similar to: OpenSSL 1.1.0 support

Displaying 20 results from an estimated 300 matches similar to: "OpenSSL 1.1.0 support"

2016 Nov 02
3
OpenSSL 1.1.0 support
On 11/02/2016 01:43 AM, Colin Watson wrote: > On Sun, Sep 18, 2016 at 08:22:31PM +0200, Kurt Roeckx wrote: >> Attached is a patch that add supports for building against OpenSSL >> 1.1.0. I also made a github pull request for it at: >> https://github.com/openssh/openssh-portable/pull/48 > Hi, > > Debian unstable now has OpenSSL 1.1.0 as the default, so I'll have to
2002 Jul 08
0
"Help with EVP_CipherInit"
Hello, I am working on a bounds checking gcc(based on Richard Jones work) with a low enough overhead that will make it acceptable in production code. And i obtained openssh-3.2.2p1 with the view of testing the effectiveness of my code detecting the recently reported vunerability,but my code fails on with an error report of a use of memcpy with overlapping source and destination regions. I have
2017 Sep 22
2
Call for testing: OpenSSH 7.6
On Thu, Sep 21, 2017 at 02:22:10AM -0500, Zev Weiss wrote: > test_kex: regress/unittests/kex/test_kex.c:91 test #1 "sshkey_generate" > ASSERT_INT_EQ(sshkey_generate(keytype, bits, &private), 0) failed: > sshkey_generate(keytype, bits, &private) = -56 That error code is: $ grep -- -56 ssherr.h #define SSH_ERR_KEY_LENGTH -56 Unfortunately there's lots of
2017 Oct 13
8
Status of OpenSSL 1.1 support
Hi, more or less a year ago Kurt Roeckx provided an initial port towards the OpenSSL 1.1 API [0]. The patch has been left untouched [1] and it has been complained about a missing compat layer of the new vs the old API within the OpenSSL library [2]. This is how I reconstructed the situation as of today and I am not aware of any progress in regard to the newer library within the OpenSSH project.
2013 Jul 30
1
fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]
Am I the only person to be seeing this log message from sshd: fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth] ? (security/openssh-portable, with HPN patches and MIT Kerberos, although Kerberos is not actually configured on this server.) A work-around is to disable aes128-cbc in sshd_config, but it would be nice not to have my logs spammed with this. Currently
2008 Jun 12
2
FIPS mode OpenSSH suggestion
Hi OpenSSH team, I find a url http://www.gossamer-threads.com/lists/openssh/dev/42808?do=post_view_threaded#42808, which provides unofficial patch for FIPS Capable OpenSSH. I try it and it seems working for some cases. (BTW, I also find that aes128-ctr, aes192-ctr and aes256-ctr ciphers can't work in FIPS mode properly. The fips mode sshd debug info is as following.
2003 Dec 22
1
?? memory leak in 3des1
Hello, quoted patch free's cipher_data malloc'd in calls to EVP_CipherInit() in ssh1_3des_init(), at least linked with openssl >= 0.9.7. It does not appear to me (superficial scan) that there is any harm in calling the _cleanup routine with earlier openssl. fwiw :laird --- openssh-3.7.1p2/cipher-3des1.c Tue Sep 23 05:24:21 2003 +++ src37m/cipher-3des1.c Mon Dec 15
2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
Add support to load additional certificates for already loaded private keys. Useful if the private key is on a PKCS#11 hardware token. The private keys inside ssh-agent are now using a refcount to share the private parts between "Identities". The reason for this change was that the PKCS#11 code might have redirected ("wrap") the RSA functions to a hardware token. We don't
2007 Jul 11
1
Bug#432741: xen-3.0: FTBFS on amd64: error: gnu/stubs-32.h: No such file or directory
Package: xen-3.0 Version: 3.0.4-1-1 Severity: important Hi, Your package is trying to build 32 bit binaries on amd64, and fails with the following error: /usr/include/gnu/stubs.h:7:27: error: gnu/stubs-32.h: No such file or directory If you want to build 32 bit binaries on 64 bit arches, you need to build depend on gcc-multilib on those arches. Kurt
2003 Nov 15
1
synchronisation in multiple directions.
We want to have the same files on multiple sites, of which one act as master. If the file changes on 1 site it should be moved to the master, and then from the master to the other sites. That part shouldn't be that hard to do, but what also should happen is that if a file is deleted or added on one site it should get removed or added on the sites too. And afaik, I can't currently do
2008 Jun 19
0
Is there any plan for OpenSSH to support FIPS?
Hi OpenSSh Developer, Currently, I can make openssh-5.0p1 working in FIPS mode. The detail steps I did are as follows. 1) Build FIPS OpenSSL according to FIPS User Guide(http://www.openssl.org/docs/fips/) on HP-UX PA 11.23 box. FIPS object module is generated by compiling openssl-fips-1.1.2. FIPS OpenSSL is built by openssl-0.9.7m, which is passed fips option for Configure step. 2) Modify
2005 Nov 20
0
[PATCH] Solaris 10 and missing OpenSSL functions >128bit
Hi all. Solaris 10's default libcrypto does not have support for AES 192 and 256 bit functions. The attached patch, against -current, and based partially on an earlier one by djm, will use OpenSSH's builtin rijndael code for all AES crypto functions and thus will allow it to build and function on Solaris 10 without the extra crypto packages (SUNWcry, SUNWcryr) or a locally built OpenSSL.
2020 Jan 16
3
[patch 1/2] use chacha20 from openssl (1.1.0+) when possible
On Fri, 2019-07-12 at 15:54 +1000, Damien Miller wrote: > On Thu, 17 Jan 2019, Yuriy M. Kaminskiy wrote: > > > On some cpu's optimized chacha implementation in openssl (1.1.0+) > > is > > notably faster (and on others it is just faster) than generic C > > implementation in openssh. > > > > Sadly, openssl's chacha20-poly1305
2018 Oct 11
2
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
On Thu, Oct 11, 2018 at 10:41 AM Damien Miller <djm at mindrot.org> wrote: > On Wed, 10 Oct 2018, Adam Eijdenberg wrote: > > We see this error on the client side: > > > > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> > > ... > > debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key > > debug1: send_pubkey_test: no
2002 Mar 08
1
Problems with Solaris 8 and OpenSSH 3.1p1
When compiling the software it breaks with an error on the cipher.c file. Lot's of warnings and error of undeclared stuff. Snippet follows: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/include -Iyes -I/usr/local/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\"
2018 Oct 11
2
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
On Thu, 11 Oct 2018, Adam Eijdenberg wrote: > On Thu, Oct 11, 2018 at 12:13 PM Damien Miller <djm at mindrot.org> wrote: > > Could you try this? > > > > diff --git a/sshconnect2.c b/sshconnect2.c > > index f104408..1d2906f 100644 > > --- a/sshconnect2.c > > +++ b/sshconnect2.c > > @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const
2018 Oct 11
3
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
On Thu, 11 Oct 2018, Damien Miller wrote: > On Thu, 11 Oct 2018, Adam Eijdenberg wrote: > > > Thanks for looking into. I wasn't able to get the patch to apply > > cleanly to the portable source for whatever reason, so I manually made > > the changes and got a little further. I now get past the "no mutual > > signature algorithm" client message, and get
2016 Dec 28
2
certificates keys on pkcs11 devices
Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,
2008 Apr 26
1
Bug#477931: rsync: Segfaults syncing the linux kernel archive.
Hi Wayne, I just got this bug report about rsync 3.0.2 reproducibly crashing, together with a backtrace and a patch; very helpful :-) (Please preserve 477931-forwarded@bugs.debian.org in the CC so that you response is archived in the Debian BTS, thanks.) Paul Slootman On Fri 25 Apr 2008, Kurt Roeckx wrote: > Subject: Bug#477931: rsync: Segfaults syncing the linux kernel archive. > From:
2004 May 11
9
[Bug 867] configure fails to find res_query/dn_expand on Linux amd64
http://bugzilla.mindrot.org/show_bug.cgi?id=867 Summary: configure fails to find res_query/dn_expand on Linux amd64 Product: Portable OpenSSH Version: 3.8.1p1 Platform: Other URL: http://bugs.debian.org/242462 OS/Version: Linux Status: NEW Severity: normal Priority: P2