On Fri, Jun 12, 2015 at 06:00:21AM +0000, mancha wrote:> Hi Folks.
>
> Today's OpenSSL releases 1.0.1n and 1.0.2b introduce ABI gremlins.
> Specifically, the HMAC_CTX stucture has a new "key_init" field of
type
> integer:
>
> --- a/crypto/hmac/hmac.h
> +++ b/crypto/hmac/hmac.h
> @@ -75,6 +75,7 @@ typedef struct hmac_ctx_st {
> EVP_MD_CTX o_ctx;
> unsigned int key_length;
> unsigned char key[HMAC_MAX_MD_CBLOCK];
> + int key_init;
> } HMAC_CTX;
>
>
> This issue was identified by Dan McDonald of OmniOS (an illumos
> distribution) after their version of SSH (based on OpenSSH) broke. [1]
>
> I've quickly reviewed things in OpenSSH and it seems to impact versions
> 4.7 through 6.5 inclusive (kex.h,v 1.62 makes it a NOP [2]).
>
> Just a friendly heads up...
>
> --mancha
>
> ---
> [1] http://marc.info/?l=openssl-dev&m=143407129721271&w=2
> [2]
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.h.diff?r1=1.61&r2=1.62
By way of update, OpenSSL released versions 1.0.1o and 1.0.2c today to
resolve this issue.
https://twitter.com/mancha140/status/609386942489178112
--mancha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150612/4ee2779e/attachment.bin>