Displaying 9 results from an estimated 9 matches for "ec_key_new_by_curve_name".
2015 Apr 01
3
What did I miss when building openssh? cannot generate ecdsa key
I am assuming this is a user error (and the bug, if any is in configure not
telling me how to activate it).
I regularly see a message:
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
And, obviously, I have never made the key before.
I tried the following:
./ssh-keygen -t ecdsa -fssh_host_esdsa_key -N ""
unknown key type ecdsa
However, the syntax says it is a known type
root at
2017 Feb 14
0
openssl 1.1.0d breaks Android7 TLS connects
...ich requires
curve NIST P-256 (prime256v1) be used when AES-128 TLS cipher
suites are in use. At least the non-compliance is in the form of
providing too much security rather than too little. */
nid = ssl_proxy_ctx_get_pkey_ec_curve_name(set);
ecdh = EC_KEY_new_by_curve_name(nid);
if (ecdh == NULL) {
/* Fall back option */
nid = NID_secp384r1;
ecdh = EC_KEY_new_by_curve_name(nid);
}
if ((curve_name = OBJ_nid2sn(nid)) != NULL && set->verbose_ssl)
i_debug("SSL: ellipti...
2013 Jul 06
1
[PATCH] login-common: Add support for ECDH/ECDHE cipher suites
...non-compliant with RFC 6460 which requires
+ curve NIST P-256 (prime256v1) be used when AES-128 TLS cipher
+ suites are in use. At least the non-compliance is in the form of
+ providing too much security rather than too little. */
+ nid = ssl_proxy_ctx_get_pkey_ec_curve_name(set);
+ ecdh = EC_KEY_new_by_curve_name(nid);
+ if (ecdh == NULL) {
+ /* Fall back option */
+ nid = NID_secp384r1;
+ ecdh = EC_KEY_new_by_curve_name(nid);
+ }
+ if ((curve_name = OBJ_nid2sn(nid)) != NULL)
+ i_debug("SSL: elliptic curve %s will be used for ECDH and"
+ " ECDHE key exchanges", curve_name);...
2017 Sep 22
2
Call for testing: OpenSSH 7.6
...NULL || ecdsap == NULL)
return SSH_ERR_INVALID_ARGUMENT;
- if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1)
+ if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) {
+ fprintf(stderr, "%s bits %d\n", __func__, bits);
return SSH_ERR_KEY_LENGTH;
+ }
*ecdsap = NULL;
if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
@@ -1881,6 +1888,8 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
goto out;
}
if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+ fprintf(stderr, "%s num_bits %d min %d\n", __func__,
+...
2025 Apr 19
1
NSD 4.12.0rc1 pre-release
...for openssl/core_names.h... no
checking for openssl/x509v3.h... yes
checking for HMAC_CTX_reset... yes
checking for HMAC_CTX_new... yes
checking for EVP_cleanup... yes
checking for ERR_load_crypto_strings... yes
checking for OPENSSL_init_crypto... yes
checking for CRYPTO_memcmp... yes
checking for EC_KEY_new_by_curve_name... yes
checking for EVP_MAC_CTX_new... no
checking for EVP_MAC_CTX_set_params... no
checking for EVP_MAC_CTX_get_mac_size... no
checking for SHA1_Init... yes
checking for ASN1_STRING_get0_data... yes
checking if SHA1_Init is deprecated... no
checking whether SSL_CTX_set_ecdh_auto is declared... yes...
2015 Jun 23
2
Call for testing: OpenSSH 6.9
...char *blob, size_t len)
bzero(s, l);
free(s);
}
+#ifdef WITH_OPENSSL
bn = BN_new();
sshbuf_get_bignum1(p1, bn);
BN_clear_free(bn);
bn = BN_new();
sshbuf_get_bignum2(p1, bn);
BN_clear_free(bn);
+#endif
#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
ASSERT_PTR_NE(eck, NULL);
diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c
index b598f05..7deacf9 100644
--- a/regress/unittests/sshkey/common.c
+++ b/regress/unittests/sshkey/common.c
@@ -70,6 +70,7 @@ load_text_file(const char *name)
re...
2025 Apr 16
4
NSD 4.12.0rc1 pre-release
Dear all,
NSD 4.12.0rc1 pre-release is available:
https://nlnetlabs.nl/downloads/nsd/nsd-4.12.0rc1.tar.gz
sha256 b9085a3fd08b8318ac30715faf1c7698099781eb3520253774a46f74386342e9
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.12.0rc1.tar.gz.asc
This release introduces Prometheus metrics that can be compiled with
`--enable-prometheus-metrics` and configured with `enable-metrics` (see
2017 Sep 21
19
Call for testing: OpenSSH 7.6
Hi,
OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2015 May 29
16
Call for testing: OpenSSH 6.9
Hi,
OpenSSH 6.9 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains
some substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is