search for: rsaref

Is it true that configure tests for the existence of librsaref.a, and if it finds it, it assumes that that rsaref is supposed to be used---*even if openssl was not built with rsaref support* ? Mate

I've attached two patches. The first just changes the output of "ssh -V" to print that it was built against rsaref if libRSAglue (which is built as part of openssl only when it is built against rsaref) is present at build-time. The second adds appropriate calls to pam_setcred() in sshd. Without them, our systems can't access AFS because the PAM modules only get tokens at a pam_setcred() or pam_open_session...

I have openssl-0.9.5a and openssh-2.1.0. I configured ssl with rsaref and it passes the tests. When I configure ssh I get: ---- checking for OpenSSL directory... configure: error: Could not find working SSLeay / OpenSSL libraries, please install ---- it is failing RSA_private_decrypt function call. The RSA_generate_key seems to work (does not return null) but then...

I have openssl linked against rsaref and rsaref libraries are in my path but for some reason openssh now fails on SSLeay / OpenSSL tests. checking for OpenSSL directory... configure: error: Could not find working SSLeay / OpenSSL libraries, please install and config.log shows: configure:2795: gcc -o conftest -g -O2 -Wall -I/opt/ope...

Hello. I have been having trouble configuring the source code for the abovementioned. I have to use RSARef as I'm a resident of the USA, so I can avoid patent violation. The configure script fails to see the OpenSSL+RSAref mix on three different platforms, including the following: FreeBSD 4.0-STABLE (Which has its own port, but I wanted to try it there to see if I could reliably reproduce the prob...

The following code snippet will not compile support for RSAref on NetBSD even if it exists on the system (which breaks OpenSSL): for WANTS_RSAREF in "" 1 ; do if test -z "$WANTS_RSAREF" ; then LIBS="$saved_LIBS -lcrypto" else LIBS="$save...

...software from the HP Porting Archive at hpux.cae.wisc.edu. GNU make is /usr/local/bin/gmake, zlib is in /opt/zlib, OpenSSl in /opt/openssl, HP ANSI C compiler. OpenSSH 2.2.1p4. 'configure' on this system warns that rsa is not available. I found source at www.spinnaker.com which builds an rsaref.a library but not an RSAglue one. So I'm stuck with the failed link of ssh. Help? -- Stephen Walton, Professor of Physics and Astronomy, California State University, Northridge stephen.walton at csun.edu

Howdy, The string of notices on BugTraq about RSAref being vulnerable to overflows has me concerned. After trying to sort through all the messages, I can't figure out whether I need to update OpenSSL (a check of their website indicates no new patches), OpenSSH, both, or neither. I am aware there is no known exploit for it yet....

...I tried to start sshd, I got the message Starting sshd: ssh-keygen: no RSA support in libssl and libcrypto. See ssl(8). sshd: no RSA support in libssl and libcrypto -- exiting. See ssl(8) no RSA support in libssl and libcrypto -- exiting. See ssl(8) So I thought I have to recompile openssl with rsaref flag to config. When I did that, I got compilation error (this is version 0.9.5 of openssl): gcc -o openssl -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DRSAref -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM openssl.o verify.o asn1pars.o req.o dgst....

Looks like the fixes to use OpenSSL with RSAnull break it for rsaref. I've attached a patch that fixes it for me. Cheers, Nalin -------------- next part -------------- --- openssh-2.1.0p3/configure.in Wed May 31 08:56:52 2000 +++ openssh-2.1.0p3/configure.in Wed May 31 09:03:49 2000 @@ -231,7 +231,27 @@ [ found_crypto=1 break; - ], [] + ], +...

I've installed openssl-0.9.5 using rsaref.a. When I build ssh-1.2.2 with ./configure rsaref is still get the following error when running ssh: ssh: no RSA support in libssl and libcrypto. See ssl(8). What am I doing wrong ?

...igure.in Wed Jun 6 19:06:07 2001 @@ -683,6 +683,7 @@ break; ], []) done +LIBS="$saved_LIBS" if test ! -z "$no_rsa" ; then AC_MSG_RESULT(disabled) @@ -698,7 +699,7 @@ else RSA_MSG="yes (using RSAref)" AC_MSG_RESULT(using RSAref) - LIBS="$saved_LIBS -lcrypto -lRSAglue -lrsaref" + LIBS="$LIBS -lcrypto -lRSAglue -lrsaref" fi fi fi -- ##> Petter Reinholdtsen <## | pere a...

This to announce a test release of 2.1.0p1 before making it widely available. This release includes many fixes to problems reported over the last week. In particular: - spurious error and coredumps caused by the inbuilt entropy gathering - RSAref detection - Compilation fixes for Solaris and others It also contains (completely untested) support for compiling without RSA support. This may be useful to those of you in the USA. I am interested to hear whether and how well this works. RSAless support is enabled if a) OpenSSL is available, b)...

...les whatsoever. >From one machine, I have no problems connecting to the other machine, but does not work the other way around. Here are the details: On the RH 6.0 box, I have problems connectiong to the 6.1 box: ssh -v moni SSH Version OpenSSH-1.2.1, protocol version 1.5. Compiled with SSL (RSAref version). debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to wierdlmpc.msci.memphis.edu [141.225.11.87] port 22. debug: Allocated local port 1023. debug: Connection established. ssh_exchange_identification: read: No such file or...

...ncumbered by patents that would restrict their use in any country. (I'll have to defer to others with more specific knowledge on this, of course). Specifically, DES, 3DES, and SHA-1 are US Government standards and (even if still under patent) are in general usable worldwide without royalties. RSAREF should no longer be required in any environment, as the primary RSA public key algorithm is now unencumbered: http://www.rsasecurity.com/news/pr/000906-1.html (In fact, if you're using RSAREF and haven't applied patches, you may be vulnerable to specific attacks.) The only patent-encumber...

...r use in any > country. (I'll have to defer to others > with more specific knowledge on this, > of course). > > Specifically, DES, 3DES, and SHA-1 are > US Government standards and (even if > still under patent) are in general > usable worldwide without royalties. > RSAREF should no longer be required > in any environment, as the primary RSA public > key algorithm is now unencumbered: > http://www.rsasecurity.com/news/pr/000906-1.html > (In fact, if you're using RSAREF and > haven't applied patches, you may be > vulnerable to specific atta...

...******** | qd 00:00 ETAAlarm Clock Write failed flushing stdout buffer. write stdout: Broken pipe I have not yet tracked down the problem. Hints welcome. This does not appear to be a problem with the i386 version of 1.2pre17. Copying the same file using scp from ssh-1.2.27 (with RSAREF) had no problems. -- Mark % ./scp -v /tmp/openssh-1.2pre17-sparc-sol26-local mdb01.solipsa.com:/tmp/junk Executing: host mdb01.solipsa.com, user (unspecified), command scp -v -t /tmp/junk SSH Version 1.2.27 [sparc-sun-solaris2.6], protocol version 1.5. Compiled with RSAREF. weblblend01: ssh_conn...

...to ...). I've installed zlib, > openssl-0.9.5 and egd-0.6, did the LDFLAGS and CFLAGS > declarations and configured --with-egd pointing to my > egd.pl file. I have not been able to make openssh work with openssl-0.9.5. I could make it work with openssl-0.9.4. But I *had* to install rsaref. I have to add that I do have /dev/random. Here is how I configured openssl: ======== ./config -d --prefix=/space/local --openssldir=/space/local/openssl \ --install_prefix="$RPM_BUILD_ROOT" \ rsaref then I ran make as make PEX_LIBS="-L. -L.. -L../.. -L../.....

...Linux 2.4.9-7 #1 Thu Oct 18 13:42:17 EDT 2001 This built fine on 7.1. Thank you ... -d - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp - ------------ Output from pgp ------------ Pretty Good Privacy(tm) Version 6.5.8 (c) 1999 Network Associates Inc. Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Export of this software may be restricted by the U.S. government. File is signed. Good signature from user "David M. Talkington <dtalk@prairienet.org>". Signature made 2001/11/01 07:10 GMT -----BEGIN PGP SIGNATURE----- Vers...

...can be added and Speex becomes a really kick-butt codec on any platform. Ultimately, it's Jean-Marc's call. Integrating the Intel IPP/MKL might be a side-project for someone else to do and offer. If done right, it can boil down to a set of compiler/linker directives (a la PGP/OpenSSL using RSAREF) so the only sticking point would be a legal/ethical one and not technological. -- --Jeff Sr. Unix Systems Administrator & Engineer SAIR Linux and GNU Certified Professional This email may contain privileged and confidential information. It is intended only for the use of the adressee(s). I...