search for: ssh_err_libcrypto_error

https://bugzilla.mindrot.org/show_bug.cgi?id=2508 Bug ID: 2508 Summary: Wanting OpenSSL error messages in ssherr() for SSH_ERR_LIBCRYPTO_ERROR Product: Portable OpenSSH Version: 7.1p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org Reporter...

...ypt) { #if defined(WITH_OPENSSL) && defined(HAVE_EVP_CHACHA20) +#if defined(LIBRESSL_VERSION_NUMBER) +#define CHACHA_IV_OFFSET 4 + u_char seqbuf[12]; +#else +#define CHACHA_IV_OFFSET 8 + /* OpenSSL IV contains also the counter in the first 4 bytes */ u_char seqbuf[16]; +#endif int r = SSH_ERR_LIBCRYPTO_ERROR; #else u_char seqbuf[8]; @@ -125,7 +132,7 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, memset(poly_key, 0, sizeof(poly_key)); #if defined(WITH_OPENSSL) && defined(HAVE_EVP_CHACHA20) memset(seqbuf + 0, 0, 8); - POKE_U64(seqbuf + 8, seqnr); + POKE_U64(seq...

On some cpu's optimized chacha implementation in openssl (1.1.0+) is notably faster (and on others it is just faster) than generic C implementation in openssh. Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses different scheme (with padding/etc - see rfc8439) and it looks it is not possible to use in openssh. OpenSSL 1.1.1+ also exports "raw" poly1305 primitive,

https://bugzilla.mindrot.org/show_bug.cgi?id=2522 Bug ID: 2522 Summary: Key parser should reflect errors from OpenSSL Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: ssh