Commit Graph

11 Commits

Author SHA1 Message Date
djm@openbsd.org
b42c61d684 upstream: Record session ID, host key and sig at intital KEX
These will be used later for agent session ID / hostkey binding

ok markus@

OpenBSD-Commit-ID: a9af29e33772b18e3e867c6fa8ab35e1694a81fe
2021-12-20 09:24:42 +11:00
djm@openbsd.org
31d8d231eb upstream: highly polished whitespace, mostly fixing spaces-for-tab
and bad indentation on continuation lines. Prompted by GHPR#185

OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
2021-04-03 17:23:02 +11:00
djm@openbsd.org
3dd0c64e08 upstream: more strictly enforce KEX state-machine by banning packet
types once they are received. Fixes memleak caused by duplicate
SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via
oss-fuzz #30078).

ok markus@

OpenBSD-Commit-ID: 87331c715c095b587d5c88724694cdeb701c9def
2021-02-01 09:57:28 +11:00
djm@openbsd.org
2c71cec020 upstream: Update/replace the experimental post-quantim hybrid key
exchange method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.

The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).

Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself

(note this both the updated method and the one that it replaced are
disabled by default)

OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
2020-12-29 12:38:53 +11:00
djm@openbsd.org
b7e74ea072 upstream: Add new structure for signature options
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.

with and ok markus@

OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
2019-11-25 12:23:33 +11:00
djm@openbsd.org
670104b923 upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06 17:54:21 +10:00
Darren Tucker
9634ffbf29 Add headers to prevent warnings w/out OpenSSL. 2019-07-23 22:26:20 +10:00
Darren Tucker
9edbd7821e Fix build when configured --without-openssl.
ok djm@
2019-03-14 10:17:28 +11:00
djm@openbsd.org
bb956eaa94 upstream: pass most arguments to the KEX hash functions as sshbuf
rather than pointer+length; ok markus@

OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7
2019-01-23 13:02:02 +11:00
Damien Miller
d50ab3cd6f new files need includes.h 2019-01-22 00:02:23 +11:00
djm@openbsd.org
f1185abbf0 upstream: forgot to cvs add this file in previous series of commits;
grrr

OpenBSD-Commit-ID: bcff316c3e7da8fd15333e05d244442c3aaa66b0
2019-01-21 23:13:53 +11:00