lots of typos in comments/docs. Patch from Karsten Weiss after checking
with codespell tool (https://github.com/lucasdemarchi/codespell)

Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See

Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)
The code is not compiled in by default (see WITH_XMSS in Makefile.inc)
Joint work with stefan-lukas_gazdag at genua.eu
See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
ok djm@

show more ...

constify some private key-related functions; based on
https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault

Drop compatibility hacks for some ancient SSH implementations, including
ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hack

Drop compatibility hacks for some ancient SSH implementations, including
ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

show more ...

remove post-SSHv1 removal dead code from rsa.c and merge the
remaining bit that it still used into ssh-rsa.c; ok markus

Allow ssh-keygen to use a key held in ssh-agent as a CA when signing
certificates. bz#2377 ok markus

more simplification and removal of SSHv1-related code; ok djm@

since a couple of people have asked, leave a comment explaining why we
retain SSH v.1 support in the "delete all keys from agent" path.

unifdef WITH_SSH1
ok markus@

implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt;
with & ok djm@

Fix occurrences of "r = func() != 0" which result in the wrong error
codes being returned due to != having higher precedence than =.

ok deraadt@ markus@

delete support for legacy v00 certificates; "sure" markus@ dtucker@

sigp and lenp are not optional in ssh_agent_sign(); ok djm@

unbreak ssh_agent_sign (lenp vs *lenp)

consistent check for NULL as noted by Nicholas Lemonias; ok djm@

move authfd.c and its tentacles to the new buffer/key API;
ok markus@

make compiling against OpenSSL optional (make OPENSSL=no);
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm

replace most bzero with explicit_bzero, except a few that cna be memset
ok djm dtucker

allow deletion of ed25519 keys from the agent

support ed25519 keys (hostkeys and user identities) using the public domain
ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@

move private key (de)serialization to key.c; ok djm

use calloc for all structure allocations; from markus@

bye, bye xfree(); ok markus@

bzero the agent address. the kernel was for a while very cranky about
these things. evne though that's fixed, always good to initialize
memory. ok deraadt djm

use FD_CLOEXEC consistently; patch from zion AT x96.org