History log of /openssh-portable/digest-openssl.c (Results 1 - 25 of 26)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 11cba2a4 23-Jul-2019 Darren Tucker

Re-apply portability changes to current sha2.{c,h}.

Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2
I imported the current versions directly then re-applied the

Re-apply portability changes to current sha2.{c,h}.

Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2
I imported the current versions directly then re-applied the portability
changes. This also allowed re-syncing digest-libc.c against upstream.

show more ...


Revision tags: V_8_0_P1, V_7_9_P1
# 482d23bc 12-Sep-2018 djm@openbsd.org

upstream: hold our collective noses and use the openssl-1.1.x API in

OpenSSH; feedback and ok tb@ jsing@ markus@

OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417


Revision tags: V_7_8_P1, V_7_7_P1, V_7_6_P1
# 7bdb2eeb 08-May-2017 djm@openbsd.org

upstream commit

remove hmac-ripemd160; ok dtucker

Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d


Revision tags: V_7_5_P1
# 4a4b75ad 09-Mar-2017 dtucker@openbsd.org

upstream commit

Validate digest arg in ssh_digest_final; from jjelen at
redhat.com via bz#2687, ok djm@

Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878


Revision tags: V_7_4_P1
# a9ff3950 27-Oct-2016 Darren Tucker

Move OPENSSL_NO_RIPEMD160 to compat.

Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the
ripemd160 MACs.


# bce58885 27-Oct-2016 Darren Tucker

Check if RIPEMD160 is disabled in OpenSSL.


Revision tags: V_7_3_P1, V_7_2_P2, V_7_2_P1, V_7_1_P2, V_7_1_P1, V_7_0_P1, V_6_9_P1, V_6_8_P1
# 72ef7c14 14-Jan-2015 Damien Miller

support --without-openssl at configure time

Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only w

support --without-openssl at configure time

Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.

show more ...


# 56d1c83c 21-Dec-2014 djm@openbsd.org

upstream commit

Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.

Feedback and o

upstream commit

Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.

Feedback and ok naddy@ markus@

show more ...


Revision tags: V_6_7_P1
# f6293a0b 16-Jul-2014 Damien Miller

- (djm) [digest-openssl.c] Preserve array order when disabling digests.
Reported by Petr Lautrbach.


# c174a3b7 03-Jul-2014 Damien Miller

- djm@cvs.openbsd.org 2014/07/03 03:26:43
[digest-openssl.c]
use EVP_Digest() for one-shot hash instead of creating, updating,
finalising and destroying a context.

- djm@cvs.openbsd.org 2014/07/03 03:26:43
[digest-openssl.c]
use EVP_Digest() for one-shot hash instead of creating, updating,
finalising and destroying a context.
bz#2231, based on patch from Timo Teras

show more ...


# 8da0fa24 02-Jul-2014 Damien Miller

- (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
doesn't support it.


# 8668706d 02-Jul-2014 Damien Miller

- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c

- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
[cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
[digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
[hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
[ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
[ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
[sshconnect2.c sshd.c sshkey.c sshkey.h
[openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.

with and ok markus@

Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.

NB. This commit also removes portable OpenSSH support for OpenSSL
<0.9.8e.

show more ...


Revision tags: V_6_6_P1
# db3c595e 03-Feb-2014 Damien Miller

- djm@cvs.openbsd.org 2014/02/02 03:44:31
[digest-libc.c digest-openssl.c]
convert memset of potentially-private data to explicit_bzero()


# ec93d151 03-Feb-2014 Damien Miller

- markus@cvs.openbsd.org 2014/01/27 20:13:46
[digest.c digest-openssl.c digest-libc.c Makefile.in]
rename digest.c to digest-openssl.c and add libc variant; ok djm@


# 7bdb2eeb 08-May-2017 djm@openbsd.org

upstream commit

remove hmac-ripemd160; ok dtucker

Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d


# 4a4b75ad 09-Mar-2017 dtucker@openbsd.org

upstream commit

Validate digest arg in ssh_digest_final; from jjelen at
redhat.com via bz#2687, ok djm@

Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878


# a9ff3950 27-Oct-2016 Darren Tucker

Move OPENSSL_NO_RIPEMD160 to compat.

Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the
ripemd160 MACs.


# bce58885 27-Oct-2016 Darren Tucker

Check if RIPEMD160 is disabled in OpenSSL.


# 72ef7c14 14-Jan-2015 Damien Miller

support --without-openssl at configure time

Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only w

support --without-openssl at configure time

Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.

show more ...


# 56d1c83c 21-Dec-2014 djm@openbsd.org

upstream commit

Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.

Feedback and o

upstream commit

Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.

Feedback and ok naddy@ markus@

show more ...


# f6293a0b 16-Jul-2014 Damien Miller

- (djm) [digest-openssl.c] Preserve array order when disabling digests.
Reported by Petr Lautrbach.


# c174a3b7 03-Jul-2014 Damien Miller

- djm@cvs.openbsd.org 2014/07/03 03:26:43
[digest-openssl.c]
use EVP_Digest() for one-shot hash instead of creating, updating,
finalising and destroying a context.

- djm@cvs.openbsd.org 2014/07/03 03:26:43
[digest-openssl.c]
use EVP_Digest() for one-shot hash instead of creating, updating,
finalising and destroying a context.
bz#2231, based on patch from Timo Teras

show more ...


# 8da0fa24 02-Jul-2014 Damien Miller

- (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
doesn't support it.


# 8668706d 02-Jul-2014 Damien Miller

- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c

- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
[cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
[digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
[hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
[ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
[ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
[sshconnect2.c sshd.c sshkey.c sshkey.h
[openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.

with and ok markus@

Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.

NB. This commit also removes portable OpenSSH support for OpenSSL
<0.9.8e.

show more ...


# db3c595e 03-Feb-2014 Damien Miller

- djm@cvs.openbsd.org 2014/02/02 03:44:31
[digest-libc.c digest-openssl.c]
convert memset of potentially-private data to explicit_bzero()


12