Announce: OpenSSH 7.2 released

The Doctor doctor at doctor.nl2k.ab.ca
Mon Feb 29 15:20:55 AEDT 2016


On Sun, Feb 28, 2016 at 07:12:27PM -0700, Damien Miller wrote:
> OpenSSH 7.2 has just been released. It will be available from the
> mirrors listed at http://www.openssh.com/ shortly.
> 
> OpenSSH is a 100% complete SSH protocol 2.0 implementation and
> includes sftp client and server support. OpenSSH also includes
> transitional support for the legacy SSH 1.3 and 1.5 protocols
> that may be enabled at compile-time.
> 
> Once again, we would like to thank the OpenSSH community for their
> continued support of the project, especially those who contributed
> code or patches, reported bugs, tested snapshots or donated to the
> project. More information on donations may be found at:
> http://www.openssh.com/donations.html
> 
> Future deprecation notice
> =========================
> 
> We plan on retiring more legacy cryptography in a near-future
> release, specifically:
> 
>  * Refusing all RSA keys smaller than 1024 bits (the current minimum
>    is 768 bits)
> 
> This list reflects our current intentions, but please check the final
> release notes for future releases.
> 
> Potentially-incompatible changes
> ================================
> 
> This release disables a number of legacy cryptographic algorithms
> by default in ssh:
> 
>  * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants
>    and the rijndael-cbc aliases for AES.
> 
>  * MD5-based and truncated HMAC algorithms.
> 
> These algorithms are already disabled by default in sshd.
> 


All right can we get this openssl 1.1 ready?

Looks like not too much needs to be done

in cipher.h

line 69 needs to be changed to

EVP_CIPHER_CTX *evp;

 In sshkey.c

replace pk->type to EVP_PKEY_type


Just cipher.c

we get

/usr/bin/gcc -g -O2 -Wall  -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -I. -I. -I/usr/contrib//include  -DSSHDIR=\"/etc\"  -D_PATH_SSH_PROGRAM=\"/usr/contrib/bin/ssh\"  -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/contrib/libexec/ssh-askpass\"  -D_PATH_SFTP_SERVER=\"/usr/contrib/libexec/sftp-server\"  -D_PATH_SSH_KEY_SIGN=\"/usr/contrib/libexec/ssh-keysign\"  -D_PATH_SSH_PKCS11_HELPER=\"/usr/contrib/libexec/ssh-pkcs11-helper\"  -D_PATH_SSH_PIDDIR=\"/var/run\"  -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher.c -o cipher.o
cipher.c: In function `cipher_init':
cipher.c:329: warning: passing arg 1 of `EVP_CIPHER_CTX_reset' from incompatible pointer type
cipher.c:331: warning: passing arg 1 of `EVP_CipherInit' from incompatible pointer type
cipher.c:337: warning: passing arg 1 of `EVP_CIPHER_CTX_ctrl' from incompatible pointer type
cipher.c:341: warning: passing arg 1 of `EVP_CIPHER_CTX_key_length' from incompatible pointer type
cipher.c:343: warning: passing arg 1 of `EVP_CIPHER_CTX_set_key_length' from incompatible pointer type
cipher.c:348: warning: passing arg 1 of `EVP_CipherInit' from incompatible pointer type
cipher.c:360: warning: passing arg 1 of `EVP_Cipher' from incompatible pointer type
cipher.c:367: warning: passing arg 1 of `EVP_CIPHER_CTX_reset' from incompatible pointer type
cipher.c: In function `cipher_crypt':
cipher.c:414: warning: passing arg 1 of `EVP_CIPHER_CTX_ctrl' from incompatible pointer type
cipher.c:419: warning: passing arg 1 of `EVP_CIPHER_CTX_ctrl' from incompatible pointer type
cipher.c:424: warning: passing arg 1 of `EVP_Cipher' from incompatible pointer type
cipher.c:431: warning: passing arg 1 of `EVP_Cipher' from incompatible pointer type
cipher.c:435: warning: passing arg 1 of `EVP_Cipher' from incompatible pointer type
cipher.c:440: warning: passing arg 1 of `EVP_CIPHER_CTX_ctrl' from incompatible pointer type
cipher.c: In function `cipher_cleanup':
cipher.c:471: warning: passing arg 1 of `EVP_CIPHER_CTX_reset' from incompatible pointer type
cipher.c: In function `cipher_get_keyiv_len':
cipher.c:518: warning: passing arg 1 of `EVP_CIPHER_CTX_iv_length' from incompatible pointer type
cipher.c: In function `cipher_get_keyiv':
cipher.c:550: warning: passing arg 1 of `EVP_CIPHER_CTX_iv_length' from incompatible pointer type
cipher.c:564: warning: passing arg 1 of `EVP_CIPHER_CTX_ctrl' from incompatible pointer type
cipher.c:567: request for member `iv' in something not a structure or union
cipher.c: In function `cipher_set_keyiv':
cipher.c:598: warning: passing arg 1 of `EVP_CIPHER_CTX_iv_length' from incompatible pointer type
cipher.c:604: warning: passing arg 1 of `EVP_CIPHER_CTX_ctrl' from incompatible pointer type
cipher.c:607: request for member `iv' in something not a structure or union
cipher.c: In function `cipher_get_keycontext':
cipher.c:633: request for member `cipher' in something not a structure or union
cipher.c:636: request for member `cipher_data' in something not a structure or union
cipher.c: In function `cipher_set_keycontext':
cipher.c:652: request for member `cipher' in something not a structure or union
cipher.c:653: request for member `cipher_data' in something not a structure or union
*** Error code 1

Stop.                                    

Looks like change in evp.h are the source of these errors.


-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Broadcasting the truth for 25 years


More information about the openssh-unix-dev mailing list