search for: evp_cipher_ctx

...nbsd-compat/openssl-compat.h 9 Jan 2013 05:42:49 -0000 1.21 +++ openbsd-compat/openssl-compat.h 14 Jan 2013 18:39:27 -0000 @@ -68,7 +68,7 @@ #define EVP_aes_192_ctr evp_aes_128_ctr #define EVP_aes_256_ctr evp_aes_128_ctr extern const EVP_CIPHER *evp_aes_128_ctr(void); -extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); +extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); #endif /* Avoid some #ifdef. Code that uses these is unreachable without GCM */ -- Iain Morgan

...bsd-compat/openssl-compat.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 9e0264c0..b4f0908f 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -87,6 +87,13 @@ void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); */ #ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS +/* OpenSSL >= 1.1.0 without deprecated APIs needs this.*/ +#ifndef SSLEAY_VERSION +# define SSLEAY_VERSION OPENSSL_VERSION +# define SSLeay_version OpenSSL_version +# define SSLeay OpenSSL_version_num +#endif +...

...05 08:58:50 -0000 @@ -18,7 +18,11 @@ #include "includes.h" -#define SSH_DONT_REDEF_EVP +#ifdef USE_OPENSSL_ENGINE +# include <openssl/engine.h> +#endif + +#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS #include "openssl-compat.h" #ifdef SSH_OLD_EVP @@ -44,3 +48,15 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT return 1; } #endif + +void +ssh_SSLeay_add_all_algorithms(void) +{ + SSLeay_add_all_algorithms(); + +#ifdef USE_OPENSSL_ENGINE + /* Enable use of crypto hardware */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); +#endif +} Index: openbsd-compat/openssl-...

...um and crypto APIs. In addition to the deprecation warnings, I also got multiple instances of the following warning: clang: warning: argument unused during compilation: '-pie' and one instance of: cipher-3des1.c:152:22: warning: incompatible pointer types assigning to 'int (*)(EVP_CIPHER_CTX *, unsigned char *, const unsigned char *, unsigned int)' from 'int (EVP_CIPHER_CTX *, u_char *, const u_char *, size_t)' [-Wincompatible-pointer-types] ssh1_3des.do_cipher = ssh1_3des_cbc; ^ ~~~~~~~~~~~~~ I've attached the complete o...

...en doing some work to make OpenSSH use alternative crypto engines and it appears to me that this code may not work correctly when using an OpenSSL engine. The cipher_data could contain pointers to other data objects so just copying the cipher_data is not going to work correctly. OpenSSL provides EVP_CIPHER_CTX_copy() which can be used to safely copy the cryptographic state of an EVP_CIPHER_CTX. This API will call an engine specific interface to perform the copy, if required by the engine, ensuring that the cipher_data is copied correctly. It's unclear exactly how EVP_CIPHER_CTX_copy() can be used in...

...Jan 2013, Iain Morgan wrote: > > Could you tell me the declaration of the function pointer do_cipher in > > OpenSSL's evp.h on your system and the the OPENSSL_VERSION_NUMBER from > > opensslv.h? > > % grep -A1 do_cipher /usr/include/openssl/evp.h > int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, > const unsigned char *in, size_t inl);/* encrypt/decrypt data */ > > % grep OPENSSL_VERSION_NUMBER /usr/include/openssl/opensslv.h > #define OPENSSL_VERSION_NUMBER 0x10000003L Is this a beta? This should help (on top of you existing diffs): Index: openb...

...\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh_api.c -o ssh_api.o In file included from ssh_api.h:26:0, from ssh_api.c:21: cipher.h:69:17: error: field `evp' has incomplete type EVP_CIPHER_CTX evp; ^ make: *** [ssh_api.o] Error 1 3.19.0-64-generic #72~14.04.1-Ubuntu. Answer in Google I have not found. Thanks for the reply. With best wishes, Boris.

i think our strategy for privsep is to just keep portable sync'd closely with openbsd's tree, even though things will be broken wrt privsep for many platforms. then we just get primary one's working and work out issues as we go along. i'll start to work on sun and hp-ux again tomorrow.

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

http://bugzilla.mindrot.org/show_bug.cgi?id=1291 Summary: aes256-ctr, aes192-ctr, arcfour256 broken with OpenSSL 0.9.8e Product: Portable OpenSSH Version: 4.5p1 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: bitbucket at

Hi, more or less a year ago Kurt Roeckx provided an initial port towards the OpenSSL 1.1 API [0]. The patch has been left untouched [1] and it has been complained about a missing compat layer of the new vs the old API within the OpenSSL library [2]. This is how I reconstructed the situation as of today and I am not aware of any progress in regard to the newer library within the OpenSSH project.

OpenSSH 7.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH community

...pe right based on the installed > OpenSSL version. > > Could you tell me the declaration of the function pointer do_cipher in > OpenSSL's evp.h on your system and the the OPENSSL_VERSION_NUMBER from > opensslv.h? % grep -A1 do_cipher /usr/include/openssl/evp.h int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl);/* encrypt/decrypt data */ % grep OPENSSL_VERSION_NUMBER /usr/include/openssl/opensslv.h #define OPENSSL_VERSION_NUMBER 0x10000003L > > > For completeness, the following warnings show up during the build. > > [dif...

(Second try to send this. I wonder if the first one gotten eaten by a spam filter; I'll link to patches instead of attaching them.) Here are the tincctl patches I've been working on. They apply to http://www.tinc-vpn.org/svn/tinc/branches/1.1@1545. I intend to commit them once the crypto stuff's fixed. Since they're basically done, I'm emailing them now for review and in case