Displaying 20 results from an estimated 300 matches similar to: "[PATCH] compat: Relax version check with OpenSSL 3.0+"
2023 May 07
1
[PATCH] compat: Relax version check with OpenSSL 3.0+
On Sunday, May 7, 2023 3:53 PM, Sebastian Andrzej Siewior wrote:
>OpenSSL 3.1.0 uses the same ABI as OpenSSL 3.0.x series. Further 3.1.x
release are
>just stable updates and no ABI change (is expected) just like the 3.0.x
series.
>
>Relax the version check for OpenSSL 3+ and rely on ABI compatibility.
>
>Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
2018 Oct 14
4
Call for testing: OpenSSH 7.9
On Fri, 12 Oct 2018, Jakub Jelen wrote:
> Something like this can be used to properly initialize new OpenSSL
> versions:
>
> @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long libver)
> void
> ssh_OpenSSL_add_all_algorithms(void)
> {
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> OpenSSL_add_all_algorithms();
>
> /* Enable use of crypto
2018 Nov 19
2
[PATCH] openssl-compat: Test for OpenSSL_add_all_algorithms before using.
OpenSSL 1.1.0 has deprecated this function.
---
configure.ac | 1 +
openbsd-compat/openssl-compat.c | 2 ++
openbsd-compat/openssl-compat.h | 4 ++++
3 files changed, 7 insertions(+)
diff --git a/configure.ac b/configure.ac
index 3f7fe2cd..db2aade8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then
])
2023 Mar 14
15
[Bug 3548] New: Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548
Bug ID: 3548
Summary: Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to
version mismatch error
Product: Portable OpenSSH
Version: 9.1p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2018 Oct 11
13
Call for testing: OpenSSH 7.9
Hi,
OpenSSH 7.9p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2020 Sep 05
8
[PATCH 0/5] ZSTD compression support for OpenSSH
I added ZSTD support to OpenSSH roughly over a year and I've been
playing with it ever since.
The nice part is that ZSTD achieves reasonable compression (like zlib)
but consumes little CPU so it is unlikely that compression becomes the
bottle neck of a transfer. The compression overhead (CPU) is negligible
even when uncompressed data is tunneled over the SSH connection (SOCKS
proxy, port
2020 Mar 24
4
ZSTD compression support for OpenSSH
I hacked zstd support into OpenSSH a while ago and just started to clean
it up in the recent days. The cleanup includes configuration support
among other things that I did not have.
During testing I noticed the following differences compared to zlib:
- highly interactive shell output (as in refreshed at a _very_ high
rate) may result in higher bandwidth compared to zlib. Since zstd is
quicker
2020 Mar 17
1
[RFC PATCH] Add SHA1 support
On 2020-03-17 00:03:03 [+0100], Dimitrios Apostolou via rsync wrote:
> On Thursday, February 20, 2020 10:34:53 PM CET, Sebastian Andrzej Siewior
> via rsync wrote:
> >
> > I'm still not sure if rsync requires a cryptographic hash _or_ if a
> > strong hash like xxHash64 would be just fine for the job.
>
> I'm fairly sure the hash should *not* be easy to
2020 Feb 20
2
[RFC PATCH] Add SHA1 support
On 2020-02-20 20:06:39 [+0100], Markus Ueberall wrote:
> On 2020-02-09 23:19, Sebastian Andrzej Siewior wrote:
> > [...]
> > My primar motivation to use SHA1 for checksumming (by default) instead
> > of MD5 is not the additional security bits but performance. On a decent
> > x86 box the SHA1 performance is almost the same as MD5's but with
> > acceleration it
2017 Jul 24
2
[PATCH] virtio-net: fix module unloading
Unregister the driver before removing multi-instance hotplug
callbacks. This order avoids the warning issued from
__cpuhp_remove_state_cpuslocked when the number of remaining
instances isn't yet zero.
Fixes: 8017c279196a ("net/virtio-net: Convert to hotplug state machine")
Cc: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
Signed-off-by: Andrew Jones <drjones at
2017 Jul 24
2
[PATCH] virtio-net: fix module unloading
Unregister the driver before removing multi-instance hotplug
callbacks. This order avoids the warning issued from
__cpuhp_remove_state_cpuslocked when the number of remaining
instances isn't yet zero.
Fixes: 8017c279196a ("net/virtio-net: Convert to hotplug state machine")
Cc: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
Signed-off-by: Andrew Jones <drjones at
2017 Aug 26
3
[PATCH] Add support for lower TLS version than default
The openssl library in Debian unstable (targeting Buster) supports
TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0.
If the admin decides to also support TLS1.[01] users he can then enable
the lower protocol version in case the users can't update their system.
Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
---
src/config/all-settings.c
2017 Oct 13
8
Status of OpenSSL 1.1 support
Hi,
more or less a year ago Kurt Roeckx provided an initial port towards the
OpenSSL 1.1 API [0]. The patch has been left untouched [1] and it has
been complained about a missing compat layer of the new vs the old API
within the OpenSSL library [2].
This is how I reconstructed the situation as of today and I am not
aware of any progress in regard to the newer library within the OpenSSH
project.
2020 May 23
4
[PATCH] Optimized assembler version of md5_process() for x86-64
On 2020-05-22 22:54:18 [-0700], Wayne Davison via rsync wrote:
> Thanks for the optimizing patches, Jorrit! I've merged your latest changes
> into the git master branch.
Wouldn't it be better to add support for a crypto library (like openssl)
which would provide optimized algorithms for more than just one platform
without the need to maintain it separately?
> ..wayne..
2017 Aug 27
3
[PATCH] Add support for lower TLS version than default
On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss at iki.fi> wrote:
>> DEF(SET_STR, ssl_protocols),
>> DEF(SET_STR, ssl_cert_username_field),
>> DEF(SET_STR, ssl_crypto_device),
>> + DEF(SET_STR, ssl_lowest_version),
>
>Does it really require a new setting? Couldn't it use the existing
>ssl_protocols setting?
You need to set a minimal version.
2018 Jul 30
7
[Bug 2888] New: Consider adding other compression schemes (lz4, zstd)
https://bugzilla.mindrot.org/show_bug.cgi?id=2888
Bug ID: 2888
Summary: Consider adding other compression schemes (lz4, zstd)
Product: Portable OpenSSH
Version: 7.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee:
2023 May 07
2
[PATCH] compat: Relax version check with OpenSSL 3.0+
On Mon, 8 May 2023 at 06:13, <rsbecker at nexbridge.com> wrote:
[...]
> Is this not already covered using the --without-openssl-header-check
> configuration option?
No. That configure option will disable the consistency check between
the headers and library versions at compile time, ie the API. It was
added when some vendors (from memory, Apple) started shipping
libcrypto updates
2020 Sep 08
3
[PATCH 0/5] ZSTD compression support for OpenSSH
On 2020-09-07 11:21:13 [+1000], Darren Tucker wrote:
> The zstd part would be a larger discussion because we would need to
> either carry it as a Portable patch or have zstd added to OpenBSD
> base, and I don't know if that would be accepted. Do you have any
> performance numbers for zstd in this application?
A key stroke is here 10 bytes of raw data which zstd compresses usually
2010 Feb 12
1
[RFC] add support for fallocate()
fallocate() is linux specific and will preallocate the space on disk for
the entire file. FALLOC_FL_KEEP_SIZE does not change the filesize as
reported by stat(). An aborted transfer will have preallocated disk space
which is not "visible" via stat(). This shouldn't matter unless the user
does complet his transfer.
An alternative would be to use ftruncate() and shorten the file to the
2023 Feb 24
1
[PATCH 1/1] Add support for ZSTD compression
From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
The "zstd at breakpoint.cc" compression algorithm enables ZSTD based
compression as defined in RFC8478. The compression is delayed until the
server sends the SSH_MSG_USERAUTH_SUCCESS which is the same time as with
the "zlib at openssh.com" method.
Signed-off-by: Sebastian Andrzej Siewior <sebastian at