search for: rand_seed

The following code snippet will not compile support for RSAref on NetBSD even if it exists on the system (which breaks OpenSSL): for WANTS_RSAREF in "" 1 ; do if test -z "$WANTS_RSAREF" ; then LIBS="$saved_LIBS -lcrypto" else LIBS="$saved_LIBS -lcrypto -lRSAglue

...Any work arounds? Ideas follow. Compile openssh with /dev/urandom as the prngd-socket? Edit the configure script to force a success where RAND_status() is called? Call whatever openssl needs to initialize the random seed somewhere early in openssh startup? It may already do this, I see calls to RAND_seed() in sshd.c. More generally, would it make sense (on linux at least) to use getrandom() if available, or /dev/urandom otherwise regardless of whether or not openssl is used? -- nw

Hi, A question regarding chroot, internal-sftp, and time zones: Is it possible to get the time stamps presented by the chrooted internal-sftp to always be aligned with the system global time zone setting? What is the reason this not done by default, that is couldn't the chrooted internal-sftp inherit the time zone information from the SSH daemon? /John -- John Olsson Ericsson AB

I am trying to run the configure script under SuSE 6.3 and get the same error message that others have seen being unable to find working openssl libraries. I tried the patch to configure.in suggested in this list but it did not solve my problem. openssl(latest version) compiled and installed with no problems in /usr/local/ssl. I then installed the ssl mods for apache and the compilation,

...o force a success where RAND_status() > is called? Probably not. When it's built with OpenSSL, it just defers to OpenSSL for random seeding. > Call whatever openssl needs to initialize the random seed somewhere > early in openssh startup? It may already do this, I see calls to > RAND_seed() in sshd.c. > > More generally, would it make sense (on linux at least) to use > getrandom() if available, or /dev/urandom otherwise regardless > of whether or not openssl is used? Probably not. RNG seeding is surprisingly convoluted due to the varying standards over time (see entrop...

...,14 @@ void silk_noise_shape_quantizer( /* Set up short term AR state */ psLPC_Q14 = &NSQ->sLPC_Q14[ NSQ_LPC_BUF_LENGTH - 1 ]; + optional_coef_reversal(a_Q12_rev, a_Q12, predictLPCOrder); + for( i = 0; i < length; i++ ) { /* Generate dither */ NSQ->rand_seed = silk_RAND( NSQ->rand_seed ); /* Short-term prediction */ - silk_assert( predictLPCOrder == 10 || predictLPCOrder == 16 ); - /* Avoids introducing a bias because silk_SMLAWB() always rounds to -inf */ - LPC_pred_Q10 = silk_RSHIFT( predictLPCOrder, 1 ); - L...

...,14 @@ void silk_noise_shape_quantizer( /* Set up short term AR state */ psLPC_Q14 = &NSQ->sLPC_Q14[ NSQ_LPC_BUF_LENGTH - 1 ]; + optional_coef_reversal(a_Q12_rev, a_Q12, predictLPCOrder); + for( i = 0; i < length; i++ ) { /* Generate dither */ NSQ->rand_seed = silk_RAND( NSQ->rand_seed ); /* Short-term prediction */ - silk_assert( predictLPCOrder == 10 || predictLPCOrder == 16 ); - /* Avoids introducing a bias because silk_SMLAWB() always rounds to -inf */ - LPC_pred_Q10 = silk_RSHIFT( predictLPCOrder, 1 ); - L...

Hi all, attached is a patch that enables using hardware crypto accelerators available through OpenSSL library for SSH operations. Especially in ssh/sshd it can bring a significant speed improvement. OTOH if no crypto engine is available, nothing bad happens and default software crypto routines are used. This patch is used in SUSE Linux OpenSSH package and proved to work (at least it didn't

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

Following Tim's comments, here are my reworked patches for the Neon intrinsic function patches of of my Aarch64 patchset, i.e. replacing patches 5-8 of the v2 series. Patches 1-4 and 9-18 of the old series still apply unmodified. The one new (as opposed to changed) patch is the first one in this series, to add named constants for the ARM architecture variants. There are also some minor code

As promised, here's a re-send of all my Aarch64 patches, following comments by John Ridges. Note that they actually affect more than just Aarch64 -- other than the ones specifically guarded by AARCH64_NEON defines, the Neon intrinsics all also apply on armv7; and the OPUS_FAST_INT64 patches apply on any 64-bit machine. The patches should largely be independent and independently useful, other

This sequence of patches provides arm64 support for Opus. Tested on iOS, Android, and Ubuntu 14.04. The patch sequence was written on top of Viswanath Puttagunta's Ne10 patches, but all but the second ("Reorganize pitch_arm.h") should, I think, apply independently of it. It does depends on my previous intrinsics configury reorganization, however. Comments welcome. With this and

Here are my aarch64 patches rebased to the current tip of Opus master. They're largely the same as my previous patch set, with the addition of the final one (the Neon fixed-point implementation of xcorr_kernel). This replaces Viswanath's Neon fixed-point celt_pitch_xcorr, since xcorr_kernel is used in celt_fir and celt_iir as well. These have been tested for correctness under qemu

Hi all, Environment: Compiler: IBM XL C/C++ Enterprise Edition for AIX v9.0 Server: AIX 5.3 TL 10 SP1 I use configure with the following option to configure the makefile. --------------------------------? export CC=cc export CFLAGS="-I/opt/freeware/include/openssl/ -I/usr/local/include" export LDFLAGS="-L/opt/freeware/lib/ -L/usr/local/lib" ./configure --prefix=/usr/local

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

I rebased my previous 3 patches to the current master with minor changes. Patches 1 to 3 replace all my previous submitted patches. Patches 4 and 5 are new. Thanks, Linfeng Zhang