| #
5411e769 |
| 15-Aug-2024 |
djm <djm@openbsd.org> |
Convert RSA and ECDSA key to the libcrypto EVP_PKEY API. DSA remains
unconverted as it will be removed within six months.
Based on patches originally from Dmitry Belyavskiy, but significantly
rework
Convert RSA and ECDSA key to the libcrypto EVP_PKEY API. DSA remains
unconverted as it will be removed within six months.
Based on patches originally from Dmitry Belyavskiy, but significantly
reworked based on feedback from Bob Beck, Joel Sing and especially
Theo Buehler (apologies to anyone I've missed).
ok tb@
show more ...
|
| #
5b133f3f |
| 08-Mar-2023 |
guenther <guenther@openbsd.org> |
Delete obsolete /* ARGSUSED */ lint comments.
ok miod@ millert@
|
| #
a2c931d9 |
| 28-Oct-2022 |
djm <djm@openbsd.org> |
refactor sshkey_private_deserialize
feedback/ok markus@
|
| #
d03db38b |
| 28-Oct-2022 |
djm <djm@openbsd.org> |
refactor sshkey_private_serialize_opt()
feedback/ok markus@
|
| #
c5c174fa |
| 28-Oct-2022 |
djm <djm@openbsd.org> |
refactor sshkey_sign() and sshkey_verify()
feedback/ok markus@
|
| #
c8d92406 |
| 28-Oct-2022 |
djm <djm@openbsd.org> |
refactor sshkey_from_blob_internal()
feedback/ok markus@
|
| #
0d39f001 |
| 28-Oct-2022 |
djm <djm@openbsd.org> |
refactor sshkey_from_private()
feedback/ok markus@
|
| #
b6025feb |
| 28-Oct-2022 |
djm <djm@openbsd.org> |
factor out key generation
feedback/ok markus@
|
| #
eefcf659 |
| 28-Oct-2022 |
djm <djm@openbsd.org> |
factor out public key serialization
feedback/ok markus@
|
| #
712f5ecf |
| 28-Oct-2022 |
djm <djm@openbsd.org> |
factor out sshkey_equal_public()
feedback/ok markus@
|
| #
9c1667db |
| 28-Oct-2022 |
djm <djm@openbsd.org> |
begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal
begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.
lots of feedback + ok markus@
show more ...
|
| #
f37f3ee2 |
| 21-Jan-2019 |
djm <djm@openbsd.org> |
Make sshpkt_get_bignum2() allocate the bignum it is parsing rather
than make the caller do it. Saves a lot of boilerplate code.
from markus@ ok djm@
|
| #
7c94020a |
| 13-Sep-2018 |
djm <djm@openbsd.org> |
hold our collective noses and use the openssl-1.1.x API in OpenSSH;
feedback and ok tb@ jsing@ markus@
|
| #
e7fab504 |
| 07-Feb-2018 |
jsing <jsing@openbsd.org> |
Remove all guards for calls to OpenSSL free functions - all of these
functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when lookin
Remove all guards for calls to OpenSSL free functions - all of these
functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at
openssh-portable pr#84 on github.
ok deraadt@ dtucker@
show more ...
|
| #
2fb1ed3c |
| 21-Apr-2016 |
djm <djm@openbsd.org> |
make argument == NULL tests more consistent
|
| #
860b8821 |
| 11-Dec-2015 |
mmcc <mmcc@openbsd.org> |
Remove NULL-checks before sshbuf_free().
ok djm@
|
| #
ea2d8289 |
| 24-Jun-2014 |
djm <djm@openbsd.org> |
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matt
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.
show more ...
|
| #
08156981 |
| 03-Feb-2014 |
djm <djm@openbsd.org> |
fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
DSA_SIG_new. Reported by Batz Spear; ok markus@
|
| #
c671dcf1 |
| 02-Feb-2014 |
djm <djm@openbsd.org> |
convert memset of potentially-private data to explicit_bzero()
|
| #
8df5df93 |
| 09-Jan-2014 |
djm <djm@openbsd.org> |
Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
f
Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@
show more ...
|
| #
fda9d0f9 |
| 27-Dec-2013 |
djm <djm@openbsd.org> |
make the original RSA and DSA signing/verification code look more like
the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
rather than tediously listing all variants, use __func__
make the original RSA and DSA signing/verification code look more like
the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
rather than tediously listing all variants, use __func__ for debug/
error messages
show more ...
|
| #
0d40fefd |
| 17-May-2013 |
djm <djm@openbsd.org> |
bye, bye xfree(); ok markus@
|
| #
39a92b62 |
| 08-Jan-2012 |
miod <miod@openbsd.org> |
Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, ok markus@
|
| #
0493b6e1 |
| 10-Sep-2010 |
djm <djm@openbsd.org> |
fix ident
|
| #
2c7d4950 |
| 09-Sep-2010 |
djm <djm@openbsd.org> |
ECDH/ECDSA compliance fix: these methods vary the hash function they use
(SHA256/384/512) depending on the length of the curve in use. The previous
code incorrectly used SHA256 in all cases.
This fi
ECDH/ECDSA compliance fix: these methods vary the hash function they use
(SHA256/384/512) depending on the length of the curve in use. The previous
code incorrectly used SHA256 in all cases.
This fix will cause authentication failure when using 384 or 521-bit curve
keys if one peer hasn't been upgraded and the other has. (256-bit curve
keys work ok). In particular you may need to specify HostkeyAlgorithms
when connecting to a server that has not been upgraded from an upgraded
client.
ok naddy@
show more ...
|