| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Make zlib optional. This adds a "ZLIB" build time option that allows |   dtucker | 2020-01-23 | 1 | -1/+2 |
| | | | | | | building without zlib compression and associated options. With feedback from markus@, ok djm@ | ||||
| * | fixes for !WITH_OPENSSL compilation; ok dtucker@ |   djm | 2019-09-06 | 1 | -1/+3 |
| | | |||||
| * | hold our collective noses and use the openssl-1.1.x API in OpenSSH; | djm | 2018-09-13 | 1 | -3/+3 |
| | | | | | feedback and ok tb@ jsing@ markus@ | ||||
| * | As promised in last release announcement: remove support for | djm | 2017-05-07 | 1 | -3/+1 |
| | | | | | Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ | ||||
| * | another tentacle: cipher_set_key_string() was only ever used for SSHv1 | djm | 2017-05-04 | 1 | -3/+1 |
| | | |||||
| * | remove SSHv1 ciphers; ok markus@ | djm | 2017-04-30 | 1 | -24/+1 |
| | | |||||
| * | small refactor of cipher.c: make ciphercontext opaque to callers | djm | 2016-08-03 | 1 | -13/+10 |
| | | | | | feedback and ok markus@ | ||||
| * | typedefs for Cipher&CipherContext are unused |   markus | 2015-07-08 | 1 | -4/+1 |
| | | |||||
| * | remove unneeded includes, sync my copyright across files & whitespace; ok djm@ | markus | 2015-01-14 | 1 | -4/+4 |
| | | |||||
| * | New key API: refactor key-related functions to be more library-like, | djm | 2014-06-24 | 1 | -27/+30 |
| | | | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. | ||||
| * | make compiling against OpenSSL optional (make OPENSSL=no); | markus | 2014-04-29 | 1 | -1/+3 |
| | | | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm | ||||
| * | Add a special case for the DH group size for 3des-cbc, which has an | dtucker | 2014-01-25 | 1 | -1/+2 |
| | | | | | | | | | effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@ | ||||
| * | new private key format, bcrypt as KDF by default; details in PROTOCOL.key; | markus | 2013-12-06 | 1 | -2/+2 |
| | | | | | feedback and lots help from djm; ok djm@ | ||||
| * | Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" | djm | 2013-11-21 | 1 | -3/+8 |
| | | | | | | | | | | | | | | | that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@ | ||||
| * | Output the effective values of Ciphers, MACs and KexAlgorithms when | dtucker | 2013-11-07 | 1 | -2/+2 |
| | | | | | the default has not been overridden. ok markus@ | ||||
| * | add the ability to query supported ciphers, MACs, key type and KEX | djm | 2013-04-19 | 1 | -6/+7 |
| | | | | | | algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@ | ||||
| * | support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) | markus | 2013-01-08 | 1 | -2/+6 |
| | | | | | ok and feedback djm@ | ||||
| * | add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms | markus | 2012-12-11 | 1 | -2/+2 |
| | | | | | | | | that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@ | ||||
| * | Work around the CPNI-957037 Plaintext Recovery Attack by always | markus | 2009-01-26 | 1 | -1/+2 |
| | | | | | | | reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny | ||||
| * | standardise spacing in $OpenBSD$ tags; requested by deraadt@ | djm | 2006-03-25 | 1 | -1/+1 |
| | | |||||
| * | more s/illegal/invalid/ | markus | 2004-07-28 | 1 | -2/+2 |
| | | |||||
| * | constify. ok markus@ & djm@ |   jakob | 2003-11-10 | 1 | -6/+6 |
| | | |||||
| * | export/import cipher states; needed by ssh-privsep | markus | 2002-03-18 | 1 | -1/+8 |
| | | |||||
| * | $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add |   stevesk | 2002-03-04 | 1 | -2/+2 |
| | | | | | | missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@ | ||||
| * | switch to EVP, ok djm@ deraadt@ | markus | 2002-02-18 | 1 | -35/+3 |
| | | |||||
| * | hide some more implementation details of cipher.[ch] and prepares for move | markus | 2002-02-14 | 1 | -16/+13 |
| | | | | | to EVP, ok deraadt@ | ||||
| * | switch to the optimised AES reference code from | markus | 2001-08-23 | 1 | -2/+2 |
| | | | | | http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip | ||||
| * | remove comments from .h, since they are cut&paste from the .c files | markus | 2001-06-26 | 1 | -11/+11 |
| | | | | | and out of sync | ||||
| * | prototype pedant. not very creative... |   itojun | 2001-06-26 | 1 | -11/+12 |
| | | | | | | - () -> (void) - no variable names | ||||
| * | simpler 3des for ssh1 | markus | 2001-05-28 | 1 | -2/+3 |
| | | |||||
| * | replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' | markus | 2000-12-19 | 1 | -2/+2 |
| | | | | | with u_char. | ||||
| * | undo rijndael changes | markus | 2000-12-09 | 1 | -6/+4 |
| | | |||||
| * | new rijndael implementation. fixes endian bugs | markus | 2000-12-06 | 1 | -4/+6 |
| | | |||||
| * | rijndael/aes support | markus | 2000-10-13 | 1 | -1/+7 |
| | | |||||
| * | enable DES in SSH-1 clients only | markus | 2000-10-12 | 1 | -2/+2 |
| | | |||||
| * | new cipher framework | markus | 2000-10-11 | 1 | -63/+60 |
| | | |||||
| * | cleanup copyright notices on all files. I have attempted to be accurate with |   deraadt | 2000-09-07 | 1 | -7/+6 |
| | | | | | | | | the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. | ||||
| * | OpenBSD tag | markus | 2000-06-20 | 1 | -1/+1 |
| | | |||||
| * | complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only) | markus | 2000-05-08 | 1 | -1/+2 |
| | | |||||
| * | whitespace cleanup | markus | 2000-04-14 | 1 | -12/+12 |
| | | |||||
| * | #include <ssl/foo.h> -> <openssh/foo.h> | markus | 2000-04-12 | 1 | -5/+5 |
| | | |||||
| * | add Cipher and Protocol options to ssh/sshd, e.g.: | markus | 2000-04-12 | 1 | -1/+4 |
| | | | | | ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc' | ||||
| * | remove unused argument, split cipher_mask() | markus | 2000-04-04 | 1 | -3/+5 |
| | | |||||
| * | support ssh2 ciphers | markus | 2000-03-28 | 1 | -1/+19 |
| | | |||||
| * | remove unused cipher_attack_detected code | markus | 2000-03-22 | 1 | -7/+1 |
| | | |||||
| * | KNF, final part 3 | markus | 1999-11-24 | 1 | -13/+23 |
| | | |||||
| * | much more KNF | deraadt | 1999-11-24 | 1 | -47/+50 |
| | | |||||
| * | remove support for cipher RC4 | markus | 1999-11-15 | 1 | -4/+4 |
| | | |||||
| * | remove local blowfish code | deraadt | 1999-10-02 | 1 | -2/+2 |
| | | |||||
| * | <des.h> | deraadt | 1999-09-30 | 1 | -2/+2 |
| | | |||||
 |
index : wireguard-openbsd | |
| WireGuard implementation for the OpenBSD kernel | Matt Dunwoodie |
| summaryrefslogtreecommitdiffstats |