search for: kex_server_encrypt

The attached patches fixes and cleans up the build when configured with --without-openssl. Summary: * Fix KEX_SERVER_ENCRYPT macro in myproposal.h * Fix unresolved symbols in ssh-keygen.c * Isolate openssl code and extend WITH_OPENSSL wrappers around it * Make ed25519 default key type in ssh-keygen when configured --without-openssl -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-m...

...Priority: P5 Component: Build system Assignee: unassigned-bugs at mindrot.org Reporter: reubenhwk at gmail.com Created attachment 2599 --> https://bugzilla.mindrot.org/attachment.cgi?id=2599&action=edit git format-patch origin/master Summary: * Fix KEX_SERVER_ENCRYPT macro in myproposal.h * Fix unresolved symbols in ssh-keygen.c * Isolate openssl code and extend WITH_OPENSSL wrappers around it * Make ed25519 default key type in ssh-keygen when configured --without-openssl The attached patches apply to master (commit id 70860b6) -- You are receiving this mail...

...at openssh.com, hmac-ripemd160-etm at openssh.com, hmac-sha1-96-etm at openssh.com, hmac-md5-96-etm at openssh.com, hmac-md5, -hmac-sha1, hmac-ripemd160, -hmac-ripemd160 at openssh.com, hmac-sha1-96, hmac-md5-96, P.S.: KEX_SERVER_KEX, KEX_CLIENT_KEX, KEX_DEFAULT_PK_ALG, KEX_SERVER_ENCRYPT are correct. -- You are receiving this mail because: You are watching the assignee of the bug.

...To workaround this issue, we need to do: "ssh -c aes128-ctr user at IP" In place of aes128-ctr, we can use any other algo which is fips complaint (aes256-ctr, aes192-ctr etc). Expected result: ssh server should handle this gracefully. Possible solutions: 1. Change the cipher order in KEX_SERVER_ENCRYPT (myproposal.h) 2. Use the same order but tweak the cipher list at run time based on fips status in the system. We did something like in PhotonOS 3.0: https://github.com/vmware/photon/blob/3.0/SPECS/openssh/openssh-7.8p1-fips.patch But we are unsure about the issue this might cause. 3. Server sh...