similar to: [Bug 2177] New: wrong sizeof() parameter following chacha20 commit

https://bugzilla.mindrot.org/show_bug.cgi?id=2972 Bug ID: 2972 Summary: Add build-time option to use OpenSSL for ChaCha20-Poly1305 Product: Portable OpenSSH Version: 7.9p1 Hardware: ARM OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous

I was wondering if there was something specific to the internal chacha20 cipher as opposed to OpenSSL implementation. I can't just change the block size because it breaks compatibility. I can do something like as a hack (though it would probably be better to do it with the compat function): if (strstr(enc->name, "chacha")) *max_blocks = (u_int64_t)1 << (16*2);

https://bugzilla.mindrot.org/show_bug.cgi?id=3194 Bug ID: 3194 Summary: Please consider lowering chacha20-poly1305 at openssh.com cipher priority on AES-NI capable CPU Product: Portable OpenSSH Version: 8.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement

Ah, with an internal block size [Is that what one calls it?] of 64 bytes. From: Damien Miller <djm at mindrot.org> Sent: Wednesday, March 29, 2023 3:08 PM To: Robinson, Herbie <Herbie.Robinson at stratus.com> Cc: Chris Rapier <rapier at psc.edu>; Christian Weisgerber <naddy at mips.inka.de>; openssh-unix-dev at mindrot.org Subject: RE: [EXTERNAL] Re: ChaCha20 Rekey

I'm wondering why the ChaCha20 cipher rekeys so frequently. At speed I'm seeing rekeys every second or two. So I'm spending a large amount of time in the rekey process. From what I've read about ChaCha20 it shouldn't need to be rekeyed quite so frequently. Am I missing something obvious? Just curious more than anything else. Chris

That's true for block ciphers, but ChaCha20+poly1305 is a stream cipher. On Wed, 29 Mar 2023, Robinson, Herbie wrote: > > I?m hardly an expert on this, but if I remember correctly, the rekey rate > for good security is mostly dependent on the cipher block size.? I left my > reference books at home; so, I can?t come up with a reference for you, but I > would take Chris?

On some cpu's optimized chacha implementation in openssl (1.1.0+) is notably faster (and on others it is just faster) than generic C implementation in openssh. Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses different scheme (with padding/etc - see rfc8439) and it looks it is not possible to use in openssh. OpenSSL 1.1.1+ also exports "raw" poly1305 primitive,

I'm hardly an expert on this, but if I remember correctly, the rekey rate for good security is mostly dependent on the cipher block size. I left my reference books at home; so, I can't come up with a reference for you, but I would take Chris' "I'm deeply unsure of what impact that would have on the security of the cipher" comment seriously and switch to a cipher with a

On Wed, 29 Mar 2023, Chris Rapier wrote: > I was wondering if there was something specific to the internal chacha20 > cipher as opposed to OpenSSL implementation. > > I can't just change the block size because it breaks compatibility. I can do > something like as a hack (though it would probably be better to do it with the > compat function): > > if

On Fri, 2019-07-12 at 15:54 +1000, Damien Miller wrote: > On Thu, 17 Jan 2019, Yuriy M. Kaminskiy wrote: > > > On some cpu's optimized chacha implementation in openssl (1.1.0+) > > is > > notably faster (and on others it is just faster) than generic C > > implementation in openssh. > > > > Sadly, openssl's chacha20-poly1305

This removes dependence on external firmware for NV50 generation cards. If the generated ctxprogs don't work for you for some reason, please report it. Signed-off-by: Marcin Ko?cielnicki <koriakin at 0x04.net> --- drivers/gpu/drm/nouveau/Makefile | 2 +- drivers/gpu/drm/nouveau/nouveau_drv.h | 1 + drivers/gpu/drm/nouveau/nv50_graph.c | 74 +-

https://bugzilla.mindrot.org/show_bug.cgi?id=2170 Bug ID: 2170 Summary: Potential integer overflow Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2171 Bug ID: 2171 Summary: potential fd leak Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sftp Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2163 Bug ID: 2163 Summary: unchecked returned value from pam_get_item() Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: PAM support Assignee: unassigned-bugs at

Hello All, In reviewing source code for OpenSSH-6.1p1, I found instances of deprecated library calls still within various source code files. Examples of deprecated calls are: bzero() (replaced with memset() which is ANSI compliant), index() (replaced with strchr() which is also ANSI compliant). In file 'auth2-jpake.c', I've replaced all the bzero() calls with the equivalent

This makes nouveau recognise and report more kinds of PGRAPH errors, as well as prevent GPU lockups resulting from some of them. Lots of guesswork was involved and some part of this is probably incorrect. Some potential-lockuop situations are handled by just resetting a whole PGRAPH subunit, which doesn't sound like a "proper" solution, but seems to work just fine... for now.

I have renamed all of the patch files to .txt, which should be acceptable for the mailer daemon at mindrot, per Angel's suggestion. I am attaching the patch files to the email, with the extra space removed and a minor correction made. Bill Parker (wp02855 at gmail dot com) -------------- next part -------------- --- port-linux.c.orig 2012-12-19 17:40:53.231529475 -0800 +++ port-linux.c

Signed-off-by: Marcin Ko?cielnicki <koriakin at 0x04.net> --- drivers/gpu/drm/nouveau/nv50_grctx.c | 13 ++++++++++++- 1 files changed, 12 insertions(+), 1 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nv50_grctx.c b/drivers/gpu/drm/nouveau/nv50_grctx.c index 3c3cc46..42a8fb2 100644 --- a/drivers/gpu/drm/nouveau/nv50_grctx.c +++ b/drivers/gpu/drm/nouveau/nv50_grctx.c @@ -177,6 +177,7

https://bugzilla.mindrot.org/show_bug.cgi?id=2021 Loganaden Velvindron <loganaden at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2199|0 |1 is obsolete| | --- Comment #12 from Loganaden Velvindron

https://bugzilla.mindrot.org/show_bug.cgi?id=1962 Loganaden Velvindron <loganaden at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #3 from Loganaden