Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 041ab7c1e7d6514ed84a539a767f79ffb356e807
commit041ab7c1e7d6514ed84a539a767f79ffb356e807[log] [tgz]
authorDamien Miller <djm@mindrot.org>Fri Sep 10 11:23:34 2010 +1000
committerDamien Miller <djm@mindrot.org>Fri Sep 10 11:23:34 2010 +1000
treec6528487bfc1cfa824655e48ef884b2c268c8588
parent3796ab47d3f68f69512c360f178b77bf0fb12b4f [diff]
   - djm@cvs.openbsd.org 2010/09/09 10:45:45
     [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
     ECDH/ECDSA compliance fix: these methods vary the hash function they use
     (SHA256/384/512) depending on the length of the curve in use. The previous
     code incorrectly used SHA256 in all cases.

     This fix will cause authentication failure when using 384 or 521-bit curve
     keys if one peer hasn't been upgraded and the other has. (256-bit curve
     keys work ok). In particular you may need to specify HostkeyAlgorithms
     when connecting to a server that has not been upgraded from an upgraded
     client.

     ok naddy@
8 files changed
tree: c6528487bfc1cfa824655e48ef884b2c268c8588
  1. contrib/
  2. openbsd-compat/
  3. regress/
  4. scard/
  5. .cvsignore
  6. aclocal.m4
  7. acss.c
  8. acss.h
  9. addrmatch.c
  10. atomicio.c
  11. atomicio.h
  12. audit-bsm.c
  13. audit.c
  14. audit.h
  15. auth-bsdauth.c
  16. auth-chall.c
  17. auth-krb5.c
  18. auth-options.c
  19. auth-options.h
  20. auth-pam.c
  21. auth-pam.h
  22. auth-passwd.c
  23. auth-rh-rsa.c
  24. auth-rhosts.c
  25. auth-rsa.c
  26. auth-shadow.c
  27. auth-sia.c
  28. auth-sia.h
  29. auth-skey.c
  30. auth.c
  31. auth.h
  32. auth1.c
  33. auth2-chall.c
  34. auth2-gss.c
  35. auth2-hostbased.c
  36. auth2-jpake.c
  37. auth2-kbdint.c
  38. auth2-none.c
  39. auth2-passwd.c
  40. auth2-pubkey.c
  41. auth2.c
  42. authfd.c
  43. authfd.h
  44. authfile.c
  45. authfile.h
  46. bufaux.c
  47. bufbn.c
  48. bufec.c
  49. buffer.c
  50. buffer.h
  51. buildpkg.sh.in
  52. canohost.c
  53. canohost.h
  54. ChangeLog
  55. channels.c
  56. channels.h
  57. cipher-3des1.c
  58. cipher-acss.c
  59. cipher-aes.c
  60. cipher-bf1.c
  61. cipher-ctr.c
  62. cipher.c
  63. cipher.h
  64. cleanup.c
  65. clientloop.c
  66. clientloop.h
  67. compat.c
  68. compat.h
  69. compress.c
  70. compress.h
  71. config.guess
  72. config.sub
  73. configure.ac
  74. crc32.c
  75. crc32.h
  76. CREDITS
  77. deattack.c
  78. deattack.h
  79. defines.h
  80. dh.c
  81. dh.h
  82. dispatch.c
  83. dispatch.h
  84. dns.c
  85. dns.h
  86. entropy.c
  87. entropy.h
  88. fatal.c
  89. fixpaths
  90. fixprogs
  91. groupaccess.c
  92. groupaccess.h
  93. gss-genr.c
  94. gss-serv-krb5.c
  95. gss-serv.c
  96. hostfile.c
  97. hostfile.h
  98. includes.h
  99. INSTALL
  100. install-sh
  101. jpake.c
  102. jpake.h
  103. kex.c
  104. kex.h
  105. kexdh.c
  106. kexdhc.c
  107. kexdhs.c
  108. kexecdh.c
  109. kexecdhc.c
  110. kexecdhs.c
  111. kexgex.c
  112. kexgexc.c
  113. kexgexs.c
  114. key.c
  115. key.h
  116. LICENCE
  117. log.c
  118. log.h
  119. loginrec.c
  120. loginrec.h
  121. logintest.c
  122. mac.c
  123. mac.h
  124. Makefile.in
  125. match.c
  126. match.h
  127. md-sha256.c
  128. md5crypt.c
  129. md5crypt.h
  130. mdoc2man.awk
  131. misc.c
  132. misc.h
  133. mkinstalldirs
  134. moduli
  135. moduli.5
  136. moduli.c
  137. monitor.c
  138. monitor.h
  139. monitor_fdpass.c
  140. monitor_fdpass.h
  141. monitor_mm.c
  142. monitor_mm.h
  143. monitor_wrap.c
  144. monitor_wrap.h
  145. msg.c
  146. msg.h
  147. mux.c
  148. myproposal.h
  149. nchan.c
  150. nchan.ms
  151. nchan2.ms
  152. openssh.xml.in
  153. opensshd.init.in
  154. OVERVIEW
  155. packet.c
  156. packet.h
  157. pathnames.h
  158. pkcs11.h
  159. platform.c
  160. platform.h
  161. progressmeter.c
  162. progressmeter.h
  163. PROTOCOL
  164. PROTOCOL.agent
  165. PROTOCOL.certkeys
  166. PROTOCOL.mux
  167. readconf.c
  168. readconf.h
  169. README
  170. README.dns
  171. README.platform
  172. README.privsep
  173. README.tun
  174. readpass.c
  175. rijndael.c
  176. rijndael.h
  177. roaming.h
  178. roaming_client.c
  179. roaming_common.c
  180. roaming_dummy.c
  181. roaming_serv.c
  182. rsa.c
  183. rsa.h
  184. schnorr.c
  185. schnorr.h
  186. scp.1
  187. scp.c
  188. servconf.c
  189. servconf.h
  190. serverloop.c
  191. serverloop.h
  192. session.c
  193. session.h
  194. sftp-client.c
  195. sftp-client.h
  196. sftp-common.c
  197. sftp-common.h
  198. sftp-glob.c
  199. sftp-server-main.c
  200. sftp-server.8
  201. sftp-server.c
  202. sftp.1
  203. sftp.c
  204. sftp.h
  205. ssh-add.1
  206. ssh-add.c
  207. ssh-agent.1
  208. ssh-agent.c
  209. ssh-dss.c
  210. ssh-ecdsa.c
  211. ssh-gss.h
  212. ssh-keygen.1
  213. ssh-keygen.c
  214. ssh-keyscan.1
  215. ssh-keyscan.c
  216. ssh-keysign.8
  217. ssh-keysign.c
  218. ssh-pkcs11-client.c
  219. ssh-pkcs11-helper.8
  220. ssh-pkcs11-helper.c
  221. ssh-pkcs11.c
  222. ssh-pkcs11.h
  223. ssh-rand-helper.8
  224. ssh-rand-helper.c
  225. ssh-rsa.c
  226. ssh.1
  227. ssh.c
  228. ssh.h
  229. ssh1.h
  230. ssh2.h
  231. ssh_config
  232. ssh_config.5
  233. ssh_prng_cmds.in
  234. sshconnect.c
  235. sshconnect.h
  236. sshconnect1.c
  237. sshconnect2.c
  238. sshd.8
  239. sshd.c
  240. sshd_config
  241. sshd_config.5
  242. sshlogin.c
  243. sshlogin.h
  244. sshpty.c
  245. sshpty.h
  246. sshtty.c
  247. survey.sh.in
  248. TODO
  249. ttymodes.c
  250. ttymodes.h
  251. uidswap.c
  252. uidswap.h
  253. umac.c
  254. umac.h
  255. uuencode.c
  256. uuencode.h
  257. version.h
  258. WARNING.RNG
  259. xmalloc.c
  260. xmalloc.h