search for: shared_secret

...char *server_version_string, + char *ckexinit, int ckexinitlen, + char *skexinit, int skexinitlen, + u_char *serverhostkeyblob, int sbloblen, + const unsigned char client_dh_pub[CURVE25519_PUBKEY_SIZE], + const unsigned char server_dh_pub[CURVE25519_PUBKEY_SIZE], + const BIGNUM *shared_secret, + u_char **hash, u_int *hashlen) +{ + Buffer b; + EVP_MD_CTX md; + static u_char digest[EVP_MAX_MD_SIZE]; + + buffer_init(&b); + buffer_put_cstring(&b, client_version_string); + buffer_put_cstring(&b, server_version_string); + + /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT...

...nfig: mail_crypt_curve = prime256v1 mail_crypt_global_private_key = <pirvkey> mail_crypt_global_public_key = <pubkey> mail_crypt_save_version = 2 Method I attempted for manual decryption is listed below: openssl pkeyutl -derive -inkey mailcrypt.key -peerkey mailcrypt.pub -out shared_secret.bin openssl enc -aes256 -base64 -k $(base64 shared_secret.bin) -d -in test.enc -out test.txt Openssl reports an error reading the input file, but it isn't permissions related. I started looking for the encryption/decryption method in the source but figure it's worth seeing if there's...

Hello Everyone, I am writing code to test derive_keys functionality. The function signature is: static u_char * derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen, BIGNUM *shared_secret) Now, the input which is provided to us is K(share_secret) as an array of characters. H(Hash) as an array of characters. Session_id as an array of characters Now, first I converted hash and session_id in binary form using hex2bin function. For shared secret, the bignum structure is like struct...

...> + char *ckexinit, int ckexinitlen, > + char *skexinit, int skexinitlen, > + u_char *serverhostkeyblob, int sbloblen, > + const unsigned char client_dh_pub[CURVE25519_PUBKEY_SIZE], > + const unsigned char server_dh_pub[CURVE25519_PUBKEY_SIZE], > + const BIGNUM *shared_secret, > ... > + buffer_put_bignum2(&b, shared_secret); > > It would be simpler to pass the shared_secret as a const u_char* and > length here - saving a round-trip to BIGNUM and back. > > diff --git a/kexc25519c.c b/kexc25519c.c > new file mode 100644 > index 0000000..b2...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

hey, i am using the flickr wrapper for ruby and need to access the tags of a specific photo. i got all the rest working. i must admit i am kind of new to ruby, but i tried and tried and couldn''t figure it out. among other things i want to read geotags like in my example here: http://www.flickr.com/photos/whoisstan/146634506/ i''m sure it is deadsimple and i just overlooked it.

...vices/api/flickr.tags.getListUserRaw.html) with the flickraw gem. Unfortunately there is no documentation how to authenticate and then call the method. Just calling flickr.tags.getListUserRaw doesn''t work, although flickr.tags.getListUser does work. I set my FlickRaw.api_key and FlickRaw.shared_secret ... how do I go about now? Thanks. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-tal...

...ot;/, '''' ) } ) end else page.alert "Please upload an image file." end end end return end When I inspect the flickr object, I get the following: "#<Flickr:0xb5c2dfac @person_by_nsid={}, @test=nil, @shared_secret=\"\", @interestingness=nil, @reflection=nil, @photosets=nil, @api_key=\"\", @favorites=nil, @auth=nil, @caching=true, @client=#<XMLRPC::Client:0xb5c2de30 @http_header_extra=nil, @proxy_port=nil, @parser=nil, @proxy_host=nil, @host=\"www.flickr.com\", @create=nil, @a...

Am 02.11.2013 um 11:38 schrieb Aris Adamantiadis <aris at 0xbadc0de.be>: > RFC4251 describes mpint to be multi-size and with positive values having > MSB clear, so it's clearly incompatible with raw string. > > Since you both agreed on the curve25519 implementation to use, I'll work > today on Markus' patch to make the changes Damien wanted. What do you want to

...openssh-3.7.1p2.orig/kex.c openssh-3.7.1p2/kex.c --- openssh-3.7.1p2.orig/kex.c Tue Apr 1 13:44:37 2003 +++ openssh-3.7.1p2/kex.c Tue Oct 7 08:22:00 2003 @@ -456,7 +456,7 @@ int i, mode, ctos; for (i = 0; i < NKEYS; i++) - keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); + keys[i] = derive_key(kex, /*ASCII 'A'*/'\x41'+i, kex->we_need, hash, shared_secret); debug2("kex_derive_keys"); for (mode = 0; mode < MODE_MAX; mode++) { diff -bur openssh-3.7.1p2.orig/kexdh.c openssh-3.7.1p2/kexdh.c --- openssh-3.7.1p2.orig/kexdh.c Mon Fe...

...} static void vli_clear(u64 *vli, unsigned int ndigits) diff --git a/crypto/ecdh.c b/crypto/ecdh.c index bd599053a8c4..b0232d6ab4ce 100644 --- a/crypto/ecdh.c +++ b/crypto/ecdh.c @@ -124,7 +124,7 @@ static int ecdh_compute_value(struct kpp_request *req) /* fall through */ free_all: - kzfree(shared_secret); + kfree_sensitive(shared_secret); free_pubkey: kfree(public_key); return ret; diff --git a/crypto/gcm.c b/crypto/gcm.c index 0103d28c541e..5c2fbb08be56 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -139,7 +139,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,...

...} static void vli_clear(u64 *vli, unsigned int ndigits) diff --git a/crypto/ecdh.c b/crypto/ecdh.c index bd599053a8c4..b0232d6ab4ce 100644 --- a/crypto/ecdh.c +++ b/crypto/ecdh.c @@ -124,7 +124,7 @@ static int ecdh_compute_value(struct kpp_request *req) /* fall through */ free_all: - kzfree(shared_secret); + kfree_sensitive(shared_secret); free_pubkey: kfree(public_key); return ret; diff --git a/crypto/gcm.c b/crypto/gcm.c index 0103d28c541e..5c2fbb08be56 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -139,7 +139,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,...

...} static void vli_clear(u64 *vli, unsigned int ndigits) diff --git a/crypto/ecdh.c b/crypto/ecdh.c index bd599053a8c4..b0232d6ab4ce 100644 --- a/crypto/ecdh.c +++ b/crypto/ecdh.c @@ -124,7 +124,7 @@ static int ecdh_compute_value(struct kpp_request *req) /* fall through */ free_all: - kzfree(shared_secret); + kfree_sensitive(shared_secret); free_pubkey: kfree(public_key); return ret; diff --git a/crypto/gcm.c b/crypto/gcm.c index 0103d28c541e..5c2fbb08be56 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -139,7 +139,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,...

v5: - Break the btrfs patch out as a separate patch to be processed independently. - Update the commit log of patch 1 to make it less scary. - Add a kzfree backward compatibility macro in patch 2. v4: - Break out the memzero_explicit() change as suggested by Dan Carpenter so that it can be backported to stable. - Drop the "crypto: Remove unnecessary

v4: - Break out the memzero_explicit() change as suggested by Dan Carpenter so that it can be backported to stable. - Drop the "crypto: Remove unnecessary memzero_explicit()" patch for now as there can be a bit more discussion on what is best. It will be introduced as a separate patch later on after this one is merged. This patchset makes a global rename of the kzfree()

v4: - Break out the memzero_explicit() change as suggested by Dan Carpenter so that it can be backported to stable. - Drop the "crypto: Remove unnecessary memzero_explicit()" patch for now as there can be a bit more discussion on what is best. It will be introduced as a separate patch later on after this one is merged. This patchset makes a global rename of the kzfree()

This patchset makes a global rename of the kzfree() to kfree_sensitive() to highlight the fact buffer clearing is only needed if the data objects contain sensitive information like encrpytion key. The fact that kzfree() uses memset() to do the clearing isn't totally safe either as compiler may compile out the clearing in their optimizer. Instead, the new kfree_sensitive() uses