search for: evp_max_md_size

...Signed-off-by: Roy Li <rongqing.li at windriver.com> --- mac.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/mac.c +++ b/mac.c @@ -132,12 +132,14 @@ mac_init(Mac *mac) u_char * mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) { - static u_char m[EVP_MAX_MD_SIZE]; + static u_int64_t m_buf[(EVP_MAX_MD_SIZE + sizeof (u_int64_t) - 1) + / sizeof (u_int64_t)]; + u_char *m = (u_char *)m_buf; u_char b[4], nonce[8]; - if (mac->mac_len > sizeof(m)) + if (mac->mac_len > EVP_MAX_MD_SIZE) fatal("mac_compute: mac too long %u %lu", -...

...------------------------------- diff --git a/src/net.h b/src/net.h index 55856e2..ab6bd41 100644 --- a/src/net.h +++ b/src/net.h @@ -31,7 +31,7 @@ #define MTU 1518 /* 1500 bytes payload + 14 bytes ethernet header + 4 bytes VLAN tag */ #endif -#define MAXSIZE (MTU + 4 + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + MTU/64 + 20) /* MTU + seqno + padding + HMAC + compressor overhead */ +#define MAXSIZE (MTU + 4 + 4 + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + MTU/64 + 20) /* MTU + flags + seqno + padding + HMAC + compressor overhead */ #define MAXBUFSIZE ((MAXSIZE > 2048 ? MAXSIZE : 2048) + 128) /* Enough r...

...de/private/md5.h index e5f675a..5b42a27 100644 --- a/src/libFLAC/include/private/md5.h +++ b/src/libFLAC/include/private/md5.h @@ -28,6 +28,11 @@ #include "FLAC/ordinals.h" +#if defined(HAVE_OPENSSL) +#include <openssl/evp.h> +#define FLAC__MD5Context EVP_MD_CTX +#else +#define EVP_MAX_MD_SIZE 16 typedef struct { FLAC__uint32 in[16]; FLAC__uint32 buf[4]; @@ -37,7 +42,8 @@ typedef struct { } FLAC__MD5Context; void FLAC__MD5Init(FLAC__MD5Context *context); -void FLAC__MD5Final(FLAC__byte digest[16], FLAC__MD5Context *context); +void FLAC__MD5Final(FLAC__byte digest[EVP_MAX_MD_SIZE...

...xchange-sha1 that computes the exchange hash and the key derivation PRF with SHA512 instead of SHA1. This removes the (largely acedemic) 160-bit bottleneck that prevented ciphers with longer keys from being fully utilised. Note that this patch requires a modified OpenSSL to build (set evp.h's EVP_MAX_MD_SIZE to 64 and rebuild - NB this breaks bincompat). It could be cajoled into working with OpenSSL CVS HEAD with some minor changes. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...;,k->type); + break; + default: + fatal("key_fingerprint_raw: bad key type %d", k->type); + break; + } + + if (blob != NULL) { + EVP_MD *md = NULL; + EVP_MD_CTX ctx; + + retval = xmalloc(EVP_MAX_MD_SIZE); + + switch (dgst_type) { + case DIGEST_TYPE_MD5: + md = EVP_md5(); + break; + case DIGEST_TYPE_SHA1: + md = EVP_sha1(); +...

...--> https://bugzilla.mindrot.org/attachment.cgi?id=2264&action=edit Bug fix based on Solaris Studio #pragma There is an alignment issue in UMAC implementation, which can cause crash in ssh binary on sparc. Static variable m is defined in mac.c as an array of chars: 168 static u_char m[EVP_MAX_MD_SIZE]; This array is passed to function umac128_final() in ssh/umac.c, and later cast to 64-bit unsigned integer and accessed in pdf_gen_xor(): 264 *((UINT64 *)buf) ^= ((UINT64 *)pc->cache)[ndx]; AFAIK, there is no assurance, that a static char array will be double-word aligned. And indeed, when...

...+ u_char *serverhostkeyblob, int sbloblen, + const unsigned char client_dh_pub[CURVE25519_PUBKEY_SIZE], + const unsigned char server_dh_pub[CURVE25519_PUBKEY_SIZE], + const BIGNUM *shared_secret, + u_char **hash, u_int *hashlen) +{ + Buffer b; + EVP_MD_CTX md; + static u_char digest[EVP_MAX_MD_SIZE]; + + buffer_init(&b); + buffer_put_cstring(&b, client_version_string); + buffer_put_cstring(&b, server_version_string); + + /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ + buffer_put_int(&b, ckexinitlen+1); + buffer_put_char(&b, SSH2_MSG_KEXINIT); + buffer_append(&a...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

...TERNAL_VERSION "d1" /* must be hex */ + +// compute the urlauth token using the INTERNAL mechanism +void urlauth_urlauth_generate_internal(const char *rump, + const buffer_t *key, + string_t *urlauth) +{ + const void *key_data; + size_t key_len = 0; + unsigned char mac[EVP_MAX_MD_SIZE]; + unsigned int mac_len = 0; + + // compute HMAC-SHA1 of rump with key + key_data = buffer_get_data(key, &key_len); + i_assert(key_len > 0); + HMAC(EVP_sha1(), key_data, key_len, (const unsigned char *) rump, + strlen(rump), mac, &mac_len); + + str_append(urlauth, URLAUTH_URLAUTH_I...