Inconsisten declaration of ssh_aes_ctr_iv() (fwd)

Damien Miller djm at mindrot.org
Fri Jan 18 11:19:15 EST 2013



---------- Forwarded message ----------
Date: Fri, 18 Jan 2013 10:19:35 +1100 (EST)
From: Damien Miller <djm at mindrot.org>
To: Iain Morgan <Iain.Morgan at nasa.gov>
Subject: Re: Inconsisten declaration of ssh_aes_ctr_iv()

On Thu, 17 Jan 2013, Iain Morgan wrote:

> > Could you tell me the declaration of the function pointer do_cipher in
> > OpenSSL's evp.h on your system and the the OPENSSL_VERSION_NUMBER from
> > opensslv.h?
> 
> % grep -A1 do_cipher /usr/include/openssl/evp.h
> 	int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
> 			 const unsigned char *in, size_t inl);/* encrypt/decrypt data */
> 
> % grep OPENSSL_VERSION_NUMBER /usr/include/openssl/opensslv.h
> #define OPENSSL_VERSION_NUMBER	0x10000003L

Is this a beta? This should help (on top of you existing diffs):

Index: openbsd-compat/openssl-compat.h
===================================================================
RCS file: /var/cvs/openssh/openbsd-compat/openssl-compat.h,v
retrieving revision 1.21
diff -u -p -r1.21 openssl-compat.h
--- openbsd-compat/openssl-compat.h	9 Jan 2013 05:42:49 -0000	1.21
+++ openbsd-compat/openssl-compat.h	17 Jan 2013 23:13:34 -0000
@@ -40,7 +40,7 @@
 # define EVP_CIPHER_CTX_get_app_data(e)		((e)->app_data)
 #endif
 
-#if OPENSSL_VERSION_NUMBER < 0x1000000fL
+#if OPENSSL_VERSION_NUMBER < 0x10000001L
 # define LIBCRYPTO_EVP_INL_TYPE unsigned int
 #else
 # define LIBCRYPTO_EVP_INL_TYPE size_t

> I applied the diff you supplied, along with the previous diff. The
> regression tests got further along, but now fail in integrity.sh:
> 
> run test integrity.sh ...
> test integrity: hmac-sha1 @2300 RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01. key_verify failed for server_host_key.

I expect this is the test that is choking rather than ssh/sshd, otherwise
the regress tests wouldn't have made it that far without error (given
the ones you see here). This test depends on the small modpipe program
that is built from modpipe.c. You can test if it is working via:

$ echo "hello there" | ./modpipe -m andor:5:0x00:0x2D
hello-there

If it isn't working properly then the test will fail in a way similar to
when you are seeing.

-d


More information about the openssh-unix-dev mailing list