With bounds checking patch for gcc-3.1 problems if using AES

Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
Tue Jul 16 20:24:55 EST 2002 

On Tue, Jul 16, 2002 at 11:53:19AM +0200, Markus Friedl wrote:
> On Tue, Jul 16, 2002 at 11:39:33AM +0200, Lutz Jaenicke wrote:
> > On Tue, Jul 16, 2002 at 10:15:35AM +0200, Markus Friedl wrote:
> > > On Mon, Jul 15, 2002 at 06:57:08PM +0000, Daniel Schröter wrote:
> > > >         rijndal_cbc.cleanup = ssh_rijndael_cleanup;
> > > >         rijndal_cbc.do_cipher = ssh_rijndael_cbc;
> > > > #ifndef SSH_OLD_EVP
> > > >         rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
> > > >             EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
> > > > #endif
> > > >         return (&rijndal_cbc);
> > > > }
> > > 
> > > thanks, i've added EVP_CIPH_CUSTOM_IV.
> > > 
> > > the only problem remains is systems with OpenSSL 0.9.5 (SSH_OLD_EVP)
> > > they will probably still copy out of bounds.
> > 
> > It's a systematic problem as 0.9.5 is no longer maintained (and it would not
> > make sense to further maintain it, as later versions contain the
> > necessary means (EVP_CIPH_CUSTOM_IV) to handle the problem).
> 
> yes, but people still use it.

I know. But I don't see what could be done about it. Either OpenSSH or
OpenSSL have to do something about it, if something should be done at all.

* OpenSSH uses OpenSSL beyond its specs, so it does not make it OpenSSL's
  problem. In fact, the solution would be to change either OpenSSL's API
  (add a corresponding flag and #define, which may affect compatility)
  or extend the array sizes, which whould break binary compatibility anyway.
  So the reason why several distributions stay with 0.9.5, (binary)
  compatiblity would be lost anyway.
  Thus I don't see any way to bring up 0.9.5 to handle the problem in a
  way not breaking other things, in which case we do have a better solution:
  use 0.9.6x or later.

As for a cleaner solution: I would recommend to disable AES support for
OpenSSL 0.9.5x as it seems to create problems that cannot easily be resolved,
and recommend people to update their OpenSSL release. If they do not update,
they still get OpenSSH working, but with a limited set of ciphers.
No security issue involved by leaving AES out. If they want AES support,
sorry, please update the version of OpenSSL.

Best,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke at aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus

More information about the openssh-unix-dev mailing list