search for: evp_md

...o compile otherwise. The second patch is for the same reason. While not strictly necessary here, it does away with some annoying warnings for the same reasons. --- mac.c.orig 2004-10-17 12:39:46.000000000 +0200 +++ mac.c 2004-10-17 12:41:04.000000000 +0200 @@ -39,12 +39,12 @@ const EVP_MD * (*mdfunc)(void); int truncatebits; /* truncate digest if != 0 */ } macs[] = { - { "hmac-sha1", EVP_sha1, 0, }, - { "hmac-sha1-96", EVP_sha1, 96 }, - { "hmac-md5", EVP_md5, 0 },...

...KEX_DH_GEX_SHA256, KEX_MAX }; IN kex.c static void choose_kex(Kex *k, char *client, char *server) { k->name = match_list(client, server, NULL); if (k->name == NULL) fatal("no kex alg"); if (strcmp(k->name, KEX_DH1) == 0) { k->kex_type = KEX_DH_GRP1_SHA1; k->evp_md = EVP_sha1(); } else if (strcmp(k->name, KEX_DH14) == 0) { k->kex_type = KEX_DH_GRP14_SHA1; k->evp_md = EVP_sha1(); } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) { k->kex_type = KEX_DH_GEX_SHA1; k->evp_md = EVP_sha1(); } else if (strcmp(k->name, KEX_DHGEX_SHA256...

...void kexgex_client(Kex *); void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); +void kexc25519_client(Kex *); +void kexc25519_server(Kex *); void kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, @@ -177,6 +181,11 @@ kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int, #endif void +kex_c25519_hash(const EVP_MD *, char *, char *, char *, int, + char *, int, u_char *, int, const unsigned char *, const unsigned char *, + const BIGNUM *, u_char **, u_int *); + +void derive_ssh1_session_id(BIGNUM *, BIGNUM *...

...-------------------------------------------------------------- +-- 22 lines: static int php_openssl_write_rand_file(const char * file, int egdsocket, int seeded) ---------------------------------------------------------------------------------------------------------------- +-- 45 lines: static EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo) { ---------------------------------------------------------------------------------------------------------------------------------- +-- 42 lines: static const EVP_CIPHER * php_openssl_get_evp_cipher_from_algo(zend_long algo) { ---------------...

...c values more than once. It would be worse if we reused DH values, > but we don't. (-donna also has the disadvantage of being slower, but were > quibbling over single-digit milliseconds here so IMO it doesn't matter at > all.) > > +void > +kex_c25519_hash( > + const EVP_MD *evp_md, > + char *client_version_string, > + char *server_version_string, > + char *ckexinit, int ckexinitlen, > + char *skexinit, int skexinitlen, > + u_char *serverhostkeyblob, int sbloblen, > + const unsigned char client_dh_pub[CURVE25519_PUBKEY_SIZE], > +...

Functionality request for supporting Digital Signatures for RSA and DSS Public Key Algorithms in alignment with NIST SP800-131A. I assume this has been asked before, but I could not find in the archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH Extension Algorithms are supported, but not a

...d (at configure time) this lookup can query LDAP server too. Attributes in query should be escaped and the versions before current escape attributes as is described in [RFC2253]. Now attributes are escaped in addition as is recommended in [RFC2254]. - Restored support for openssl 0.9.6 OpenSSL EVP_MD structure that handle so called "dss-raw" signatures can be compiled with openssl 0.9.6. - Resolved cross-compilation issue Test for "Email" in "Distinguished Name" (openssl 0.9.6 and earlier) in file configure.ac is modified to handle cross-compilation. - Certific...

...pe 4 debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: ssh_x509_sign: key_type=RSA+cert, key_ssh_name=x509v3-sign-rsa debug3: ssh_x509_sign: evp_md { 4(md5), 8(md5WithRSAEncryption), 16, ... } debug3: ssh_x509_sign: return 0 debug3: mm_answer_sign: signature 0x809cdc0(151) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug2:...

...ON_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec #define EVP_PKEY_get0_RSA(x) x->pkey.rsa #define OBJ_length(o) ((o)->length) @@ -90,7 +90,7 @@ struct dcrypt_context_symmetric { struct dcrypt_context_hmac { pool_t pool; const EVP_MD *md; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) HMAC_CTX *ctx; #else HMAC_CTX ctx; @@ -427,7 +427,7 @@ static void dcrypt_openssl_ctx_hmac_destroy(struct dcrypt_context_hmac **ctx) { pool_t pool =...

...EC: + fatal("key_fingerprint_raw: bad key type %d",k->type); + break; + default: + fatal("key_fingerprint_raw: bad key type %d", k->type); + break; + } + + if (blob != NULL) { + EVP_MD *md = NULL; + EVP_MD_CTX ctx; + + retval = xmalloc(EVP_MAX_MD_SIZE); + + switch (dgst_type) { + case DIGEST_TYPE_MD5: + md = EVP_md5(); + break; + case DIGEST_T...

I am assuming this is a user error (and the bug, if any is in configure not telling me how to activate it). I regularly see a message: Could not load host key: /etc/ssh/ssh_host_ecdsa_key And, obviously, I have never made the key before. I tried the following: ./ssh-keygen -t ecdsa -fssh_host_esdsa_key -N "" unknown key type ecdsa However, the syntax says it is a known type root at

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

...>>>>>> >>>>>>>> HMAC_CTX_new >>>>>>>> HMAC_CTX_free >>>>>>>> EVP_PKEY_get0_EC_KEY >>>>>>>> EVP_PKEY_get0_RSA >>>>>>>> OBJ_length >>>>>>>> EVP_MD_CTX_new >>>>>>>> EVP_MD_CTX_free >>>>>>>> >>>>>>>> The result of calling a non-existent function is a runtime error, >>>>>>>> and we do not want that on production servers. >>>>>>>&g...

...========== RCS file: /cvs/src/usr.bin/ssh/kex.c,v retrieving revision 1.76 diff -u -r1.76 kex.c --- kex.c 3 Aug 2006 03:34:42 -0000 1.76 +++ kex.c 15 Nov 2006 14:14:33 -0000 @@ -312,6 +312,9 @@ } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { k->kex_type = KEX_DH_GEX_SHA256; k->evp_md = evp_ssh_sha256(); + } else if (strcmp(k->name, KEX_DHGEX_CERT) == 0) { + k->kex_type = KEX_DH_GEX_CERT; + k->evp_md = EVP_sha1(); } else fatal("bad kex alg %s", k->name); } Index: kex.h =================================================================== RCS file: /cv...