Hi all, Will you try my following patch to enable the Camellia block cipher on OpenSSH? The Camellia block cipher is one of the approved encryption method in European Union (NESSIE) and Japan (CRYPTREC) as well as has been specified in several Internet RFCs. It is also used by several OSS projects, such as Linux, FreeBSD, OpenSSL, Firefox and so on.
My patch contains two parts. First part enables Camellia in OpenSSL, and second part makes it available in OpenSSH. It is patch for lib/libssl and usr.bin/ssh, respectively. In 2009, Biryukov showed AES was not as safe as expected. [1] Is it a good time to have an alternative? Thank you in advance, Yoshisato Yanagisawa. [1] http://eprint.iacr.org/2009/317 Index: crypto/Makefile =================================================================== RCS file: /cvs/src/lib/libssl/crypto/Makefile,v retrieving revision 1.52 diff -c -r1.52 Makefile *** crypto/Makefile 3 Feb 2010 20:49:00 -0000 1.52 --- crypto/Makefile 20 Jun 2010 03:56:10 -0000 *************** *** 82,89 **** SRCS+= bn_sqr.c bn_recp.c bn_mont.c bn_mpi.c bn_mod.c SRCS+= bn_exp2.c bn_ctx.c bn_opt.c SRCS+= bn_sqrt.c bn_kron.c bn_x931p.c bn_const.c bn_depr.c bn_gf2m.c bn_nist.c ! #SRCS+= camellia.c cmll_cbc.c cmll_cfb.c cmll_ctr.c ! #SRCS+= cmll_ecb.c cmll_misc.c cmll_ofb.cq #SRCS+= cms_asn1.c cms_att.c cms_cd.c cms_dd.c cms_enc.c cms_env.c #SRCS+= cms_err.c cms_ess.c cms_io.c cms_lib.c cms_sd.c cms_smime.c SRCS+= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c --- 82,89 ---- SRCS+= bn_sqr.c bn_recp.c bn_mont.c bn_mpi.c bn_mod.c SRCS+= bn_exp2.c bn_ctx.c bn_opt.c SRCS+= bn_sqrt.c bn_kron.c bn_x931p.c bn_const.c bn_depr.c bn_gf2m.c bn_nist.c ! SRCS+= camellia.c cmll_cbc.c cmll_cfb.c cmll_ctr.c ! SRCS+= cmll_ecb.c cmll_misc.c cmll_ofb.c #SRCS+= cms_asn1.c cms_att.c cms_cd.c cms_dd.c cms_enc.c cms_env.c #SRCS+= cms_err.c cms_ess.c cms_io.c cms_lib.c cms_sd.c cms_smime.c SRCS+= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c *************** *** 115,121 **** SRCS+= bio_enc.c e_cast.c e_xcbc_d.c m_dss.c m_sha1.c p_seal.c SRCS+= bio_md.c e_des.c encode.c m_dss1.c names.c p_sign.c SRCS+= bio_ok.c e_des3.c dig_eng.c evp_enc.c m_md2.c p_verify.c m_ecdsa.c ! #SRCS+= e_camellia.c e_seed.c SRCS+= c_all.c evp_err.c evp_acnf.c evp_cnf.c m_md4.c p5_crpt.c e_old.c SRCS+= c_allc.c evp_key.c m_md5.c p5_crpt2.c SRCS+= c_alld.c e_null.c evp_lib.c p_dec.c --- 115,122 ---- SRCS+= bio_enc.c e_cast.c e_xcbc_d.c m_dss.c m_sha1.c p_seal.c SRCS+= bio_md.c e_des.c encode.c m_dss1.c names.c p_sign.c SRCS+= bio_ok.c e_des3.c dig_eng.c evp_enc.c m_md2.c p_verify.c m_ecdsa.c ! SRCS+= e_camellia.c ! #SRCS+= e_seed.c SRCS+= c_all.c evp_err.c evp_acnf.c evp_cnf.c m_md4.c p5_crpt.c e_old.c SRCS+= c_allc.c evp_key.c m_md5.c p5_crpt2.c SRCS+= c_alld.c e_null.c evp_lib.c p_dec.c Index: crypto/arch/alpha/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/alpha/opensslconf.h,v retrieving revision 1.5 diff -c -r1.5 opensslconf.h *** crypto/arch/alpha/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.5 --- crypto/arch/alpha/opensslconf.h 20 Jun 2010 03:56:10 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: crypto/arch/amd64/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/amd64/opensslconf.h,v retrieving revision 1.5 diff -c -r1.5 opensslconf.h *** crypto/arch/amd64/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.5 --- crypto/arch/amd64/opensslconf.h 20 Jun 2010 03:56:10 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: crypto/arch/arm/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/arm/opensslconf.h,v retrieving revision 1.5 diff -c -r1.5 opensslconf.h *** crypto/arch/arm/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.5 --- crypto/arch/arm/opensslconf.h 20 Jun 2010 03:56:10 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: crypto/arch/hppa/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/hppa/opensslconf.h,v retrieving revision 1.5 diff -c -r1.5 opensslconf.h *** crypto/arch/hppa/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.5 --- crypto/arch/hppa/opensslconf.h 20 Jun 2010 03:56:10 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: crypto/arch/i386/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/i386/opensslconf.h,v retrieving revision 1.5 diff -c -r1.5 opensslconf.h *** crypto/arch/i386/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.5 --- crypto/arch/i386/opensslconf.h 20 Jun 2010 03:56:10 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: crypto/arch/m68k/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/m68k/opensslconf.h,v retrieving revision 1.5 diff -c -r1.5 opensslconf.h *** crypto/arch/m68k/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.5 --- crypto/arch/m68k/opensslconf.h 20 Jun 2010 03:56:10 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: crypto/arch/m88k/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/m88k/opensslconf.h,v retrieving revision 1.5 diff -c -r1.5 opensslconf.h *** crypto/arch/m88k/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.5 --- crypto/arch/m88k/opensslconf.h 20 Jun 2010 03:56:10 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: crypto/arch/mips64/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/mips64/opensslconf.h,v retrieving revision 1.6 diff -c -r1.6 opensslconf.h *** crypto/arch/mips64/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.6 --- crypto/arch/mips64/opensslconf.h 20 Jun 2010 03:56:10 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: crypto/arch/powerpc/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/powerpc/opensslconf.h,v retrieving revision 1.5 diff -c -r1.5 opensslconf.h *** crypto/arch/powerpc/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.5 --- crypto/arch/powerpc/opensslconf.h 20 Jun 2010 03:56:10 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: crypto/arch/sh/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/sh/opensslconf.h,v retrieving revision 1.5 diff -c -r1.5 opensslconf.h *** crypto/arch/sh/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.5 --- crypto/arch/sh/opensslconf.h 20 Jun 2010 03:56:10 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: crypto/arch/sparc/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/sparc/opensslconf.h,v retrieving revision 1.5 diff -c -r1.5 opensslconf.h *** crypto/arch/sparc/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.5 --- crypto/arch/sparc/opensslconf.h 20 Jun 2010 03:56:10 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: crypto/arch/sparc64/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/sparc64/opensslconf.h,v retrieving revision 1.5 diff -c -r1.5 opensslconf.h *** crypto/arch/sparc64/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.5 --- crypto/arch/sparc64/opensslconf.h 20 Jun 2010 03:56:10 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: crypto/arch/vax/opensslconf.h =================================================================== RCS file: /cvs/src/lib/libssl/crypto/arch/vax/opensslconf.h,v retrieving revision 1.5 diff -c -r1.5 opensslconf.h *** crypto/arch/vax/opensslconf.h 9 Jan 2009 12:32:25 -0000 1.5 --- crypto/arch/vax/opensslconf.h 20 Jun 2010 03:56:11 -0000 *************** *** 4,12 **** /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND - #ifndef OPENSSL_NO_CAMELLIA - # define OPENSSL_NO_CAMELLIA - #endif #ifndef OPENSSL_NO_CAPIENG # define OPENSSL_NO_CAPIENG #endif --- 4,9 ---- Index: src/Configure =================================================================== RCS file: /cvs/src/lib/libssl/src/Configure,v retrieving revision 1.27 diff -c -r1.27 Configure *** src/Configure 6 Apr 2009 06:33:15 -0000 1.27 --- src/Configure 20 Jun 2010 03:56:11 -0000 *************** *** 648,654 **** # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): ! my $default_depflags = " -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED"; # Explicit "no-..." options will be collected in %disabled along with the defaults. --- 648,654 ---- # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): ! my $default_depflags = " -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED"; # Explicit "no-..." options will be collected in %disabled along with the defaults. Index: src/Makefile =================================================================== RCS file: /cvs/src/lib/libssl/src/Makefile,v retrieving revision 1.4 diff -c -r1.4 Makefile *** src/Makefile 6 Apr 2009 06:33:15 -0000 1.4 --- src/Makefile 20 Jun 2010 03:56:11 -0000 *************** *** 13,19 **** SHLIB_MINOR=9.8 SHLIB_EXT= PLATFORM=dist ! OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic CONFIGURE_ARGS=dist SHLIB_TARGET= --- 13,19 ---- SHLIB_MINOR=9.8 SHLIB_EXT= PLATFORM=dist ! OPTIONS= no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic CONFIGURE_ARGS=dist SHLIB_TARGET= Index: cipher-ctr.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/cipher-ctr.c,v retrieving revision 1.10 diff -c -r1.10 cipher-ctr.c *** cipher-ctr.c 3 Aug 2006 03:34:42 -0000 1.10 --- cipher-ctr.c 20 Jun 2010 15:04:17 -0000 *************** *** 21,26 **** --- 21,27 ---- #include <openssl/evp.h> #include <openssl/aes.h> + #include <openssl/camellia.h> #include "xmalloc.h" #include "log.h" *************** *** 34,39 **** --- 35,49 ---- u_char aes_counter[AES_BLOCK_SIZE]; }; + const EVP_CIPHER *evp_camellia_128_ctr(void); + void ssh_camellia_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); + + struct ssh_camellia_ctr_ctx + { + CAMELLIA_KEY camellia_ctx; + u_char camellia_counter[CAMELLIA_BLOCK_SIZE]; + }; + /* * increment counter 'ctr', * the counter is of size 'len' bytes and stored in network-byte-order. *************** *** 133,136 **** --- 143,233 ---- aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; return (&aes_ctr); + } + + static int + ssh_camellia_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, + u_int len) + { + struct ssh_camellia_ctr_ctx *c; + u_int n = 0; + u_char buf[CAMELLIA_BLOCK_SIZE]; + + if (len == 0) + return (1); + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) + return (0); + + while ((len--) > 0) { + if (n == 0) { + Camellia_encrypt(c->camellia_counter, buf, + &c->camellia_ctx); + ssh_ctr_inc(c->camellia_counter, CAMELLIA_BLOCK_SIZE); + } + *(dest++) = *(src++) ^ buf[n]; + n = (n + 1) % CAMELLIA_BLOCK_SIZE; + } + return (1); + } + + static int + ssh_camellia_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, + int enc) + { + struct ssh_camellia_ctr_ctx *c; + + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { + c = xmalloc(sizeof(*c)); + EVP_CIPHER_CTX_set_app_data(ctx, c); + } + if (key != NULL) + Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &c->camellia_ctx); + if (iv != NULL) + memcpy(c->camellia_counter, iv, CAMELLIA_BLOCK_SIZE); + return (1); + } + + static int + ssh_camellia_ctr_cleanup(EVP_CIPHER_CTX *ctx) + { + struct ssh_camellia_ctr_ctx *c; + + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { + memset(c, 0, sizeof(*c)); + xfree(c); + EVP_CIPHER_CTX_set_app_data(ctx, NULL); + } + return (1); + } + + void + ssh_camellia_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len) + { + struct ssh_camellia_ctr_ctx *c; + + if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) + fatal("ssh_camellia_ctr_iv: no context"); + if (doset) + memcpy(c->camellia_counter, iv, len); + else + memcpy(iv, c->camellia_counter, len); + } + + const EVP_CIPHER * + evp_camellia_128_ctr(void) + { + static EVP_CIPHER camellia_ctr; + + memset(&camellia_ctr, 0, sizeof(EVP_CIPHER)); + camellia_ctr.nid = NID_undef; + camellia_ctr.block_size = CAMELLIA_BLOCK_SIZE; + camellia_ctr.iv_len = CAMELLIA_BLOCK_SIZE; + camellia_ctr.key_len = 16; + camellia_ctr.init = ssh_camellia_ctr_init; + camellia_ctr.cleanup = ssh_camellia_ctr_cleanup; + camellia_ctr.do_cipher = ssh_camellia_ctr; + camellia_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; + return (&camellia_ctr); } Index: cipher.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/cipher.c,v retrieving revision 1.82 diff -c -r1.82 cipher.c *** cipher.c 26 Jan 2009 09:58:15 -0000 1.82 --- cipher.c 20 Jun 2010 15:04:17 -0000 *************** *** 51,56 **** --- 51,57 ---- extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); extern const EVP_CIPHER *evp_aes_128_ctr(void); extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); + extern const EVP_CIPHER *evp_camellia_128_ctr(void); struct Cipher { char *name; *************** *** 81,86 **** --- 82,99 ---- { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr }, { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr }, { "[email protected]", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss }, + { "[email protected]", + SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_camellia_128_cbc }, + { "[email protected]", + SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_camellia_192_cbc }, + { "[email protected]", + SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_camellia_256_cbc }, + { "[email protected]", + SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_camellia_128_ctr }, + { "[email protected]", + SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_camellia_128_ctr }, + { "[email protected]", + SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_camellia_128_ctr }, { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL } }; *************** *** 328,333 **** --- 341,348 ---- evplen, len); if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 0, iv, len); + else if (c->evptype == evp_camellia_128_ctr) + ssh_camellia_ctr_iv(&cc->evp, 0, iv, len); else memcpy(iv, cc->evp.iv, len); break; *************** *** 354,359 **** --- 369,376 ---- return; if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen); + else if (c->evptype == evp_camellia_128_ctr) + ssh_camellia_ctr_iv(&cc->evp, 1, iv, evplen); else memcpy(cc->evp.iv, iv, evplen); break; Index: myproposal.h =================================================================== RCS file: /cvs/src/usr.bin/ssh/myproposal.h,v retrieving revision 1.24 diff -c -r1.24 myproposal.h *** myproposal.h 26 Feb 2010 20:29:54 -0000 1.24 --- myproposal.h 20 Jun 2010 15:04:17 -0000 *************** *** 33,38 **** --- 33,41 ---- "ssh-rsa,ssh-dss" #define KEX_DEFAULT_ENCRYPT \ + "[email protected],[email protected]," \ + "[email protected],[email protected]," \ + "[email protected],[email protected]," \ "aes128-ctr,aes192-ctr,aes256-ctr," \ "arcfour256,arcfour128," \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ Index: ssh_config.5 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v retrieving revision 1.129 diff -c -r1.129 ssh_config.5 *** ssh_config.5 5 Mar 2010 10:28:21 -0000 1.129 --- ssh_config.5 20 Jun 2010 15:04:17 -0000 *************** *** 200,209 **** --- 200,218 ---- .Dq arcfour256 , .Dq arcfour , .Dq blowfish-cbc , + .Dq [email protected] , + .Dq [email protected] , + .Dq [email protected] , + .Dq [email protected] , + .Dq [email protected] , + .Dq [email protected] , and .Dq cast128-cbc . The default is: .Bd -literal -offset 3n + [email protected],[email protected], + [email protected],[email protected], + [email protected],[email protected], aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, aes256-cbc,arcfour Index: sshd_config.5 =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v retrieving revision 1.120 diff -c -r1.120 sshd_config.5 *** sshd_config.5 4 Mar 2010 23:17:25 -0000 1.120 --- sshd_config.5 20 Jun 2010 15:04:22 -0000 *************** *** 242,251 **** --- 242,260 ---- .Dq arcfour256 , .Dq arcfour , .Dq blowfish-cbc , + .Dq [email protected] , + .Dq [email protected] , + .Dq [email protected] , + .Dq [email protected] , + .Dq [email protected] , + .Dq [email protected] , and .Dq cast128-cbc . The default is: .Bd -literal -offset 3n + [email protected],[email protected], + [email protected],[email protected], + [email protected],[email protected], aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, aes256-cbc,arcfour
