History log of /openbsd-src/usr.bin/ssh/ssh-ecdsa.c (Results 1 – 25 of 27)
Revision Date Author Comments
# 5411e769 15-Aug-2024 djm <djm@openbsd.org>

Convert RSA and ECDSA key to the libcrypto EVP_PKEY API. DSA remains
unconverted as it will be removed within six months.

Based on patches originally from Dmitry Belyavskiy, but significantly
rework

Convert RSA and ECDSA key to the libcrypto EVP_PKEY API. DSA remains
unconverted as it will be removed within six months.

Based on patches originally from Dmitry Belyavskiy, but significantly
reworked based on feedback from Bob Beck, Joel Sing and especially
Theo Buehler (apologies to anyone I've missed).

ok tb@

show more ...


# 5b133f3f 08-Mar-2023 guenther <guenther@openbsd.org>

Delete obsolete /* ARGSUSED */ lint comments.

ok miod@ millert@


# a2c931d9 28-Oct-2022 djm <djm@openbsd.org>

refactor sshkey_private_deserialize

feedback/ok markus@


# d03db38b 28-Oct-2022 djm <djm@openbsd.org>

refactor sshkey_private_serialize_opt()

feedback/ok markus@


# c5c174fa 28-Oct-2022 djm <djm@openbsd.org>

refactor sshkey_sign() and sshkey_verify()

feedback/ok markus@


# c8d92406 28-Oct-2022 djm <djm@openbsd.org>

refactor sshkey_from_blob_internal()

feedback/ok markus@


# 0d39f001 28-Oct-2022 djm <djm@openbsd.org>

refactor sshkey_from_private()

feedback/ok markus@


# b6025feb 28-Oct-2022 djm <djm@openbsd.org>

factor out key generation

feedback/ok markus@


# eefcf659 28-Oct-2022 djm <djm@openbsd.org>

factor out public key serialization

feedback/ok markus@


# 712f5ecf 28-Oct-2022 djm <djm@openbsd.org>

factor out sshkey_equal_public()

feedback/ok markus@


# 9c1667db 28-Oct-2022 djm <djm@openbsd.org>

begin big refactor of sshkey

Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal

begin big refactor of sshkey

Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.

lots of feedback + ok markus@

show more ...


# f37f3ee2 21-Jan-2019 djm <djm@openbsd.org>

Make sshpkt_get_bignum2() allocate the bignum it is parsing rather
than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@


# 7c94020a 13-Sep-2018 djm <djm@openbsd.org>

hold our collective noses and use the openssl-1.1.x API in OpenSSH;
feedback and ok tb@ jsing@ markus@


# e7fab504 07-Feb-2018 jsing <jsing@openbsd.org>

Remove all guards for calls to OpenSSL free functions - all of these
functions handle NULL, from at least OpenSSL 1.0.1g onwards.

Prompted by dtucker@ asking about guards for RSA_free(), when lookin

Remove all guards for calls to OpenSSL free functions - all of these
functions handle NULL, from at least OpenSSL 1.0.1g onwards.

Prompted by dtucker@ asking about guards for RSA_free(), when looking at
openssh-portable pr#84 on github.

ok deraadt@ dtucker@

show more ...


# 2fb1ed3c 21-Apr-2016 djm <djm@openbsd.org>

make argument == NULL tests more consistent


# 860b8821 11-Dec-2015 mmcc <mmcc@openbsd.org>

Remove NULL-checks before sshbuf_free().

ok djm@


# ea2d8289 24-Jun-2014 djm <djm@openbsd.org>

New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.

with and ok markus@

Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matt

New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.

with and ok markus@

Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.

show more ...


# 08156981 03-Feb-2014 djm <djm@openbsd.org>

fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
DSA_SIG_new. Reported by Batz Spear; ok markus@


# c671dcf1 02-Feb-2014 djm <djm@openbsd.org>

convert memset of potentially-private data to explicit_bzero()


# 8df5df93 09-Jan-2014 djm <djm@openbsd.org>

Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
f

Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@

show more ...


# fda9d0f9 27-Dec-2013 djm <djm@openbsd.org>

make the original RSA and DSA signing/verification code look more like
the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
rather than tediously listing all variants, use __func__

make the original RSA and DSA signing/verification code look more like
the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
rather than tediously listing all variants, use __func__ for debug/
error messages

show more ...


# 0d40fefd 17-May-2013 djm <djm@openbsd.org>

bye, bye xfree(); ok markus@


# 39a92b62 08-Jan-2012 miod <miod@openbsd.org>

Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, ok markus@


# 0493b6e1 10-Sep-2010 djm <djm@openbsd.org>

fix ident


# 2c7d4950 09-Sep-2010 djm <djm@openbsd.org>

ECDH/ECDSA compliance fix: these methods vary the hash function they use
(SHA256/384/512) depending on the length of the curve in use. The previous
code incorrectly used SHA256 in all cases.

This fi

ECDH/ECDSA compliance fix: these methods vary the hash function they use
(SHA256/384/512) depending on the length of the curve in use. The previous
code incorrectly used SHA256 in all cases.

This fix will cause authentication failure when using 384 or 521-bit curve
keys if one peer hasn't been upgraded and the other has. (256-bit curve
keys work ok). In particular you may need to specify HostkeyAlgorithms
when connecting to a server that has not been upgraded from an upgraded
client.

ok naddy@

show more ...


12