you to specify the MAC with 'ssh -m'
           3) or the 'MACs' keyword in ssh(d)_config
           4) add hmac-{md5,sha1}-96
                   ok stevesk@, provos@
      06b33aa0
  36. 29 Jan, 2001 1 commit
    • Ben Lindstrom's avatar
      - niklas@cvs.openbsd.org 2001/01/2001 · 36579d3d
      Ben Lindstrom authored
           [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
            groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
            key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
            radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
            ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
            sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
           $OpenBSD$
      36579d3d
  37. 13 Nov, 2000 1 commit
    • Damien Miller's avatar
      - (djm) Merge OpenBSD changes: · 0bc1bd81
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/11/06 16:04:56
           [channels.c channels.h clientloop.c nchan.c serverloop.c]
           [session.c ssh.c]
           agent forwarding and -R for ssh2, based on work from
           jhuuskon@messi.uku.fi
         - markus@cvs.openbsd.org  2000/11/06 16:13:27
           [ssh.c sshconnect.c sshd.c]
           do not disabled rhosts(rsa) if server port > 1024; from
           pekkas@netcore.fi
         - markus@cvs.openbsd.org  2000/11/06 16:16:35
           [sshconnect.c]
           downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
         - markus@cvs.openbsd.org  2000/11/09 18:04:40
           [auth1.c]
           typo; from mouring@pconline.com
         - markus@cvs.openbsd.org  2000/11/12 12:03:28
           [ssh-agent.c]
           off-by-one when removing a key from the agent
         - markus@cvs.openbsd.org  2000/11/12 12:50:39
           [auth-rh-rsa.c auth2.c authfd.c authfd.h]
           [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
           [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
           [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
           [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
           [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
           add support for RSA to SSH2.  please test.
           there are now 3 types of keys: RSA1 is used by ssh-1 only,
           RSA and DSA are used by SSH2.
           you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
           keys for SSH2 and use the RSA keys for hostkeys or for user keys.
           SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
       - (djm) Fix up Makefile and Redhat init script to create RSA host keys
       - (djm) Change to interim version
      0bc1bd81