Commit Graph

13 Commits

Author SHA1 Message Date
djm@openbsd.org
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@

OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
2018-09-13 12:12:33 +10:00
djm@openbsd.org
7bdb2eeb1d upstream commit
remove hmac-ripemd160; ok dtucker

Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d
2017-05-10 11:41:21 +10:00
dtucker@openbsd.org
4a4b75adac upstream commit
Validate digest arg in ssh_digest_final; from jjelen at
redhat.com via bz#2687, ok djm@

Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878
2017-03-10 15:23:17 +11:00
Darren Tucker
a9ff3950b8 Move OPENSSL_NO_RIPEMD160 to compat.
Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the
ripemd160 MACs.
2016-10-28 14:26:58 +11:00
Darren Tucker
bce5888516 Check if RIPEMD160 is disabled in OpenSSL. 2016-10-28 13:52:31 +11:00
Damien Miller
72ef7c148c support --without-openssl at configure time
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.
2015-01-15 02:28:36 +11:00
djm@openbsd.org
56d1c83cdd upstream commit
Add FingerprintHash option to control algorithm used for
 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
 base64.

Feedback and ok naddy@ markus@
2014-12-22 09:32:29 +11:00
Damien Miller
f6293a0b41 - (djm) [digest-openssl.c] Preserve array order when disabling digests.
Reported by Petr Lautrbach.
2014-07-17 09:01:25 +10:00
Damien Miller
c174a3b7c1 - djm@cvs.openbsd.org 2014/07/03 03:26:43
[digest-openssl.c]
     use EVP_Digest() for one-shot hash instead of creating, updating,
     finalising and destroying a context.
     bz#2231, based on patch from Timo Teras
2014-07-03 21:23:24 +10:00
Damien Miller
8da0fa2493 - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
doesn't support it.
2014-07-03 11:54:19 +10:00
Damien Miller
8668706d0f - djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
2014-07-02 15:28:02 +10:00
Damien Miller
db3c595ea7 - djm@cvs.openbsd.org 2014/02/02 03:44:31
[digest-libc.c digest-openssl.c]
     convert memset of potentially-private data to explicit_bzero()
2014-02-04 11:25:45 +11:00
Damien Miller
ec93d15170 - markus@cvs.openbsd.org 2014/01/27 20:13:46
[digest.c digest-openssl.c digest-libc.c Makefile.in]
     rename digest.c to digest-openssl.c and add libc variant; ok djm@
2014-02-04 11:07:13 +11:00