search for: with_openssl

...thout OpenSSL. Here's a first attempt at the unit tests: diff --git a/regress/unittests/bitmap/tests.c b/regress/unittests/bitmap/tests.c index 23025f9..2271e94 100644 --- a/regress/unittests/bitmap/tests.c +++ b/regress/unittests/bitmap/tests.c @@ -27,6 +27,7 @@ void tests(void) { +#ifdef WITH_OPENSSL struct bitmap *b; BIGNUM *bn; size_t len; @@ -131,5 +132,6 @@ tests(void) bitmap_free(b); BN_free(bn); TEST_DONE(); +#endif /* WITH_OPENSSL */ } diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c index 2eaaf06..da0e353 100644 --- a/regr...

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

The attached patches fixes and cleans up the build when configured with --without-openssl. Summary: * Fix KEX_SERVER_ENCRYPT macro in myproposal.h * Fix unresolved symbols in ssh-keygen.c * Isolate openssl code and extend WITH_OPENSSL wrappers around it * Make ed25519 default key type in ssh-keygen when configured --without-openssl -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-myproposal.h-fix-newline-in-KEX_SERVER_ENCRYPT.patch Type: text/x-patch Size: 992 bytes Desc: not available URL...

...ly.c b/cipher-chachapoly.c index a58616fb..7e6995f6 100644 --- a/cipher-chachapoly.c +++ b/cipher-chachapoly.c @@ -109,7 +109,14 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt) { #if defined(WITH_OPENSSL) && defined(HAVE_EVP_CHACHA20) +#if defined(LIBRESSL_VERSION_NUMBER) +#define CHACHA_IV_OFFSET 4 + u_char seqbuf[12]; +#else +#define CHACHA_IV_OFFSET 8 + /* OpenSSL IV contains also the counter in the first 4 bytes */ u_char seqbuf[16]; +#endif int r = SSH_ERR_LIBCRYPTO_ERROR; #else...

Hello, With current portable master source tree HAVE_CRYPT and HAVE_DES_CRYPT are not defined. It seems to me this is regression introduced with implementation of configure options --with-openssl. Impacted code is in xcrypt.c: ... # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT) # include <openssl/des.h> # define crypt DES_crypt # endif ... Only above preprocessor statement use defines HAVE_CRYPT and HAVE_DES_CRYPT. Configure script look like ( if with OpenSSL then .... else ... AC_CHE...

OK, with this additional information I can now reproduce it. Based on some quick experiments it seems to be triggered when sshd is built --with-ssh1 and the config does not *load* a Protocol 1 host key. Works: Protocol=1,2 + Hostkey not specified Protocol=1,2 + Hostkeys for both protocols specified. Doesn't work: Protocol=2 + Hostkey not specified. Protocol=1,2 + Hostkeys specified only for

Hi, Patch attached for $SUBJECT. ismail

...iver.com> --- cipher.c | 2 ++ configure.ac | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/cipher.c b/cipher.c index c3cd5dc..41dacfb 100644 --- a/cipher.c +++ b/cipher.c @@ -82,7 +82,9 @@ struct sshcipher { static const struct sshcipher ciphers[] = { #ifdef WITH_OPENSSL +#ifdef OPENSSL_HAVE_DES { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, +#endif { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc }, { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc }, { "aes256-cbc", 16, 32, 0, 0, CFLAG_...

...eezero(r, sizeof(*r)); -}; +} static void sshsk_free_sign_response(struct sk_sign_response *r) @@ -163,7 +163,7 @@ sshsk_free_sign_response(struct sk_sign_response *r) freezero(r->sig_r, r->sig_r_len); freezero(r->sig_s, r->sig_s_len); freezero(r, sizeof(*r)); -}; +} #ifdef WITH_OPENSSL /* Assemble key from response */ -- 2.24.0

On Tue, 24 Feb 2015, Darren Tucker wrote: | On Tue, Feb 24, 2015 at 3:11 PM, Kevin Brott <kevin.brott at gmail.com> wrote: | | > [...] | > "cipher-aesctr.c", line 30: warning #2260-D: explicit type is missing | > ("int" assumed) | > static inline void | > | | does replacing "inline" with "__inline__" work? Failing that,

...Reporter: reubenhwk at gmail.com Created attachment 2599 --> https://bugzilla.mindrot.org/attachment.cgi?id=2599&action=edit git format-patch origin/master Summary: * Fix KEX_SERVER_ENCRYPT macro in myproposal.h * Fix unresolved symbols in ssh-keygen.c * Isolate openssl code and extend WITH_OPENSSL wrappers around it * Make ed25519 default key type in ssh-keygen when configured --without-openssl The attached patches apply to master (commit id 70860b6) -- You are receiving this mail because: You are watching the assignee of the bug.

On some cpu's optimized chacha implementation in openssl (1.1.0+) is notably faster (and on others it is just faster) than generic C implementation in openssh. Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses different scheme (with padding/etc - see rfc8439) and it looks it is not possible to use in openssh. OpenSSL 1.1.1+ also exports "raw" poly1305 primitive,

On Wed, Feb 15, 2017 at 9:50 PM, Kelly Dunlop <kdunlop at guralp.com> wrote: > > > Hi, > > I am running openssh7.3p1 on an embedded Linux system and discovered this problem. > > If I run: > > ssh-keygen -t rsa1 -f testfile > > it appears to generate the key and I get the output: > > Generating public/private rsa1 key pair. >

...supported key type". diff --git a/sshkey.c b/sshkey.c index 4768790..f45e239 100644 --- a/sshkey.c +++ b/sshkey.c @@ -89,7 +89,9 @@ static const struct keytype keytypes[] = { { "ssh-ed25519-cert-v01 at openssh.com", "ED25519-CERT", KEY_ED25519_CERT, 0, 1 }, #ifdef WITH_OPENSSL +# ifdef WITH_SSH1 { NULL, "RSA1", KEY_RSA1, 0, 0 }, +# endif { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, # ifdef OPENSSL_HAS_ECC -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880...

...============================== RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v retrieving revision 1.470 diff -u -p -r1.470 ssh-keygen.c --- ssh-keygen.c 17 Jul 2023 04:01:10 -0000 1.470 +++ ssh-keygen.c 3 Sep 2023 21:29:12 -0000 @@ -61,11 +61,7 @@ #include "ssh-pkcs11.h" #endif -#ifdef WITH_OPENSSL -# define DEFAULT_KEY_TYPE_NAME "rsa" -#else -# define DEFAULT_KEY_TYPE_NAME "ed25519" -#endif +#define DEFAULT_KEY_TYPE_NAME "ed25519" /* * Default number of bits in the RSA, DSA and ECDSA keys. These value can be @@ -252,7 +248,7 @@ ask_filename(struct passwd *...

...200 +++ openssh.cert_shadow/sshkey.c 2015-07-26 13:55:40.978410299 +0200 @@ -324,6 +324,48 @@ sshkey_is_cert(const struct sshkey *k) return sshkey_type_is_cert(k->type); } +/* TODO: Please review carefully */ +int +sshkey_is_private(const struct sshkey *k) +{ + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA1: + case KEY_RSA: + case KEY_RSA_CERT_V00: + case KEY_RSA_CERT: + if (k->rsa && k->rsa->d && k->rsa->q && k->rsa->p && + k->rsa->iqmp && + !BN_is_zero(k->rsa->d) && + !BN_is_zero(k->rsa->q)...

...t type, ??? ??? ?*keyp = prv; ??? ??? ?prv = NULL; ??? ?} +?? ?if (vault_infop != NULL) { +?? ??? ?*vault_infop = vault_info; +?? ??? ?vault_info = NULL; +?? ?} ? out: ??? ?BIO_free(bio); ??? ?EVP_PKEY_free(pk); ??? ?sshkey_free(prv); +?? ?sshkey_vault_free(vault_info); ??? ?return r; ?} ?#endif /* WITH_OPENSSL */ ? ?int ?sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, -??? const char *passphrase, struct sshkey **keyp, char **commentp) +??? const char *passphrase, struct sshkey **keyp, char **commentp, struct sshkey_vault **vault_infop) ?{ ??? ?int r = SSH_ERR_INTERNAL_ERROR; ? @@ -4632,...

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

...solution. When I started the upgrade (install), I had an /etc/make.conf. Thinking that this might be the culprit when these messages starting to appear, I looked it over for possible typos. The only possible issue I could see was the reference to databases/mysql: .if ${.CURDIR:M*/databases/mysql*} WITH_OPENSSL=yes WITH_CHARSET=latin1 WITH_XCHARSET=complex WITH_COLLATION=latin1_general_ci WITH_PROC_SCOPE_PTH=yes BUILD_OPTIMIZED=yes WITH_ARCHIVE=yes WITH_CSV=yes .endif NOTE the YES | NO, as opposed to TRUE | FALSE. I changed them to true v false. But I have already built MySQL with the YES | NO. Could this...