search for: evp_cipherinit

...ion code. And i obtained openssh-3.2.2p1 with the view of testing the effectiveness of my code detecting the recently reported vunerability,but my code fails on with an error report of a use of memcpy with overlapping source and destination regions. I have being able to narrow it down to a call to EVP_CipherInit in cipher.c:224(function cipher_init). I checked but couldn't find any man page of EVP_CipherInit. I will appreciate if u can give me any info on the implementation of EVP_CipherInit such as to explain this scenario. Below are some information i hope will be useful. Thanks tunji Debugging u...

When compiling the software it breaks with an error on the cipher.c file. Lot's of warnings and error of undeclared stuff. Snippet follows: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/include -Iyes -I/usr/local/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\"

Am I the only person to be seeing this log message from sshd: fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth] ? (security/openssh-portable, with HPN patches and MIT Kerberos, although Kerberos is not actually configured on this server.) A work-around is to disable aes128-cbc in sshd_config, but it would be nice not to have my logs spammed with this. Currently ru...

...h for FIPS Capable OpenSSH. I try it and it seems working for some cases. (BTW, I also find that aes128-ctr, aes192-ctr and aes256-ctr ciphers can't work in FIPS mode properly. The fips mode sshd debug info is as following. *************************** debug2: set_newkeys: mode 1 cipher_init: EVP_CipherInit: set key failed for aes128-ctr debug1: do_cleanup ?? debug3: PAM: sshpam_thread_cleanup entering debug1: audit event euid 0 user (unknown user) event 12 (CONNECTION_ABANDON) *************************** I don't know why. Are these three ciphers FIPS forbidden?) ?? As you know, FIPS 1.1....

Hello, quoted patch free's cipher_data malloc'd in calls to EVP_CipherInit() in ssh1_3des_init(), at least linked with openssl >= 0.9.7. It does not appear to me (superficial scan) that there is any harm in calling the _cleanup routine with earlier openssl. fwiw :laird --- openssh-3.7.1p2/cipher-3des1.c Tue Sep 23 05:24:21 2003 +++ src37m/cipher-3des1.c...

...d new functions from OpenSSL that are needed with 1.1.0 but didn't exist in 1.0.2. Since they are copied from the OpenSSL source code, I also added the OpenSSL license to it. If this is a problem we can probably agree to put that file under a different license. - I've replaced the 2 EVP_CipherInit() calls in cipher_init() with 1. OpenSSL now clears everything when you call EVP_CipherInit() again, so what was passed in the first but not in the second call, and what the function calls between them did, was lost. - The test suite was insitng that things like rsa->n where not NULL in...

...+132,7 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, memset(poly_key, 0, sizeof(poly_key)); #if defined(WITH_OPENSSL) && defined(HAVE_EVP_CHACHA20) memset(seqbuf + 0, 0, 8); - POKE_U64(seqbuf + 8, seqnr); + POKE_U64(seqbuf + CHACHA_IV_OFFSET, seqnr); if (!EVP_CipherInit(ctx->main_evp, NULL, NULL, seqbuf, do_encrypt)) goto out; if (EVP_Cipher(ctx->main_evp, poly_key, (u_char *)poly_key, sizeof(poly_key)) < 0) For the do_encrypt, you are right. Chacha20 is stream cipher so there is no difference between decryption and encryption but the EVP API requir...

...e. On the other hand,when using FIPS unallowed ciphers, ssh -c arcfour localhost ssh -c blowfish-cbc localhost ssh -c cast128-cbc locahost the sshd will disconnect the connection. Some debug messages like below appear. *************************** debug2: set_newkeys: mode 1 cipher_init: EVP_CipherInit: set key failed for aes128-ctr debug1: do_cleanup debug3: PAM: sshpam_thread_cleanup entering debug1: audit event euid 0 user (unknown user) event 12 (CONNECTION_ABANDON) *************************** The above experiments show that the modified sshd actually works in FIPS mode, conforming to FIP...

...sing it for some is not. This can be changed later if it is proven safe. Also note that the regress tests will fail on the SSHv1 Blowfish test since that uses a 256 bit key, which is also broken in that OpenSSL. This will cause a runtime failure: $ ssh -1 -c blowfish localhost [...] cipher_init: EVP_CipherInit: set key failed for blowfish Index: cipher-aes.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/cipher-aes.c,v retrieving revision 1.4 diff -u -p -r1.4 cipher-aes.c --- cipher-aes.c 9 Dec 2003 08:05:43 -0000 1.4 +++ cip...

OpenSSH 7.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH community

http://bugzilla.mindrot.org/show_bug.cgi?id=138 mouring at eviladmin.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vjo at dulug.duke.edu ------- Additional Comments From mouring at eviladmin.org 2002-03-08 04:49 ------- *** Bug 139 has been

On some cpu's optimized chacha implementation in openssl (1.1.0+) is notably faster (and on others it is just faster) than generic C implementation in openssh. Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses different scheme (with padding/etc - see rfc8439) and it looks it is not possible to use in openssh. OpenSSL 1.1.1+ also exports "raw" poly1305 primitive,

...`BIO_ctrl' /usr/local/ssl/lib/libssl.so: undefined reference to `X509_STORE_CTX_init' /usr/local/ssl/lib/libssl.so: undefined reference to `i2d_DHparams' /usr/local/ssl/lib/libssl.so: undefined reference to `RSA_private_decrypt' /usr/local/ssl/lib/libssl.so: undefined reference to `EVP_CipherInit' /usr/local/ssl/lib/libssl.so: undefined reference to `ERR_put_error' /usr/local/ssl/lib/libssl.so: undefined reference to `RSA_new' /usr/local/ssl/lib/libssl.so: undefined reference to `BIO_write' /usr/local/ssl/lib/libssl.so: undefined reference to `sk_set_cmp_func' /usr/local...