search for: hmac_init

https://bugzilla.mindrot.org/show_bug.cgi?id=1934 Bug #: 1934 Summary: mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init(). Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2...

...r_key; }; -static void Hi(const unsigned char *str, size_t str_size, - const unsigned char *salt, size_t salt_size, unsigned int i, - unsigned char result[SHA1_RESULTLEN]) -{ - struct hmac_context ctx; - unsigned char U[SHA1_RESULTLEN]; - unsigned int j, k; - - /* Calculate U1 */ - hmac_init(&ctx, str, str_size, &hash_method_sha1); - hmac_update(&ctx, salt, salt_size); - hmac_update(&ctx, "\0\0\0\1", 4); - hmac_final(&ctx, U); - - memcpy(result, U, SHA1_RESULTLEN); - - /* Calculate U2 to Ui and Hi */ - for (j = 2; j <= i; j++) { - hmac_init(&ctx, s...

...ude "mech.h" #include "passdb.h" @@ -50,7 +52,7 @@ { unsigned char digest[MD5_RESULTLEN]; - struct hmac_md5_context ctx; + struct hmac_context ctx; const char *response_hex; if (size != CRAM_MD5_CONTEXTLEN) { @@ -59,9 +61,10 @@ return FALSE; } + hmac_init(&ctx, NULL, 0, &hash_method_md5); hmac_md5_set_cram_context(&ctx, credentials); - hmac_md5_update(&ctx, request->challenge, strlen(request->challenge)); - hmac_md5_final(&ctx, digest); + hmac_update(&ctx, request->challenge, strlen(request->challenge)); + hmac_...

https://bugzilla.mindrot.org/show_bug.cgi?id=1934 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Damien Miller <djm at mindrot.org> --- Set all RESOLVED bugs to CLOSED with release

...obert Dugal Sent: Wednesday, September 29, 2010 1:02 PM To: openssh-unix-dev at mindrot.org Subject: bug in openssh - mac_int() does not call HMAC_CTX_init() I have been doing some work with OpenSSH 5.6p1, attempting to use an alternative engine for crypto. In mac.c, the function mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init(). However, OpenSSL documentation states that HMAC_CTX_init() is mandatory. http://www.openssl.org/docs/crypto/hmac.html HMAC_CTX_init() initialises a HMAC_CTX before first use. It must be called. HMAC_CTX_init() must have been called before the f...

...address space, this has an alignment requirement of 4 due to the hash pointer. In line 171 of auth-token.c, we have following declaration of ctx as a local variable in auth_token_get(): struct hmac_context ctx; This is put on an address with an alignment requirement of 4. In lines 174 and 175 hmac_init is invoked with hash_method_sha1: hmac_init(&ctx, (const unsigned char*)username, strlen(username), &hash_method_sha1); In hmac.c, lines 43 and following, ctx->ctx with an alignment of 4 is passed to meth->init and meth->loop where meth refers to hash_method_sha1:...

...iUk9MRV9VU0VSIl0sImp0aSI6ImRyOUV0MVVJWkdJZkZ0emFVZW5VRzRzcmQtQSIsImNsaWVudF9pZCI6IndlYl9hcHAifQ.T9BTZYW52p0VG9gxmTb-cf5GXF5jTOjdkqMaUMAGX-tffffft7YfdPptphGKE8FO9opxcnL--Bjy9ip-XYuWqA '''' Crash: dovecot_1 | Sep 15 16:11:50 auth: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= HMAC_MAX_CONTEXT_SIZE) dovecot_1 | Sep 15 16:11:50 auth: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x3d) [0x7ff77b36beed] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7ff77b36c00...

...0aSI6ImRyOUV0MVVJWkdJZkZ0emFVZW5VRzRzcmQtQSIsImNsaWVudF9pZCI6IndlYl9hcHAifQ.T9BTZYW52p0VG9gxmTb-cf5GXF5jTOjdkqMaUMAGX-tffffft7YfdPptphGKE8FO9opxcnL--Bjy9ip-XYuWqA > '''' > > Crash: > dovecot_1 | Sep 15 16:11:50 auth: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= HMAC_MAX_CONTEXT_SIZE) > dovecot_1 | Sep 15 16:11:50 auth: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x3d) [0x7ff77b36beed] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7ff77b...

...ten in a way that may have caused confusion for IMAP clients and also Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= MAC_MAX_CONTEXT_SIZE). - event filters: NOT keyword did not have the correct associativity. NOT a AND b were getting parsed as NOT (a AND b) instead of (NOT a) AND b. - Ignore ECONNRESET when closing socket. This avoids logging useless errors...

...ten in a way that may have caused confusion for IMAP clients and also Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= MAC_MAX_CONTEXT_SIZE). - event filters: NOT keyword did not have the correct associativity. NOT a AND b were getting parsed as NOT (a AND b) instead of (NOT a) AND b. - Ignore ECONNRESET when closing socket. This avoids logging useless errors...

...ten in a way that may have caused confusion for IMAP clients and also Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= MAC_MAX_CONTEXT_SIZE). - event filters: NOT keyword did not have the correct associativity. NOT a AND b were getting parsed as NOT (a AND b) instead of (NOT a) AND b. - Ignore ECONNRESET when closing socket. This avoids logging useless errors...

...ten in a way that may have caused confusion for IMAP clients and also Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= MAC_MAX_CONTEXT_SIZE). - event filters: NOT keyword did not have the correct associativity. NOT a AND b were getting parsed as NOT (a AND b) instead of (NOT a) AND b. - Ignore ECONNRESET when closing socket. This avoids logging useless errors...

...to `d2i_ASN1_OCTET_STRING' /usr/local/ssl/lib/libssl.so: undefined reference to `lh_delete' /usr/local/ssl/lib/libssl.so: undefined reference to `CRYPTO_malloc' /usr/local/ssl/lib/libssl.so: undefined reference to `BN_clear_free' /usr/local/ssl/lib/libssl.so: undefined reference to `HMAC_Init' /usr/local/ssl/lib/libssl.so: undefined reference to `d2i_X509_NAME' /usr/local/ssl/lib/libssl.so: undefined reference to `RSA_flags' /usr/local/ssl/lib/libssl.so: undefined reference to `d2i_X509' /usr/local/ssl/lib/libssl.so: undefined reference to `asn1_GetSequence' /usr/loc...

https://bugzilla.mindrot.org/show_bug.cgi?id=1930 Bug #: 1930 Summary: Bugs intended to be fixed in 6.0 Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous

...est_cases) / sizeof(test_cases[0]); i++) { -- if (strlen(test_cases[i].key) < test_cases[i].key_len) { -+ if (strlen((char*)test_cases[i].key) < test_cases[i].key_len) { - uint8_t key[test_cases[i].key_len]; - memset(key, test_cases[i].key[0], test_cases[i].key_len); - hmac_init(&ctx, key, test_cases[i].key_len); - } else { - hmac_init(&ctx, test_cases[i].key, test_cases[i].key_len); - } -- for (j = 0; j < test_cases[i].data_len; j += strlen(test_cases[i].data)) { -- hmac_update(&ctx, test_cases[i].data, strlen(test_cases[i].data)); -+...