Call for testing: OpenSSH-5.7

Darren Tucker dtucker at zip.com.au
Fri Jan 21 19:29:36 EST 2011 

On Thu, Jan 20, 2011 at 06:20:14PM -0800, Kevin Brott wrote:
> Hrm - that doesn't quite seem to work ...

OK, I found I forgot to add the "HAVE_" in front of the symbol and I'm
guessing that I need to include the rsa header (although I didn't need
it on my test installation).

Please try this patch.

Index: configure.ac
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/configure.ac,v
retrieving revision 1.468
diff -u -p -r1.468 configure.ac
--- configure.ac	19 Jan 2011 12:12:30 -0000	1.468
+++ configure.ac	20 Jan 2011 07:04:06 -0000
@@ -2180,7 +2180,7 @@ int main(void) { SSLeay_add_all_algorith
 	]
 )
 
-AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex)
+AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method)
 
 AC_ARG_WITH(ssl-engine,
 	[  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
Index: openbsd-compat/openssl-compat.c
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/openbsd-compat/openssl-compat.c,v
retrieving revision 1.12
diff -u -p -r1.12 openssl-compat.c
--- openbsd-compat/openssl-compat.c	4 Dec 2010 21:46:05 -0000	1.12
+++ openbsd-compat/openssl-compat.c	21 Jan 2011 07:53:40 -0000
@@ -26,6 +26,10 @@
 # include <openssl/conf.h>
 #endif
 
+#ifndef HAVE_RSA_GET_DEFAULT_METHOD
+# include <openssl/rsa.h>
+#endif
+
 #include "log.h"
 
 #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
@@ -120,6 +124,14 @@ DSA_generate_parameters_ex(DSA *dsa, int
 }
 #endif
 
+#ifndef HAVE_RSA_GET_DEFAULT_METHOD
+RSA_METHOD *
+RSA_get_default_method(void)
+{
+	return RSA_PKCS1_SSLeay();
+}
+#endif
+
 #ifdef	USE_OPENSSL_ENGINE
 void
 ssh_SSLeay_add_all_algorithms(void)
Index: openbsd-compat/openssl-compat.h
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/openbsd-compat/openssl-compat.h,v
retrieving revision 1.17
diff -u -p -r1.17 openssl-compat.h
--- openbsd-compat/openssl-compat.h	4 Dec 2010 12:20:50 -0000	1.17
+++ openbsd-compat/openssl-compat.h	21 Jan 2011 08:02:14 -0000
@@ -78,6 +78,10 @@ extern const EVP_CIPHER *evp_acss(void);
 # define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
 #endif
 
+#ifndef HAVE_RSA_GET_DEFAULT_METHOD
+RSA_METHOD *RSA_get_default_method(void);
+#endif
+
 /*
  * We overload some of the OpenSSL crypto functions with ssh_* equivalents
  * which cater for older and/or less featureful OpenSSL version.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list