summaryrefslogtreecommitdiffstats
path: root/cipher.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* polish whitespace for portable filesDamien Miller2021-04-031-1/+1
|
* upstream: highly polished whitespace, mostly fixing spaces-for-tabdjm@openbsd.org2021-04-031-3/+3
| | | | | | and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* upstream: Remove the pre-standardization cipherdtucker@openbsd.org2020-12-211-3/+1
| | | | | | | | | | | rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was standardized in RFC4253 (2006), has been deprecated and disabled by default since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001. This will reduce the amount of work the cipher/kex regression tests need to do by a little bit. ok markus@ djm@ OpenBSD-Commit-ID: fb460acc18290a998fd70910b19c29b4e4f199ad
* upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ asdjm@openbsd.org2020-04-031-8/+10
| | | | | | part of a larger diff at a2k20 OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd
* upstream: spelling errors in comments; no code change fromdjm@openbsd.org2020-03-141-2/+2
| | | | OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
* upstream: change explicit_bzero();free() to freezero()jsg@openbsd.org2020-02-281-5/+3
| | | | | | | | | | While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
* upstream: Make zlib optional. This adds a "ZLIB" build time optiondtucker@openbsd.org2020-01-231-1/+12
| | | | | | | that allows building without zlib compression and associated options. With feedback from markus@, ok djm@ OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
* upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@djm@openbsd.org2019-09-061-1/+4
| | | | OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
* adapt -portable to OpenSSL 1.1x APIDamien Miller2018-09-131-38/+0
| | | | Polyfill missing API with replacement functions extracted from LibreSSL
* upstream: hold our collective noses and use the openssl-1.1.x API indjm@openbsd.org2018-09-131-7/+9
| | | | | | OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
* Omit 3des-cbc if OpenSSL built without DES.Darren Tucker2018-04-191-0/+2
| | | | Patch from hongxu.jia at windriver.com, ok djm@
* upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org2018-02-261-2/+2
| | | | | | | | | Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
* upstream: remove space before tabdjm@openbsd.org2018-02-131-3/+3
| | | | OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890
* upstream commitjsing@openbsd.org2018-02-071-7/+4
| | | | | | | | | | | | Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@ OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
* upstream commitdjm@openbsd.org@openbsd.org2017-11-031-3/+3
| | | | | | | avoid unused variable warnings for !WITH_OPENSSL; patch from Marcus Folkesson OpenBSD-Commit-ID: c01d27a3f907acdc3dd4ea48170fac3ba236d229
* upstream commitdjm@openbsd.org2017-05-081-47/+17
| | | | | | | As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222
* upstream commitdjm@openbsd.org2017-05-081-23/+1
| | | | | | | another tentacle: cipher_set_key_string() was only ever used for SSHv1 Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a
* upstream commitdjm@openbsd.org2017-05-011-2/+2
| | | | | | | fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore. Upstream-ID: 859b8bce84ff4865b32097db5430349d04b9b747
* upstream commitdjm@openbsd.org2017-05-011-162/+75
| | | | | | remove SSHv1 ciphers; ok markus@ Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
* upstream commitdjm@openbsd.org2017-05-011-21/+1
| | | | | | unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
* Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSLDamien Miller2016-10-281-1/+7
| | | | ok dtucker@
* upstream commitdjm@openbsd.org2016-08-091-56/+109
| | | | | | | small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@ Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f
* disable ciphers not supported by OpenSSLDamien Miller2016-07-151-2/+10
| | | | bz#2466 ok dtucker@
* upstream commitmmcc@openbsd.org2015-12-111-3/+2
| | | | | | | | Remove NULL-checks before free(). ok dtucker@ Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
* upstream commitdjm@openbsd.org2015-01-141-1/+9
| | | | | make non-OpenSSL aes-ctr work on sshd w/ privsep; ok markus@
* - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bitsDarren Tucker2014-07-201-0/+7
| | | | needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm
* - djm@cvs.openbsd.org 2014/06/24 01:13:21Damien Miller2014-07-021-188/+175
| | | | | | | | | | | | | | | | | | | | | | | [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e.
* - (djm) [cipher.c] Fix merge botch.Damien Miller2014-05-271-2/+13
|
* - markus@cvs.openbsd.org 2014/04/29 18:01:49Damien Miller2014-05-151-8/+80
| | | | | | | | | | [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* - djm@cvs.openbsd.org 2014/02/07 06:55:54Damien Miller2014-02-241-3/+1
| | | | | | [cipher.c mac.c] remove some logging that makes ssh debugging output very verbose; ok markus
* - djm@cvs.openbsd.org 2014/02/02 03:44:32Damien Miller2014-02-041-4/+4
| | | | | | | | | | | [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
* - markus@cvs.openbsd.org 2014/01/27 19:18:54Damien Miller2014-02-041-8/+6
| | | | | [auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c] replace openssl MD5 with our ssh_digest_*; ok djm@
* - dtucker@cvs.openbsd.org 2014/01/25 10:12:50Damien Miller2014-01-251-1/+9
| | | | | | | | | | [cipher.c cipher.h kex.c kex.h kexgexc.c] Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
* - markus@cvs.openbsd.org 2013/12/06 13:34:54Damien Miller2013-12-071-9/+9
| | | | | | | [authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c] [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
* - djm@cvs.openbsd.org 2013/12/02 03:13:14Damien Miller2013-12-051-2/+2
| | | | | | | | [cipher.c] correct bzero of chacha20+poly1305 key context. bz#2177 from Loganaden Velvindron @ AfriNIC Also make it a memset for consistency with the rest of cipher.c
* - djm@cvs.openbsd.org 2013/11/21 00:45:44Damien Miller2013-11-211-8/+57
| | | | | | | | | | | | | | | | | | | [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
* - dtucker@cvs.openbsd.org 2013/11/07 11:58:27Damien Miller2013-11-081-4/+4
| | | | | | [cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c] Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@
* - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker2013-06-011-5/+5
| | | | | | | | | | | | | | | | | | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
* - djm@cvs.openbsd.org 2013/04/19 01:06:50Damien Miller2013-04-231-16/+39
| | | | | | | | [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c] [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c] add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
* - djm@cvs.openbsd.org 2013/01/26 06:11:05Damien Miller2013-02-121-7/+3
| | | | | | [Makefile.in acss.c acss.h cipher-acss.c cipher.c] [openbsd-compat/openssl-compat.h] remove ACSS, now that it is gone from libcrypto too
* - djm@cvs.openbsd.org 2013/01/12 11:22:04Damien Miller2013-01-121-3/+7
| | | | | [cipher.c] improve error message for integrity failure in AES-GCM modes; ok markus@
* - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]Damien Miller2013-01-091-17/+4
| | | | | Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little cipher compat code to openssl-compat.h
* - markus@cvs.openbsd.org 2013/01/08 18:49:04Damien Miller2013-01-091-24/+81
| | | | | | | [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c] [myproposal.h packet.c ssh_config.5 sshd_config.5] support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
* - (djm) [cipher.c] Fix missing prototype for compat codeDamien Miller2012-12-121-0/+1
|
* - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain ourDamien Miller2012-12-121-7/+15
| | | | compat code for older OpenSSL
* - markus@cvs.openbsd.org 2012/12/11 22:31:18Damien Miller2012-12-121-5/+17
| | | | | | | | | | [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h] [packet.c ssh_config.5 sshd_config.5] add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
* - markus@cvs.openbsd.org 2009/01/26 09:58:15Damien Miller2009-01-281-21/+28
| | | | | | | | [cipher.c cipher.h packet.c] Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - stevesk@cvs.openbsd.org 2006/07/22 20:48:23Damien Miller2006-07-241-3/+5
| | | | | | | | | | | | | | | | | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h
* - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller2006-03-261-0/+1
| | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files