Commit 5bf8f82e authored by Niels Möller's avatar Niels Möller

*** empty log message ***

Rev: ChangeLog:1.243
Rev: doc/TODO:1.90
Rev: doc/lsh.texinfo:1.18
Rev: src/spki.c:1.22
parent 3672ad2e
2000-09-15 Niels Mller <nisse@cuckoo.localdomain>
* src/parse.c (parse_next_atom): Updated comment. Return error for
empty atoms.
(parse_atoms): Handle the empty list case better.
(parse_atom_list): Simplified.
* src/keyexchange.c (do_handle_kexinit): Check kex_state.
(do_handle_kexinit): Check length of received kex_algorithms list.
(do_handle_kexinit): Set kex_state to KEX_STATE_IGNORE or
KEX_STATE_IN_PROGRESS as appropriate.
(do_handle_newkeys): Clear kexinits and literal_kexinits when
resetting kex_state (fixes key renegotiation bug reported by jps).
(kexinit_filter): New command.
* src/dh_exchange.c (init_dh_instance): Don't clear
connection->kexinits and connection->literal_kexinits here.
* src/connection_commands.c (handshake_command): Added
make_kexinit argument (and deleted the corresponding field from
handshake_info). Updated all callers.
* src/client_keyexchange.c (do_init_client_dh): Don't touch connection->kex_state.
(do_init_client_srp): Likewise.
* src/server_keyexchange.c: Likewise.
* src/algorithms.c (list_hostkey_algorithms): New function.
(lookup_hostkey_algorithm): New function.
(algorithms_options): New option --hostkey-algorithm.
(filter_algorithms): New function.
(filter_algorithms_l): New function.
* src/lshd.c: Renamed lshd_listen to make_lshd_listen and
lshd_connection_service to make_lshd_connection_service.
(make_lshd_listen): Use kexinit_filter to restrict announced
hostkey algorithms to those that we actually have keys for.
(make_lshd_listen): Use listen_callback, in order to get the right
evaluation order.
2000-09-14 Niels Mller <nisse@cuckoo.localdomain>
* src/algorithms.c (default_crypto_algorithms): Make the default
list more restrictive.
(all_crypto_algorithms): New function, returning a less
conservative algorithm list.
* src/connection.h (ssh_connection): Deleted obsolete newkeys
* src/process_atoms (atom2define): Replace @domain suffix with
* src/lsh-writekey.c (make_lsh_writekey_options): Use
all_symmetric_algorithms() and all_symmetric_algorithms().
* src/lsh.c (make_options): Likewise.
* src/lsh_proxy.c (main): Likewise.
* src/lshd.c (make_lshd_options): Likewise.
* src/ Added suffix to non-standard
2000-09-14 Niels Mller <>
* src/keyexchange.c (do_handle_newkeys): Clear
......@@ -242,3 +242,5 @@ supported algorithms in the list?
Use static objects for crypto algorithms with fixed key sizes and
other parameters.
Replace most defines with enums, for improved type checking.
......@@ -948,12 +948,14 @@ algorithm negotiation will fail because the peer doesn't support
prefers not to use it.
@item @option{-c} @tab Encryption
@tab @code{3dec-cbc}, @code{blowfish-cbc}, @code{cast128-cbc},
@code{serpent-cbc}, @code{twofish-cbc}, @code{rijndael-cbc},
@tab @code{3dec-cbc}, @code{blowfish-cbc}, @code{arcfour}
@tab The default encryption algorithm is triple-DES in CBC mode. This
seems to be the algorithm of choice among conservative cryptographers.
The default list includes only quite old and well studied algorithms.
There is a special algorithm name @code{all} to enable all supported
encryption algorithms (except @code{none}).
@item @option{-m} @tab Message Authentication
@tab @code{hmac-sha1}, @code{hmac-md5}
......@@ -299,7 +299,7 @@ parse_private_key(struct alist *algorithms,
werror("spki.c: Unknown key type (only dsa is supported).");
werror("spki.c: Unknown key type (only dsa is supported).\n");
SPKI_ERROR(e, "spki.c: Unknown key type (only dsa is supported).", expr);
......@@ -989,6 +989,10 @@ do_spki_lookup(struct spki_context *s,
return subject;
werror("do_spki_lookup: spki sequences not yet supported.\n");
return NULL;
werror("do_spki_lookup: names not yet supported.\n");
return NULL;
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment