search for: evp_md5

...const EVP_MD * (*mdfunc)(void); int truncatebits; /* truncate digest if != 0 */ } macs[] = { - { "hmac-sha1", EVP_sha1, 0, }, - { "hmac-sha1-96", EVP_sha1, 96 }, - { "hmac-md5", EVP_md5, 0 }, - { "hmac-md5-96", EVP_md5, 96 }, - { "hmac-ripemd160", EVP_ripemd160, 0 }, - { "hmac-ripemd160 at openssh.com", EVP_ripemd160, 0 }, + { "hmac-sha1", (const EVP_MD *(*)(void)) EVP_sha1,...

...verify alg with an index bigger than 1 since the line with SSH_DIGEST_RIPEMD160 wasn't compiled in and all indexes in the ssh_digest digests array was lowered by one. /* NB. Indexed directly by algorithm number */ const struct ssh_digest digests[] = { { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, #ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */ { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 }, #endif { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, ... Would it be worth to use enum instead of defined constants for the digest type? --- a/diges...

Hi, Is FIPS 140-2 patch for openssh 6.3.p1 available somewhere or do I have to make one using http://www.openssl.com/export/openssh/openssh-6.0p1.fips-revised.patch ? Regards, Manish

...======================================= RCS file: /cvs/src/usr.bin/ssh/mac.c,v retrieving revision 1.6 diff -c -r1.6 mac.c *** mac.c 2003/09/18 13:02:21 1.6 --- mac.c 2004/11/11 01:07:03 *************** *** 45,50 **** --- 45,51 ---- { "hmac-md5-96", EVP_md5, 96 }, { "hmac-ripemd160", EVP_ripemd160, 0 }, { "hmac-ripemd160 at openssh.com", EVP_ripemd160, 0 }, + { "hmac-none", EVP_md_null, 0 }, { NULL, NULL, 0 } };

..._->first_frame_offset = 0; - decoder->private_->first_frame_offset = 0; - decoder->private_->unparseable_frame_count = 0; + decoder->private_->unparseable_frame_count = 0; +#if defined(HAVE_OPENSSL) + return (EVP_DigestInit_ex(&decoder->private_->md5context, EVP_md5(), NULL) == 1); +#else +????FLAC__MD5Init(&decoder->private_->md5context); +#endif return true; } diff --git a/src/libFLAC/stream_encoder.c b/src/libFLAC/stream_encoder.c index 7e102a5..787366e 100644 --- a/src/libFLAC/stream_encoder.c +++ b/src/libFLAC/stream_encoder.c @@ -570,7 +57...

...+ break; + } + + if (blob != NULL) { + EVP_MD *md = NULL; + EVP_MD_CTX ctx; + + retval = xmalloc(EVP_MAX_MD_SIZE); + + switch (dgst_type) { + case DIGEST_TYPE_MD5: + md = EVP_md5(); + break; + case DIGEST_TYPE_SHA1: + md = EVP_sha1(); + break; + default: + fatal("key_fingerprint_raw: bad digest type %d...

...gest if != 0 */ int key_len; /* just for UMAC */ int len; /* just for UMAC */ + int fips_allowed; } macs[] = { - { "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 }, - { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 }, - { "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 }, - { "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 }, - { "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, - { "hmac-ripemd160 at openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, - { "umac-64 at openssh.com", SSH_UMAC, NULL, 0, 128, 64 },...

Yo All! I have been playing with SSH 2.2.0 from www.ssh.com. I can not connect to openssh 2.2.1p1 using Ver 2 protocol from ssh Ver 2.2.0. Ver 1 works fine. See below for the debug output from both ends If I force hmac-md5 (-m hmac-md5) from the sender it works! The other 3 choices fail: hmac-sha1; hmac-md5-96; and none. I have no problem connecting to this openssh host (hobbes) from

...ce to `BIO_get_retry_reason' /usr/local/ssl/lib/libssl.so: undefined reference to `X509_STORE_new' /usr/local/ssl/lib/libssl.so: undefined reference to `SHA1_Init' /usr/local/ssl/lib/libssl.so: undefined reference to `HMAC_Final' /usr/local/ssl/lib/libssl.so: undefined reference to `EVP_md5' /usr/local/ssl/lib/libssl.so: undefined reference to `ASN1_object_size' /usr/local/ssl/lib/libssl.so: undefined reference to `EVP_get_cipherbyname' /usr/local/ssl/lib/libssl.so: undefined reference to `EVP_rc4' /usr/local/ssl/lib/libssl.so: undefined reference to `EVP_add_cipher...

...;openssl/evp.h> + +#define MDLIB_MD_CTX EVP_MD_CTX + +#define mdlib_initialize() OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); + +#define mdlib_new_ctx() EVP_MD_CTX_new() +#define mdlib_free_ctx(_ctx) EVP_MD_CTX_free(_ctx) + +#define mdlib_init_md5(_ctx) EVP_DigestInit_ex(_ctx, EVP_md5(), NULL) +#define mdlib_init_sha1(_ctx) EVP_DigestInit_ex(_ctx, EVP_sha1(), NULL) + +#define mdlib_update(_ctx, _buf, _len) EVP_DigestUpdate(_ctx, _buf, _len) +#define mdlib_finalize(_ctx, _out) EVP_DigestFinal_ex(_ctx, _out, NULL) + +#else + +#include "lib/sha1.h" + +struct md_lib_ctx {...

http://bugzilla.mindrot.org/show_bug.cgi?id=877 Summary: ssh 3.8.1p1 client cannot disable encryption with "-c none" Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo:

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |