​Building openssh7.9p1 and above against openssl1.1.1b

Jakub Jelen jjelen at redhat.com
Wed May 22 22:34:14 AEST 2019


On Wed, 2019-05-22 at 17:59 +0530, Samiya Khanum wrote:
> Hi Darren & Jakub,
> 
> While building openssh 8.0p1 against openssl1.1.1b, I still see few
> compilation errors. It would be great if you could provide me the
> exact
> openSSL version(whether 1.1.1a or 1.1.1b) which you compiled.
> 
> ../../../../vendor/openssh/cipher-ctr.c: In function
> 'evp_aes_128_ctr':
> ../../../../vendor/openssh/cipher-ctr.c:129:20: error: storage size
> of
> 'aes_ctr' isn't known
>   static EVP_CIPHER aes_ctr;
>                     ^
> ../../../../vendor/openssh/cipher-ctr.c:131:29: error: invalid
> application
> of 'sizeof' to incomplete type 'EVP_CIPHER {aka struct
> evp_cipher_st}'
>   memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
>                              ^
> ../../../../vendor/openssh/cipher-ctr.c:129:20: error: unused
> variable
> 'aes_ctr' [-Werror=unused-variable]
>   static EVP_CIPHER aes_ctr;
>                     ^
> ../../../../vendor/openssh/cipher-ctr.c:144:1: error: control reaches
> end
> of non-void function [-Werror=return-type]
>  }

This code normally does not compile, since it is only for legacy
reasons when OpenSSL does not have either of EVP_aes_128_ctr()
functions. See the OPENSSL_HAVE_EVPCTR define and your configure log
why this check failed for your OpenSSL version.

Regards,
Jakub


> Thanks & Regards,
> Samiya khanum
> 
> 
> On Thu, May 16, 2019 at 2:46 PM Jakub Jelen <jjelen at redhat.com>
> wrote:
> 
> > On Thu, 2019-05-16 at 07:33 +1000, Darren Tucker wrote:
> > > On Wed, 15 May 2019 at 23:14, Samiya Khanum <
> > > samiya.khanum at broadcom.com> wrote:
> > > > Hi Darren,
> > > > Thanks for quick response.
> > > > Even with openSSH8.0 version,  it is not supported?
> > > 
> > > 8.0p1 should work although I have not tested that specific
> > > OpenSSL
> > > version.  Between 7.9p1 and 8.0p1 I had it working against what
> > > was
> > > OpenSSL head at the time.
> > 
> > We build OpenSSH 8.0 against OpenSSL 1.1.1 without any problems in
> > Fedora.
> > 
> > Regards,
> > --
> > Jakub Jelen
> > Senior Software Engineer
> > Security Technologies
> > Red Hat, Inc.
> > 
> > 
-- 
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.



More information about the openssh-unix-dev mailing list