Displaying 13 results from an estimated 13 matches for "evp_cipherinit".
2002 Jul 08
0
"Help with EVP_CipherInit"
...ion code.
And i obtained openssh-3.2.2p1 with the view of testing the effectiveness
of my code detecting the recently reported vunerability,but my code fails
on with an error report of a use of memcpy with overlapping source and
destination regions. I have being able to narrow it down to a call to
EVP_CipherInit in cipher.c:224(function cipher_init).
I checked but couldn't find any man page of EVP_CipherInit.
I will appreciate if u can give me any info on the implementation of
EVP_CipherInit such as to explain this scenario.
Below are some information i hope will be useful.
Thanks
tunji
Debugging u...
2002 Mar 08
1
Problems with Solaris 8 and OpenSSH 3.1p1
When compiling the software it breaks with an error on the cipher.c file.
Lot's of warnings and error of undeclared stuff.
Snippet follows:
gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.
-I/usr/local/ssl/include -Iyes -I/usr/local/include -DSSHDIR=\"/etc\"
-D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\"
2013 Jul 30
1
fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]
Am I the only person to be seeing this log message from sshd:
fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]
?
(security/openssh-portable, with HPN patches and MIT Kerberos,
although Kerberos is not actually configured on this server.) A
work-around is to disable aes128-cbc in sshd_config, but it would be
nice not to have my logs spammed with this. Currently ru...
2008 Jun 12
2
FIPS mode OpenSSH suggestion
...h for FIPS Capable OpenSSH. I try it and it seems working for some cases.
(BTW, I also find that aes128-ctr, aes192-ctr and aes256-ctr ciphers can't work in FIPS mode properly.
The fips mode sshd debug info is as following.
***************************
debug2: set_newkeys: mode 1
cipher_init: EVP_CipherInit: set key failed for aes128-ctr
debug1: do_cleanup
??
debug3: PAM: sshpam_thread_cleanup entering
debug1: audit event euid 0 user (unknown user) event 12 (CONNECTION_ABANDON)
***************************
I don't know why. Are these three ciphers FIPS forbidden?)
??
As you know, FIPS 1.1....
2003 Dec 22
1
?? memory leak in 3des1
Hello,
quoted patch free's cipher_data malloc'd in calls to EVP_CipherInit() in
ssh1_3des_init(), at least linked with openssl >= 0.9.7. It does not
appear to me (superficial scan) that there is any harm in calling the
_cleanup routine with earlier openssl.
fwiw
:laird
--- openssh-3.7.1p2/cipher-3des1.c Tue Sep 23 05:24:21 2003
+++ src37m/cipher-3des1.c...
2016 Sep 18
2
OpenSSL 1.1.0 support
...d new functions from
OpenSSL that are needed with 1.1.0 but didn't exist in 1.0.2.
Since they are copied from the OpenSSL source code, I also added
the OpenSSL license to it. If this is a problem we can probably
agree to put that file under a different license.
- I've replaced the 2 EVP_CipherInit() calls in cipher_init() with
1. OpenSSL now clears everything when you call EVP_CipherInit()
again, so what was passed in the first but not in the second
call, and what the function calls between them did, was lost.
- The test suite was insitng that things like rsa->n where not
NULL in...
2020 Jan 16
3
[patch 1/2] use chacha20 from openssl (1.1.0+) when possible
...+132,7 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int
seqnr, u_char *dest,
memset(poly_key, 0, sizeof(poly_key));
#if defined(WITH_OPENSSL) && defined(HAVE_EVP_CHACHA20)
memset(seqbuf + 0, 0, 8);
- POKE_U64(seqbuf + 8, seqnr);
+ POKE_U64(seqbuf + CHACHA_IV_OFFSET, seqnr);
if (!EVP_CipherInit(ctx->main_evp, NULL, NULL, seqbuf,
do_encrypt))
goto out;
if (EVP_Cipher(ctx->main_evp, poly_key, (u_char *)poly_key,
sizeof(poly_key)) < 0)
For the do_encrypt, you are right. Chacha20 is stream cipher so there
is no difference between decryption and encryption but the EVP API
requir...
2008 Jun 19
0
Is there any plan for OpenSSH to support FIPS?
...e.
On the other hand,when using FIPS unallowed ciphers,
ssh -c arcfour localhost
ssh -c blowfish-cbc localhost
ssh -c cast128-cbc locahost
the sshd will disconnect the connection. Some debug messages like below appear.
***************************
debug2: set_newkeys: mode 1
cipher_init: EVP_CipherInit: set key failed for aes128-ctr
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: audit event euid 0 user (unknown user) event 12 (CONNECTION_ABANDON)
***************************
The above experiments show that the modified sshd actually works in FIPS mode, conforming to FIP...
2005 Nov 20
0
[PATCH] Solaris 10 and missing OpenSSL functions >128bit
...sing it for some is not. This can be changed
later if it is proven safe.
Also note that the regress tests will fail on the SSHv1 Blowfish test
since that uses a 256 bit key, which is also broken in that OpenSSL.
This will cause a runtime failure:
$ ssh -1 -c blowfish localhost
[...]
cipher_init: EVP_CipherInit: set key failed for blowfish
Index: cipher-aes.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/cipher-aes.c,v
retrieving revision 1.4
diff -u -p -r1.4 cipher-aes.c
--- cipher-aes.c 9 Dec 2003 08:05:43 -0000 1.4
+++ cip...
2016 Feb 29
5
Announce: OpenSSH 7.2 released
OpenSSH 7.2 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community
2002 Mar 07
20
[Bug 138] Incorrect OpenSSL version requirment?
http://bugzilla.mindrot.org/show_bug.cgi?id=138
mouring at eviladmin.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vjo at dulug.duke.edu
------- Additional Comments From mouring at eviladmin.org 2002-03-08 04:49 -------
*** Bug 139 has been
2019 Jan 17
3
[patch 1/2] use chacha20 from openssl (1.1.0+) when possible
On some cpu's optimized chacha implementation in openssl (1.1.0+) is
notably faster (and on others it is just faster) than generic C
implementation in openssh.
Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses
different scheme (with padding/etc - see rfc8439) and it looks it is not
possible to use in openssh.
OpenSSL 1.1.1+ also exports "raw" poly1305 primitive,
2005 Aug 09
2
error compiling asterisk on solaris
...`BIO_ctrl'
/usr/local/ssl/lib/libssl.so: undefined reference to `X509_STORE_CTX_init'
/usr/local/ssl/lib/libssl.so: undefined reference to `i2d_DHparams'
/usr/local/ssl/lib/libssl.so: undefined reference to `RSA_private_decrypt'
/usr/local/ssl/lib/libssl.so: undefined reference to `EVP_CipherInit'
/usr/local/ssl/lib/libssl.so: undefined reference to `ERR_put_error'
/usr/local/ssl/lib/libssl.so: undefined reference to `RSA_new'
/usr/local/ssl/lib/libssl.so: undefined reference to `BIO_write'
/usr/local/ssl/lib/libssl.so: undefined reference to `sk_set_cmp_func'
/usr/local...