Fwd: Re: Inconsisten declaration of ssh_aes_ctr_iv()

Damien Miller djm at mindrot.org
Sat Feb 16 17:43:21 EST 2013


On Thu, 14 Feb 2013, Damien Miller wrote:

> > On Wed, 13 Feb 2013, Iain Morgan wrote:
> > > 
> > > I had to make a minor tweak to your patch, s/$ECDSA=rsa/ECDSA=rsa/. With
> > > that, and using startoffset=2500, all tests pass for the 20130214
> > > snapshot built against the vendor's OpenSSL 1.0.0-fips.
> 
> It has not fixed some of the tinderbox hosts:
> 
> http://tinderbox.dtucker.net/cgi-bin/gunzip.cgi?tree=OpenSSH_Portable&brief-log=1360816617.20977

With some help from Darren, we figured it out - hosts without ECC were
failing since they used more byte-wise verbose KEX methods than the
ecdh-* family.

As there is nothing sinister going on, I've committed the obvious fix of
cranking up fuzz offset past the end of the most longwinded KEX method
(diffie-hellman-group-exchange-sha256).

-d


More information about the openssh-unix-dev mailing list