similar to: OpenSSH 3.9.1 fix for IRIX 5.3 cc

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

http://bugzilla.mindrot.org/show_bug.cgi?id=371 Summary: OpenSSH fails to build on Alpha True64 in cipher.c Product: Portable OpenSSH Version: -current Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

Below is a patch that adds the ability to have a none cipher and mac for protocol version 2. By default, sshd will not allow these to be used; an admin will have to explicitly allow them in the Ciphers and MACs section of sshd_config. Additionally, the client will not use these unless explicitly instructed to by the user. The actual name of the cipher is 'none2', to distinguish it

Hello everyone.. I am fairly new to the patching format.. so I just decided to post a basic info about how to remove group1 and group14 diffie key exchange in OpenSSH. I know that they are listed as required in RFC 4253 but I don't want a client to have the choice to use a 1024 bit prime for the key exchange. If someone is getting into my system.. they should upgrade to a new client. I am a

Hello, I've updated sources but forgot to recreate configure so I've ended without #define HAVE_EVP_RIPEMD160 1 and ssh client ended with: OpenSSH_6.7p1, OpenSSL 1.0.1h-fips 5 Jun 2014 debug1: Reading configuration data ssh.config main: mux digest failed The problem was that ssh_digest_by_alg() couldn't verify alg with an index bigger than 1 since the line with SSH_DIGEST_RIPEMD160

I am having trouble compiling openssh 3.4p1 on an IRIX operating system I am using the Mips Pro C compiler, and trying to create o32 executables. The operating system is IRIX 6.2 on a SGI challenge S. Could anyone please help me? If this is the wrong email list, could you please refer me to the correct one. Thank you; Madeleine Yeh (cd openbsd-compat &&

Hi all. While on the subject of the OpenSSL interface, this patch optionally enables OpenSSL's ENGINE support at build time. Apply to a snapshot, autoreconf and "./configure --with-ssl-engine". Testing (esp. with a real hardware engine) would be appreciated. Index: INSTALL =================================================================== RCS file:

Hi, Here is a patch that adds the possibility of displaying key fingerprints in the bubblebabble format used by ssh.com ssh implementations. I hope it makes its way into the source. --- ./openssh-2.5.1/key_original.h Sun Mar 4 00:47:55 2001 +++ ./openssh-2.5.1/key.h Sun Mar 4 00:57:57 2001 @@ -36,6 +36,17 @@ KEY_DSA, KEY_UNSPEC }; + +enum digest_type { + DIGEST_TYPE_SHA1, +

on very large files, vim will condense display - e.g. +-- 8 lines: static inline void php_openssl_rand_add_timeval() -------------------------------------------------------------------------------------------------------------------------------------------------- #endif +-- 29 lines: static int php_openssl_load_rand_file(const char * file, int *egdsocket, int *seeded)

These two functions in cipher.c (I have looked at openssh5.8p1 & openssh5.9p1) copy the internal cryptographic state of an OpenSSL RC4 encryption/decryption context using simple memcpy(). This code also copies the state when evptype is EVP_acss, which I am unfamiliar with. This code appears to works fine when using the builtin crypto of OpenSSL 1.0.0d. However, I have been doing some work

http://bugzilla.mindrot.org/show_bug.cgi?id=685 Summary: cipher.c error when building against OpenSSL 0.9.7b on RedHat 7.3 Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: Build system AssignedTo:

Hi all. Solaris 10's default libcrypto does not have support for AES 192 and 256 bit functions. The attached patch, against -current, and based partially on an earlier one by djm, will use OpenSSH's builtin rijndael code for all AES crypto functions and thus will allow it to build and function on Solaris 10 without the extra crypto packages (SUNWcry, SUNWcryr) or a locally built OpenSSL.

Dear OpenSSH developers, I've worked this week on an alternative key exchange mechanism, in reaction to the whole NSA leaks and claims over cryptographic backdoors and/or cracking advances. The key exchange is in my opinion the most critical defense against passive eavesdropping attacks. I believe Curve25519 from DJB can give users a secure alternative to classical Diffie-Hellman (with fixed

https://bugzilla.mindrot.org/show_bug.cgi?id=1756 Summary: 5.4p1 fails to build on SuSE 10 64bit with openssl/1.0.0 due to missing -L flag Product: Portable OpenSSH Version: 5.4p1 Platform: amd64 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: Build system

hello, can anyone help me? im gettitng this error when i tried runnin make on solaris 9 rm -f include/asterisk/version.h.tmp make[1]: `ast_expr.a' is up to date. make[1]: Leaving directory `/export/home/fst/chris/cvs/asterisk' gcc -g -o asterisk io.o sched.o logger.o frame.o loader.o config.o channel.o t ranslate.o file.o say.o pbx.o cli.o

Here are three versions (patch against openbsd cvs) 1) repace nacl w/libsodium, so i could test 2) curve25519-donna 3) Matthew's public domain reference implementation. i'd vote for #3 -------------- next part -------------- Am 30.10.2013 um 07:27 schrieb Damien Miller <djm at mindrot.org>: > On Tue, 24 Sep 2013, Aris Adamantiadis wrote: > >> Dear OpenSSH

When compiling the software it breaks with an error on the cipher.c file. Lot's of warnings and error of undeclared stuff. Snippet follows: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/include -Iyes -I/usr/local/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\"

Hi, The 20130110 snapshot fails to build against OpenSSL 0.9.8 and 1.0.0 with the following error: gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -fno-builtin-memset -fstack-protector-all -I. -I. -DSSHDIR=\"/tmp/foo/etc\" -D_PATH_SSH_PROGRAM=\"/tmp/foo/bin/ssh\"

Hi. OpenSSH currently has its own implementation of AES in counter mode (cipher-ctr.c). This is probably because it wasn't available in OpenSSL. From what I see now, recent OpenSSL does implement EVP_aes_{128,192,256}_ctr() and it would be nice to use it whenever possible. The gain here is that OpenSSH's version uses software AES implementation and OpenSSL's version will use AES-NI if

http://bugzilla.mindrot.org/show_bug.cgi?id=371 ------- Additional Comments From dtucker at zip.com.au 2002-09-29 17:58 ------- Created an attachment (id=152) --> (http://bugzilla.mindrot.org/attachment.cgi?id=152&action=view) Cast EVP_rc4 to void * for comparison Try this patch. I don't have a Tru64 box so I can't test it but it suppresses the warning from gcc, so you might