Inconsisten declaration of ssh_aes_ctr_iv()

Thu Jan 17 14:26:39 EST 2013

On Mon, 14 Jan 2013, Iain Morgan wrote:

> Thanks. The snapshot builds with the supplied patch, but there is stall
> a warning in cipher-ctr.c:
> 
> cipher-ctr.c: In function ?evp_aes_128_ctr?:
> cipher-ctr.c:138: warning: assignment from incompatible pointer type

That's weird - we try to get that type right based on the installed
OpenSSL version.

Could you tell me the declaration of the function pointer do_cipher in
OpenSSL's evp.h on your system and the the OPENSSL_VERSION_NUMBER from
opensslv.h?

> For completeness, the following warnings show up during the build.

[different manifestations of the same problem]

> I ran the regression tests, but they fail when building against older
> OpenSSL versions due to the lack of GCM support.

Please try this diff:

Index: regress/cipher-speed.sh
===================================================================
RCS file: /var/cvs/openssh/regress/cipher-speed.sh,v
retrieving revision 1.8
diff -u -p -r1.8 cipher-speed.sh

--- regress/cipher-speed.sh	12 Jan 2013 11:46:28 -0000	1.8
+++ regress/cipher-speed.sh	17 Jan 2013 03:18:54 -0000
@@ -16,11 +16,11 @@ ciphers="aes128-cbc 3des-cbc blowfish-cb
 	arcfour128 arcfour256 arcfour 
 	aes192-cbc aes256-cbc rijndael-cbc at lysator.liu.se
 	aes128-ctr aes192-ctr aes256-ctr"
-config_defined OPENSSL_HAVE_EVPGCM &&
+config_defined OPENSSL_HAVE_EVPGCM && \
 	ciphers="$ciphers aes128-gcm at openssh.com aes256-gcm at openssh.com"
 macs="hmac-sha1 hmac-md5 umac-64 at openssh.com umac-128 at openssh.com
 	hmac-sha1-96 hmac-md5-96"
-config_defined HAVE_EVP_SHA256 &&
+config_defined HAVE_EVP_SHA256 && \
     macs="$macs hmac-sha2-256 hmac-sha2-512"
 
 for c in $ciphers; do n=0; for m in $macs; do
Index: regress/integrity.sh
===================================================================
RCS file: /var/cvs/openssh/regress/integrity.sh,v
retrieving revision 1.5
diff -u -p -r1.5 integrity.sh
--- regress/integrity.sh	12 Jan 2013 12:10:50 -0000	1.5
+++ regress/integrity.sh	17 Jan 2013 03:19:02 -0000
@@ -16,7 +16,7 @@ macs="hmac-sha1 hmac-md5 umac-64 at openssh
 	hmac-sha2-256-etm at openssh.com hmac-sha2-512-etm at openssh.com"
 # The following are not MACs, but ciphers with integrated integrity. They are
 # handled specially below.
-config_defined OPENSSL_HAVE_EVPGCM &&
+config_defined OPENSSL_HAVE_EVPGCM && \
 	macs="$macs aes128-gcm at openssh.com aes256-gcm at openssh.com"
 
 # sshd-command for proxy (see test-exec.sh)
Index: regress/try-ciphers.sh
===================================================================
RCS file: /var/cvs/openssh/regress/try-ciphers.sh,v
retrieving revision 1.15
diff -u -p -r1.15 try-ciphers.sh
--- regress/try-ciphers.sh	12 Jan 2013 11:46:28 -0000	1.15
+++ regress/try-ciphers.sh	17 Jan 2013 03:19:33 -0000
@@ -6,8 +6,9 @@ tid="try ciphers"
 ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc 
 	arcfour128 arcfour256 arcfour 
 	aes192-cbc aes256-cbc rijndael-cbc at lysator.liu.se
-	aes128-ctr aes192-ctr aes256-ctr
-	aes128-gcm at openssh.com aes256-gcm at openssh.com"
+	aes128-ctr aes192-ctr aes256-ctr"
+config_defined OPENSSL_HAVE_EVPGCM && \
+	ciphers="$ciphers aes128-gcm at openssh.com aes256-gcm at openssh.com"
 macs="hmac-sha1 hmac-md5 umac-64 at openssh.com umac-128 at openssh.com
 	hmac-sha1-96 hmac-md5-96
 	hmac-sha1-etm at openssh.com hmac-md5-etm at openssh.com
