diff options
author | Damien Miller <djm@mindrot.org> | 2012-12-12 10:46:31 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2012-12-12 10:46:31 +1100 |
commit | af43a7ac2d77c57112b48f34c7a72be2adb761bc (patch) | |
tree | 4381616492fbbca62d39c042f16221f681c1d37f /myproposal.h | |
parent | 6a1937eac5da5bdcf33aaa922ce5de0c764e37ed (diff) |
- markus@cvs.openbsd.org 2012/12/11 22:31:18
[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
[packet.c ssh_config.5 sshd_config.5]
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
that change the packet format and compute the MAC over the encrypted
message (including the packet size) instead of the plaintext data;
these EtM modes are considered more secure and used by default.
feedback and ok djm@
Diffstat (limited to 'myproposal.h')
-rw-r--r-- | myproposal.h | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/myproposal.h b/myproposal.h index 5e2b99857..d98f4b051 100644 --- a/myproposal.h +++ b/myproposal.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: myproposal.h,v 1.30 2012/10/04 13:21:50 markus Exp $ */ | 1 | /* $OpenBSD: myproposal.h,v 1.31 2012/12/11 22:31:18 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -83,6 +83,15 @@ | |||
83 | # define SHA2_HMAC_MODES | 83 | # define SHA2_HMAC_MODES |
84 | #endif | 84 | #endif |
85 | #define KEX_DEFAULT_MAC \ | 85 | #define KEX_DEFAULT_MAC \ |
86 | "hmac-md5-etm@openssh.com," \ | ||
87 | "hmac-sha1-etm@openssh.com," \ | ||
88 | "umac-64-etm@openssh.com," \ | ||
89 | "umac-128-etm@openssh.com," \ | ||
90 | "hmac-sha2-256-etm@openssh.com," \ | ||
91 | "hmac-sha2-512-etm@openssh.com," \ | ||
92 | "hmac-ripemd160-etm@openssh.com," \ | ||
93 | "hmac-sha1-96-etm@openssh.com," \ | ||
94 | "hmac-md5-96-etm@openssh.com," \ | ||
86 | "hmac-md5," \ | 95 | "hmac-md5," \ |
87 | "hmac-sha1," \ | 96 | "hmac-sha1," \ |
88 | "umac-64@openssh.com," \ | 97 | "umac-64@openssh.com," \ |