- pvalchev@cvs.openbsd.org 2007/06/07 19:37:34

[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1] [ssh_config.5 sshd.8 sshd_config.5] Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
author: Damien Miller <djm@mindrot.org> 2007-06-11 14:01:42 +1000
committer: Damien Miller <djm@mindrot.org> 2007-06-11 14:01:42 +1000
commit: e45796f7b425c04b6ba2d1f72e22c0cb6b3322ef (patch)
tree: 4882ccdb6184b1cf259ff916c2f716f3d1238f93 /kex.h
parent: 835284b74c984600aa50ebac527c37238027b4da (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/kex.h b/kex.h
index ecf43130f..8e29c90e9 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.45 2007/06/05 06:52:37 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.46 2007/06/07 19:37:34 pvalchev Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -87,11 +87,13 @@ struct Enc {
 struct Mac {
        char    *name;
        int     enabled;
-        const EVP_MD    *md;
        u_int   mac_len;
        u_char  *key;
        u_int   key_len;
-        HMAC_CTX        ctx;
+        int     type;
+        const EVP_MD    *evp_md;
+        HMAC_CTX        evp_ctx;
+        struct umac_ctx *umac_ctx;
 };
 struct Comp {
        int     type;
author	Damien Miller <djm@mindrot.org>	2007-06-11 14:01:42 +1000
committer	Damien Miller <djm@mindrot.org>	2007-06-11 14:01:42 +1000
commit	e45796f7b425c04b6ba2d1f72e22c0cb6b3322ef (patch)
tree	4882ccdb6184b1cf259ff916c2f716f3d1238f93 /kex.h
parent	835284b74c984600aa50ebac527c37238027b4da (diff)