Call for testing: OpenSSH-5.7

Darren Tucker dtucker at zip.com.au
Thu Jan 20 18:29:40 EST 2011


On Thu, Jan 20, 2011 at 05:44:44PM +1100, Darren Tucker wrote:
> On 20/01/11 9:39 AM, Damien Miller wrote:
> >On Wed, 19 Jan 2011, Kevin Brott wrote:
> [...]
> >>*1* OS shipped with openssl 0.9.6b&  openssh 5.6 will not configure/build \
> >>however, building against 0.9.8o temp installed under /var/tmp/ssh
> >>works
> >
> >Could you post the error message here?
> 
> I think that vintage of Redhat shipped with the -engine variant of
> OpenSSL.  I can see an error if I try to compile against
> openssl-engine-0.9.6b, but I'm not sure if there's anything we can
> do about it:
> 
> ssh-pkcs11.c:309: undefined reference to `RSA_get_default_method'

OK so the problem seems to be that openssl-engine-.0.96b does not
implement that function (it does document it, however).  openssl-0.9.6b
*does* implement it, though, and it seems to be a wrapper to support
optionally building with the RSA reference implementation.

I think the following patch should make it work.  By rights you should
rerun "autoreconf" to rebuild configure after applying this patch then
rerun configure, however in this particular case just rerunning "make"
would probably also work.

Index: configure.ac
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/configure.ac,v
retrieving revision 1.468
diff -u -p -r1.468 configure.ac
--- configure.ac	19 Jan 2011 12:12:30 -0000	1.468
+++ configure.ac	20 Jan 2011 07:04:06 -0000
@@ -2180,7 +2180,7 @@ int main(void) { SSLeay_add_all_algorith
 	]
 )
 
-AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex)
+AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method)
 
 AC_ARG_WITH(ssl-engine,
 	[  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
Index: openbsd-compat/openssl-compat.c
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/openbsd-compat/openssl-compat.c,v
retrieving revision 1.12
diff -u -p -r1.12 openssl-compat.c
--- openbsd-compat/openssl-compat.c	4 Dec 2010 21:46:05 -0000	1.12
+++ openbsd-compat/openssl-compat.c	20 Jan 2011 07:14:43 -0000
@@ -120,6 +120,14 @@ DSA_generate_parameters_ex(DSA *dsa, int
 }
 #endif
 
+#ifndef RSA_GET_DEFAULT_METHOD
+RSA_METHOD *
+RSA_get_default_method(void)
+{
+	return RSA_PKCS1_SSLeay();
+}
+#endif
+
 #ifdef	USE_OPENSSL_ENGINE
 void
 ssh_SSLeay_add_all_algorithms(void)
Index: openbsd-compat/openssl-compat.h
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/openbsd-compat/openssl-compat.h,v
retrieving revision 1.17
diff -u -p -r1.17 openssl-compat.h
--- openbsd-compat/openssl-compat.h	4 Dec 2010 12:20:50 -0000	1.17
+++ openbsd-compat/openssl-compat.h	20 Jan 2011 07:06:22 -0000
@@ -121,6 +121,10 @@ int DSA_generate_parameters_ex(DSA *, in
 int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *);
 # endif
 
+# ifndef RSA_GET_DEFAULT_METHOD
+RSA_METHOD *RSA_get_default_method(void);
+# endif
+
 int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
     unsigned char *, int);
 int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list