Call for testing: OpenSSH-5.7

Kevin Brott kevin.brott at gmail.com
Fri Jan 21 13:20:14 EST 2011 

Hrm - that doesn't quite seem to work ...

# patch -p0 -i ./patch
patching file configure.ac
Hunk #1 succeeded at 2180 with fuzz 1.
patching file openbsd-compat/openssl-compat.c
Hunk #1 succeeded at 21 with fuzz 2 (offset -99 lines).
patching file openbsd-compat/openssl-compat.h
Hunk #1 succeeded at 121 with fuzz 2.
# autoreconf
# ./configure --without-zlib-version-check && make tests
...
gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -fno-strict-aliasing -fno-builtin-memset -std=gnu99  -I.
-I.. -I. -I./..  -DHAVE_CONFIG_H -c openssl-compat.c
openssl-compat.c:25: parse error before `*'
openssl-compat.c:27: warning: return type defaults to `int'
openssl-compat.c: In function `RSA_get_default_method':
openssl-compat.c:28: warning: implicit declaration of function
`RSA_PKCS1_SSLeay'
openssl-compat.c:28: warning: return makes pointer from integer without a
cast
In file included from /usr/include/openssl/evp.h:118,
                 from openssl-compat.h:21,
                 from openssl-compat.c:40:
/usr/include/openssl/rsa.h: At top level:
/usr/include/openssl/rsa.h:213: warning: type mismatch with previous
implicit declaration
openssl-compat.c:28: warning: previous implicit declaration of
`RSA_PKCS1_SSLeay'
/usr/include/openssl/rsa.h:213: warning: `RSA_PKCS1_SSLeay' was previously
implicitly declared to return `int'
make[1]: *** [openssl-compat.o] Error 1
make[1]: Leaving directory `/var/tmp/ssh/openssh/openbsd-compat'
make: *** [openbsd-compat/libopenbsd-compat.a] Error 2
...

=====
On Wed, Jan 19, 2011 at 23:29, Darren Tucker <dtucker at zip.com.au> wrote:

> On Thu, Jan 20, 2011 at 05:44:44PM +1100, Darren Tucker wrote:
> > On 20/01/11 9:39 AM, Damien Miller wrote:
> > >On Wed, 19 Jan 2011, Kevin Brott wrote:
> > [...]
> > >>*1* OS shipped with openssl 0.9.6b&  openssh 5.6 will not
> configure/build \
> > >>however, building against 0.9.8o temp installed under /var/tmp/ssh
> > >>works
> > >
> > >Could you post the error message here?
> >
> > I think that vintage of Redhat shipped with the -engine variant of
> > OpenSSL.  I can see an error if I try to compile against
> > openssl-engine-0.9.6b, but I'm not sure if there's anything we can
> > do about it:
> >
> > ssh-pkcs11.c:309: undefined reference to `RSA_get_default_method'
>
> OK so the problem seems to be that openssl-engine-.0.96b does not
> implement that function (it does document it, however).  openssl-0.9.6b
> *does* implement it, though, and it seems to be a wrapper to support
> optionally building with the RSA reference implementation.
>
> I think the following patch should make it work.  By rights you should
> rerun "autoreconf" to rebuild configure after applying this patch then
> rerun configure, however in this particular case just rerunning "make"
> would probably also work.
>
> Index: configure.ac
> ===================================================================
> RCS file: /home/dtucker/openssh/cvs/openssh/configure.ac,v
> retrieving revision 1.468
> diff -u -p -r1.468 configure.ac
> --- configure.ac        19 Jan 2011 12:12:30 -0000      1.468
> +++ configure.ac        20 Jan 2011 07:04:06 -0000
> @@ -2180,7 +2180,7 @@ int main(void) { SSLeay_add_all_algorith
>        ]
>  )
>
> -AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex
> BN_is_prime_ex)
> +AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex
> BN_is_prime_ex RSA_get_default_method)
>
>  AC_ARG_WITH(ssl-engine,
>        [  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support
> ],
> Index: openbsd-compat/openssl-compat.c
> ===================================================================
> RCS file:
> /home/dtucker/openssh/cvs/openssh/openbsd-compat/openssl-compat.c,v
> retrieving revision 1.12
> diff -u -p -r1.12 openssl-compat.c
> --- openbsd-compat/openssl-compat.c     4 Dec 2010 21:46:05 -0000
> 1.12
> +++ openbsd-compat/openssl-compat.c     20 Jan 2011 07:14:43 -0000
> @@ -120,6 +120,14 @@ DSA_generate_parameters_ex(DSA *dsa, int
>  }
>  #endif
>
> +#ifndef RSA_GET_DEFAULT_METHOD
> +RSA_METHOD *
> +RSA_get_default_method(void)
> +{
> +       return RSA_PKCS1_SSLeay();
> +}
> +#endif
> +
>  #ifdef USE_OPENSSL_ENGINE
>  void
>  ssh_SSLeay_add_all_algorithms(void)
> Index: openbsd-compat/openssl-compat.h
> ===================================================================
> RCS file:
> /home/dtucker/openssh/cvs/openssh/openbsd-compat/openssl-compat.h,v
> retrieving revision 1.17
> diff -u -p -r1.17 openssl-compat.h
> --- openbsd-compat/openssl-compat.h     4 Dec 2010 12:20:50 -0000
> 1.17
> +++ openbsd-compat/openssl-compat.h     20 Jan 2011 07:06:22 -0000
> @@ -121,6 +121,10 @@ int DSA_generate_parameters_ex(DSA *, in
>  int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *);
>  # endif
>
> +# ifndef RSA_GET_DEFAULT_METHOD
> +RSA_METHOD *RSA_get_default_method(void);
> +# endif
> +
>  int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char
> *,
>     unsigned char *, int);
>  int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>    Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>



-- 
# include <stddisclaimer.h>
/* Kevin  Brott <Kevin.Brott at gmail.com> */

More information about the openssh-unix-dev mailing list