#
1.121 |
|
17-May-2024 |
jsg |
spelling; ok djm@
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.120 |
|
10-Oct-2023 |
tb |
Garbage collect cipher_get_keyiv_len()
This is a compat20 leftover, unused since 2017.
ok djm
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.119 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.118 |
|
21-Dec-2020 |
dtucker |
Remove the pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was standardized in RFC4253 (2006), has been deprecated and disabled by default since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001.
This will reduce the amount of work the cipher/kex regression tests need to do by a little bit. ok markus@ djm@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.117 |
|
03-Apr-2020 |
djm |
make Chacha20-POLY1305 context struct opaque; ok tb@ as part of a larger diff at a2k20
|
#
1.116 |
|
13-Mar-2020 |
djm |
spelling errors in comments; no code change from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
|
#
1.115 |
|
26-Feb-2020 |
jsg |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
#
1.114 |
|
23-Jan-2020 |
dtucker |
Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.113 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.112 |
|
13-Sep-2018 |
djm |
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.111 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.110 |
|
13-Feb-2018 |
djm |
remove space before tab
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.120 |
|
10-Oct-2023 |
tb |
Garbage collect cipher_get_keyiv_len()
This is a compat20 leftover, unused since 2017.
ok djm
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.119 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.118 |
|
21-Dec-2020 |
dtucker |
Remove the pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was standardized in RFC4253 (2006), has been deprecated and disabled by default since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001.
This will reduce the amount of work the cipher/kex regression tests need to do by a little bit. ok markus@ djm@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.117 |
|
03-Apr-2020 |
djm |
make Chacha20-POLY1305 context struct opaque; ok tb@ as part of a larger diff at a2k20
|
#
1.116 |
|
13-Mar-2020 |
djm |
spelling errors in comments; no code change from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
|
#
1.115 |
|
26-Feb-2020 |
jsg |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
#
1.114 |
|
23-Jan-2020 |
dtucker |
Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.113 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.112 |
|
13-Sep-2018 |
djm |
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.111 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.110 |
|
13-Feb-2018 |
djm |
remove space before tab
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.119 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.118 |
|
21-Dec-2020 |
dtucker |
Remove the pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was standardized in RFC4253 (2006), has been deprecated and disabled by default since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001.
This will reduce the amount of work the cipher/kex regression tests need to do by a little bit. ok markus@ djm@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.117 |
|
03-Apr-2020 |
djm |
make Chacha20-POLY1305 context struct opaque; ok tb@ as part of a larger diff at a2k20
|
#
1.116 |
|
13-Mar-2020 |
djm |
spelling errors in comments; no code change from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
|
#
1.115 |
|
26-Feb-2020 |
jsg |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
#
1.114 |
|
23-Jan-2020 |
dtucker |
Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.113 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.112 |
|
13-Sep-2018 |
djm |
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.111 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.110 |
|
13-Feb-2018 |
djm |
remove space before tab
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.118 |
|
21-Dec-2020 |
dtucker |
Remove the pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was standardized in RFC4253 (2006), has been deprecated and disabled by default since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001.
This will reduce the amount of work the cipher/kex regression tests need to do by a little bit. ok markus@ djm@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.117 |
|
03-Apr-2020 |
djm |
make Chacha20-POLY1305 context struct opaque; ok tb@ as part of a larger diff at a2k20
|
#
1.116 |
|
13-Mar-2020 |
djm |
spelling errors in comments; no code change from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
|
#
1.115 |
|
26-Feb-2020 |
jsg |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
#
1.114 |
|
23-Jan-2020 |
dtucker |
Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.113 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.112 |
|
13-Sep-2018 |
djm |
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.111 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.110 |
|
13-Feb-2018 |
djm |
remove space before tab
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.117 |
|
03-Apr-2020 |
djm |
make Chacha20-POLY1305 context struct opaque; ok tb@ as part of a larger diff at a2k20
|
#
1.116 |
|
13-Mar-2020 |
djm |
spelling errors in comments; no code change from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
|
#
1.115 |
|
26-Feb-2020 |
jsg |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
#
1.114 |
|
23-Jan-2020 |
dtucker |
Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.113 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.112 |
|
13-Sep-2018 |
djm |
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.111 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.110 |
|
13-Feb-2018 |
djm |
remove space before tab
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.116 |
|
13-Mar-2020 |
djm |
spelling errors in comments; no code change from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
|
#
1.115 |
|
26-Feb-2020 |
jsg |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
#
1.114 |
|
23-Jan-2020 |
dtucker |
Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.113 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.112 |
|
13-Sep-2018 |
djm |
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.111 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.110 |
|
13-Feb-2018 |
djm |
remove space before tab
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.115 |
|
26-Feb-2020 |
jsg |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
#
1.114 |
|
23-Jan-2020 |
dtucker |
Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.113 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.112 |
|
13-Sep-2018 |
djm |
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.111 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.110 |
|
13-Feb-2018 |
djm |
remove space before tab
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.114 |
|
23-Jan-2020 |
dtucker |
Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.113 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.112 |
|
13-Sep-2018 |
djm |
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.111 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.110 |
|
13-Feb-2018 |
djm |
remove space before tab
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.113 |
|
06-Sep-2019 |
djm |
fixes for !WITH_OPENSSL compilation; ok dtucker@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.112 |
|
13-Sep-2018 |
djm |
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.111 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.110 |
|
13-Feb-2018 |
djm |
remove space before tab
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.112 |
|
13-Sep-2018 |
djm |
hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.111 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.110 |
|
13-Feb-2018 |
djm |
remove space before tab
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.111 |
|
23-Feb-2018 |
markus |
Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
|
#
1.110 |
|
13-Feb-2018 |
djm |
remove space before tab
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.110 |
|
13-Feb-2018 |
djm |
remove space before tab
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.109 |
|
07-Feb-2018 |
jsing |
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github.
ok deraadt@ dtucker@
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.108 |
|
03-Nov-2017 |
djm |
avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.107 |
|
07-May-2017 |
djm |
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
|
#
1.106 |
|
04-May-2017 |
djm |
another tentacle: cipher_set_key_string() was only ever used for SSHv1
|
#
1.105 |
|
01-May-2017 |
djm |
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore.
|
#
1.104 |
|
30-Apr-2017 |
djm |
remove SSHv1 ciphers; ok markus@
|
#
1.103 |
|
30-Apr-2017 |
djm |
unifdef WITH_SSH1 ok markus@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.102 |
|
03-Aug-2016 |
djm |
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.101 |
|
10-Dec-2015 |
mmcc |
Remove NULL-checks before free().
ok dtucker@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.100 |
|
14-Jan-2015 |
djm |
make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.99 |
|
24-Jun-2014 |
djm |
New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
|
#
1.98 |
|
29-Apr-2014 |
markus |
make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.97 |
|
07-Feb-2014 |
djm |
remove some logging that makes ssh debugging output very verbose; ok markus
|
#
1.96 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
#
1.95 |
|
27-Jan-2014 |
markus |
replace openssl MD5 with our ssh_digest_*; ok djm@
|
#
1.94 |
|
25-Jan-2014 |
dtucker |
Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
|
#
1.93 |
|
06-Dec-2013 |
markus |
new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
|
#
1.92 |
|
02-Dec-2013 |
djm |
correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
|
#
1.91 |
|
21-Nov-2013 |
djm |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
|
#
1.90 |
|
07-Nov-2013 |
dtucker |
Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.89 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.88 |
|
19-Apr-2013 |
djm |
add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.87 |
|
26-Jan-2013 |
djm |
remove ACSS, now that it is gone from libcrypto too
|
#
1.86 |
|
12-Jan-2013 |
djm |
improve error message for integrity failure in AES-GCM modes; ok markus@
|
#
1.85 |
|
08-Jan-2013 |
markus |
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
|
#
1.84 |
|
12-Dec-2012 |
naddy |
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled counter mode code; ok djm@
|
#
1.83 |
|
11-Dec-2012 |
markus |
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.82 |
|
26-Jan-2009 |
markus |
Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.81 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.80 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.79 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.78 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.77 |
|
16-Jul-2005 |
djm |
branches: 1.77.2; 1.77.4; spacing
|
#
1.76 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.75 |
|
09-Jun-2005 |
dtucker |
Correctly initialize end of array sentinel; ok djm@
|
#
1.74 |
|
23-May-2005 |
djm |
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.73 |
|
23-Jan-2005 |
djm |
branches: 1.73.2; config option "Ciphers" should be case-sensitive; ok dtucker@
|
#
1.72 |
|
22-Dec-2004 |
djm |
remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.71 |
|
28-Jul-2004 |
markus |
branches: 1.71.2; more s/illegal/invalid/
|
#
1.70 |
|
11-Jul-2004 |
deraadt |
spaces
|
#
1.69 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.68 |
|
23-Jan-2004 |
hshoexer |
branches: 1.68.2; rename acss@opebsd.org to acss@openssh.org ok deraadt@
|
#
1.67 |
|
23-Jan-2004 |
hshoexer |
enable acss for ssh ok deraadt@ markus@
|
#
1.66 |
|
10-Nov-2003 |
jakob |
constify. ok markus@ & djm@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.65 |
|
17-May-2003 |
markus |
branches: 1.65.2; experimental support for aes-ctr modes from http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt ok djm@
|
#
1.64 |
|
15-May-2003 |
markus |
split out custom EVP ciphers
|
#
1.63 |
|
12-Apr-2003 |
markus |
hide cipher details; ok djm@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.62 |
|
21-Nov-2002 |
markus |
branches: 1.62.2; debug->debug2, unify debug messages
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.61 |
|
12-Jul-2002 |
markus |
branches: 1.61.2; EVP_CIPH_CUSTOM_IV for our own rijndael
|
#
1.60 |
|
23-Jun-2002 |
deraadt |
KNF
|
#
1.59 |
|
19-Jun-2002 |
markus |
make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
|
#
1.58 |
|
04-Jun-2002 |
markus |
__FUNCTION__ -> __func__
|
#
1.57 |
|
30-May-2002 |
markus |
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@
|
#
1.56 |
|
16-May-2002 |
markus |
fix warnings (openssl 0.9.7 requires const)
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.55 |
|
03-Apr-2002 |
markus |
branches: 1.55.2; re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
|
#
1.54 |
|
19-Mar-2002 |
markus |
KNF whitespace
|
#
1.53 |
|
18-Mar-2002 |
markus |
export/import cipher states; needed by ssh-privsep
|
#
1.52 |
|
18-Feb-2002 |
markus |
switch to EVP, ok djm@ deraadt@
|
#
1.51 |
|
14-Feb-2002 |
markus |
hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@
|
#
1.50 |
|
21-Jan-2002 |
markus |
remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
|
#
1.49 |
|
18-Jan-2002 |
stevesk |
unneeded cast cleanup; ok markus@
|
#
1.48 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.47 |
|
23-Aug-2001 |
markus |
branches: 1.47.2; switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
|
#
1.46 |
|
25-Jun-2001 |
markus |
update copyright for 2001
|
#
1.45 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.44 |
|
28-May-2001 |
markus |
simpler 3des for ssh1
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.43 |
|
04-Feb-2001 |
stevesk |
branches: 1.43.2; unexpand and remove end-of-line whitespace; ok markus@
|
#
1.42 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.41 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.40 |
|
09-Dec-2000 |
markus |
undo rijndael changes
|
#
1.39 |
|
06-Dec-2000 |
markus |
new rijndael implementation. fixes endian bugs
|
#
1.38 |
|
29-Nov-2000 |
markus |
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.37 |
|
23-Oct-2000 |
markus |
branches: 1.37.2; non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd
|
#
1.36 |
|
14-Oct-2000 |
markus |
debug3
|
#
1.35 |
|
13-Oct-2000 |
markus |
rijndael/aes support
|
#
1.34 |
|
12-Oct-2000 |
markus |
enable DES in SSH-1 clients only
|
#
1.33 |
|
11-Oct-2000 |
markus |
remove DES
|
#
1.32 |
|
11-Oct-2000 |
markus |
new cipher framework
|
#
1.31 |
|
12-Sep-2000 |
deraadt |
a few more comments about it being ARC4 not RC4
|
#
1.30 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.29 |
|
10-Jul-2000 |
ho |
strtok() --> strsep(). (niels@ ok)
|
#
1.28 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.27 |
|
22-May-2000 |
markus |
check strtok() != NULL; ok niels@
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.26 |
|
14-Apr-2000 |
markus |
branches: 1.26.2; whitespace cleanup
|
#
1.25 |
|
12-Apr-2000 |
markus |
#include <ssl/foo.h> -> <openssh/foo.h>
|
#
1.24 |
|
12-Apr-2000 |
markus |
add Cipher and Protocol options to ssh/sshd, e.g.: ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'
|
#
1.23 |
|
12-Apr-2000 |
deraadt |
comment typo
|
#
1.22 |
|
04-Apr-2000 |
markus |
remove unused argument, split cipher_mask()
|
#
1.21 |
|
28-Mar-2000 |
markus |
support ssh2 ciphers
|
#
1.20 |
|
22-Mar-2000 |
markus |
remove unused cipher_attack_detected code
|
#
1.19 |
|
22-Feb-2000 |
markus |
void* -> unsigned char*, ok niels@
|
#
1.18 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.17 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.16 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.15 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.14 |
|
15-Nov-1999 |
markus |
remove support for cipher RC4
|
#
1.13 |
|
02-Nov-1999 |
markus |
replace assert() with error, fatal or packet_disconnect
|
#
1.12 |
|
27-Oct-1999 |
deraadt |
use libssl md5 routines
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.11 |
|
30-Sep-1999 |
provos |
better cipher name fix.
|
#
1.10 |
|
30-Sep-1999 |
provos |
deal with NULL in ciphernames
|
#
1.9 |
|
30-Sep-1999 |
provos |
less brain damage, get rid of 'no '
|
#
1.8 |
|
30-Sep-1999 |
deraadt |
use libc md5
|
#
1.7 |
|
30-Sep-1999 |
provos |
remove ``none''.
|
#
1.6 |
|
30-Sep-1999 |
deraadt |
"ssh is a very large program" -- anonymous
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
cull, cull, cull
|
#
1.4 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.3 |
|
26-Sep-1999 |
deraadt |
blowfish is always there
|
#
1.2 |
|
26-Sep-1999 |
deraadt |
all the idea code goes away
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|