diff options
| author | Damien Miller <djm@mindrot.org> | 2012-12-12 10:46:31 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2012-12-12 10:46:31 +1100 |
| commit | af43a7ac2d77c57112b48f34c7a72be2adb761bc (patch) | |
| tree | 4381616492fbbca62d39c042f16221f681c1d37f /kex.h | |
| parent | 6a1937eac5da5bdcf33aaa922ce5de0c764e37ed (diff) | |
- markus@cvs.openbsd.org 2012/12/11 22:31:18
[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
[packet.c ssh_config.5 sshd_config.5]
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
that change the packet format and compute the MAC over the encrypted
message (including the packet size) instead of the plaintext data;
these EtM modes are considered more secure and used by default.
feedback and ok djm@
Diffstat (limited to 'kex.h')
| -rw-r--r-- | kex.h | 3 |
1 files changed, 2 insertions, 1 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.h,v 1.52 2010/09/22 05:01:29 djm Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.53 2012/12/11 22:31:18 markus Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| @@ -100,6 +100,7 @@ struct Mac { | |||
| 100 | u_char *key; | 100 | u_char *key; |
| 101 | u_int key_len; | 101 | u_int key_len; |
| 102 | int type; | 102 | int type; |
| 103 | int etm; /* Encrypt-then-MAC */ | ||
| 103 | const EVP_MD *evp_md; | 104 | const EVP_MD *evp_md; |
| 104 | HMAC_CTX evp_ctx; | 105 | HMAC_CTX evp_ctx; |
| 105 | struct umac_ctx *umac_ctx; | 106 | struct umac_ctx *umac_ctx; |