search for: evp

...no idea whether this is even possible, and we wouldn't have the > luxury of being able to use OpenSSL code to do it (as we did last time) > as the license has changed to one that we don't want to accept in the > OpenSSH codebase. I think it's doable if libressl has 1.1.1-style EVP API. It is possible to assign RSA/EC/DH to EVP_PKEY object and use EVP API afterwards in 1.1.1 and use the OSSL_PARAM_BLD for 3.0 -- Dmitry Belyavskiy

...TALL file in the source of 3.1p1 contains the following: You will need working installations of Zlib and OpenSSL. Zlib: http://www.gzip.org/zlib/ OpenSSL 0.9.5a or greater: http://www.openssl.org/ However, the source will not build against openssl-0.9.5a. The build fails with: cipher.c:497: `EVP_CIPH_CBC_MODE' undeclared (first use in this function) cipher.c:497: `EVP_CIPH_VARIABLE_LENGTH' undeclared (first use in this function) cipher.c:498: `EVP_CIPH_ALWAYS_CALL_INIT' undeclared (first use in this function) make: *** [cipher.o] Error 1 There is no reference to these anywhere...

...rver\" -D_PATH_SSH_PIDDIR=\"/var/run\" -DSSH_RAND_HELPER=\"/usr/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c cipher.c cipher.c: In function `cipher_init': cipher.c:200: void value not ignored as it ought to be cipher.c:206: warning: implicit declaration of function `EVP_CIPHER_CTX_set_key_length' cipher.c:210: void value not ignored as it ought to be cipher.c: In function `cipher_crypt': cipher.c:220: void value not ignored as it ought to be cipher.c: In function `cipher_cleanup': cipher.c:227: void value not ignored as it ought to be cipher.c: In func...

...will be introduced in an upcoming RHEL 9 version. The patch targets OpenSSL support of OpenSSH, specifically the usage of old low level API. The new OpenSSL version 3.0 introduces a FIPS module (going through FIPS 140-2 validation and to be FIPS 140-3 validated) which can be used with the new EVP API to state OpenSSH being FIPS compliant (using OpenSSL). The problem is, the old API does not use the FIPS module, therefore the change is needed for the new API. What does this mean in practice? Critical cryptographic operations should be changed to the new EVP API to ensure FIPS compatibili...

...ssl=/usr/local/ssl/include/openssl --with-openssl-include=/usr/local/ssl/include/ --with-openssl-lib=/usr/local/ssl/lib/ and other tries failed it always is unable to locate checking for openssl headers... /usr/local/ssl/include/ checking for openssl libraries... /usr/local/ssl/lib/ checking for evp.h... no checking for openssl/evp.h... no << -- should be YES !! although its there : locate evp.h /usr/local/ssl/include/openssl/evp.h Any ideas ? Cheers J.P.. - Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://ti...

...l, When building openssh with openssl (specifically versions newer than openssl 0.9.8q), there is an issue if FIPS mode is active for openssl. In ssh-rsa.c on line 243 RSA_public_decrypt is called, which is disallowed now in openssl (if in FIPS mode). The library requires appliactions to use the EVP API if running in FIPS mode so it can disallow certain cipher suites and hash algorithms that are not considered FIPS compliant. The user experience is that the scp/ssh client fails because RSA_public_decrypt just returns null if FIPS mode is active in openssl > 0.9.8q. I have a fix, essential...

...sing it for some is not. This can be changed later if it is proven safe. Also note that the regress tests will fail on the SSHv1 Blowfish test since that uses a 256 bit key, which is also broken in that OpenSSL. This will cause a runtime failure: $ ssh -1 -c blowfish localhost [...] cipher_init: EVP_CipherInit: set key failed for blowfish Index: cipher-aes.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/cipher-aes.c,v retrieving revision 1.4 diff -u -p -r1.4 cipher-aes.c --- cipher-aes.c 9 Dec 2003 08:05:43 -0000...

...s: Kapucijnenvoer 35, Leuven, Belgium > Tel: +32/(0)16/336899 > Fax: +32/(0)16/337015 > Web: http://med.kuleuven.be/biostat/ > http://www.student.kuleuven.be/~m0390867/dimitris.htm > > > ----- Original Message ----- > From: "CG Pettersson" <cg.pettersson at evp.slu.se> > To: <r-help at stat.math.ethz.ch> > Sent: Thursday, November 09, 2006 9:10 AM > Subject: [R] Why do I get a linebreak in the legend? > > >> Dear all, >> >> W2k, R2.4.0 >> >> I want to place a legend in a regression plot, stating the ad...

...es for the patch. This is great - I'm looking forward to it! :) I've implemented U2F into another (C-based) application these days. While searching for some relevant OpenSSL-specific "help" I stumbled upon your OpenSSH patch. I think there's a small bug: > + if ((err = EVP_VerifyInit(&mdctx, EVP_ecdsa())) != 1) { > + ERR_error_string(ERR_get_error(), errorbuf); > + fatal("EVP_VerifyInit() failed: %s (reason: %s)", > + errorbuf, ERR_reason_error_string(err)); You should use "EVP_sha256()" instead of "EVP_ecdsa()" here (...

What should I do in order to be able to compile OpenSSH 3.1p1 with OpenSSL 0.9.5a? I get a lot of EVP related compile errors in cipher.c, appended. Thanks. Samuli cipher.c: In function `cipher_init': cipher.c:200: void value not ignored as it ought to be cipher.c:206: warning: implicit declaration of function `EVP_CIPHER_CTX_set_key_length' cipher.c:210: void value not ignored as it ough...

Hi all, attached is a patch that enables using hardware crypto accelerators available through OpenSSL library for SSH operations. Especially in ssh/sshd it can bring a significant speed improvement. OTOH if no crypto engine is available, nothing bad happens and default software crypto routines are used. This patch is used in SUSE Linux OpenSSH package and proved to work (at least it didn't

...from the dataset, but it doesn?t feel very sophisticated...;-) (Prof. Ripley answered a similar question from me two weeks ago. The answer was good but didn?t work as the reason of the error was the same as this time: a whole trial with only na:s in it). Thanks /CG CG Pettersson cg.pettersson at evp.slu.se

...under /usr/src, I have always done this before doing a make world, and never a problem. I have tried deleting all of /usr/src and re cvsuped, but the problem persists. FreeBSD 4.7-STABLE #0: Fri Feb 14 13:49:58 EST 2003 ===> secure/usr.bin/openssl rm -f buildinf.h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o apps.o asn1pars.o ca.o ciphers.o crl.o crl2p7.o dgst.o dh.o dhparam.o dsa.o dsaparam.o enc.o engine.o errstr.o gendh.o gendsa.o genrsa.o nseq.o ocsp.o openssl.o passwd.o pkcs12.o pkcs7.o pkcs8.o rand.o req.o rsa.o rsautl.o s_cb.o s_client.o s_server.o s_socket.o s_time.o sess_...

Hi, the following patch to cipher.c enables OpenSSH 3.9.1 to compile on IRIX 5.3 with the native IDO cc: --- cipher.c.orig 2004-10-17 12:04:10.000000000 +0200 +++ cipher.c 2004-10-17 13:43:22.000000000 +0200 @@ -76,15 +76,15 @@ u_int key_len; const EVP_CIPHER *(*evptype)(void); } ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, - { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, + { "none", SSH_CIPHER_NONE, 8, 0, (const EVP_CIPHER...

...a problem when compiling Samba 2.2.8a with SSL support on Solaris 7. The build appears to be choking on redefinitions between the Openssl des.h and kerberos/des.h (which is grabbed because it is on the system). Here's the error I'm getting: In file included from /usr/local/include/openssl/evp.h:89, from /usr/local/include/openssl/x509.h:67, from /usr/local/include/openssl/ssl.h:69, from lib/util.c:53: /usr/local/include/openssl/des.h:79: redefinition of `struct des_ks_struct' /usr/local/include/openssl/des.h:246: conflicting types f...

...c/tinc directory, set permissions, add /etc/rc.d scripts etc. from the Makefile(s) in the source distribution ? Doing a make install and not finding an example config in /etc/tinc is kind of frustrating. Am I missing something? Maybe there is a good reason for that? Also, why is it not finding evp.h when I try to do configure? Is creating /usr/include/openssl and copying all the include files there the only option? Even though I have openssl installed and have tried --with-openssl-include=/usr/local/openssl/include and so on, the configure script in the 1.0pre4 just does not seem to get...

...out.cvs:RELENG_4_8 file and re-cvsupping but nothing changes. Here is the error log: [...] rm -f telnet authenc.o commands.o main.o network.o ring.o sys_bsd.o telnet.o terminal.o utilities.o telnet.1.gz telnet.1.cat.gz ===> secure/usr.bin/openssl rm -f buildinf.h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o apps.o asn1pars.o ca.o ciphers.o crl.o crl2p7.o dgst.o dh.o dhparam.o dsa.o dsaparam.o enc.o engine.o errstr.o gendh.o gendsa.o genrsa.o nseq.o ocsp.o openssl.o passwd.o pkcs12.o pkcs7.o pkcs8.o rand.o req.o rsa.o rsautl.o s_cb.o s_client.o s_server.o s_socket.o s_time.o sess_...

...ons: 83 Number of Groups: 14 > What is happening and what shall I do about it? Cheers /CG -- CG Pettersson, MSci, PhD Stud. Swedish University of Agricultural Sciences (SLU) Dept. of Crop Production Ecology. Box 7043. SE-750 07 UPPSALA, Sweden. +46 18 671428, +46 70 3306685 cg.pettersson at evp.slu.se

...bb75 100644 >> --- a/src/lib-dcrypt/dcrypt-openssl.c >> +++ b/src/lib-dcrypt/dcrypt-openssl.c >> @@ -9,17 +9,17 @@ >> #include "array.h" >> #include "module-dir.h" >> #include "dovecot-openssl-common.h" >> -#include <openssl/evp.h> >> -#include <openssl/sha.h> >> -#include <openssl/err.h> >> -#include <openssl/rsa.h> >> -#include <openssl/ec.h> >> -#include <openssl/bio.h> >> -#include <openssl/pem.h> >> -#include <openssl/x509.h> >&g...

...er_append in buffer_append_space in buffer_ptr in buffer_len in buffer_append in buffer_append_space in buffer_ptr in buffer_ptr in buffer_len in buffer_append_space in buffer_len in buffer_ptr in buffer_len in buffer_append_space in buffer_ptr in buffer_len ?in cipher_crypt ?cipher_crypt ?before evp-cipher ?return from? cipher_crypt in buffer_clear packet_send done SSH2_MSG_KEXINIT sent ?before kex_reset_dispatch ?after kex_reset_dispatch ?packet_write_wait in buffer_len in buffer_ptr in buffer_consume ?in packet_have_data_to_write in buffer_len in buffer_len in buffer_append in buffer_append...