similar to: Miscellaneous compiler warnings

Tested against openssh-SNAP-2013-03-04 Fix those 2 old warnings schnorr.c: In function 'debug3_bn': schnorr.c:494: warning: ignoring return value of 'vasprintf', declared with attribute warn_unused_result schnorr.c: In function 'debug3_buf': schnorr.c:519: warning: ignoring return value of 'vasprintf', declared with attribute warn_unused_result vasprintf return

Compiling krl.c with clang results in a slew of warnings like this one: /usr/src/secure/lib/libssh/../../../crypto/openssh/krl.c:505:37: warning: format specifies type 'unsigned long long' but the argument has type 'u_int64_t' (aka 'unsigned long') [-Wformat] This comes from incorrectly assuming that u_int64_t is defined as unsigned long long, whereas on

The included patch for openssh 3.0.2p1 implements overlapping read requests for the sftp client. It should be able to handle weird cases such as shriking files and reordered responses. This is only the first shot, and I'd be happy for any comments. I plan to implement something similar for the write path if this works out well. The maximum number of outstanding requests is quite high at

From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> The "zstd at breakpoint.cc" compression algorithm enables ZSTD based compression as defined in RFC8478. The compression is delayed until the server sends the SSH_MSG_USERAUTH_SUCCESS which is the same time as with the "zlib at openssh.com" method. Signed-off-by: Sebastian Andrzej Siewior <sebastian at

On Wed, 29 Mar 2023, Chris Rapier wrote: > I was wondering if there was something specific to the internal chacha20 > cipher as opposed to OpenSSL implementation. > > I can't just change the block size because it breaks compatibility. I can do > something like as a hack (though it would probably be better to do it with the > compat function): > > if

I'm hardly an expert on this, but if I remember correctly, the rekey rate for good security is mostly dependent on the cipher block size. I left my reference books at home; so, I can't come up with a reference for you, but I would take Chris' "I'm deeply unsure of what impact that would have on the security of the cipher" comment seriously and switch to a cipher with a

I don't know enough about this to know if these warnings mean that I can't build it or not. Also, since I'm e-mailing anyway, how can I tell what options were compiled into my exiting ssh: My system is freeBSD 4.11. PC% ssh -V OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090704f PC% so that I can do the same thing with the newer version. I don't want to

Ah, with an internal block size [Is that what one calls it?] of 64 bytes. From: Damien Miller <djm at mindrot.org> Sent: Wednesday, March 29, 2023 3:08 PM To: Robinson, Herbie <Herbie.Robinson at stratus.com> Cc: Chris Rapier <rapier at psc.edu>; Christian Weisgerber <naddy at mips.inka.de>; openssh-unix-dev at mindrot.org Subject: RE: [EXTERNAL] Re: ChaCha20 Rekey

That's true for block ciphers, but ChaCha20+poly1305 is a stream cipher. On Wed, 29 Mar 2023, Robinson, Herbie wrote: > > I?m hardly an expert on this, but if I remember correctly, the rekey rate > for good security is mostly dependent on the cipher block size.? I left my > reference books at home; so, I can?t come up with a reference for you, but I > would take Chris?

I am having trouble figuring out how to build openssh-5.8p1 for QNX 6.5. I am trying to build on linux, cross-compiling for armv7. If I configure like this: configure CC=ntoarmv7-gcc --host=i686-pc-linux-gnu --target=arm-unknown-nto-qnx6.5.0 then I get these errors: sshconnect.o: In function `timeout_connect': sshconnect.c:(.text+0x778): undefined reference to

Hi. I was compiling openssh 4.3p1 on Apple's iMac Core Duo computer and came across following warnings. configure: WARNING: net/if.h: present but cannot be compiled configure: WARNING: net/if.h: check for missing prerequisite headers? configure: WARNING: net/if.h: see the Autoconf documentation configure: WARNING: net/if.h: section "Present But Cannot Be Compiled"

http://bugzilla.mindrot.org/show_bug.cgi?id=377 Summary: Reduce compiler warnings. Use unsigned args to the ctype.h is*() macros. Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: trivial Priority: P2 Component: Miscellaneous

I was wondering if there was something specific to the internal chacha20 cipher as opposed to OpenSSL implementation. I can't just change the block size because it breaks compatibility. I can do something like as a hack (though it would probably be better to do it with the compat function): if (strstr(enc->name, "chacha")) *max_blocks = (u_int64_t)1 << (16*2);

Hi, It's that time again... OpenSSH 6.2 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD:

I believe there has been a bug in KRL signature verification that has been present since the KRL feature was first introduced. It prevents signed KRLs from being loaded by OpenSSH [0]. I believe this bug applies to all versions of OpenSSH, although the majority of my effort has been devoted to (and all of my code snippets come from) openssl-portable. The bug is that an offset is incorrectly

https://bugzilla.mindrot.org/show_bug.cgi?id=3659 Bug ID: 3659 Summary: Certificates are ignored when listing revoked items in a (binary) revocation list Product: Portable OpenSSH Version: 9.2p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5

In openssh_cvs/openbsd-compat: readpassphrase.c: In function `readpassphrase': readpassphrase.c:116: warning: operation on `ch' may be undefined The offending line is: ch = ch &= 0x7f; probably should be: ch &= 0x7f; In openssh-2.9p2: readpass.c: In function `read_passphrase': readpass.c:120: warning: passing

https://bugzilla.mindrot.org/show_bug.cgi?id=2313 Bug ID: 2313 Summary: Corrupt KRL file when using multiple CA. Product: Portable OpenSSH Version: 6.5p1 Hardware: Other OS: Linux Status: NEW Severity: major Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at

Dear OpenSSH developers, I've worked this week on an alternative key exchange mechanism, in reaction to the whole NSA leaks and claims over cryptographic backdoors and/or cracking advances. The key exchange is in my opinion the most critical defense against passive eavesdropping attacks. I believe Curve25519 from DJB can give users a secure alternative to classical Diffie-Hellman (with fixed

Dear developpers, I'm using OpenSSH_2.9p1 with prngd on my Sony NEWS-OS 4.2.1R. NEWS-OS 4.x is based on 4.3BSD and lack of many POSIX and ANSI features. Today I tried to make the latest openssh_cvs and got the following error, gcc -g -O2 -Wall -O -I. -I.. -I. -I./.. -I/usr/local/ssl/include -DHAVE_CONFIG_H -c readpassphrase.c readpassphrase.c: In function `readpassphrase':