search for: evp_sha1

...--- mac.c.orig 2004-10-17 12:39:46.000000000 +0200 +++ mac.c 2004-10-17 12:41:04.000000000 +0200 @@ -39,12 +39,12 @@ const EVP_MD * (*mdfunc)(void); int truncatebits; /* truncate digest if != 0 */ } macs[] = { - { "hmac-sha1", EVP_sha1, 0, }, - { "hmac-sha1-96", EVP_sha1, 96 }, - { "hmac-md5", EVP_md5, 0 }, - { "hmac-md5-96", EVP_md5, 96 }, - { "hmac-ripemd160", EVP_ripemd160, 0 }, - { "hmac-ripemd...

...EX_SHA256, KEX_MAX }; IN kex.c static void choose_kex(Kex *k, char *client, char *server) { k->name = match_list(client, server, NULL); if (k->name == NULL) fatal("no kex alg"); if (strcmp(k->name, KEX_DH1) == 0) { k->kex_type = KEX_DH_GRP1_SHA1; k->evp_md = EVP_sha1(); } else if (strcmp(k->name, KEX_DH14) == 0) { k->kex_type = KEX_DH_GRP14_SHA1; k->evp_md = EVP_sha1(); } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) { k->kex_type = KEX_DH_GEX_SHA1; k->evp_md = EVP_sha1(); } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) {...

...by algorithm number */ const struct ssh_digest digests[] = { { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, #ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */ { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 }, #endif { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, ... Would it be worth to use enum instead of defined constants for the digest type? --- a/digest.h +++ b/digest.h @@ -22,13 +22,17 @@ #define SSH_DIGEST_MAX_LENGTH 64 /* Digest algorithms */ -#define SSH_DIGEST_MD5 0 -#define SSH_DIGEST_RIPEMD160 1 -#define SSH_DIGEST_SHA1...

Yo All! I have been playing with SSH 2.2.0 from www.ssh.com. I can not connect to openssh 2.2.1p1 using Ver 2 protocol from ssh Ver 2.2.0. Ver 1 works fine. See below for the debug output from both ends If I force hmac-md5 (-m hmac-md5) from the sender it works! The other 3 choices fail: hmac-sha1; hmac-md5-96; and none. I have no problem connecting to this openssh host (hobbes) from

Hi, Is FIPS 140-2 patch for openssh 6.3.p1 available somewhere or do I have to make one using http://www.openssl.com/export/openssh/openssh-6.0p1.fips-revised.patch ? Regards, Manish

...+ retval = xmalloc(EVP_MAX_MD_SIZE); + + switch (dgst_type) { + case DIGEST_TYPE_MD5: + md = EVP_md5(); + break; + case DIGEST_TYPE_SHA1: + md = EVP_sha1(); + break; + default: + fatal("key_fingerprint_raw: bad digest type %d", dgst_type); + } + + EVP_DigestInit(&ctx, md); + EVP_DigestUpdate(&ctx, blob, len); +...

....h" +#include "fips.h" #include "umac.h" @@ -54,15 +55,16 @@ int truncatebits; /* truncate digest if != 0 */ int key_len; /* just for UMAC */ int len; /* just for UMAC */ + int fips_allowed; } macs[] = { - { "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 }, - { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 }, - { "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 }, - { "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 }, - { "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, - { "hmac-ripemd160 at op...

...erence to `DH_compute_key' /usr/local/ssl/lib/libssl.so: undefined reference to `CRYPTO_add_lock' /usr/local/ssl/lib/libssl.so: undefined reference to `COMP_CTX_free' /usr/local/ssl/lib/libssl.so: undefined reference to `sk_push' /usr/local/ssl/lib/libssl.so: undefined reference to `EVP_sha1' /usr/local/ssl/lib/libssl.so: undefined reference to `BIO_ctrl' /usr/local/ssl/lib/libssl.so: undefined reference to `X509_STORE_CTX_init' /usr/local/ssl/lib/libssl.so: undefined reference to `i2d_DHparams' /usr/local/ssl/lib/libssl.so: undefined reference to `RSA_private_decrypt...

...initialize() OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); + +#define mdlib_new_ctx() EVP_MD_CTX_new() +#define mdlib_free_ctx(_ctx) EVP_MD_CTX_free(_ctx) + +#define mdlib_init_md5(_ctx) EVP_DigestInit_ex(_ctx, EVP_md5(), NULL) +#define mdlib_init_sha1(_ctx) EVP_DigestInit_ex(_ctx, EVP_sha1(), NULL) + +#define mdlib_update(_ctx, _buf, _len) EVP_DigestUpdate(_ctx, _buf, _len) +#define mdlib_finalize(_ctx, _out) EVP_DigestFinal_ex(_ctx, _out, NULL) + +#else + +#include "lib/sha1.h" + +struct md_lib_ctx { + int mode; + union { + md_context md5; + SHA_CTX sha1; + }; +}; + voi...

...++ kex.c 15 Nov 2006 14:14:33 -0000 @@ -312,6 +312,9 @@ } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { k->kex_type = KEX_DH_GEX_SHA256; k->evp_md = evp_ssh_sha256(); + } else if (strcmp(k->name, KEX_DHGEX_CERT) == 0) { + k->kex_type = KEX_DH_GEX_CERT; + k->evp_md = EVP_sha1(); } else fatal("bad kex alg %s", k->name); } Index: kex.h =================================================================== RCS file: /cvs/src/usr.bin/ssh/kex.h,v retrieving revision 1.44 diff -u -r1.44 kex.h --- kex.h 3 Aug 2006 03:34:42 -0000 1.44 +++ kex.h 15 Nov 2006 14:14...

...const buffer_t *key, + string_t *urlauth) +{ + const void *key_data; + size_t key_len = 0; + unsigned char mac[EVP_MAX_MD_SIZE]; + unsigned int mac_len = 0; + + // compute HMAC-SHA1 of rump with key + key_data = buffer_get_data(key, &key_len); + i_assert(key_len > 0); + HMAC(EVP_sha1(), key_data, key_len, (const unsigned char *) rump, + strlen(rump), mac, &mac_len); + + str_append(urlauth, URLAUTH_URLAUTH_INTERNAL_VERSION); + str_append(urlauth, binary_to_hex(mac, mac_len)); +} + +// validate all the parts of the URL +bool urlauth_url_validate(const struct imap_url_pa...