History log of /openssh-portable/ssh_api.c (Results 1 - 25 of 33)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 9a14c64c 31-Oct-2019 djm@openbsd.org

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign()

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c

show more ...


Revision tags: V_8_1_P1
# b36ee3fc 13-Sep-2019 dtucker@openbsd.org

upstream: Plug mem leaks on error paths, based in part on github

pr#120 from David Carlier. ok djm@.

OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e


# 670104b9 06-Sep-2019 djm@openbsd.org

upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@

OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f


# be02d7cb 06-Sep-2019 djm@openbsd.org

upstream: lots of things were relying on libcrypto headers to

transitively include various system headers (mostly stdlib.h); include them
explicitly

OpenBSD-Commit-ID: 5b522f4f2

upstream: lots of things were relying on libcrypto headers to

transitively include various system headers (mostly stdlib.h); include them
explicitly

OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080

show more ...


Revision tags: V_8_0_P1
# aaca72d6 21-Jan-2019 djm@openbsd.org

upstream: rename kex->kem_client_pub -> kex->client_pub now that

KEM has been renamed to kexgen

from markus@ ok djm@

OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8

upstream: rename kex->kem_client_pub -> kex->client_pub now that

KEM has been renamed to kexgen

from markus@ ok djm@

OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8

show more ...


# 92dda34e 21-Jan-2019 djm@openbsd.org

upstream: use KEM API for vanilla ECDH

from markus@ ok djm@

OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c


# 9c9c97e1 21-Jan-2019 djm@openbsd.org

upstream: use KEM API for vanilla DH KEX

from markus@ ok djm@

OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9


# 2f6a9ddb 21-Jan-2019 djm@openbsd.org

upstream: use KEM API for vanilla c25519 KEX

OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f


# dfd59161 21-Jan-2019 djm@openbsd.org

upstream: Add support for a PQC KEX/KEM:

sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss.

upstream: Add support for a PQC KEX/KEM:

sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not
enabled by default.

introduce KEM API; a simplified framework for DH-ish KEX methods.

from markus@ feedback & ok djm@

OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7

show more ...


# 04c091fc 19-Jan-2019 djm@openbsd.org

upstream: remove last references to active_state

with & ok markus@

OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2


# 0a843d9a 26-Dec-2018 djm@openbsd.org

upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be mor

upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b

show more ...


# 42c5ec4b 22-Nov-2018 Damien Miller

refactor libcrypto initialisation

Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call t

refactor libcrypto initialisation

Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().

Prompted by patch from Rosen Penev

show more ...


# 31b49525 22-Oct-2018 Darren Tucker

Include openssl compatibility.

Patch from rosenp at gmail.com via openssh-unix-dev.


Revision tags: V_7_9_P1, V_7_8_P1, V_7_7_P1, V_7_6_P1
# 97f4d308 30-Apr-2017 djm@openbsd.org

upstream commit

remove compat20/compat13/compat15 variables

ok markus@

Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c


Revision tags: V_7_5_P1, V_7_4_P1, V_7_3_P1
# 05164541 04-May-2016 markus@openbsd.org

upstream commit

move SSH_MSG_NONE, so we don't have to include ssh1.h;
ok deraadt@

Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e


# 0e8eeec8 02-May-2016 djm@openbsd.org

upstream commit

add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03

diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K

upstream commit

add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03

diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)

based on patch from Mark D. Baushke and Darren Tucker
ok markus@

Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f

show more ...


Revision tags: V_7_2_P2, V_7_2_P1, V_7_1_P2
# 76c9fbbe 04-Dec-2015 markus@openbsd.org

upstream commit

implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@

upstream commit

implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@

Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309

show more ...


Revision tags: V_7_1_P1, V_7_0_P1, V_6_9_P1, V_6_8_P1
# f2004cd1 22-Feb-2015 Darren Tucker

Repair for non-ECC OpenSSL.

Ifdef out the ECC parts when building with an OpenSSL that doesn't have
it.


# 773dda25 30-Jan-2015 Damien Miller

repair --without-openssl; broken in refactor


# 523463a3 16-Feb-2015 djm@openbsd.org

upstream commit

Revise hostkeys@openssh.com hostkey learning extension.

The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostke

upstream commit

Revise hostkeys@openssh.com hostkey learning extension.

The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.

Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.

ok markus@

show more ...


# 4509b5d4 29-Jan-2015 djm@openbsd.org

upstream commit

avoid more fatal/exit in the packet.c paths that
ssh-keyscan uses; feedback and "looks good" markus@


# 5104db7c 26-Jan-2015 djm@openbsd.org

upstream commit

correctly match ECDSA subtype (== curve) for
offered/recevied host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with

upstream commit

correctly match ECDSA subtype (== curve) for
offered/recevied host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with different curve type (an extremely
unlikely configuration).

ok markus, "looks mechanical" deraadt@

show more ...


# f582f0e9 19-Jan-2015 markus@openbsd.org

upstream commit

add experimental api for packet layer; ok djm@


# 97f4d308 30-Apr-2017 djm@openbsd.org

upstream commit

remove compat20/compat13/compat15 variables

ok markus@

Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c


# 05164541 04-May-2016 markus@openbsd.org

upstream commit

move SSH_MSG_NONE, so we don't have to include ssh1.h;
ok deraadt@

Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e


12