Fwd: Re: Inconsisten declaration of ssh_aes_ctr_iv()

Damien Miller djm at mindrot.org
Thu Feb 14 10:32:51 EST 2013


On Wed, 13 Feb 2013, Iain Morgan wrote:

> On Wed, Feb 13, 2013 at 16:29:47 -0600, Damien Miller wrote:
> > On Wed, 13 Feb 2013, Iain Morgan wrote:
> > 
> > > With the 0214 snapshot, the same errors are reported, but the overall
> > > test succeeds. It then fails for krl.sh.
> > > 
> > > test integrity: hmac-sha2-512-etm at openssh.com @2507 Corrupted MAC on input. Disconnecting: Packet corrupt.
> > > test integrity: hmac-sha2-512-etm at openssh.com @2508 Corrupted MAC on input. Disconnecting: Packet corrupt.
> > > test integrity: hmac-sha2-512-etm at openssh.com @2509 Corrupted MAC on input. Disconnecting: Packet corrupt.
> > > test integrity: 10 errors: mac 10 padding 0 length 0
> > > ok integrity
> > 
> > Those errors are expected - this test fuzzes the stream between ssh and
> > sshd to verify that integrity protection is working correctly.
> > 
> > > run test krl.sh ...
> > > unknown key type ecdsa
> > > FATAL: /u/wk/imorgan/src/openssh/integrity/openssh/ssh-keygen CA failed
> > 
> > Here's a patch for that:
> > 
> 
> I had to make a minor tweak to your patch, s/$ECDSA=rsa/ECDSA=rsa/. With
> that, and using startoffset=2500, all tests pass for the 20130214
> snapshot built against the vendor's OpenSSL 1.0.0-fips.

Excellent - thanks and committed ;)


More information about the openssh-unix-dev mailing list