Announce: OpenSSH 4.6 released

Darren Tucker dtucker at zip.com.au
Tue Mar 13 21:25:41 EST 2007 

On Fri, Mar 09, 2007 at 04:00:15PM +0100, Corinna Vinschen wrote:
> On Mar  9 08:57, Darren Tucker wrote:
[...]
> > Index: crypto/evp/evp_lib.c
> > ===================================================================
> > RCS file: /home/dtucker/src/security/openssl/cvs/openssl-cvs/openssl/crypto/evp/evp_lib.c,v
> > retrieving revision 1.10.2.1
> > diff -u -p -r1.10.2.1 evp_lib.c
> > --- crypto/evp/evp_lib.c	29 Nov 2006 20:47:13 -0000	1.10.2.1
> > +++ crypto/evp/evp_lib.c	3 Mar 2007 23:54:00 -0000
> > @@ -225,7 +225,7 @@ int EVP_CIPHER_key_length(const EVP_CIPH
> >  
> >  int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
> >  	{
> > -	return ctx->cipher->key_len;
> > +	return ctx->key_len;
> >  	}
> >  
> >  int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
> 
> Thanks Darren, that did it!  I first tried with just adding the missing
> #include to cipher-bf1.c, but that didn't help.  Only by applying the
> above patch to openssl-0.9.8e I could connect to the Linux box using
> openssh-4.5p1 with openssl-0.9.8d.
> 
> So, the bottom line is, I have to release a patched version of openssl.
> Oh well.

For the record, Juan Gallego pointed out that this affects the 3des
cipher and not blowfish, so the following patch will fix it.

I'd still fix openssl, though, otherwise it may bite again (if it's any
consolation, since it's now a real function and not a macro nothing else
needs to be recompiled :-)

Index: cipher-3des1.c
===================================================================
RCS file: /var/cvs/openssh/cipher-3des1.c,v
retrieving revision 1.8
diff -u -p -r1.8 cipher-3des1.c
--- cipher-3des1.c	1 Sep 2006 05:38:36 -0000	1.8
+++ cipher-3des1.c	13 Mar 2007 07:47:36 -0000
@@ -35,9 +35,7 @@
 #include "xmalloc.h"
 #include "log.h"
 
-#if OPENSSL_VERSION_NUMBER < 0x00906000L
-#define SSH_OLD_EVP
-#endif
+#include "openbsd-compat/openssl-compat.h"
 
 /*
  * This is used by SSH1:
Index: cipher-bf1.c
===================================================================
RCS file: /var/cvs/openssh/cipher-bf1.c,v
retrieving revision 1.7
diff -u -p -r1.7 cipher-bf1.c
--- cipher-bf1.c	1 Sep 2006 05:38:36 -0000	1.7
+++ cipher-bf1.c	13 Mar 2007 07:47:36 -0000
@@ -35,9 +35,7 @@
 #include "xmalloc.h"
 #include "log.h"
 
-#if OPENSSL_VERSION_NUMBER < 0x00906000L
-#define SSH_OLD_EVP
-#endif
+#include "openbsd-compat/openssl-compat.h"
 
 /*
  * SSH1 uses a variation on Blowfish, all bytes must be swapped before

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list