similar to: RSA_public_decrypt and FIPS

Hello, I'm new to LLVM and I had a question about it: when we call the JIT::runFunction, since llvm doesn't has a full FFI, there are some cases in which the JIT needs to codegen a stub function to call the function we are interested, my question is: this stub function will remains in the module until when ? What are the most efficient way to remove it from the module and memory ? For a

Hello, I'm using the llvm-c bindings for C, but I'm getting some problems, the LLVMCreateExecutionEngine is returning 1 but the error message is an empty string (it's !=NULL). The steps I'm doing is to create the module, then I call LLVMVerifyModule to verify and it works fine, later I call LLVMCreateModuleProviderForExistingModule and it returns !=NULL MP, so it's ok, but

Using OpenSSH 2.3.1 client and OpenSSL 0.9.6a When trying to ssh to OpenSSH server of higher versions SSH-1.99-OpenSSH_2.5.2p2 or such, I see error in RSA key exchange: RSA_verify(..)routine. I see: error at:int RSA_verify(int dtype, unsigned char *m, unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { int i,ret=0,sigtype; unsigned char *p,*s;

We recently upgraded from an older version of SSH to OpenSSH 2.5.1p1 (OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f) and are having problems on just a few hosts in our environment. The other 200 systems are working fine. Every once in a blue-moon it will connect with version 2. When I try to connect to or from one of these hosts using SSH2 I get the following error (I have sshd -d

code version referenced: openssh-5.9p1 Hi all, When building openssh with openssl (specifically versions newer than openssl 0.9.8q), there is an issue if FIPS mode is active for openssl. In ssh-rsa.c on line 243 RSA_public_decrypt is called, which is disallowed now in openssl (if in FIPS mode). The library requires appliactions to use the EVP API if running in FIPS mode so it can disallow

Host based authentication does not seem to be working for us after upgrading to openssh-3.4p1 (we were at openssh-3.1p1) (openssl is at 0.96d). Any time we try to connect from another unix box also running openssh-3.4p1, we get the following error (on the server side) and host based auth fails (it falls back to password prompt). sshd[15038]: error: ssh_rsa_verify: RSA_verify failed:

You're right, that probably won't have very good performance. What we (unladen-swallow) do is to call getPointerToFunction which gives a function pointer of type (void*)(void*) which we then cast to the appropriate function type and then call from C/C++. That way the C/C++ compiler for your application can codegen the function call once instead having the JIT do it many times. Reid On

Hello, I'm facing some problems while building LLVM 2.8 shared libraries from source using CMake: cmake -DBUILD_SHARED_LIBS=true .. This is the output error: CMake Error: The inter-target dependency graph contains the following strongly connected component (cycle): "LLVMARMCodeGen" of type SHARED_LIBRARY depends on "LLVMARMAsmPrinter"

Does anyone knows why in some OpenSSH patches for FIPS we have something like: SSLeay_add_all_algorithms(); if (FIPS_mode() && !FIPSCHECK_verify(NULL, NULL)) { fprintf(stderr, "FIPS integrity verification test failed.\n"); exit(3); } This block of code is always in main() soon after starting service/client. Why are they

Dear Group, I'm having a problem connecting Solaris 10 Server to a Redhat Enterprise Linux 5.4 and meanwhile pretty clueless on that issue. Hopefully I get at least a hint, from your group, where to look at. key-length is 2048, permissions are correct on .ssh-directory and the files itself, keygen is done manually. On the Linuxserver we're using openssh-4.3p2-36.el5, on Solaris the

Package: logcheck-database Version: 1.2.63 > Apr 28 17:02:39 naam dkim-filter[15536]: 570BA180CE: bad signature data > Apr 28 17:03:20 naam dkim-filter[15536]: A08D2180CE: bad signature data > Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE SSL error:04077068:rsa routines:RSA_verify:bad signature > Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE: bad signature data > Apr 28

Hi, Tavis Ormandy found some bugs in OpenSSL's ASN.1 and buffer code that can be exploited to cause a heap overflow: http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification function (openssh_RSA_verify):

I hope I don't get flamed the first time I post to a new list. I have spent a couple of hours poking around without seeing anything like this. The problem is, as soon as I load the Zaptel drivers (with a TDM-31B card), ssh into or out of the server is broken. Trying to ssh in, I get: RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01

Package: logcheck-database Version: 1.3.8 11 hex digits, and "no" diff -ur logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter --- logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter 2008-05-22 04:20:58.000000000 -0400 +++ logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter 2010-05-04

https://bugzilla.mindrot.org/show_bug.cgi?id=1987 Bug #: 1987 Summary: FIPS signature verification incompatibility with openssl versions > 0.9.8q Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: normal

This is debugs seen on server, whose keys are not accepted by the client: debug1: Seeding random number generator debug1: sshd version OpenSSH_2.5.2p2 debug1: load_private_key_autodetect: type 0 RSA1 debug1: read SSH2 private key done: name rsa w/o comment success 1 debug1: load_private_key_autodetect: type 1 RSA debug1: read SSH2 private key done: name dsa w/o comment success 1 debug1:

Oops, I meant to CC the list on this. -- Iain ----- Forwarded message from Iain Morgan <Iain.Morgan at nasa.gov> ----- Date: Thu, 17 Jan 2013 14:51:01 -0800 From: Iain Morgan <Iain.Morgan at nasa.gov> To: Damien Miller <djm at mindrot.org> Subject: Re: Inconsisten declaration of ssh_aes_ctr_iv() On Wed, Jan 16, 2013 at 21:26:39 -0600, Damien Miller wrote: > On Mon, 14 Jan

I am seeing the same issues as another recent post, hostbased authentication in 3.4p1 not seeming to work. I tried the ssh-keysign.c patch posted, didn't seem to fix the problem. Details: Solaris 7, OpenSSH 3.4p1, OpenSSL 0.9.6d Key from client ssh_host_rsa_key.pub copied to server /etc/ssh/ssh_known_hosts2 with comma-separated client hostnames added to front and a blank space before rest of

Firstly, amazing software, props to all the developers. I'm trying to compile the latest asterisk cvs checkout and keep getting an error which I can't solve, any help would be much appreciated - make[1]: Leaving directory `/usr/src/asterisk/stdtime' if [ -d CVS ] && ! [ -f .version ]; then echo CVS-HEAD-05/17/04-16:45:34 > .version; fi for x in res channels pbx apps

Hello, I have a client machine and a server machine. I generated a pair of private-public rsa keys using ssh-keygen. On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa On the server machine, I appended the content of the public key to .ssh/authorized_keys I can successfully connect from the client to the server with that config. However, on the client-side, if I add a