Binary compatibility problem in OpenSSH from OpenSSL mailing list

[Markus Friedl]

On Wed, Oct 12, 2005 at 11:47:11AM +0530, Senthil Kumar wrote:
> Hello All,
> 
> There seems to be a binary compatibility problem with OpenSSL and OpenSSH 
> 4.2p1. The details can be found at 
> http://www.mail-archive.com/openssl-users@openssl.org/msg41869.html . The 
> discussion is closed with pointing a problem in key.c in OpenSSH and 
> corresponding thread is at 
> http://www.mail-archive.com/openssl-users@openssl.org/msg41878.html
> 

> fix.

well, it's a bug in the library, and the library should be fixed IMHO.

the manpage for EVP_MD_CTX_init has this example, and
that's similar to the code we use:

        EVP_MD_CTX_init(&mdctx);
        EVP_DigestInit_ex(&mdctx, md, NULL);
        EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
        EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
        EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
        EVP_MD_CTX_cleanup(&mdctx);

if you want to make sure openssh survives when the shared
lib changes the size of EVP_MD_CTX, then you need to change
these files as well:

	% grep EVP_MD_CTX *.c
	kex.c:  EVP_MD_CTX md;
	kex.c:  EVP_MD_CTX md;
	kexdh.c:        EVP_MD_CTX md;
	kexgex.c:       EVP_MD_CTX md;
	key.c:  EVP_MD_CTX ctx;
	scard.c:        EVP_MD_CTX md;
	ssh-dss.c:      EVP_MD_CTX md;
	ssh-dss.c:      EVP_MD_CTX md;
	ssh-rsa.c:      EVP_MD_CTX md;
	ssh-rsa.c:      EVP_MD_CTX md;
	%

-m