#
b2c330ec |
| 19-Dec-2021 |
djm <djm@openbsd.org> |
Record session ID, host key and sig at intital KEX
These will be used later for agent session ID / hostkey binding
ok markus@
|
#
74cb32ae |
| 03-Apr-2021 |
djm <djm@openbsd.org> |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1c4876f5 |
| 31-Jan-2021 |
djm <djm@openbsd.org> |
more strictly enforce KEX state-machine by banning packet types once they are received. Fixes memleak caused by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via oss-fuz
more strictly enforce KEX state-machine by banning packet types once they are received. Fixes memleak caused by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via oss-fuzz #30078).
ok markus@
show more ...
|
#
3e284e19 |
| 29-Dec-2020 |
djm <djm@openbsd.org> |
Update/replace the experimental post-quantim hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced
Update/replace the experimental post-quantim hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761.
The sntrup761 implementaion, like sntrup4591761 before it, is public domain code extracted from the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html).
Thanks for Daniel J Bernstein for guidance on algorithm selection. Patch from Tobias Heider; feedback & ok markus@ and myself
(note this both the updated method and the one that it replaced are disabled by default)
show more ...
|
#
493ad5b0 |
| 25-Nov-2019 |
djm <djm@openbsd.org> |
Add new structure for signature options
This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to rec
Add new structure for signature options
This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field.
with and ok markus@
show more ...
|
#
1f96526f |
| 06-Sep-2019 |
djm <djm@openbsd.org> |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
#
21d29470 |
| 23-Jan-2019 |
djm <djm@openbsd.org> |
pass most arguments to the KEX hash functions as sshbuf rather than pointer+length; ok markus@
|
#
d84d4014 |
| 21-Jan-2019 |
djm <djm@openbsd.org> |
forgot to cvs add this file in previous series of commits; grrr
|