openssh bugs - Feb 2008 - [Bug 1437] New: OpenSSL engine support not enabled

https://bugzilla.mindrot.org/show_bug.cgi?id=1437

           Summary: OpenSSL engine support not enabled
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: Other
        OS/Version: Mac OS X
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Miscellaneous
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: openssh-bugs at lister.dnsalias.net


The support for OpenSSL's hardware crypto engines introduced in
configure.ac r1.331, openbsd-compat/openssl-compat.c r1.3, etc doesn't
actually do anything; the redefinition of SSLeay_add_all_algorithms in
openbsd-compat/openssl-compat.h doesn't get included in ssh.c, scp.c,
etc where SSLeay_add_all_algorithms is invoked.

Ian

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1437





--- Comment #1 from Ian Lister <openssh-bugs at lister.dnsalias.net> 
2008-02-04 22:51:25 ---
Created an attachment (id=1451)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1451)
Patch to include the compatibility definition in all files

This patch includes openbsd-compat/openssl-compat.h in ssh.c, scp.c,
and the other files that refer to SSLeay_add_all_algorithms. I have
verified that it dramatically improves throughput on a VIA C7 chip
(with its Padlock engine) with FreeBSD 6.2's stock OpenSSL 0.9.7e-p1.
However, it looks like it might be a regression of
openbsd-compat/openbsd-compat.h r1.29; the OpenSSH developers might
prefer a slightly different approach.

Ian

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1437


Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au
             Blocks|                            |1353




--- Comment #2 from Darren Tucker <dtucker at zip.com.au>  2008-02-05
12:06:12 ---
Thanks, we will look at this for 4.8.

Ah, the joys of working with things you can't actually test yourself
:-)

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1437


Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added                       
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED                    




--- Comment #3 from Darren Tucker <dtucker at zip.com.au>  2008-02-25
21:14:15 ---
Patch applied and will be in 4.8.  Thanks.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1437


Tim Rice <tim at multitalents.net> changed:

           What    |Removed                     |Added                       
----------------------------------------------------------------------------
                 CC|                            |tim at multitalents.net        




--- Comment #4 from Tim Rice <tim at multitalents.net>  2008-02-26
06:18:21 ---
(In reply to comment #3)
> Patch applied and will be in 4.8.  Thanks.
The patch broke UnixWare. Here is a snip from the build log
(cd openbsd-compat && gmake)
gmake[1]: Entering directory
`/usr/local/src/networking/openssh/openbsd-compat'
cc -g  -I. -I.. -I/opt/src/networking/openssh/openssh/openbsd-compat
-I/opt/src/networking/openssh/openssh/openbsd-compat/.. 
-I/usr/local/include -DHAVE_CONFIG_H -c
/opt/src/networking/openssh/openssh/openbsd-compat/xcrypt.c
UX:acomp: ERROR: "/usr/include/crypt.h", line 38: Syntax error before
or at: (
UX:acomp: ERROR: "/usr/include/crypt.h", line 38: Syntax error before
or at: const
UX:acomp: ERROR: "/usr/include/crypt.h", line 38: Syntax error before
or at: )
UX:acomp: WARNING: "/usr/include/crypt.h", line 38: syntax error: 
empty declaration
UX:acomp: WARNING:
"/opt/src/networking/openssh/openssh/openbsd-compat/xcrypt.c", line
116: statement not reached
gmake[1]: *** [xcrypt.o] Error 1

And a snip from /usr/include/crypt.h with line numbers
37:extern int   crypt_close(int *);
38:extern char  *des_crypt(const char *, const char *);
39:extern void  des_encrypt(char *, int);

I haven't tracked down a fix yet and probably will not have time untill
the weekend.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1437





--- Comment #5 from Darren Tucker <dtucker at zip.com.au>  2008-02-28
14:07:03 ---
BTW I see a very similar error from Solaris 8.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1437





--- Comment #6 from Darren Tucker <dtucker at zip.com.au>  2008-02-28
18:20:09 ---
Created an attachment (id=1458)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1458)
refix openssl engine support

It looks like some versions of OpenSSL have SSLeay_add_all_algorithms
as a macro, so attempting to define them before the openssl headers is
doomed to failure.  I think this is the way to go...

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1437


Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added                       
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED                    
         Resolution|                            |FIXED                       




--- Comment #7 from Darren Tucker <dtucker at zip.com.au>  2008-02-28
22:01:37 ---
Patch #1458 tests OK on Solaris and has been committed, so I believe
this is now resolved.  Please reopen if his is not the case.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1437


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added                       
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED                      




--- Comment #8 from Damien Miller <djm at mindrot.org>  2008-03-31
15:23:54 ---
Fix shipped in 4.9/4.9p1 release.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.