summaryrefslogtreecommitdiffstats
path: root/ssh-ecdsa.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Convert RSA and ECDSA key to the libcrypto EVP_PKEY API.djm@openbsd.org2024-08-151-81/+177
| | | | | | | | | | | | DSA remains unconverted as it will be removed within six months. Based on patches originally from Dmitry Belyavskiy, but significantly reworked based on feedback from Bob Beck, Joel Sing and especially Theo Buehler (apologies to anyone I've missed). ok tb@ OpenBSD-Commit-ID: d098744e89f1dc7e5952a6817bef234eced648b5
* upstream: Delete obsolete /* ARGSUSED */ lint comments.guenther@openbsd.org2023-03-081-3/+1
| | | | | | ok miod@ millert@ OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
* upstream: refactor sshkey_private_deserializedjm@openbsd.org2022-10-281-27/+47
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* upstream: refactor sshkey_private_serialize_opt()djm@openbsd.org2022-10-281-1/+18
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor sshkey_sign() and sshkey_verify()djm@openbsd.org2022-10-281-24/+29
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor sshkey_from_blob_internal()djm@openbsd.org2022-10-281-4/+54
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_from_private()djm@openbsd.org2022-10-281-1/+14
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: factor out key generationdjm@openbsd.org2022-10-281-1/+20
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: factor out public key serializationdjm@openbsd.org2022-10-281-1/+20
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: factor out sshkey_equal_public()djm@openbsd.org2022-10-281-2/+25
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: begin big refactor of sshkeydjm@openbsd.org2022-10-281-1/+105
| | | | | | | | | | | Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: Make sshpkt_get_bignum2() allocate the bignum it isdjm@openbsd.org2019-01-211-8/+6
| | | | | | | | parsing rather than make the caller do it. Saves a lot of boilerplate code. from markus@ ok djm@ OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9
* adapt -portable to OpenSSL 1.1x APIDamien Miller2018-09-131-0/+2
| | | | Polyfill missing API with replacement functions extracted from LibreSSL
* upstream: hold our collective noses and use the openssl-1.1.x API indjm@openbsd.org2018-09-131-5/+18
| | | | | | OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
* upstream commitjsing@openbsd.org2018-02-071-5/+3
| | | | | | | | | | | | Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@ OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
* upstream commitdjm@openbsd.org2016-04-211-2/+3
| | | | | | make argument == NULL tests more consistent Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d
* upstream commitmmcc@openbsd.org2015-12-181-9/+5
| | | | | | | | Remove NULL-checks before sshbuf_free(). ok djm@ Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917
* support --without-openssl at configure timeDamien Miller2015-01-141-2/+2
| | | | | | | | Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
* - djm@cvs.openbsd.org 2014/06/24 01:13:21Damien Miller2014-07-021-109/+123
| | | | | | | | | | | | | | | | | | | | | | | [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e.
* - djm@cvs.openbsd.org 2014/02/03 23:28:00Damien Miller2014-02-041-4/+1
| | | | | | [ssh-ecdsa.c] fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike DSA_SIG_new. Reported by Batz Spear; ok markus@
* - djm@cvs.openbsd.org 2014/02/02 03:44:32Damien Miller2014-02-041-4/+4
| | | | | | | | | | | [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
* - djm@cvs.openbsd.org 2014/01/09 23:20:00Damien Miller2014-01-101-16/+26
| | | | | | | | | | | [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c] [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c] [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c] [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c] Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@
* - djm@cvs.openbsd.org 2013/12/27 22:30:17Damien Miller2013-12-291-5/+7
| | | | | | | | [ssh-dss.c ssh-ecdsa.c ssh-rsa.c] make the original RSA and DSA signing/verification code look more like the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type rather than tediously listing all variants, use __func__ for debug/ error messages
* - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker2013-06-011-5/+5
| | | | | | | | | | | | | | | | | | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
* - miod@cvs.openbsd.org 2012/01/08 13:17:11Damien Miller2012-02-101-1/+2
| | | | | | [ssh-ecdsa.c] Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, ok markus@
* - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]Damien Miller2010-09-101-0/+4
| | | | | | [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on platforms that don't have the requisite OpenSSL support. ok dtucker@
* - djm@cvs.openbsd.org 2010/09/09 10:45:45Damien Miller2010-09-101-4/+6
| | | | | | | | | | | | | | | [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] ECDH/ECDSA compliance fix: these methods vary the hash function they use (SHA256/384/512) depending on the length of the curve in use. The previous code incorrectly used SHA256 in all cases. This fix will cause authentication failure when using 384 or 521-bit curve keys if one peer hasn't been upgraded and the other has. (256-bit curve keys work ok). In particular you may need to specify HostkeyAlgorithms when connecting to a server that has not been upgraded from an upgraded client. ok naddy@
* - djm@cvs.openbsd.org 2010/08/31 12:33:38Damien Miller2010-09-101-1/+1
| | | | | | | | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] reintroduce commit from tedu@, which I pulled out for release engineering: OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
* - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] includeDamien Miller2010-08-311-0/+2
| | | | includes.h
* - djm@cvs.openbsd.org 2010/08/31 11:54:45Damien Miller2010-08-311-0/+160
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@