similar to: non-openssl build fixes

https://bugzilla.mindrot.org/show_bug.cgi?id=2388 Bug ID: 2388 Summary: build fixups for --without-openssl Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2527 Bug ID: 2527 Summary: default algorithms mismatch between man pages and myproposal.h Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: Documentation

Hello OpenSSH developers, openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use compression: # ssh-3.4p1 -C remote-host-with-4.2p1 pwd no matching comp found: client zlib server none,zlib at openssh.com option "-vv" shows ... debug2: kex_parse_kexinit: zlib ... debug2: kex_parse_kexinit: none,zlib at openssh.com ... debug2: mac_init: found hmac-md5 no

On Tue, 23 Jun 2015, Jakub Jelen wrote: > > On 05/29/2015 09:12 AM, Damien Miller wrote: > > Hi, > > > > OpenSSH 6.9 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This release contains > > some substantial new features and a number of bugfixes. > Tested basic configuration on Fedora 22. With

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

On Wed, Apr 22, 2015 at 1:53 PM, Gert Doering <gert at greenie.muc.de> wrote: > Hi, > > On Wed, Apr 22, 2015 at 01:26:06PM -0700, Reuben Hawkins wrote: >> Let me know if I'm missing something. :) > > Signed keys from a common CA? I don't think the signed key helps in my particular case (I may be wrong, if so please correct me). I'm working on a management

Add OSCCA SM3 secure hash algorithm (OSCCA GM/T 0004-2012 SM3). --- Makefile.in | 2 +- configure.ac | 2 +- digest-libc.c | 11 ++ digest-openssl.c | 1 + digest.h | 3 +- mac.c | 1 + sm3.c | 320 +++++++++++++++++++++++++++++++++++++++++++++++ sm3.h | 51 ++++++++ 8 files changed, 388 insertions(+), 3 deletions(-) create mode

On 2020-02-05 at 20:39 -0500, Phil Pennock wrote: > On 2020-02-06 at 10:29 +1100, Damien Miller wrote: > > OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This is a feature release. > > > * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These > This actually affects me:

https://bugzilla.mindrot.org/show_bug.cgi?id=3603 Bug ID: 3603 Summary: ssh clients can't communicate with server with default cipher when fips is enabled at server end Product: Portable OpenSSH Version: 9.4p1 Hardware: All OS: Linux Status: NEW Severity: critical

Hi there, I noticed that hmac-ripemd160 and hmac-ripemd160 at openssh.com are not listed in the OpenSSH protocols file, yet they are listed in myproposal.h. I was wondering whether this is intentional, if yes, what the rationale behind this is? Thanks, Max

From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> The "zstd at breakpoint.cc" compression algorithm enables ZSTD based compression as defined in RFC8478. The compression is delayed until the server sends the SSH_MSG_USERAUTH_SUCCESS which is the same time as with the "zlib at openssh.com" method. Signed-off-by: Sebastian Andrzej Siewior <sebastian at

On Fri, 2019-07-12 at 15:54 +1000, Damien Miller wrote: > On Thu, 17 Jan 2019, Yuriy M. Kaminskiy wrote: > > > On some cpu's optimized chacha implementation in openssl (1.1.0+) > > is > > notably faster (and on others it is just faster) than generic C > > implementation in openssh. > > > > Sadly, openssl's chacha20-poly1305

Hello, With current portable master source tree HAVE_CRYPT and HAVE_DES_CRYPT are not defined. It seems to me this is regression introduced with implementation of configure options --with-openssl. Impacted code is in xcrypt.c: ... # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT) # include <openssl/des.h> # define crypt DES_crypt # endif ...

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

While compiling openssl with option `no-des', it caused the openssh build failure ... cipher.c:85:41: error: 'EVP_des_ede3_cbc' undeclared here (not in a function); ... Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com> --- cipher.c | 2 ++ configure.ac | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/cipher.c b/cipher.c index

Dear all, Ed25519 public keys being as small as they are is very convenient. There is an opportunity to nudge the world towards modern algorithms. I believe choices made in OpenSSH can positively impact the wider eco-system and industry. I'd like to suggest ssh-keygen to generate an Ed25519 keypair, if invoked without any arguments. OpenSSH has supported Ed25519 since version 6.5 (January

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

Hello, well it''s | Rev: || 11096:745a39c852ab tip 11094:e34042dabbd8 | Auth: dtucker | Date: Tue, 11 Jun 2013 02:10:02 +0000 - (dtucker) [myproposal.h] Make the conditional algorithm support consistent and add some comments so it''s clear what goes where. Note it was still advertised in the 6.3 release notes. Has it been replaced by a git(1) repository? :-))

Dear all, I am currently implementing an experimental key exchange (KEX) algorithm. Unlike current algorithms like DH, mine needs to be able to fail gracefully, and in case of failure, continue with whatever algorithm would have been negotiated if mine was not selected. My strategy for graceful failure is to remove my KEX algorithm from myproposal[KEX_DEFAULT_KEX] and to initiate a new key

This is not valid in ISO C. --- ssh-sk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh-sk.c b/ssh-sk.c index 2b25c42f..3d6ac3d0 100644 --- a/ssh-sk.c +++ b/ssh-sk.c @@ -153,7 +153,7 @@ sshsk_free_enroll_response(struct sk_enroll_response *r) freezero(r->signature, r->signature_len); freezero(r->attestation_cert, r->attestation_cert_len); freezero(r,