Public scan · 2026-05-01
openssh/openssh-portable
Portable OpenSSH
- c
- cryptography
- file-sharing
- keychain
- login
- security
Files scanned
429
Shor-vulnerable
78
RSA / ECC / Ed* / X25519
Grover-weakened
37
AES-128 / SHA-1 / MD5
Total occurrences
115
Breakdown by primitive
- ECC 46
- SHA-1 (broken, replace with SHA-256) 19
- RSA/DSA/DH 16
- Asymmetric 15
- MD5 (broken, replace with SHA-256) 10
- AES-128 (double to AES-256) 8
- ECC/RSA 1
Findings
download CycloneDX 1.6 CBOM → ed25519-openssl.c open ↗
-
if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL)) == NULL) { -
if ((pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, NULL, -
if ((pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL,
kex-names.c open ↗
-
NID_X9_62_prime256v1, SSH_DIGEST_SHA256, KEX_NOT_PQ }, -
{ KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, -
{ KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1,
monitor.c open ↗
-
#include <openssl/dh.h> -
* Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),
openbsd-compat/openssl-compat.h open ↗
-
#include <openssl/rsa.h> -
#include <openssl/dh.h>
regress/misc/sk-dummy/sk-dummy.c open ↗
-
#include <openssl/ec.h> -
if ((key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) == NULL) { -
if (EVP_PKEY_base_id(pk) != EVP_PKEY_EC) {
regress/misc/ssh-verify-attestation/ssh-verify-attestation.c open ↗
-
(g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL || -
key->ecdsa_nid = NID_X9_62_prime256v1; -
case NID_X9_62_prime256v1: -
case NID_X9_62_prime256v1:
regress/unittests/sshbuf/test_sshbuf_getput_crypto.c open ↗
-
int ec256_nid = NID_X9_62_prime256v1;
regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c open ↗
-
eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
regress/unittests/sshkey/test_file.c open ↗
-
#include <openssl/rsa.h> -
TEST_START("load RSA cert with SHA1 signature");
regress/unittests/sshkey/test_fuzz.c open ↗
-
#include <openssl/rsa.h>
regress/unittests/sshkey/test_sshkey.c open ↗
-
#include <openssl/rsa.h> -
signature_benchmark("RSA-1024/SHA1", KEY_RSA, 1024, "ssh-rsa", 0); -
signature_benchmark("RSA-2048/SHA1", KEY_RSA, 2048, "ssh-rsa", 0); -
signature_benchmark("RSA-1024/SHA1", KEY_RSA, 1024, "ssh-rsa", 1); -
signature_benchmark("RSA-2048/SHA1", KEY_RSA, 2048, "ssh-rsa", 1);
sk-usbhid.c open ↗
-
#include <openssl/ec.h> -
(g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL ||
ssh-ecdsa-sk.c open ↗
-
#include <openssl/ec.h> -
if (key->ecdsa_nid != NID_X9_62_prime256v1) -
/* .nid = */ NID_X9_62_prime256v1, -
/* .nid = */ NID_X9_62_prime256v1, -
/* .nid = */ NID_X9_62_prime256v1, -
/* .nid = */ NID_X9_62_prime256v1,
ssh-ecdsa.c open ↗
-
#include <openssl/ec.h> -
NID_X9_62_prime256v1, -
NID_secp384r1, -
NID_secp521r1, -
case NID_X9_62_prime256v1: -
case NID_secp384r1: -
case NID_secp521r1: -
if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) == NULL) -
/* .nid = */ NID_X9_62_prime256v1, -
/* .nid = */ NID_X9_62_prime256v1, -
/* .nid = */ NID_secp384r1, -
/* .nid = */ NID_secp384r1, -
/* .nid = */ NID_secp521r1, -
/* .nid = */ NID_secp521r1,
ssh-keygen.c open ↗
-
case EVP_PKEY_RSA: -
case EVP_PKEY_EC:
ssh-keysign.c open ↗
-
#include <openssl/rsa.h> -
if (len != 20 && /* SHA1 */
ssh-pkcs11.c open ↗
-
rsa = RSA_new(); -
if (EVP_PKEY_base_id(evp) == EVP_PKEY_RSA) { -
} else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { -
} else if (EVP_PKEY_base_id(evp) == EVP_PKEY_ED25519) {
ssh-rsa.c open ↗
-
if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) { -
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
ssh-sk.c open ↗
-
#include <openssl/ec.h> -
key->ecdsa_nid = NID_X9_62_prime256v1;
sshkey.c open ↗
-
return NID_X9_62_prime256v1; -
return NID_secp384r1; -
return NID_secp521r1; -
case NID_X9_62_prime256v1: -
case NID_secp384r1: -
case NID_secp521r1: -
return NID_X9_62_prime256v1; -
return NID_secp384r1; -
return NID_secp521r1; -
case NID_X9_62_prime256v1: -
case NID_secp384r1: -
case NID_secp521r1: -
pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, -
if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA && -
} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_EC && -
} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_ED25519 &&
authfd.c open ↗
-
* an incorrect RSA signature algorithm (e.g. "ssh-rsa" (RSA/SHA1) vs.
cipher.c open ↗
-
{ "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc }, -
{ "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr }, -
{ "[email protected]", -
{ "aes128-ctr", 16, 16, 0, 0, CFLAG_AESCTR, NULL },
digest-libc.c open ↗
-
"MD5", -
"SHA1",
digest-openssl.c open ↗
-
{ SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, -
{ SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 },
krl.c open ↗
-
KRL_DBG(("revoked by key SHA1")); -
* There is not KRL spec keyword for raw SHA1 hashes, so -
fprintf(f, "# hash SHA1:%s\n", fp);
myproposal.h open ↗
-
"[email protected],[email protected]," \ -
"aes128-ctr,aes192-ctr,aes256-ctr"
openbsd-compat/md5.c open ↗
-
* This code implements the MD5 message-digest algorithm. -
* Start MD5 accumulation. Set bit count to 0 and buffer to mysterious -
/* This is the central step in the MD5 algorithm. */ -
* The core of the MD5 algorithm, this alters an existing MD5 hash to -
* The core of the MD5 algorithm, this alters an existing MD5 hash to
openbsd-compat/md5.h open ↗
-
* This code implements the MD5 message-digest algorithm.
openbsd-compat/sha1.c open ↗
-
* SHA-1 in C -
* (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1 -
/* SHA1 initialization constants */
regress/netcat.c open ↗
-
int Sflag; /* TCP MD5 signature option */ -
\t-S Enable the TCP MD5 signature option\n\
regress/unittests/kex/test_kex.c open ↗
-
do_kex_with_key(kex, "aes128-ctr", "hmac-sha2-256", key,