Commit Graph

12 Commits

Author SHA1 Message Date
djm@openbsd.org 7bdb2eeb1d upstream commit
remove hmac-ripemd160; ok dtucker

Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d
2017-05-10 11:41:21 +10:00
dtucker@openbsd.org 4a4b75adac upstream commit
Validate digest arg in ssh_digest_final; from jjelen at
redhat.com via bz#2687, ok djm@

Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878
2017-03-10 15:23:17 +11:00
Darren Tucker a9ff3950b8 Move OPENSSL_NO_RIPEMD160 to compat.
Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the
ripemd160 MACs.
2016-10-28 14:26:58 +11:00
Darren Tucker bce5888516 Check if RIPEMD160 is disabled in OpenSSL. 2016-10-28 13:52:31 +11:00
Damien Miller 72ef7c148c support --without-openssl at configure time
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.
2015-01-15 02:28:36 +11:00
djm@openbsd.org 56d1c83cdd upstream commit
Add FingerprintHash option to control algorithm used for
 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
 base64.

Feedback and ok naddy@ markus@
2014-12-22 09:32:29 +11:00
Damien Miller f6293a0b41 - (djm) [digest-openssl.c] Preserve array order when disabling digests.
Reported by Petr Lautrbach.
2014-07-17 09:01:25 +10:00
Damien Miller c174a3b7c1 - djm@cvs.openbsd.org 2014/07/03 03:26:43
[digest-openssl.c]
     use EVP_Digest() for one-shot hash instead of creating, updating,
     finalising and destroying a context.
     bz#2231, based on patch from Timo Teras
2014-07-03 21:23:24 +10:00
Damien Miller 8da0fa2493 - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
doesn't support it.
2014-07-03 11:54:19 +10:00
Damien Miller 8668706d0f - djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
2014-07-02 15:28:02 +10:00
Damien Miller db3c595ea7 - djm@cvs.openbsd.org 2014/02/02 03:44:31
[digest-libc.c digest-openssl.c]
     convert memset of potentially-private data to explicit_bzero()
2014-02-04 11:25:45 +11:00
Damien Miller ec93d15170 - markus@cvs.openbsd.org 2014/01/27 20:13:46
[digest.c digest-openssl.c digest-libc.c Makefile.in]
     rename digest.c to digest-openssl.c and add libc variant; ok djm@
2014-02-04 11:07:13 +11:00