summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-01-22add missing headerDamien Miller
2019-01-22upstream: switch sntrup implementation source from supercop todjm@openbsd.org
libpqcrypto; the latter is almost identical but doesn't rely on signed underflow to implement an optimised integer sort; from markus@ OpenBSD-Commit-ID: cd09bbf0e0fcef1bedca69fdf7990dc360567cf8
2019-01-22new files need includes.hDamien Miller
2019-01-21upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn updjm@openbsd.org
debug verbosity. Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run in debug mode ("ssh-agent -d"), so we get to see errors from the PKCS#11 code. ok markus@ OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
2019-01-21upstream: adapt to changes in KEX APIs and file removalsdjm@openbsd.org
OpenBSD-Regress-ID: 54d6857e7c58999c7a6d40942ab0fed3529f43ca
2019-01-21upstream: adapt to changes in KEX API and file removalsdjm@openbsd.org
OpenBSD-Regress-ID: 92cad022d3b0d11e08f3e0055d6a14b8f994c0d7
2019-01-21upstream: adapt to bignum1 API removal and bignum2 API changedjm@openbsd.org
OpenBSD-Regress-ID: cea6ff270f3d560de86b355a87a2c95b55a5ca63
2019-01-21upstream: remove hack to use non-system libcryptodjm@openbsd.org
OpenBSD-Regress-ID: ce72487327eee4dfae1ab0212a1f33871fe0809f
2019-01-21dependDamien Miller
2019-01-21upstream: fix reversed arguments to kex_load_hostkey(); manifested asdjm@openbsd.org
errors in cert-hostkey.sh regress failures. OpenBSD-Commit-ID: 12dab63850b844f84d5a67e86d9e21a42fba93ba
2019-01-21upstream: forgot to cvs add this file in previous series of commits;djm@openbsd.org
grrr OpenBSD-Commit-ID: bcff316c3e7da8fd15333e05d244442c3aaa66b0
2019-01-21upstream: nothing shall escape this purgedjm@openbsd.org
OpenBSD-Commit-ID: 4795b0ff142b45448f7e15f3c2f77a947191b217
2019-01-21upstream: rename kex->kem_client_pub -> kex->client_pub now thatdjm@openbsd.org
KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
2019-01-21upstream: merge kexkem[cs] into kexgendjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: 87d886b7f1812ff9355fda1435f6ea9b71a0ac89
2019-01-21upstream: pass values used in KEX hash computation as sshbufdjm@openbsd.org
rather than pointer+len suggested by me; implemented by markus@ ok me OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0
2019-01-21upstream: remove kex_derive_keys_bn wrapper; no unused since thedjm@openbsd.org
DH-like KEX methods have moved to KEM from markus@ ok djm@ OpenBSD-Commit-ID: bde9809103832f349545e4f5bb733d316db9a060
2019-01-21upstream: use KEM API for vanilla ECDHdjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
2019-01-21fixup missing ssherr.hDamien Miller
2019-01-21upstream: use KEM API for vanilla DH KEXdjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
2019-01-21upstream: use KEM API for vanilla c25519 KEXdjm@openbsd.org
OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
2019-01-21upstream: Add support for a PQC KEX/KEM:djm@openbsd.org
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
2019-01-21upstream: factor out kex_verify_hostkey() - again, duplicateddjm@openbsd.org
almost exactly across client and server for several KEX methods. from markus@ ok djm@ OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c
2019-01-21upstream: factor out kex_load_hostkey() - this is duplicated indjm@openbsd.org
both the client and server implementations for most KEX methods. from markus@ ok djm@ OpenBSD-Commit-ID: 8232fa7c21fbfbcaf838313b0c166dc6c8762f3c
2019-01-21upstream: factor out kex_dh_compute_key() - it's shared betweendjm@openbsd.org
plain DH KEX and DH GEX in both the client and server implementations from markus@ ok djm@ OpenBSD-Commit-ID: 12186e18791fffcd4642c82e7e0cfdd7ea37e2ec
2019-01-21upstream: factor out DH keygen; it's identical between the clientdjm@openbsd.org
and the server from markus@ ok djm@ OpenBSD-Commit-ID: 2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9
2019-01-21upstream: save the derived session id in kex_derive_keys() ratherdjm@openbsd.org
than making each kex method implementation do it. from markus@ ok djm@ OpenBSD-Commit-ID: d61ade9c8d1e13f665f8663c552abff8c8a30673
2019-01-21upstream: Make sshpkt_get_bignum2() allocate the bignum it isdjm@openbsd.org
parsing rather than make the caller do it. Saves a lot of boilerplate code. from markus@ ok djm@ OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9
2019-01-21upstream: remove obsolete (SSH v.1) sshbuf_get/put_bignum1djm@openbsd.org
functions from markus@ ok djm@ OpenBSD-Commit-ID: 0380b1b2d9de063de3c5a097481a622e6a04943e
2019-01-21upstream: fix all-zero check in kexc25519_shared_keydjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: 60b1d364e0d9d34d1d1ef1620cb92e36cf06712d
2019-01-21upstream: - -T was added to the first synopsis by mistake - sincejmc@openbsd.org
"..." denotes optional, no need to surround it in [] ok djm OpenBSD-Commit-ID: 918f6d8eed4e0d8d9ef5eadae1b8983d796f0e25
2019-01-21Make --with-rpath take a flag instead of yes/no.Darren Tucker
Linkers need various flags for -rpath and similar, so make --with-rpath take an optional flag argument which is passed to the linker. ok djm@
2019-01-21fix previous testDamien Miller
2019-01-21Wrap ECC static globals in EC_KEY_METHOD_NEW too.Darren Tucker
2019-01-21pass TEST_SSH_SSHPKCS11HELPER to regress testsDamien Miller
2019-01-21make agent-pkcs11 search harder for softhsm2.soDamien Miller
2019-01-21upstream: always print the caller's error message in ossl_error(),djm@openbsd.org
even when there are no libcrypto errors to report. OpenBSD-Commit-ID: 09ebaa8f706e0eccedd209775baa1eee2ada806a
2019-01-21upstream: get the ex_data (pkcs11_key object) back from the keys atdjm@openbsd.org
the index at which it was inserted, rather than assuming index 0 OpenBSD-Commit-ID: 1f3a6ce0346c8014e895e50423bef16401510aa8
2019-01-21upstream: GSSAPI code got missed when converting to new packet APIdjm@openbsd.org
OpenBSD-Commit-ID: 37e4f06ab4a0f4214430ff462ba91acba28b7851
2019-01-21Fix -Wunused when compiling PKCS#11 without ECDSADamien Miller
2019-01-21upstream: allow override of ssh-pkcs11-helper binary viadjm@openbsd.org
$TEST_SSH_SSHPKCS11HELPER from markus@ OpenBSD-Regress-ID: 7382a3d76746f5a792d106912a5819fd5e49e469
2019-01-21upstream: adapt agent-pkcs11.sh test to softhsm2 and add supportdjm@openbsd.org
for ECDSA keys work by markus@, ok djm@ OpenBSD-Regress-ID: 1ebc2be0e88eff1b6d8be2f9c00cdc60723509fe
2019-01-21upstream: add "extra:" target to run some extra tests that are notdjm@openbsd.org
enabled by default (currently includes agent-pkcs11.sh); from markus@ OpenBSD-Regress-ID: 9a969e1adcd117fea174d368dcb9c61eb50a2a3c
2019-01-21upstream: use ECDSA_SIG_set0() instead of poking signature values intodjm@openbsd.org
structure directly; the latter works on LibreSSL but not on OpenSSL. From portable. OpenBSD-Commit-ID: 5b22a1919d9cee907d3f8a029167f70a481891c6
2019-01-21remove HAVE_DLOPEN that snuck inDamien Miller
portable doesn't use this
2019-01-21conditionalise ECDSA PKCS#11 supportDamien Miller
Require EC_KEY_METHOD support in libcrypto, evidenced by presence of EC_KEY_METHOD_new() function.
2019-01-21upstream: we use singleton pkcs#11 RSA_METHOD and EC_KEY_METHODdjm@openbsd.org
now, so there is no need to keep a copy of each in the pkcs11_key object. work by markus@, ok djm@ OpenBSD-Commit-ID: 43b4856516e45c0595f17a8e95b2daee05f12faa
2019-01-21upstream: KNF previous; from markus@djm@openbsd.org
OpenBSD-Commit-ID: 3dfe35e25b310c3968b1e4e53a0cb1d03bda5395
2019-01-21upstream: use OpenSSL's RSA reference counting hooks todjm@openbsd.org
implicitly clean up pkcs11_key objects when their owning RSA object's reference count drops to zero. Simplifies the cleanup path and makes it more like ECDSA's work by markus@, ok djm@ OpenBSD-Commit-ID: 74b9c98f405cd78f7148e9e4a4982336cd3df25c
2019-01-21upstream: make the PKCS#11 RSA code more like the new PKCS#11djm@openbsd.org
ECDSA code: use a single custom RSA_METHOD instead of a method per key suggested by me, but markus@ did all the work. ok djm@ OpenBSD-Commit-ID: 8aafcebe923dc742fc5537a995cee549d07e4b2e
2019-01-21upstream: fix leak of ECDSA pkcs11_key objectsdjm@openbsd.org
work by markus, ok djm@ OpenBSD-Commit-ID: 9fc0c4f1d640aaa5f19b8d70f37ea19b8ad284a1
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 19:46:44 +0000