search for: evp_md_ctx

Displaying 18 results from an estimated 18 matches for "evp_md_ctx".

2005 Oct 12
1
Binary compatibility problem in OpenSSH from OpenSSL mailing list
Hello All, There seems to be a binary compatibility problem with OpenSSL and OpenSSH 4.2p1. The details can be found at http://www.mail-archive.com/openssl-users at openssl.org/msg41869.html . The discussion is closed with pointing a problem in key.c in OpenSSH and corresponding thread is at http://www.mail-archive.com/openssl-users at openssl.org/msg41878.html I would like to know the
2016 Nov 02
0
v2.2.26.0 released
...,7 @@ bool dcrypt_openssl_public_key_id_evp(EVP_PKEY *key, c long len = BIO_get_mem_data(b, &ptr); unsigned int hlen = sizeof(buf); /* then hash it */ -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) EVP_MD_CTX *ctx = EVP_MD_CTX_new(); #else EVP_MD_CTX *ctx = EVP_MD_CTX_create(); @@ -2147,7 +2147,7 @@ bool dcrypt_openssl_public_key_id_evp(EVP_PKEY *key, c buffer_append(result, buf, hlen); res = TRUE; } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L &...
2020 Feb 19
2
OpenSSH ver.8.2p1 compilation error on AIX
...ssages don't correspond to those in 8.2p1, but they do match 7.9p1. For example: > "libressl-api-compat.c", line 619.26: 1506-043 (S) The operand of the sizeof operator is not valid. $ head -619 openssh-7.9p1/openbsd-compat/libressl-api-compat.c | tail -1 return calloc(1, sizeof(EVP_MD_CTX)); $ head -619 openssh-8.0p1/openbsd-compat/libressl-api-compat.c | tail -1 #ifndef HAVE_EVP_MD_CTX_NEW $ head -619 openssh-8.2p1/openbsd-compat/libressl-api-compat.c | tail -1 #ifndef HAVE_EVP_MD_CTX_NEW I don't have VAC so I can't reproduce this myself. I have built 8.2p1 with a shared...
2016 Nov 02
2
v2.2.26.0 released
...>>>>>> >>>>>>>> HMAC_CTX_new >>>>>>>> HMAC_CTX_free >>>>>>>> EVP_PKEY_get0_EC_KEY >>>>>>>> EVP_PKEY_get0_RSA >>>>>>>> OBJ_length >>>>>>>> EVP_MD_CTX_new >>>>>>>> EVP_MD_CTX_free >>>>>>>> >>>>>>>> The result of calling a non-existent function is a runtime error, >>>>>>>> and we do not want that on production servers. >>>>>>>> &...
2014 Jul 15
2
missing HAVE_EVP_RIPEMD160 breaks ssh client
Hello, I've updated sources but forgot to recreate configure so I've ended without #define HAVE_EVP_RIPEMD160 1 and ssh client ended with: OpenSSH_6.7p1, OpenSSL 1.0.1h-fips 5 Jun 2014 debug1: Reading configuration data ssh.config main: mux digest failed The problem was that ssh_digest_by_alg() couldn't verify alg with an index bigger than 1 since the line with SSH_DIGEST_RIPEMD160
2020 Feb 19
0
OpenSSH ver.8.2p1 compilation error on AIX
...e in 8.2p1, but they do match 7.9p1. For > example: > > > "libressl-api-compat.c", line 619.26: 1506-043 (S) The operand of the sizeof > operator is not valid. > > $ head -619 openssh-7.9p1/openbsd-compat/libressl-api-compat.c | tail -1 > return calloc(1, sizeof(EVP_MD_CTX)); $ head -619 openssh-8.0p1/openbsd- > compat/libressl-api-compat.c | tail -1 #ifndef HAVE_EVP_MD_CTX_NEW $ > head -619 openssh-8.2p1/openbsd-compat/libressl-api-compat.c | tail -1 > #ifndef HAVE_EVP_MD_CTX_NEW > > I don't have VAC so I can't reproduce this myself. I have...
2001 Mar 04
1
bubblebabble patch
..._fingerprint_raw: bad key type %d",k->type); + break; + default: + fatal("key_fingerprint_raw: bad key type %d", k->type); + break; + } + + if (blob != NULL) { + EVP_MD *md = NULL; + EVP_MD_CTX ctx; + + retval = xmalloc(EVP_MAX_MD_SIZE); + + switch (dgst_type) { + case DIGEST_TYPE_MD5: + md = EVP_md5(); + break; + case DIGEST_TYPE_SHA1: +...
2017 Jun 23
5
OpenSSL 1.1 support status : what next?
OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing a shim for OpenSSL-1.1, the OpenSC code has been converted to the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and macros was written to support older versions of OpenSSL and Libressl. https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/sc-ossl-compat.h The nice part of this approach is
2017 Jun 24
2
OpenSSL 1.1 support status : what next?
...y difficult to maintain. > According to Kurt's patch, such a compat file for openssh would clock at roughly 500 lines of nearly trivial code (and I insist on this fact: code is quite trivial. The most complicated function would > be this one : > > ?----8<-----? > static int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) > { > ?? > if (ctx == NULL) > ?? > return 1; > ?? > /* > ?? > * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because > ?? > * sometimes only copies of the context are ever finalised. > ?? > */ > ?? > if (ctx-&g...
2012 Dec 21
0
File Attachments for previous bug report
...17:29:14.920563605 -0800 @@ -101,7 +101,7 @@ SCHNORR_DEBUG_BN((h, "%s: h = ", __func__)); out: buffer_free(&b); - bzero(digest, digest_len); + memset(digest, 0, digest_len); xfree(digest); digest_len = 0; if (success == 0) @@ -477,7 +477,7 @@ success = 0; out: EVP_MD_CTX_cleanup(&evp_md_ctx); - bzero(digest, sizeof(digest)); + memset(digest, 0, sizeof(digest)); digest_len = 0; return success; } @@ -570,7 +570,7 @@ BN_clear_free(grp->p); if (grp->q != NULL) BN_clear_free(grp->q); - bzero(grp, sizeof(*grp)); + memset(grp, 0, size...
2001 Jun 28
1
Adding 'name' key types
Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
...TH %s", a->name, b->name); + if (a->type == KEY_NAME_PAT) + return match_pattern(b->name, a->name); + else + return match_pattern(a->name, b->name); +} + static u_char* key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length) @@ -161,7 +226,7 @@ EVP_MD_CTX ctx; u_char *blob = NULL; u_char *retval = NULL; - int len = 0; + u_int len = 0; int nlen, elen; *dgst_raw_length = 0; @@ -364,11 +429,12 @@ { Key *k; int success = -1; - char *cp, *space; + char *cp, *space, *name_type; int len, n, type; u_int bits; - u_char *blob; + u_char *blo...
2001 Aug 15
0
[ossh patch] principal name/patterns in authorized_keys2
...h %s WITH %s", a->name, b->name); + if (a->type == KEY_NAME_PAT) + return match_pattern(b->name, a->name); + else + return match_pattern(a->name, b->name); +} + u_char* key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length) @@ -160,7 +229,7 @@ EVP_MD_CTX ctx; u_char *blob = NULL; u_char *retval = NULL; - int len = 0; + u_int len = 0; int nlen, elen; *dgst_raw_length = 0; @@ -363,11 +432,12 @@ { Key *k; int success = -1; - char *cp, *space; + char *cp, *space, *name_type; int len, n, type; u_int bits; - u_char *blob; + u_char *blo...
2012 May 05
5
[PATCH] Optionally, allow distros to use openssl for MD5 verification
...e/md5.h b/src/libFLAC/include/private/md5.h index e5f675a..5b42a27 100644 --- a/src/libFLAC/include/private/md5.h +++ b/src/libFLAC/include/private/md5.h @@ -28,6 +28,11 @@ #include "FLAC/ordinals.h" +#if defined(HAVE_OPENSSL) +#include <openssl/evp.h> +#define FLAC__MD5Context EVP_MD_CTX +#else +#define EVP_MAX_MD_SIZE 16 typedef struct { FLAC__uint32 in[16]; FLAC__uint32 buf[4]; @@ -37,7 +42,8 @@ typedef struct { } FLAC__MD5Context; void FLAC__MD5Init(FLAC__MD5Context *context); -void FLAC__MD5Final(FLAC__byte digest[16], FLAC__MD5Context *context); +void FLAC__MD5Final(F...
2012 Dec 20
4
Deprecated calls to bzero() and index() found in OpenSSH 6.1p1
...SCHNORR_DEBUG_BN((h, "%s: h = ", __func__)); out: buffer_free(&b); - bzero(digest, digest_len); + memset(digest, 0, digest_len); xfree(digest); digest_len = 0; if (success == 0) @@ -477,7 +477,7 @@ success = 0; out: EVP_MD_CTX_cleanup(&evp_md_ctx); - bzero(digest, sizeof(digest)); + memset(digest, 0, sizeof(digest)); digest_len = 0; return success; } @@ -570,7 +570,7 @@ BN_clear_free(grp->p); if (grp->q != NULL) BN_clear_free(grp->q); -...
2013 Sep 24
9
[PATCH] curve25519-sha256@libssh.org key exchange proposal
...+ char *skexinit, int skexinitlen, + u_char *serverhostkeyblob, int sbloblen, + const unsigned char client_dh_pub[CURVE25519_PUBKEY_SIZE], + const unsigned char server_dh_pub[CURVE25519_PUBKEY_SIZE], + const BIGNUM *shared_secret, + u_char **hash, u_int *hashlen) +{ + Buffer b; + EVP_MD_CTX md; + static u_char digest[EVP_MAX_MD_SIZE]; + + buffer_init(&b); + buffer_put_cstring(&b, client_version_string); + buffer_put_cstring(&b, server_version_string); + + /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ + buffer_put_int(&b, ckexinitlen+1); + buffer_put_char(&a...
2020 Feb 09
2
[RFC PATCH] Add SHA1 support
...ine CSUM_CHUNK 64 @@ -19,8 +20,80 @@ void mdfour_result(md_context *md, uchar digest[MD4_DIGEST_LEN]); void get_mdfour(uchar digest[MD4_DIGEST_LEN], const uchar *in, int length); +#ifdef HAVE_OPENSSL +#include <openssl/crypto.h> +#include <openssl/evp.h> + +#define MDLIB_MD_CTX EVP_MD_CTX + +#define mdlib_initialize() OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); + +#define mdlib_new_ctx() EVP_MD_CTX_new() +#define mdlib_free_ctx(_ctx) EVP_MD_CTX_free(_ctx) + +#define mdlib_init_md5(_ctx) EVP_DigestInit_ex(_ctx, EVP_md5(), NULL) +#define mdlib_init_sha1(_ctx) EVP_Di...
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |