Hello,
quoted patch free's cipher_data malloc'd in calls to EVP_CipherInit() in
ssh1_3des_init(), at least linked with openssl >= 0.9.7. It does not
appear to me (superficial scan) that there is any harm in calling the
_cleanup routine with earlier openssl.
fwiw
:laird
--- openssh-3.7.1p2/cipher-3des1.c Tue Sep 23 05:24:21 2003
+++ src37m/cipher-3des1.c Mon Dec 15 08:26:30 2003
@@ -126,6 +126,11 @@
struct ssh1_3des_ctx *c;
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
+#ifndef SSH_OLD_EVP
+ EVP_CIPHER_CTX_cleanup(&c->k1);
+ EVP_CIPHER_CTX_cleanup(&c->k2);
+ EVP_CIPHER_CTX_cleanup(&c->k3);
+#endif
memset(c, 0, sizeof(*c));
xfree(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
OK, my reading of the code may be faulty, but is it that much worse than all
the sex-aid messages that make it onto the list?
<openssh-unix-dev at mindrot.org>:
203.217.30.81 does not like recipient.
Remote host said: 450 Client host rejected: cannot find your hostname,
[206.152.191.132]
Giving up on 203.217.30.81.
I'm not going to try again; this message has been in the queue too long.
looks ok to me. but i don't see how this gets triggered, since 3des1.c is not used during rekeying... On Mon, Dec 22, 2003 at 09:06:15PM +0100, pruiksma at freesurf.fr wrote:> Hello, > > quoted patch free's cipher_data malloc'd in calls to EVP_CipherInit() in > ssh1_3des_init(), at least linked with openssl >= 0.9.7. It does not > appear to me (superficial scan) that there is any harm in calling the > _cleanup routine with earlier openssl. > > fwiw > > :laird > > > --- openssh-3.7.1p2/cipher-3des1.c Tue Sep 23 05:24:21 2003 > +++ src37m/cipher-3des1.c Mon Dec 15 08:26:30 2003 > @@ -126,6 +126,11 @@ > struct ssh1_3des_ctx *c; > > if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { > +#ifndef SSH_OLD_EVP > + EVP_CIPHER_CTX_cleanup(&c->k1); > + EVP_CIPHER_CTX_cleanup(&c->k2); > + EVP_CIPHER_CTX_cleanup(&c->k3); > +#endif > memset(c, 0, sizeof(*c)); > xfree(c); > EVP_CIPHER_CTX_set_app_data(ctx, NULL); > > > > > > OK, my reading of the code may be faulty, but is it that much worse than all > the sex-aid messages that make it onto the list? > > <openssh-unix-dev at mindrot.org>: > 203.217.30.81 does not like recipient. > Remote host said: 450 Client host rejected: cannot find your hostname, > [206.152.191.132] > Giving up on 203.217.30.81. > I'm not going to try again; this message has been in the queue too long. > > > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
Possibly Parallel Threads
- Problems with Solaris 8 and OpenSSH 3.1p1
- [Bug 1756] New: 5.4p1 fails to build on SuSE 10 64bit with openssl/1.0.0 due to missing -L flag
- [Bug 2479] New: ssh-keyscan non-standard port broken
- error compiling asterisk on solaris
- cipher_get_keycontext() and cipher_set_keycontext() copying OpenSSL RC4 cryptographic state