Announce: OpenSSH 4.6 released
vinschen at redhat.com
Sat Mar 10 02:00:15 EST 2007
On Mar 9 08:57, Darren Tucker wrote:
> On Fri, Mar 09, 2007 at 07:25:22AM +1100, Darren Tucker wrote:
> > Corinna Vinschen wrote:
> > > $ ssh -1 somemachine
> > > Disconnecting: Corrupted check bytes on input.
> > > [...]
> In fact, if you're using OpenSSL 0.9.8e I suggest you apply the following
> patch to it, recompile everything and see if your problem persists.
> The symmetry of the problem (ie it works with itself but doesn't
> interoperate) is the same as what I saw with the AES counter-mode
> problems in OpenSSH bug #1291.
> That workaround above only helps for the bits of OpenSSH that use
> EVP_CIPHER_CTX_key_length, it doesn't help where OpenSSL itself uses it,
> which may be the case here. See bugzilla #1291 for details.
> Index: crypto/evp/evp_lib.c
> RCS file: /home/dtucker/src/security/openssl/cvs/openssl-cvs/openssl/crypto/evp/evp_lib.c,v
> retrieving revision 188.8.131.52
> diff -u -p -r184.108.40.206 evp_lib.c
> --- crypto/evp/evp_lib.c 29 Nov 2006 20:47:13 -0000 220.127.116.11
> +++ crypto/evp/evp_lib.c 3 Mar 2007 23:54:00 -0000
> @@ -225,7 +225,7 @@ int EVP_CIPHER_key_length(const EVP_CIPH
> int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
> - return ctx->cipher->key_len;
> + return ctx->key_len;
> int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
Thanks Darren, that did it! I first tried with just adding the missing
#include to cipher-bf1.c, but that didn't help. Only by applying the
above patch to openssl-0.9.8e I could connect to the Linux box using
openssh-4.5p1 with openssl-0.9.8d.
So, the bottom line is, I have to release a patched version of openssl.
Cygwin Project Co-Leader
More information about the openssh-unix-dev