Darren Tucker
2019-May-15 21:33 UTC
Re: Building openssh7.9p1 and above against openssl1.1.1b
On Wed, 15 May 2019 at 23:14, Samiya Khanum <samiya.khanum at broadcom.com> wrote:> Hi Darren, > Thanks for quick response. > Even with openSSH8.0 version, it is not supported?8.0p1 should work although I have not tested that specific OpenSSL version. Between 7.9p1 and 8.0p1 I had it working against what was OpenSSL head at the time. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Thu, 2019-05-16 at 07:33 +1000, Darren Tucker wrote:> On Wed, 15 May 2019 at 23:14, Samiya Khanum < > samiya.khanum at broadcom.com> wrote: > > Hi Darren, > > Thanks for quick response. > > Even with openSSH8.0 version, it is not supported? > > 8.0p1 should work although I have not tested that specific OpenSSL > version. Between 7.9p1 and 8.0p1 I had it working against what was > OpenSSL head at the time.We build OpenSSH 8.0 against OpenSSL 1.1.1 without any problems in Fedora. Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.
On Wed, 2019-05-22 at 17:59 +0530, Samiya Khanum wrote:> Hi Darren & Jakub, > > While building openssh 8.0p1 against openssl1.1.1b, I still see few > compilation errors. It would be great if you could provide me the > exact > openSSL version(whether 1.1.1a or 1.1.1b) which you compiled. > > ../../../../vendor/openssh/cipher-ctr.c: In function > 'evp_aes_128_ctr': > ../../../../vendor/openssh/cipher-ctr.c:129:20: error: storage size > of > 'aes_ctr' isn't known > static EVP_CIPHER aes_ctr; > ^ > ../../../../vendor/openssh/cipher-ctr.c:131:29: error: invalid > application > of 'sizeof' to incomplete type 'EVP_CIPHER {aka struct > evp_cipher_st}' > memset(&aes_ctr, 0, sizeof(EVP_CIPHER)); > ^ > ../../../../vendor/openssh/cipher-ctr.c:129:20: error: unused > variable > 'aes_ctr' [-Werror=unused-variable] > static EVP_CIPHER aes_ctr; > ^ > ../../../../vendor/openssh/cipher-ctr.c:144:1: error: control reaches > end > of non-void function [-Werror=return-type] > }This code normally does not compile, since it is only for legacy reasons when OpenSSL does not have either of EVP_aes_128_ctr() functions. See the OPENSSL_HAVE_EVPCTR define and your configure log why this check failed for your OpenSSL version. Regards, Jakub> Thanks & Regards, > Samiya khanum > > > On Thu, May 16, 2019 at 2:46 PM Jakub Jelen <jjelen at redhat.com> > wrote: > > > On Thu, 2019-05-16 at 07:33 +1000, Darren Tucker wrote: > > > On Wed, 15 May 2019 at 23:14, Samiya Khanum < > > > samiya.khanum at broadcom.com> wrote: > > > > Hi Darren, > > > > Thanks for quick response. > > > > Even with openSSH8.0 version, it is not supported? > > > > > > 8.0p1 should work although I have not tested that specific > > > OpenSSL > > > version. Between 7.9p1 and 8.0p1 I had it working against what > > > was > > > OpenSSL head at the time. > > > > We build OpenSSH 8.0 against OpenSSL 1.1.1 without any problems in > > Fedora. > > > > Regards, > > -- > > Jakub Jelen > > Senior Software Engineer > > Security Technologies > > Red Hat, Inc. > > > >-- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.