| #
b2c330ec |
| 19-Dec-2021 |
djm <djm@openbsd.org> |
Record session ID, host key and sig at intital KEX
These will be used later for agent session ID / hostkey binding
ok markus@
|
| #
74cb32ae |
| 03-Apr-2021 |
djm <djm@openbsd.org> |
highly polished whitespace, mostly fixing spaces-for-tab and bad
indentation on continuation lines. Prompted by GHPR#185
|
| #
1c4876f5 |
| 31-Jan-2021 |
djm <djm@openbsd.org> |
more strictly enforce KEX state-machine by banning packet types
once they are received. Fixes memleak caused by duplicate
SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz
via oss-fuz
more strictly enforce KEX state-machine by banning packet types
once they are received. Fixes memleak caused by duplicate
SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz
via oss-fuzz #30078).
ok markus@
show more ...
|
| #
3e284e19 |
| 29-Dec-2020 |
djm <djm@openbsd.org> |
Update/replace the experimental post-quantim hybrid key exchange
method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced
Update/replace the experimental post-quantim hybrid key exchange
method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.
The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).
Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself
(note this both the updated method and the one that it replaced are
disabled by default)
show more ...
|
| #
493ad5b0 |
| 25-Nov-2019 |
djm <djm@openbsd.org> |
Add new structure for signature options
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to rec
Add new structure for signature options
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
show more ...
|
| #
1f96526f |
| 06-Sep-2019 |
djm <djm@openbsd.org> |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
| #
21d29470 |
| 23-Jan-2019 |
djm <djm@openbsd.org> |
pass most arguments to the KEX hash functions as sshbuf rather
than pointer+length; ok markus@
|
| #
d84d4014 |
| 21-Jan-2019 |
djm <djm@openbsd.org> |
forgot to cvs add this file in previous series of commits; grrr
|