Recent openssl is required for OPENSSL_free [Re: Please test snapshots for 3.0 release] (fwd)

Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
Sun Oct 21 19:26:48 EST 2001

On Sat, Oct 20, 2001 at 11:41:24PM +0300, Pekka Savola wrote:
> 3) Building appears to rely on the existance of rather recent openssl.
> This is good from security perspective, but will make building with e.g.
> 0.9.5a impossible.  If this is intended to be requirement (there _have_
> been security fixes), at least Requires:  openssl >= 0.9.6 or whatever
> should be added and the requirement noted in the docs.
> The build failed on my RHL62 with:
> ./libssh.a(key.o): In function `write_bignum':
> key.o(.text+0x7f7): undefined reference to `OPENSSL_free'

I just had a look into the source. Since BN_bn2dec() really allocates
the buffer itself (using OPENSSL_malloc() in recent versions), there is
nothing an application writer can do with respect to this inconsistency.
(For all OpenSSL special data types, TYPE_new() and TYPE_free() exist.)
The only thing that could be done is to query the version defined in
opensslv.h and based on that make a #if OPENSSL_VERSION_NUMBER construct.
(The comment on security fixes with respect to OpenSSL 0.9.6 applies,
but the only thing touching OpenSSH would be the PRNG fix, and this one
has been backported by some distributors to older OpenSSL versions in
order to maintain compatibility. And, in fact, OpenSSH was immune to
the PRNG problem anyway.)

Best regards,
Lutz Jaenicke                             Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153

More information about the openssh-unix-dev mailing list