search for: kexgex

Displaying 20 results from an estimated 44 matches for "kexgex".

Did you mean: kexgexc
2008 Nov 23
4
[Bug 1540] New: Incorrect hash in SSH_MSG_KEX_DH_GEX_REPLY
...: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: john.smith at arrows.demon.co.uk Observed in openssh-5.1p1.tar.gz. This is a theoretical bug based on my reading of RFC 4419, and implemented in kexgexs.c. RFC 4419 addresses the Diffie Helman exchange. RFC 4419, section 3, requires a hash to be calculated over several items including uint32 min, minimal size in bits of an acceptable group uint32 n, preferred size in bits of the group the server will send uint32 max, maximal size in bi...
2005 Sep 12
3
Problems Compiling OpenSSH 4.2p1 on Tru64 UNIX 5.1b
...rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o -L. -Lopenbsd-compat/ -L/usr/local/include -lssh -lopenbsd-compat -lcrypto -lrt -lz -lsecurity -ldb -lm -laud ld: Unresolved: deflateInit inflateInit *** Ex...
2007 Mar 23
2
openssh 4.6p1 bug / IRIX
...th-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o platform.o -L. -Lopenbsd-compat/ -L/usr/local/lib -L/usr/local2/lib -L/usr/nekoware/lib -L/usr/freeware/lib32 -lssh -lopenbsd-compat -liaf -lcrypto -lz -lgen...
2018 Jun 08
4
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
On 8 June 2018 at 11:21, PGNet Dev <pgnet.dev at gmail.com> wrote: > fyi > > add'l -- and looks unrelated -- issue > /usr/include/pthread.h:251:12: note: previous declaration of ?pthread_join? was here > extern int pthread_join (pthread_t __th, void **__thread_return); What included pthread.h? That's explicitly not supported by sshd: $ grep THREAD
2004 Aug 20
1
problem compiling OpenSSH 3.9 on OpenBSD 3.4
....o sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o -L/usr/src/usr.bin/ssh/sshd/../lib/obj -lssh -lgssapi -lkrb5 -lkafs -lcrypto -lutil -lz -ldes -lwrap sshd.o: In function `main': sshd.o(.text+0x1ed4): undefined reference to `closefrom' sshd.o(.text+0x1ee4): undefined reference to `cl...
2013 Jun 25
1
RFC: encrypted hostkeys patch
...SEP(key_sign(server_host_private, &signature, &slen, - hash, hashlen)) < 0) - fatal("kexdh_server: key_sign failed"); + kex->sign(server_host_private, server_host_public, &signature, &slen, + hash, hashlen); /* destroy_sensitive_data(); */ diff --git a/kexgexs.c b/kexgexs.c index a543dda..3ef7710 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -68,10 +68,6 @@ kexgex_server(Kex *kex) if (server_host_public == NULL) fatal("Unsupported hostkey type %d", kex->hostkey_type); server_host_private = kex->load_host_private_key(kex->hostkey_ty...
2004 Mar 27
1
Problems Compiling sshd - OpenSSH 3.8p1 on Tru64 UNIX V4.0F PK#7 (OSF)
...in.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o -L. -Lopenbsd-compat/ -L/opt/ssh/lib -L/opt/zlib/lib -non_shared -lssh -lopenbsd-compat -lcrypto -lrt -lz -lsecurity -ldb -lm -laud ld: Error: Undefined: xcrypt shadow_pw *** Exit 1...
2007 May 01
1
problem while doing make - openssh on sco unix 7.1
...th-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o platform.o -L. -Lopenbsd-compat/ -L/usr/local/ssl/lib -L/usr/local/lib -lssh -lopenbsd-compat -lresolv -liaf -lcrypto -lsocket -lnsl -lgen -lz -lcrypt Undefi...
2003 Sep 16
3
OpenBSD 3.3 x86 Build Problem
...in.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o -L/var/src/usr.bin/ssh/sshd/../lib/obj -lssh -lgssapi -lkrb5 -lcrypto -lutil -lz -ldes -lwrap gss-serv-krb5.o: Undefined symbol `_gss_krb5_copy_ccache' referenced from text segment collect2: ld returned 1 exit status *** Error code 1...
2018 Dec 10
2
[PATCH] cleanup of global variables server/client_version_string in sshconnect.c
In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex
2002 Oct 16
3
ssh-3.5p1 core dumps on Solaris 2.6
..."", system_hostfile=0x69 " -v pf-i400") at sshconnect.c:561 #6 0x21634 in verify_host_key (host=0xfa790 "pf-i400", hostaddr=0xf3560, host_key=0xffaa8) at sshconnect.c:810 #7 0x2446c in verify_host_key_callback (hostkey=0xffaa8) at sshconnect2.c:71 #8 0x4182c in kexgex_client (kex=0x105d90) at kexgex.c:184 #9 0x422c4 in kexgex (kex=0x105d90) at kexgex.c:413 #10 0x3fbe0 in kex_kexinit_finish (kex=0x105d90) at kex.c:243 #11 0x3fac4 in kex_input_kexinit (type=20, seq=0, ctxt=0x105d90) at kex.c:209 #12 0x3ba64 in dispatch_run (mode=0, done=0x105dd4, ctxt=0x105d90) a...
2015 Feb 28
3
SAP-2015-3-1 issues
...dsa.o ssh-rsa.o dh.o msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o ssh-pkcs11.o smult_curve25519_ref.o poly1305.o chacha.o cipher-chachapoly.o ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o r - ssh_api.o r - ssherr.o r - sshbuf.o r - sshkey.o r - sshbuf-getput-basic.o r - sshbuf-misc.o r - sshbuf-getput-crypto.o r - krl.o r - bitmap.o r - authfd.o r - authfile.o r - bufaux.o...
2003 Oct 08
4
OS/390 openssh
...; - packet_put_string(server_host_key_blob, sbloblen); + packet_put_binary(server_host_key_blob, sbloblen); packet_put_bignum2(dh->pub_key); /* f */ - packet_put_string(signature, slen); + packet_put_binary(signature, slen); packet_send(); xfree(signature); diff -bur openssh-3.7.1p2.orig/kexgex.c openssh-3.7.1p2/kexgex.c --- openssh-3.7.1p2.orig/kexgex.c Mon Feb 24 02:03:03 2003 +++ openssh-3.7.1p2/kexgex.c Tue Oct 7 08:22:01 2003 @@ -62,7 +62,7 @@ buffer_put_char(&b, SSH2_MSG_KEXINIT); buffer_append(&b, skexinit, skexinitlen); - buffer_put_string(&b, serverhostkeyblob,...
2003 Apr 02
0
[Bug 532] Conflicting basename and dirname on solaris
...shlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o kexdhs.o kexgexs.o auth-krb5.o auth-krb4.o loginrec.o auth-pam.o auth2-pam.o auth-sia.o md5crypt.o -L. -Lopenbsd-compat/ -L/usr/site/openssl/lib -R/usr/site/openssl/lib -L/usr/site/zlib/lib -R/usr/site/zlib/lib -L/usr/local/lib -R/usr/local/lib -lssh -lopenbsd-compat -lposix4 -lz -lsocket -lnsl -lcrypto auth.o...
2003 Sep 18
1
ssh-openbsd-2003091700 distribution missing gss_krb5_copy_ccache
...ogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o -L/local/build/ssh-openbsd-2003091700/sshd/../lib -lssh -lgssapi -lkrb5 -lcrypto -lutil -lz -ldes -lwrap gss-serv-krb5.o: Undefined symbol `_gss_krb5_copy_ccache' referenced from text segment collect2: ld returned 1 exit status A search...
2005 Oct 12
1
Binary compatibility problem in OpenSSH from OpenSSL mailing list
Hello All, There seems to be a binary compatibility problem with OpenSSL and OpenSSH 4.2p1. The details can be found at http://www.mail-archive.com/openssl-users at openssl.org/msg41869.html . The discussion is closed with pointing a problem in key.c in OpenSSH and corresponding thread is at http://www.mail-archive.com/openssl-users at openssl.org/msg41878.html I would like to know the
2013 May 31
0
DH group selection for SHA2-512 bit HMAC.
...r SSH client library: - client connects to OpenSSH 5.9+ server and they choose hmac-sha2-512 with diffie-hellman-group-exchange-sha256. - client sends MSG_KEX_DH_GEX_REQUEST DH group request with parameters (1024, 1024, 8192). I.e. minimum and preferred group size is 1024-bit, - OpenSSH server in kexgexs.c:kexgex_server processes this message and selects 1024-bit group, sending it back to client. - however, later, when it goes to shared secret generation, in dh.c:dh_gen_key code checks group size to be 2 * need >= BN_num_bits(dh->p), where need is set to 512 bit (by the size of HMAC, i a...
2002 Feb 02
1
openssh-3.0.2p1 BUGs
...ne segfaults. Test at 1968 should probably return 2449 Variable socks has not be initted since 2409 ! 2598 Strchr could return a NULL is $DISPLAY does not have a ?:? in it ! Deattack.c 139 Test at 132 for IV == NULL should probably bypass this area. Will segfault in this line if IV == NULL. Kexgex.c 304 If dh == NULL, this line segfaults. Test at 299 should probably return Ssh.c 88 IPv4or6 is an int. Line 136 of channels.c declares a static int for same variable. ??? Clientloop.c 1120 If c == NULL, this line segfaults. Test at 1116 should probably return 0 1146 If c == NULL, this line...
2009 Jul 29
3
Building on cygwin: xcrypt error
...shp ty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o se ssion.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth 2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jp ake.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2 -gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o -L. -Lope nbsd-compat/ -L/home/e/ssl1 -lssh -lopenbsd-compat -lwrap -lresolv -lcrypto -lz /usr/lib/textreadmode.o /usr/lib/...
2024 Aug 06
1
[PATCH] Add SM3 secure hash algorithm
...genr.o umac.o umac128.o \ ssh-pkcs11.o smult_curve25519_ref.o \ poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o \ - ssh-ed25519.o digest-openssl.o digest-libc.o \ + ssh-ed25519.o digest-openssl.o digest-libc.o sm3.o \ hmac.o ed25519.o hash.o \ kex.o kex-names.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexgexc.o kexgexs.o \ diff --git a/configure.ac b/configure.ac index 016c96472d15..00bb4132adb7 100644 --- a/configure.ac +++ b/configure.ac @@ -3067,7 +3067,7 @@ if test "x$openssl" = "xyes" ; then ) # Check for various EVP support in OpenSSL -...