search for: evp_ciph

Hi, the following patch to cipher.c enables OpenSSH 3.9.1 to compile on IRIX 5.3 with the native IDO cc: --- cipher.c.orig 2004-10-17 12:04:10.000000000 +0200 +++ cipher.c 2004-10-17 13:43:22.000000000 +0200 @@ -76,15 +76,15 @@ u_int key_len; const EVP_CIPHER *(*evptype)(void); } ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, - { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, + { "none", SSH_CIPHER_NONE, 8, 0, (const EVP_CIPHER *(*)...

...rver\" -D_PATH_SSH_PIDDIR=\"/var/run\" -DSSH_RAND_HELPER=\"/usr/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c cipher.c cipher.c: In function `cipher_init': cipher.c:200: void value not ignored as it ought to be cipher.c:206: warning: implicit declaration of function `EVP_CIPHER_CTX_set_key_length' cipher.c:210: void value not ignored as it ought to be cipher.c: In function `cipher_crypt': cipher.c:220: void value not ignored as it ought to be cipher.c: In function `cipher_cleanup': cipher.c:227: void value not ignored as it ought to be cipher.c: In function...

...etrieving revision 1.21 diff -u -r1.21 openssl-compat.h --- openbsd-compat/openssl-compat.h 9 Jan 2013 05:42:49 -0000 1.21 +++ openbsd-compat/openssl-compat.h 14 Jan 2013 18:39:27 -0000 @@ -68,7 +68,7 @@ #define EVP_aes_192_ctr evp_aes_128_ctr #define EVP_aes_256_ctr evp_aes_128_ctr extern const EVP_CIPHER *evp_aes_128_ctr(void); -extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); +extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); #endif /* Avoid some #ifdef. Code that uses these is unreachable without GCM */ -- Iain Morgan

On Wed, 15 May 2019 at 23:14, Samiya Khanum <samiya.khanum at broadcom.com> wrote: > Hi Darren, > Thanks for quick response. > Even with openSSH8.0 version, it is not supported? 8.0p1 should work although I have not tested that specific OpenSSL version. Between 7.9p1 and 8.0p1 I had it working against what was OpenSSL head at the time. -- Darren Tucker (dtucker at dtucker.net)

...05 08:58:50 -0000 @@ -18,7 +18,11 @@ #include "includes.h" -#define SSH_DONT_REDEF_EVP +#ifdef USE_OPENSSL_ENGINE +# include <openssl/engine.h> +#endif + +#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS #include "openssl-compat.h" #ifdef SSH_OLD_EVP @@ -44,3 +48,15 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT return 1; } #endif + +void +ssh_SSLeay_add_all_algorithms(void) +{ + SSLeay_add_all_algorithms(); + +#ifdef USE_OPENSSL_ENGINE + /* Enable use of crypto hardware */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); +#endif +} Index: openbsd-compat/op...

...' gcc -o ssh-add ssh-add.o -L. -Lopenbsd-compat/ -L/app/openssl/1.0.0/LMWP2 -fstack-protector-all -lssh -lopenbsd-compat -lcrypto -ldl -lutil -lz -lnsl -lcrypt -lresolv ./libssh.a(cipher.o): In function `cipher_set_keyiv': /local/scratch/openssh-5.4p1/cipher.c:377: undefined reference to `EVP_CIPHER_CTX_iv_length' ./libssh.a(cipher.o): In function `cipher_get_keyiv': /local/scratch/openssh-5.4p1/cipher.c:343: undefined reference to `EVP_CIPHER_CTX_iv_length' ./libssh.a(cipher.o): In function `cipher_crypt': /local/scratch/openssh-5.4p1/cipher.c:281: undefined reference to `EV...

Hi, all. So, in reviewing my OpenSSH keypairs and evaluating the size my RSA keys should be, i realized that, if i update my 2048-bit keypairs to 4096 bits, it really doesn't matter that much, because they're still only encrypted with 3DES, which provides an effective 112 bits of symmetric encryption strength: $ head -4 ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- Proc-Type:

...-------------------------------------------------------- +-- 45 lines: static EVP_MD * php_openssl_get_evp_md_from_algo(zend_long algo) { ---------------------------------------------------------------------------------------------------------------------------------- +-- 42 lines: static const EVP_CIPHER * php_openssl_get_evp_cipher_from_algo(zend_long algo) { -------------------------------------------------------------------------------------------------------------------- How do I get it to stop doing that? It didn't use to do that as far as I remember, seems to be new to me in CentO...

OpenSSH 7.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH community

...+132,7 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, memset(poly_key, 0, sizeof(poly_key)); #if defined(WITH_OPENSSL) && defined(HAVE_EVP_CHACHA20) memset(seqbuf + 0, 0, 8); - POKE_U64(seqbuf + 8, seqnr); + POKE_U64(seqbuf + CHACHA_IV_OFFSET, seqnr); if (!EVP_CipherInit(ctx->main_evp, NULL, NULL, seqbuf, do_encrypt)) goto out; if (EVP_Cipher(ctx->main_evp, poly_key, (u_char *)poly_key, sizeof(poly_key)) < 0) For the do_encrypt, you are right. Chacha20 is stream cipher so there is no difference between decryption and encryption but the EVP API...

.../usr/local/bin/ssh root at server0-unit1 rm -f /etc/init.d/staticroutes ff1ee314 AES_decrypt (3c, d1, aaa5d0a5, 314, 74, 3b0) + 2f4 ff1ee66c AES_cbc_encrypt (74490, 774a8, 10, 6a358, 61fb8, 61fb8) +2c ff238abc aes_128_cbc_cipher (1, 774a8, 74490, 10, f0, ff2d9a18) + 1c ff23dfb8 EVP_Cipher (61f98, 774a8, 74490, 10, 61800, 62400) + 18 0002f3e4 cipher_crypt (61f94, 774a8, 74490, 10, f0, 7b528) + 34 000338a4 packet_read_poll_seqnr (ffbfe474, 62000, 62000, 620f0,61800, 62400) + 258 00033f94 packet_read_seqnr (0, 6, ffbfe510, 628a8, f0, 3c) + 40 00038bbc dispatch_run (0,...

http://bugzilla.mindrot.org/show_bug.cgi?id=141 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Summary| openssh-3.1p1-1.src.rpm |openssh-3.1p1-1.src.rpm will |will not build on RedHat |not build on RedHat Linux |Linux 6.1

http://bugzilla.mindrot.org/show_bug.cgi?id=138 mouring at eviladmin.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vjo at dulug.duke.edu ------- Additional Comments From mouring at eviladmin.org 2002-03-08 04:49 ------- *** Bug 139 has been

http://bugzilla.mindrot.org/show_bug.cgi?id=1291 Summary: aes256-ctr, aes192-ctr, arcfour256 broken with OpenSSL 0.9.8e Product: Portable OpenSSH Version: 4.5p1 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: bitbucket at

On some cpu's optimized chacha implementation in openssl (1.1.0+) is notably faster (and on others it is just faster) than generic C implementation in openssh. Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses different scheme (with padding/etc - see rfc8439) and it looks it is not possible to use in openssh. OpenSSL 1.1.1+ also exports "raw" poly1305 primitive,

...based on recommendations from NIST SP 800-38D: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf Among those, section 5.2.1.1 imposes a limit on plaintext length that amounts to 64 GiB. At Facebook, this was causing our scp transfers larger than 64 GiB to die with a cipher_crypt: EVP_Cipher failed error. The check implementing this limit has been recently rolled back by Red Hat: https://rhn.redhat.com/errata/RHBA-2015-0772.html The reason for dropping it is stated in the package's ChangeLog: Thu Mar 26 2015 Tom?? Mr?z tmraz at redhat.com 1.0.1e-30.8 drop the AES-GCM restrict...

http://bugzilla.mindrot.org/show_bug.cgi?id=877 Summary: ssh 3.8.1p1 client cannot disable encryption with "-c none" Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo:

...#include "xmalloc.h" #include "log.h" #include "cipher.h" +#include "fips.h" /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" @@ -64,30 +65,31 @@ u_int key_len; u_int discard_len; const EVP_CIPHER *(*evptype)(void); + u_int fips_allowed; } ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null }, - { "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc }, - { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des }, - { "blowfish", SSH_CIPHER_BLOWF...