search for: seqnr

...ay to test my changes, but I believe something like this should address the difference: diff --git a/cipher-chachapoly.c b/cipher-chachapoly.c index a58616fb..7e6995f6 100644 --- a/cipher-chachapoly.c +++ b/cipher-chachapoly.c @@ -109,7 +109,14 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt) { #if defined(WITH_OPENSSL) && defined(HAVE_EVP_CHACHA20) +#if defined(LIBRESSL_VERSION_NUMBER) +#define CHACHA_IV_OFFSET 4 + u_char seqbuf[12]; +#else +#define CHACHA_IV_OFFSET 8 + /* OpenSSL I...

On some cpu's optimized chacha implementation in openssl (1.1.0+) is notably faster (and on others it is just faster) than generic C implementation in openssh. Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses different scheme (with padding/etc - see rfc8439) and it looks it is not possible to use in openssh. OpenSSL 1.1.1+ also exports "raw" poly1305 primitive,

Hi, I'm a developer of a static analysis tool canalyze. Recently I applied it to Openssh-6.2p1. It seems some reports are real after by manually checking: 1. Use undefined value file: dispatch.c function: dispatch_run At line 93: type = packet_read_poll_seqnr(&seqnr); seqnr may not be override at file: packet.c function: packet_read_poll_seqnr line 1442 where compat20 is 0. 2. Null Pointer file: session.c function: child_set_env At line 962: if (*envp == NULL && *envsizep == 0) Is it possible that *envp == NULL while *envsizep != 0? If it i...

...plicitly initialized in either the declaration or in the code. In an environment (i.e. VxWorks) where spawning a second copy (thread) does not zero-fill memory, this causes the second (and subsequent) copies to use the values left behind by previous copies. The result is that the sequence number (seqnr field) is out of synch with the server and MAC checksum verification fails. Recommend setting seqnr, packets, and blocks fields to zero at process/thread start. Testing with concurrent threads also recommended. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- Y...

http://bugzilla.mindrot.org/show_bug.cgi?id=1307 Summary: client disconnects if ServerAlive enabled but not implemented Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at

If the info_response code is going to test that the # of responses is < 100, then the info_request code should check that < 100 prompts are sent. It would be rude to send 101 prompts and then fail when the responses come back. I actually think the test should be removed altogether, the limit seems quite arbitrary, but here is a patch to not send > 100 prompts. With this patch, the test

...nown_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: Host 'localhost' is known and matches the ED25519 host key. debug1: Found key in /home/bsradmin/.ssh/known_hosts:4 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 debug2: ssh_set_newkeys: mode 1 debug1: rekey out after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: Sending SSH2_MSG_EXT_INFO debug1: expecting SSH2_MSG_NEWKEYS debug1: ssh_packet_read_poll2: resetting read seqnr 3 debug1: SSH2_MSG_NEWKEYS received debug2: ssh_set_newkeys: mode 0 debu...

...#include "dispatch.h" #include "log.h" +#include "monitor_wrap.h" -static int do_pam_conversation_kbd_int(int num_msg, - const struct pam_message **msg, struct pam_response **resp, - void *appdata_ptr); -void input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt); - -struct { - int finished, num_received, num_expected; - int *prompts; - struct pam_response *responses; -} context_pam2 = {0, 0, 0, NULL}; - -static struct pam_conv conv2 = { - do_pam_conversation_kbd_int, - NULL, +struct pam_ctxt { + char *pam_user; + pid_t pam_pid; + int pam_...

...39;A' characters here and hit enter> After that, the xfree() breakpoint is reached, and the next call to free() should therefore be intercepted in order to comply with the technique developed by Global InterSec LLC: Breakpoint 1, 0x080531bd in input_userauth_info_response_pam (type=61, seqnr=7, ctxt=0x809c050) at auth2-pam.c:158 158 xfree(resp); (gdb) disassemble xfree [...] 0x807308e <xfree+34>: call 0x804ba14 <free> [...] (gdb) break *0x807308e Breakpoint 2 at 0x807308e: file xmalloc.c, line 55. (gdb) continue Continuing. Breakpoint 2, 0x0807308e...

Hi, this set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of

Hi, this set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of

...23 17:42:50.150435 ifav87-apic2 sshd[1090464]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] Jul 23 17:42:50.336221 ifav87-apic2 sshd[1090464]: debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth] Jul 23 17:42:50.387724 ifav87-apic2 sshd[1090464]: debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth] //OpenSSH 8.6p1 Jul 23 17:32:24.910905 apic2 sshd[338663]: debug1: Forked child 342983. Jul 23 17:32:24.911310 apic2 sshd[342983]: debug1: Set /proc/self/oom_score_adj to 0 Jul 23 17:32:24.911493 apic2 sshd[342983]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7 Jul 23 17:32:24...

...#include "log.h" +#include "monitor_wrap.h" + +extern char *__progname; -static int do_pam_conversation_kbd_int(int num_msg, - const struct pam_message **msg, struct pam_response **resp, - void *appdata_ptr); -void input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt); - -struct { - int finished, num_received, num_expected; - int *prompts; - struct pam_response *responses; -} context_pam2 = {0, 0, 0, NULL}; - -static struct pam_conv conv2 = { - do_pam_conversation_kbd_int, - NULL, +struct sshpam_ctxt { + char *user; + pid_t pid; + int sock; + i...

Hi, This series of patches contains the second part of an initial implementation of the IEEE 802.1Qbg standard: code for the exchange of VDP VSI TLVs between a host with virtual machines and an adjacent switch. VDP profiles consisting of mode,mgrid,typeid,typeidversion,instanceid,mac,vlan can be given to lldpad with lldptool. A way to deliver profiles to lldpad from libvirt using netlink

Hi, This series of patches contains the second part of an initial implementation of the IEEE 802.1Qbg standard: code for the exchange of VDP VSI TLVs between a host with virtual machines and an adjacent switch. VDP profiles consisting of mode,mgrid,typeid,typeidversion,instanceid,mac,vlan can be given to lldpad with lldptool. A way to deliver profiles to lldpad from libvirt using netlink

...#include "log.h" +#include "monitor_wrap.h" + +extern char *__progname; -static int do_pam_conversation_kbd_int(int num_msg, - const struct pam_message **msg, struct pam_response **resp, - void *appdata_ptr); -void input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt); - -struct { - int finished, num_received, num_expected; - int *prompts; - struct pam_response *responses; -} context_pam2 = {0, 0, 0, NULL}; - -static struct pam_conv conv2 = { - do_pam_conversation_kbd_int, - NULL, +struct sshpam_ctxt { + char *user; + pid_t pid; + int sock; + i...

Hi, This set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of

Hi, This set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the

Hi, this set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of