Thanks for your informative replies! I hope BIND, OpenSSH et al start using the 1.1.0 API soon.
RE: <cite> jason.vas.dias> On 20/03/2017, Kurt Roeckx <k...@roeckx.be> wrote: jason.vas.dias> > The ed25519 support in openssh doesn't even come from openssl. jason.vas.dias> > jason.vas.dias> What happens is OpenSSH's cipher.c calls jason.vas.dias> if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv, jason.vas.dias> (do_encrypt == CIPHER_ENCRYPT)) == 0) { jason.vas.dias> ret = SSH_ERR_LIBCRYPTO_ERROR; jason.vas.dias> goto out; jason.vas.dias> } jason.vas.dias> which always does 'goto out' for any ED25519 file. That would happen if ssh_host_ed25519_key is password protected and the cipher used to encrypt the key isn't recognised in OpenSSL 1.1.0 (and considering the current master of openssh-portable doesn't build cleanly against OpenSSL 1.1.0e and I therefore suppose you've hacked around, I can't even begin to say where the fault came in). It also depends on your OpenSSL configuration, since you can disable most algorithms it carries... </cite> But none of my host keys were password protected. They were just what resulted from the command: $ ssh-keygen -A which is run on initial openssh installation. The modifications I made were trivial : o Including the hidden API headers , o initializing automatic SSL structs - ie '{struct}_CTX v ={0};' , not '{struct}_CTX v;' ( else the {struct}_init(&v) function ( I think evp_init() ) could try free()-ing garbage pointer members ( in named ) ) o changing some structure member references from s->m to s.m - these were verified by compiler. That really is the extent of all mods I made to openssh / BIND . Openssh was then unable to read or write the existing /etc/ssh_host_ed25519_key file ( not PW protected ), so NO ssh app can run, and 'ssh_keygen -A' failed to write a new ed25519 key file (not pw protected) when I moved all the old files out of the way , failing ( under gdb ) at that point in the cipher_init() code I posted before . If anyone has managed to get openssh working under OpenSSL 1.1.0 please let me know & I'll try upgrading again. But until 1.1.0 adoption becomes more widespread, I still think it would be helpful if the main openssl.org webpage let users know this is the case , with a statement such as 'most openssl using applications have not upgraded to 1.1.0 yet' . This would prevent others from wasting time as I was led to do. Regards, Jason
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev