Recent openssl is required for OPENSSL_free [Re: Please test snapshots for 3.0 release] (fwd)
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Wed Oct 31 02:17:54 EST 2001
I thought the reason we moved to OPENSSL_free() is because free() does not
do the right thing on OpenSSL data structures. Why are we reintroducing
this again? Or did I miss something.
- Ben
On Tue, 30 Oct 2001, Damien Miller wrote:
> On Sun, 21 Oct 2001, Lutz Jaenicke wrote:
>
> > On Sat, Oct 20, 2001 at 11:41:24PM +0300, Pekka Savola wrote:
> > > 3) Building appears to rely on the existance of rather recent openssl.
> > > This is good from security perspective, but will make building with e.g.
> > > 0.9.5a impossible. If this is intended to be requirement (there _have_
> > > been security fixes), at least Requires: openssl >= 0.9.6 or whatever
> > > should be added and the requirement noted in the docs.
> > >
> > > The build failed on my RHL62 with:
> > >
> > > ./libssh.a(key.o): In function `write_bignum':
> > > key.o(.text+0x7f7): undefined reference to `OPENSSL_free'
> >
> > I just had a look into the source. Since BN_bn2dec() really allocates
> > the buffer itself (using OPENSSL_malloc() in recent versions), there is
> > nothing an application writer can do with respect to this inconsistency.
> > (For all OpenSSL special data types, TYPE_new() and TYPE_free() exist.)
> > The only thing that could be done is to query the version defined in
> > opensslv.h and based on that make a #if OPENSSL_VERSION_NUMBER construct.
>
> Can people try this patch?
>
> Index: defines.h
> ===================================================================
> RCS file: /var/cvs/openssh/defines.h,v
> retrieving revision 1.74
> diff -u -r1.74 defines.h
> --- defines.h 2001/10/30 02:50:40 1.74
> +++ defines.h 2001/10/30 11:23:51
> @@ -45,6 +45,7 @@
> #include <unistd.h> /* For STDIN_FILENO, etc */
> #include <termios.h> /* Struct winsize */
> #include <fcntl.h> /* For O_NONBLOCK */
> +#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
>
> /* *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively */
> #ifdef HAVE_STRINGS_H
> @@ -448,6 +449,11 @@
>
> #ifndef GETPGRP_VOID
> # define getpgrp() getpgrp(0)
> +#endif
> +
> +/* OPENSSL_free() is only available in OpenSSL 0.9.6 onwards */
> +#if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f)
> +# define OPENSSL_free(x) free(x)
> #endif
>
> /*
>
> -d
>
> --
> | By convention there is color, \\ Damien Miller <djm at mindrot.org>
> | By convention sweetness, By convention bitterness, \\ www.mindrot.org
> | But in reality there are atoms and space - Democritus (c. 400 BCE)
>
>
More information about the openssh-unix-dev
mailing list