Senthil Kumar
2005-Oct-12 06:17 UTC
Binary compatibility problem in OpenSSH from OpenSSL mailing list
Hello All, There seems to be a binary compatibility problem with OpenSSL and OpenSSH 4.2p1. The details can be found at http://www.mail-archive.com/openssl-users at openssl.org/msg41869.html . The discussion is closed with pointing a problem in key.c in OpenSSH and corresponding thread is at http://www.mail-archive.com/openssl-users at openssl.org/msg41878.html I would like to know the comments from OpenSSH developers on the specified fix. Thanks, Senthil Kumar.
Markus Friedl
2005-Oct-12 08:14 UTC
Binary compatibility problem in OpenSSH from OpenSSL mailing list
On Wed, Oct 12, 2005 at 11:47:11AM +0530, Senthil Kumar wrote:> Hello All, > > There seems to be a binary compatibility problem with OpenSSL and OpenSSH > 4.2p1. The details can be found at > http://www.mail-archive.com/openssl-users at openssl.org/msg41869.html . The > discussion is closed with pointing a problem in key.c in OpenSSH and > corresponding thread is at > http://www.mail-archive.com/openssl-users at openssl.org/msg41878.html >> fix.well, it's a bug in the library, and the library should be fixed IMHO. the manpage for EVP_MD_CTX_init has this example, and that's similar to the code we use: EVP_MD_CTX_init(&mdctx); EVP_DigestInit_ex(&mdctx, md, NULL); EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); EVP_DigestFinal_ex(&mdctx, md_value, &md_len); EVP_MD_CTX_cleanup(&mdctx); if you want to make sure openssh survives when the shared lib changes the size of EVP_MD_CTX, then you need to change these files as well: % grep EVP_MD_CTX *.c kex.c: EVP_MD_CTX md; kex.c: EVP_MD_CTX md; kexdh.c: EVP_MD_CTX md; kexgex.c: EVP_MD_CTX md; key.c: EVP_MD_CTX ctx; scard.c: EVP_MD_CTX md; ssh-dss.c: EVP_MD_CTX md; ssh-dss.c: EVP_MD_CTX md; ssh-rsa.c: EVP_MD_CTX md; ssh-rsa.c: EVP_MD_CTX md; % -m