| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2007-06-07 | Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must | Peter Valchev | |
| specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@ | |||
| 2007-06-05 | Preserve MAC ctx between packets, saving 2xhash calls per-packet. | Damien Miller | |
| Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm committing at his request) | |||
| 2006-08-03 | almost entirely get rid of the culture of ".h files that include .h files" | Theo de Raadt | |
| ok djm, sort of ok stevesk makes the pain stop in one easy step | |||
| 2006-07-23 | #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h> | Kevin Steves | |
| move | |||
| 2006-04-20 | replace the last non-sig_atomic_t flag used in a signal handler with a | Damien Miller | |
| sig_atomic_t, unfortunately with some knock-on effects in other (non- signal) contexts in which it is used; ok markus@ | |||
| 2006-03-25 | standardise spacing in $OpenBSD$ tags; requested by deraadt@ | Damien Miller | |
| 2006-03-19 | spacing | Theo de Raadt | |
| 2006-03-07 | Implement the diffie-hellman-group-exchange-sha256 key exchange method | Damien Miller | |
| using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY | |||
| 2005-11-04 | remove hardcoded hash lengths in key exchange code, allowing | Damien Miller | |
| implementation of KEX methods with different hashes (e.g. SHA-256); ok markus@ dtucker@ stevesk@ | |||
| 2005-07-25 | add a new compression method that delays compression until the user | Markus Friedl | |
| has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@ | |||
| 2005-06-17 | make this -Wsign-compare clean; ok avsm@ markus@ | Damien Miller | |
| 2004-06-13 | implement diffie-hellman-group14-sha1 kex method (trivial extension to | Damien Miller | |
| existing diffie-hellman-group1-sha1); ok markus@ | |||
| 2004-05-21 | add prototypes for -Wall; ok djm | Markus Friedl | |
| 2003-02-16 | split kex into client and server code, no need to link | Markus Friedl | |
| server code into the client; ok provos@ | |||
| 2002-09-09 | signed vs unsigned from -pedantic; ok henning@ | Markus Friedl | |
| 2002-05-16 | fix warnings (openssl 0.9.7 requires const) | Markus Friedl | |
| 2002-03-18 | integrate privilege separated openssh; its turned off by default for now. | Niels Provos | |
| work done by me and markus@ | |||
| 2002-02-14 | hide some more implementation details of cipher.[ch] and prepares for move | Markus Friedl | |
| to EVP, ok deraadt@ | |||
| 2001-12-28 | remove plen from the dispatch fn. it's no longer used. | Markus Friedl | |
| 2001-12-20 | Conformance fix: we should send failing packet sequence number when | Damien Miller | |
| responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by yakk@yakk.dot.net; ok markus@ | |||
| 2001-06-26 | remove comments from .h, since they are cut&paste from the .c files | Markus Friedl | |
| and out of sync | |||
| 2001-06-26 | prototype pedant. not very creative... | Jun-ichiro itojun Hagino | |
| - () -> (void) - no variable names | |||
| 2001-06-25 | update copyright for 2001 | Markus Friedl | |
| 2001-06-23 | get rid of known_hosts2, use it for hostkey lookup, but do not modify. | Markus Friedl | |
| 2001-04-04 | more robust rekeying | Markus Friedl | |
| don't send channel data after rekeying is started. | |||
| 2001-04-04 | enable server side rekeying + some rekey related clientup. | Markus Friedl | |
| todo: we should not send any non-KEX messages after we send KEXINIT | |||
| 2001-04-04 | don't sent multiple kexinit-requests. | Markus Friedl | |
| send newkeys, block while waiting for newkeys. fix comments. | |||
| 2001-04-03 | undo parts of recent my changes: main part of keyexchange does not | Markus Friedl | |
| need dispatch-callbacks, since application data is delayed until the keyexchange completes (if i understand the drafts correctly). add some infrastructure for re-keying. | |||
| 2001-04-03 | move kex to kex*.c, used dispatch_set() callbacks for kex. should | Markus Friedl | |
| make rekeying easier. | |||
| 2001-03-29 | prepare for rekeying: move DH code to dh.c | Markus Friedl | |
| 2001-03-28 | forgot to include min and max params in hash, okay markus@ | Niels Provos | |
| 2001-03-05 | generate a 2*need size (~300 instead of 1024/2048) random private | Markus Friedl | |
| exponent during the DH key agreement. according to Niels (the great german advisor) this is safe since /etc/primes contains strong primes only. References: P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key agreement with short exponents, In Advances in Cryptology - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343. | |||
| 2001-02-11 | 1) clean up the MAC support for SSH-2 | Markus Friedl | |
| 2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@ | |||
| 2001-02-04 | unexpand and remove end-of-line whitespace; ok markus@ | Kevin Steves | |
| 2001-01-29 | $OpenBSD$ | Niklas Hallqvist | |
| 2000-12-20 | fix prototypes; from stevesk@pobox.com | Markus Friedl | |
| 2000-12-19 | replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' | Markus Friedl | |
| with u_char. | |||
| 2000-12-15 | compute diffie-hellman in parallel between server and client. okay markus@ | Niels Provos | |
| 2000-11-12 | add support for RSA to SSH2. please test. | Markus Friedl | |
| there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. IdentityFile2, HostDsaKey and DSAAuthentication are obsolete. you can use multiple IdentityFile and HostKey for all types of keys. the option DSAAuthentication is replaced by PubkeyAuthetication. | |||
| 2000-10-12 | remove unused | Markus Friedl | |
| 2000-10-11 | new cipher framework | Markus Friedl | |
| 2000-10-11 | First rough implementation of the diffie-hellman group exchange. The | Niels Provos | |
| client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. | |||
| 2000-09-07 | cleanup copyright notices on all files. I have attempted to be accurate with | Theo de Raadt | |
| the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. | |||
| 2000-05-25 | split kexinit/kexdh, factor out common code | Markus Friedl | |
| 2000-04-12 | check for reasonable public DH values | Markus Friedl | |
| 2000-04-03 | DSA, keyexchange, algorithm agreement for ssh2 | Markus Friedl | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |