similar to: [PATCH] openssl-compat: Test for OpenSSL_add_all_algorithms before using.

On Fri, 12 Oct 2018, Jakub Jelen wrote: > Something like this can be used to properly initialize new OpenSSL > versions: > > @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long libver) > void > ssh_OpenSSL_add_all_algorithms(void) > { > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > OpenSSL_add_all_algorithms(); > > /* Enable use of crypto

Hi, OpenSSH 7.9p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

We've run into an interesting dilemma regarding last log information and ssh 4.2p1. In 3.8, we didn't see this problem, but now has cropped up in 4.2. When a user logs in, sshd seems to call 'last' to get the last log information. 'last' then opens the /var/log/wtmp file and processes the information. On some systems, this file can be quite large, and we're seeing

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

OK, with this additional information I can now reproduce it. Based on some quick experiments it seems to be triggered when sshd is built --with-ssh1 and the config does not *load* a Protocol 1 host key. Works: Protocol=1,2 + Hostkey not specified Protocol=1,2 + Hostkeys for both protocols specified. Doesn't work: Protocol=2 + Hostkey not specified. Protocol=1,2 + Hostkeys specified only for

http://bugzilla.mindrot.org/show_bug.cgi?id=968 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #760| |ok? Flag| | ------- Additional Comments From djm at mindrot.org 2005-02-16 11:24 -------

I am confused on how ssh_SSLeay_add_all_algorithms() get used in the ssh applications for openssh-5.7p1 and later releases. I don't see any of the applications making calls to ssh_SSLeay_add_all_algorithms(). There is a macro that redefines SSLeay_add_all_algorithms() to ssh_SSLeay_add_all_algorithms() but I don't see any code calling SSLeay_add_all_algorithms(). In openssh-5.6p1 and

OpenSSL_add_all_algorithms has been deprecated with 1.1. Compatibility is needed. Signed-off-by: Rosen Penev <rosenp at gmail.com> --- ssh-keysign.c | 1 + ssh_api.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/ssh-keysign.c b/ssh-keysign.c index 744ecb4f..bcd1508c 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -40,6 +40,7 @@ #include <openssl/evp.h> #include

Hi, I am trying to install tinc-1.0pre8 on my RH 9.0 (kernel 2.4.20-13.9) system. I have already installed Openssl (v0.9.7a). When i try to run the ./configure script, it stops at the follwing check ---SNIP-- checking openssl/pem.h presence... yes checking for openssl/pem.h... yes checking for SHA1_version in -lcrypto... yes checking for RAND_pseudo_bytes... yes checking for

I believe there is a problem with the openbsd-compat/bsd-arc4random.c file. If arc4random () is called without seed_rng having previously been called (eg if you run ssh-keygen -p ) then it does not in fact invoke seed_rng () if it is the first time. Instead it will invoke seed_rng every time BUT the first time. At least that is the way I read the code, and changing it as below allowed me to

Correct me if I'm wrong, but init_rng() in entropy.c doesn't call seed_rng(), and in fact seed_rng() isn't called from _anywhere_ (in openssh-2.5.1p2). So calls to BN_rand() only pick up the tiny/non-existent amount of entropy added by BN_rand() itself from the system clock (time in seconds). Shouldn't seed_rng() be called from init_rng()? It should be called from _somewhere_,

The attached patches fixes and cleans up the build when configured with --without-openssl. Summary: * Fix KEX_SERVER_ENCRYPT macro in myproposal.h * Fix unresolved symbols in ssh-keygen.c * Isolate openssl code and extend WITH_OPENSSL wrappers around it * Make ed25519 default key type in ssh-keygen when configured --without-openssl -------------- next part -------------- A non-text attachment was

http://bugzilla.mindrot.org/show_bug.cgi?id=231 ------- Additional Comments From stevesk at pobox.com 2002-05-12 05:31 ------- the error is not seen in current i believe due to the fix to arc4random() to call seed_rng() correctly. is there a way we can reduce the diff in terms of moving function calls around due to delaying RNG seeding?

Hi, Patch attached for $SUBJECT. ismail

Hello, I am trying to port Openssh to MIPS platform. I am facing some problems with the function seed_rng(). I get a segmentation fault when this function is executed. Any suggestion will be appreciated. Kiran. ******************************************************* Kiran R Rao Software Engineer Integrated Device Technology,Inc. (408)-330-1835

I have a need to have the same OpenSSH binaries run on multiple machines which are administered by different people. That means on Solaris, for example, there will be some with /dev/random, some on which I can run prngd because they'll be installing my binaries as root, and some which will have neither because they will be only installed as non-root. Below is a patch to enable choosing all 3

Yo All! openssh-SNAP-20010209.tar.gz fails to compile on Slackware. Patch at the end of this message. Here is the error: gcc -o sftp sftp.o sftp-client.o sftp-common.o sftp-int.o log-client.o -L. -Lopenbsd-compat/ -L/usr/local/ssl/lib -L/usr/local/ssl -lssh -lopenbsd-compat -lcrypt -lz -lnsl -lutil -lcrypto -lwrap openbsd-compat//libopenbsd-compat.a(bsd-arc4random.o): In function

On Fri, 2019-07-12 at 15:54 +1000, Damien Miller wrote: > On Thu, 17 Jan 2019, Yuriy M. Kaminskiy wrote: > > > On some cpu's optimized chacha implementation in openssl (1.1.0+) > > is > > notably faster (and on others it is just faster) than generic C > > implementation in openssh. > > > > Sadly, openssl's chacha20-poly1305

On Tue, 23 Jun 2015, Jakub Jelen wrote: > > On 05/29/2015 09:12 AM, Damien Miller wrote: > > Hi, > > > > OpenSSH 6.9 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This release contains > > some substantial new features and a number of bugfixes. > Tested basic configuration on Fedora 22. With

Hello, With current portable master source tree HAVE_CRYPT and HAVE_DES_CRYPT are not defined. It seems to me this is regression introduced with implementation of configure options --with-openssl. Impacted code is in xcrypt.c: ... # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT) # include <openssl/des.h> # define crypt DES_crypt # endif ...