search for: do_encrypt

...and the connection fails right after KEX. > > I expect that there is some difference between OpenSSL and LibreSSL > wrt > IV lengths or something. OpenSSH does need to support both, so this > will > take a little figuring out. > > One comment on the patch itself: it passes do_encrypt though in a > bunch > of places and I'm not sure the usage is correct in all of them. In > fact > I don't think it can even be made consistent for decryption, as the > ctx->main_evp has to be used in encryption mode (not decryption) to > generate the poly1305 key. >...

On some cpu's optimized chacha implementation in openssl (1.1.0+) is notably faster (and on others it is just faster) than generic C implementation in openssh. Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses different scheme (with padding/etc - see rfc8439) and it looks it is not possible to use in openssh. OpenSSL 1.1.1+ also exports "raw" poly1305 primitive,

...memleak in async search ask sharemode. o Stefan Metzmacher <metze at samba.org> * BUG 11517: Fix Samba GPO issue when Trust is enabled. * BUG 13539: samba-tool: Add virtualKerberosSalt attribute to 'user getpassword/syncpasswords'. * BUG 13624: smb2_server: Set req->do_encryption = true earlier. o Andreas Schneider <asn at samba.org> * BUG 12851: s3:winbind: Fix regression. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing lis...

...memleak in async search ask sharemode. o Stefan Metzmacher <metze at samba.org> * BUG 11517: Fix Samba GPO issue when Trust is enabled. * BUG 13539: samba-tool: Add virtualKerberosSalt attribute to 'user getpassword/syncpasswords'. * BUG 13624: smb2_server: Set req->do_encryption = true earlier. o Andreas Schneider <asn at samba.org> * BUG 12851: s3:winbind: Fix regression. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing lis...

Hi tinc list members, There were some problems with Ivo's email adresses (both zarq@iname.com and zarq@spark.icicle.dhs.org) so I resent the stuff to the mailling list. ============================================= Hi Ivo, Hier is een oplossing voor een bugje in flush_queue(), en ook wat andere troepjes zoals een tincd scheduler. Dit werkt wat beter, omdat de

...return 0; + } +#endif if (c == NULL || c->number != SSH_CIPHER_SSH2) { debug("bad cipher %s [%s]", p, names); xfree(cipher_list); @@ -291,9 +300,25 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher, const char *passphrase, int do_encrypt) { +#ifdef OPENSSL_FIPS + SHA_CTX sha; +#endif MD5_CTX md; - u_char digest[16]; + u_char digest[20]; +#ifdef OPENSSL_FIPS + if (fips_mode) { + SHA1_Init(&sha); + SHA1_Update(&sha, (const u_char *)passphrase, strlen(passphrase)); + SHA1_Final(digest, &sha); + + cipher_init(cc,...