#
03e93c75 |
| 21-Dec-2020 |
dtucker@openbsd.org |
upstream: Remove the pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was standardized in RFC4253 (2006), has been deprecated and disabled by d
upstream: Remove the pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was standardized in RFC4253 (2006), has been deprecated and disabled by default since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001. This will reduce the amount of work the cipher/kex regression tests need to do by a little bit. ok markus@ djm@ OpenBSD-Commit-ID: fb460acc18290a998fd70910b19c29b4e4f199ad
show more ...
|
Revision tags: V_8_4_P1, V_8_3_P1 |
|
#
eba523f0 |
| 03-Apr-2020 |
djm@openbsd.org |
upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as part of a larger diff at a2k20 OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd
|
#
d081f017 |
| 12-Mar-2020 |
djm@openbsd.org |
upstream: spelling errors in comments; no code change from OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
|
#
d5ba1c03 |
| 26-Feb-2020 |
jsg@openbsd.org |
upstream: change explicit_bzero();free() to freezero() While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an
upstream: change explicit_bzero();free() to freezero() While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
show more ...
|
Revision tags: V_8_2_P1 |
|
#
7f8e66fe |
| 23-Jan-2020 |
dtucker@openbsd.org |
upstream: Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@ Ope
upstream: Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@ OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
show more ...
|
Revision tags: V_8_1_P1 |
|
#
670104b9 |
| 06-Sep-2019 |
djm@openbsd.org |
upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@ OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
|
Revision tags: V_8_0_P1, V_7_9_P1 |
|
#
48f54b9d |
| 12-Sep-2018 |
Damien Miller |
adapt -portable to OpenSSL 1.1x API Polyfill missing API with replacement functions extracted from LibreSSL
|
#
482d23bc |
| 12-Sep-2018 |
djm@openbsd.org |
upstream: hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
|
Revision tags: V_7_8_P1 |
|
#
cec33896 |
| 18-Apr-2018 |
Darren Tucker |
Omit 3des-cbc if OpenSSL built without DES. Patch from hongxu.jia at windriver.com, ok djm@
|
Revision tags: V_7_7_P1 |
|
#
1b11ea7c |
| 23-Feb-2018 |
markus@openbsd.org |
upstream: Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_
upstream: Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
show more ...
|
#
b8bbff3b |
| 12-Feb-2018 |
djm@openbsd.org |
upstream: remove space before tab OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890
|
#
7cd31632 |
| 06-Feb-2018 |
jsing@openbsd.org |
upstream commit Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking abo
upstream commit Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@ OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
show more ...
|
#
41bff4da |
| 02-Nov-2017 |
djm@openbsd.org@openbsd.org |
upstream commit avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson OpenBSD-Commit-ID: c01d27a3f907acdc3dd4ea48170fac3ba236d229
|
Revision tags: V_7_6_P1 |
|
#
acaf34fd |
| 07-May-2017 |
djm@openbsd.org |
upstream commit As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ Upstream-ID: 21f8facdba3fd8da248df6417000867cec6
upstream commit As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222
show more ...
|
#
0c378ff6 |
| 03-May-2017 |
djm@openbsd.org |
upstream commit another tentacle: cipher_set_key_string() was only ever used for SSHv1 Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a
|
#
e77e1562 |
| 30-Apr-2017 |
djm@openbsd.org |
upstream commit fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore. Upstream-ID: 859b8bce84ff4865b32097db5430349d04b9b747
|
#
cdccebdf |
| 30-Apr-2017 |
djm@openbsd.org |
upstream commit remove SSHv1 ciphers; ok markus@ Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
|
#
56912dea |
| 30-Apr-2017 |
djm@openbsd.org |
upstream commit unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
|
Revision tags: V_7_5_P1, V_7_4_P1 |
|
#
315d2a4e |
| 27-Oct-2016 |
Damien Miller |
Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL ok dtucker@
|
#
4706c1d8 |
| 03-Aug-2016 |
djm@openbsd.org |
upstream commit small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@ Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f
|
Revision tags: V_7_3_P1 |
|
#
832b7443 |
| 15-Jul-2016 |
Damien Miller |
disable ciphers not supported by OpenSSL bz#2466 ok dtucker@
|
Revision tags: V_7_2_P2, V_7_2_P1, V_7_1_P2 |
|
#
d59ce088 |
| 10-Dec-2015 |
mmcc@openbsd.org |
upstream commit Remove NULL-checks before free(). ok dtucker@ Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
|
Revision tags: V_7_1_P1, V_7_0_P1, V_6_9_P1, V_6_8_P1 |
|
#
540e8911 |
| 14-Jan-2015 |
djm@openbsd.org |
upstream commit make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: V_6_7_P1 |
|
#
55731713 |
| 20-Jul-2014 |
Darren Tucker |
- (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm
|
#
8668706d |
| 02-Jul-2014 |
Damien Miller |
- djm@cvs.openbsd.org 2014/06/24 01:13:21 [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
- djm@cvs.openbsd.org 2014/06/24 01:13:21 [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e.
show more ...
|