summaryrefslogtreecommitdiff
path: root/kexc25519.c
AgeCommit message (Collapse)Author
2019-01-21upstream: rename kex->kem_client_pub -> kex->client_pub now thatdjm@openbsd.org
KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
2019-01-21upstream: pass values used in KEX hash computation as sshbufdjm@openbsd.org
rather than pointer+len suggested by me; implemented by markus@ ok me OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0
2019-01-21upstream: use KEM API for vanilla c25519 KEXdjm@openbsd.org
OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
2019-01-21upstream: Add support for a PQC KEX/KEM:djm@openbsd.org
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
2019-01-21upstream: fix all-zero check in kexc25519_shared_keydjm@openbsd.org
from markus@ ok djm@ OpenBSD-Commit-ID: 60b1d364e0d9d34d1d1ef1620cb92e36cf06712d
2018-12-27upstream: move client/server SSH-* banners to buffers underdjm@openbsd.org
ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@ OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2016-05-02upstream commitdjm@openbsd.org
fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@ Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
2015-03-27upstream commitdjm@openbsd.org
ban all-zero curve25519 keys as recommended by latest CFRG curves draft; ok markus
2015-01-20upstream commitmarkus@openbsd.org
adapt kex to sshbuf and struct ssh; ok djm@
2014-05-15 - djm@cvs.openbsd.org 2014/05/02 03:27:54Damien Miller
[chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c] [misc.h poly1305.h ssh-pkcs11.c defines.h] revert __bounded change; it causes way more problems for portable than it solves; pointed out by dtucker@
2014-04-20 - djm@cvs.openbsd.org 2014/03/26 04:55:35Damien Miller
[chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c [misc.h poly1305.h ssh-pkcs11.c] use __bounded(...) attribute recently added to sys/cdefs.h instead of longform __attribute__(__bounded(...)); for brevity and a warning free compilation with llvm/clang
2014-02-04 - tedu@cvs.openbsd.org 2014/01/31 16:39:19Damien Miller
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
2014-01-12 - djm@cvs.openbsd.org 2014/01/12 08:13:13Damien Miller
[bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c] [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c] avoid use of OpenSSL BIGNUM type and functions for KEX with Curve25519 by adding a buffer_put_bignum2_from_string() that stores a string using the bignum encoding rules. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in the future; ok markus@
2014-01-10 - djm@cvs.openbsd.org 2014/01/09 23:20:00Damien Miller
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c] [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c] [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c] [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c] Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@
2013-11-04 - (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files fromDamien Miller
KEX/curve25519 change