Skip to content
Permalink
Tree: 2029079239
Commits on Jan 21, 2019
  1. Provide the initial TLSv1.3 client implementation.

    4a6f656c committed Jan 21, 2019
    Move tls13_connect() to a new tls13_client.c file and provide a legacy
    wrapper to it, which allocates a struct tls_ctx if necessary. Also move
    tls13_client_hello_send() to tls13_client.c and actual implement the
    building of a client hello.
    
    ok tb@
  2. Wire up the handshake message send and recv actions.

    4a6f656c committed Jan 21, 2019
    This means that we actually receive and send handshake messages to and from
    the record layer.
    
    ok tb@
  3. add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up debug

    djmdjm committed Jan 21, 2019
    verbosity.
    
    Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
    in debug mode ("ssh-agent -d"), so we get to see errors from the
    PKCS#11 code.
    
    ok markus@
  4. fix reversed arguments to kex_load_hostkey(); manifested as errors in

    djmdjm committed Jan 21, 2019
    cert-hostkey.sh regress failures.
  5. Allocate buffer before using it.

    krw
    krw committed Jan 21, 2019
    Encountered, diagnosed, fix tested and ok jca@
  6. While using buffered stdio over a socket, fflush(3) command before

    snimmagadda committed Jan 21, 2019
    reading the response.
    
    Ok eric@ jung@
  7. Adapt to allwinner device tree changes in linux >= 5.0-rc1

    jonathangray committed Jan 21, 2019
    "allwinner,sun6i-a31-rtc" has been removed from h3/h5/r40/a64
    
    ok kettenis@
  8. Improve logging for TLS certificate validity checking.

    4a6f656c committed Jan 21, 2019
    Actually specify whether the certificate is not yet valid or has expired,
    and log the actual time values to hopefully save some head scratching.
    
    ok deraadt@ tb@
  9. Explicitly check timegm() return value.

    4a6f656c committed Jan 21, 2019
    Spotted by tb@
    
    ok deraadt@ tb@
  10. The main handshake loop can be shared between client and server.

    4a6f656c committed Jan 21, 2019
    Pull the shared code up into a function and call it from tls13_connect()
    and tls13_accept() instead of duplicating it.
    
    "Yes, please!" tb@
  11. rename kex->kem_client_pub -> kex->client_pub now that KEM has been r…

    djmdjm committed Jan 21, 2019
    …enamed
    
    to kexgen
    
    from markus@ ok djm@
  12. merge kexkem[cs] into kexgen

    djmdjm committed Jan 21, 2019
    from markus@ ok djm@
  13. pass values used in KEX hash computation as sshbuf rather than

    djmdjm committed Jan 21, 2019
    pointer+len
    
    suggested by me; implemented by markus@ ok me
  14. remove kex_derive_keys_bn wrapper; no unused since the DH-like KEX

    djmdjm committed Jan 21, 2019
    methods have moved to KEM
    
    from markus@ ok djm@
  15. use KEM API for vanilla ECDH

    djmdjm committed Jan 21, 2019
    from markus@ ok djm@
  16. Add ssl_cipher_is_permitted(), an internal helper function that

    botovq committed Jan 21, 2019
    will be used in a few places shortly, e.g. in
    ssl_cipher_list_to_bytes().
    
    ok jsing
  17. use KEM API for vanilla DH KEX

    djmdjm committed Jan 21, 2019
    from markus@ ok djm@
  18. Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org

    djmdjm committed Jan 21, 2019
    using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP
    coupled with X25519 as a stop-loss. Not enabled by default.
    
    introduce KEM API; a simplified framework for DH-ish KEX methods.
    
    from markus@ feedback & ok djm@
  19. factor out kex_verify_hostkey() - again, duplicated almost exactly

    djmdjm committed Jan 21, 2019
    across client and server for several KEX methods.
    
    from markus@ ok djm@
  20. factor out kex_load_hostkey() - this is duplicated in both the client…

    djmdjm committed Jan 21, 2019
    … and
    
    server implementations for most KEX methods.
    
    from markus@ ok djm@
  21. factor out kex_dh_compute_key() - it's shared between plain DH KEX and

    djmdjm committed Jan 21, 2019
    DH GEX in both the client and server implementations
    
    from markus@ ok djm@
  22. - add 7265D-16 firmware

    jmc
    jmc committed Jan 21, 2019
    - while there, knock out one .Tn and reformat the text around it
    
    ok stsp
  23. save the derived session id in kex_derive_keys() rather than making each

    djmdjm committed Jan 21, 2019
    kex method implementation do it.
    
    from markus@ ok djm@
  24. Make sshpkt_get_bignum2() allocate the bignum it is parsing rather

    djmdjm committed Jan 21, 2019
    than make the caller do it. Saves a lot of boilerplate code.
    
    from markus@ ok djm@
  25. remove obsolete (SSH v.1) sshbuf_get/put_bignum1 functions

    djmdjm committed Jan 21, 2019
    from markus@ ok djm@
Older
You can’t perform that action at this time.