| #
03e93c75 |
| 21-Dec-2020 |
dtucker@openbsd.org |
upstream: Remove the pre-standardization cipher
rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was
standardized in RFC4253 (2006), has been deprecated and disabled by d
upstream: Remove the pre-standardization cipher
rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was
standardized in RFC4253 (2006), has been deprecated and disabled by default
since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001.
This will reduce the amount of work the cipher/kex regression tests need
to do by a little bit. ok markus@ djm@
OpenBSD-Commit-ID: fb460acc18290a998fd70910b19c29b4e4f199ad
show more ...
|
|
Revision tags: V_8_4_P1, V_8_3_P1 |
|
| #
eba523f0 |
| 03-Apr-2020 |
djm@openbsd.org |
upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as
part of a larger diff at a2k20
OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd
|
| #
d081f017 |
| 12-Mar-2020 |
djm@openbsd.org |
upstream: spelling errors in comments; no code change from
OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
|
| #
d5ba1c03 |
| 26-Feb-2020 |
jsg@openbsd.org |
upstream: change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
upstream: change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
show more ...
|
|
Revision tags: V_8_2_P1 |
|
| #
7f8e66fe |
| 23-Jan-2020 |
dtucker@openbsd.org |
upstream: Make zlib optional. This adds a "ZLIB" build time option
that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@
Ope
upstream: Make zlib optional. This adds a "ZLIB" build time option
that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@
OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
show more ...
|
|
Revision tags: V_8_1_P1 |
|
| #
670104b9 |
| 06-Sep-2019 |
djm@openbsd.org |
upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
|
|
Revision tags: V_8_0_P1, V_7_9_P1 |
|
| #
48f54b9d |
| 12-Sep-2018 |
Damien Miller |
adapt -portable to OpenSSL 1.1x API
Polyfill missing API with replacement functions extracted from LibreSSL
|
| #
482d23bc |
| 12-Sep-2018 |
djm@openbsd.org |
upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@
OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
|
|
Revision tags: V_7_8_P1 |
|
| #
cec33896 |
| 18-Apr-2018 |
Darren Tucker |
Omit 3des-cbc if OpenSSL built without DES.
Patch from hongxu.jia at windriver.com, ok djm@
|
|
Revision tags: V_7_7_P1 |
|
| #
1b11ea7c |
| 23-Feb-2018 |
markus@openbsd.org |
upstream: Add experimental support for PQC XMSS keys (Extended
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_
upstream: Add experimental support for PQC XMSS keys (Extended
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@
OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
show more ...
|
| #
b8bbff3b |
| 12-Feb-2018 |
djm@openbsd.org |
upstream: remove space before tab
OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890
|
| #
7cd31632 |
| 06-Feb-2018 |
jsing@openbsd.org |
upstream commit
Remove all guards for calls to OpenSSL free functions -
all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking abo
upstream commit
Remove all guards for calls to OpenSSL free functions -
all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at
openssh-portable pr#84 on github.
ok deraadt@ dtucker@
OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
show more ...
|
| #
41bff4da |
| 02-Nov-2017 |
djm@openbsd.org@openbsd.org |
upstream commit
avoid unused variable warnings for !WITH_OPENSSL; patch from
Marcus Folkesson
OpenBSD-Commit-ID: c01d27a3f907acdc3dd4ea48170fac3ba236d229
|
|
Revision tags: V_7_6_P1 |
|
| #
acaf34fd |
| 07-May-2017 |
djm@openbsd.org |
upstream commit
As promised in last release announcement: remove
support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
Upstream-ID: 21f8facdba3fd8da248df6417000867cec6
upstream commit
As promised in last release announcement: remove
support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222
show more ...
|
| #
0c378ff6 |
| 03-May-2017 |
djm@openbsd.org |
upstream commit
another tentacle: cipher_set_key_string() was only ever
used for SSHv1
Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a
|
| #
e77e1562 |
| 30-Apr-2017 |
djm@openbsd.org |
upstream commit
fixup setting ciphercontext->plaintext (lost in SSHv1 purge),
though it isn't really used for much anymore.
Upstream-ID: 859b8bce84ff4865b32097db5430349d04b9b747
|
| #
cdccebdf |
| 30-Apr-2017 |
djm@openbsd.org |
upstream commit
remove SSHv1 ciphers; ok markus@
Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
|
| #
56912dea |
| 30-Apr-2017 |
djm@openbsd.org |
upstream commit
unifdef WITH_SSH1 ok markus@
Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
|
|
Revision tags: V_7_5_P1, V_7_4_P1 |
|
| #
315d2a4e |
| 27-Oct-2016 |
Damien Miller |
Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL
ok dtucker@
|
| #
4706c1d8 |
| 03-Aug-2016 |
djm@openbsd.org |
upstream commit
small refactor of cipher.c: make ciphercontext opaque to
callers feedback and ok markus@
Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f
|
|
Revision tags: V_7_3_P1 |
|
| #
832b7443 |
| 15-Jul-2016 |
Damien Miller |
disable ciphers not supported by OpenSSL
bz#2466 ok dtucker@
|
|
Revision tags: V_7_2_P2, V_7_2_P1, V_7_1_P2 |
|
| #
d59ce088 |
| 10-Dec-2015 |
mmcc@openbsd.org |
upstream commit
Remove NULL-checks before free().
ok dtucker@
Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
|
|
Revision tags: V_7_1_P1, V_7_0_P1, V_6_9_P1, V_6_8_P1 |
|
| #
540e8911 |
| 14-Jan-2015 |
djm@openbsd.org |
upstream commit
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok
markus@
|
|
Revision tags: V_6_7_P1 |
|
| #
55731713 |
| 20-Jul-2014 |
Darren Tucker |
- (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits
needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm
|
| #
8668706d |
| 02-Jul-2014 |
Damien Miller |
- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
[cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
[digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
[hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
[ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
[ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
[sshconnect2.c sshd.c sshkey.c sshkey.h
[openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.
NB. This commit also removes portable OpenSSH support for OpenSSL
<0.9.8e.
show more ...
|