Fwd: Re: Inconsisten declaration of ssh_aes_ctr_iv()

Iain Morgan imorgan at nas.nasa.gov
Thu Feb 14 10:27:56 EST 2013


On Wed, Feb 13, 2013 at 16:29:47 -0600, Damien Miller wrote:
> On Wed, 13 Feb 2013, Iain Morgan wrote:
> 
> > With the 0214 snapshot, the same errors are reported, but the overall
> > test succeeds. It then fails for krl.sh.
> > 
> > test integrity: hmac-sha2-512-etm at openssh.com @2507 Corrupted MAC on input. Disconnecting: Packet corrupt.
> > test integrity: hmac-sha2-512-etm at openssh.com @2508 Corrupted MAC on input. Disconnecting: Packet corrupt.
> > test integrity: hmac-sha2-512-etm at openssh.com @2509 Corrupted MAC on input. Disconnecting: Packet corrupt.
> > test integrity: 10 errors: mac 10 padding 0 length 0
> > ok integrity
> 
> Those errors are expected - this test fuzzes the stream between ssh and
> sshd to verify that integrity protection is working correctly.
> 
> > run test krl.sh ...
> > unknown key type ecdsa
> > FATAL: /u/wk/imorgan/src/openssh/integrity/openssh/ssh-keygen CA failed
> 
> Here's a patch for that:
> 

I had to make a minor tweak to your patch, s/$ECDSA=rsa/ECDSA=rsa/. With
that, and using startoffset=2500, all tests pass for the 20130214
snapshot built against the vendor's OpenSSL 1.0.0-fips.

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list