similar to: ssh_SSLeay_add_all_algorithms()

Last year I sent the email below describing a bug in openssh 5.6p1. I just noticed this bug still exists in 5.9p1. Probably my earlier email was treated as spam because it was in HTML format. -- Robert Dugal Team Lead SSL & PKI Group Certicom Corp. A Subsidiary of Research In Motion 4701 Tahoe Blvd., Building A Mississauga, ON L4W 0B5

These two functions in cipher.c (I have looked at openssh5.8p1 & openssh5.9p1) copy the internal cryptographic state of an OpenSSL RC4 encryption/decryption context using simple memcpy(). This code also copies the state when evptype is EVP_acss, which I am unfamiliar with. This code appears to works fine when using the builtin crypto of OpenSSL 1.0.0d. However, I have been doing some work

Hi all. While on the subject of the OpenSSL interface, this patch optionally enables OpenSSL's ENGINE support at build time. Apply to a snapshot, autoreconf and "./configure --with-ssl-engine". Testing (esp. with a real hardware engine) would be appreciated. Index: INSTALL =================================================================== RCS file:

https://bugzilla.mindrot.org/show_bug.cgi?id=1934 Bug #: 1934 Summary: mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init(). Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal

Hi all, attached is a patch that enables using hardware crypto accelerators available through OpenSSL library for SSH operations. Especially in ssh/sshd it can bring a significant speed improvement. OTOH if no crypto engine is available, nothing bad happens and default software crypto routines are used. This patch is used in SUSE Linux OpenSSH package and proved to work (at least it didn't

Hello, I am looking into the ssh sources. I couldn't get docs for SSLeay_add_all_algorithms. I tried for this in openssl.org. Can someone give some pointers for documents, which can tell how to use the SSL functions used in the ssh sources and what they do?? thanks kapil

I'm trying to run up ModelSim (a commercial simulator for hardware description languages), which is licensed on FlexLM, using the hard disk number. This program isn't listed in the apps database. I have a valid license, and the Flex tools are correctly identifying, under Wine, that there's a licence and that it's valid. They find the appropriate env variable, identify the

https://bugzilla.mindrot.org/show_bug.cgi?id=1437 Summary: OpenSSL engine support not enabled Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at

I am having trouble figuring out how to build openssh-5.8p1 for QNX 6.5. I am trying to build on linux, cross-compiling for armv7. If I configure like this: configure CC=ntoarmv7-gcc --host=i686-pc-linux-gnu --target=arm-unknown-nto-qnx6.5.0 then I get these errors: sshconnect.o: In function `timeout_connect': sshconnect.c:(.text+0x778): undefined reference to

Hi there, I have tried compiling OpenSSH 4.3p2 using the following steps: Upgrade OpenSSL tar xvfz openssl-0.9.8a.tar.gz cd openssl-0.9.8a ./config make make install Upgrade zlib tar xvfz zlib-1.2.3.tar.gz ./configure make test make install Upgrade OpenSSH tar xvfz openssh-4.3p2.tar.gz cd openssh-4.3p2.tar.gz ./configure --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl

Hi, I am trying to install tinc-1.0pre8 on my RH 9.0 (kernel 2.4.20-13.9) system. I have already installed Openssl (v0.9.7a). When i try to run the ./configure script, it stops at the follwing check ---SNIP-- checking openssl/pem.h presence... yes checking for openssl/pem.h... yes checking for SHA1_version in -lcrypto... yes checking for RAND_pseudo_bytes... yes checking for

https://bugzilla.mindrot.org/show_bug.cgi?id=1882 Summary: Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine Product: Portable OpenSSH Version: 5.7p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: scp AssignedTo:

Hi, I just installed OpenSSH 3.3p1 on a SunOS 4.1.4 system (actually a 3-year old Auspex file server) as a replacement for an older, probably vulnerable ssh version. I used gcc, openssl 0.9.6d, zlib 1.1.4 and the configure incantation ./configure --with-tcp-wrappers --with-privsep-user=privsep (the latter option obviously being the default value). There were two problems: (a) memmove seems

Hello, An AIX machine runs a program that forks ssh client in order to launch commands on a remote. I'm first seting up a Master connection with a ControlPath, then using that connection to launch various commands on the remote, and killing the master by issuing a "-O exit" command. SSH client version on that machine is : # ssh -V OpenSSH_5.8p1, OpenSSL 0.9.8r 8 Feb 2011 #

NOTE: If you know how to properly use load_private_key for dsa keys and NOTE: don't want to read my long post, simply reply with that info and NOTE: I will really appreciate it. thanks. I've been playing with the source code and trying to create extra apps. All has been going well except the fact that I can't load a dsa private key. To highlight my problem I stole some code

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

Hi, I have a problem with the extern declarations of optarg, optind, etc. We're currently moving getopt from being a statically linked function to a dynamically linked function as part of the Cygwin DLL. On Windows, this requires to generate special symbols (__imp__optarg, etc.), which is done by marking the exported variables in the corresponding header. Instead of extern char *optarg;

I'm in the process of installing OpenSSH-2.5.1p1 on a cluster of machines. One of the aspects of a previous (non-OpenSSH) version of ssh that I had been using was its ability to tolerate soft links to it. Thus, one could set up # ln -s /usr/bin/ssh /usr/local/bin/machine and thereafter type just 'machine' to connect to that host. This version of OpenSSH doesn't appear to

Does anyone knows why in some OpenSSH patches for FIPS we have something like: SSLeay_add_all_algorithms(); if (FIPS_mode() && !FIPSCHECK_verify(NULL, NULL)) { fprintf(stderr, "FIPS integrity verification test failed.\n"); exit(3); } This block of code is always in main() soon after starting service/client. Why are they

The init functions are not longer required in OpenSSL 1.1 so I dropped them. TLSv1_client_method() should not be used because it enables only the TLSv1.0 protocol. Better is to use SSLv23_client_method() which enable all the protocols including TLSv1.2. With this functions SSLv2 and SSLv3 is theoretically possible but as of today those protocols are usually build-time disabled. To avoid all this