On Fri, Mar 09, 2007 at 08:57:47AM +1100, Darren Tucker wrote:
> On Fri, Mar 09, 2007 at 07:25:22AM +1100, Darren Tucker wrote:
[...]
> > If you're using OpenSSL 0.9.8e you could try backing out this bit in
> > openbsd-compat/openssl-compat.h:
> >
> > /* OpenSSL 0.9.8e returns cipher key len not context key len */
> > #if (OPENSSL_VERSION_NUMBER == 0x0090805fL)
> > # define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
> > #endif
>
> In fact, if you're using OpenSSL 0.9.8e I suggest you apply the following
> patch to it, recompile everything and see if your problem persists.
I'm pretty sure this is it: Cipher 1 blowfish uses
EVP_CIPHER_CTX_key_length but doesn't include the header with the
workaround. You can also try this (untested):
Index: cipher-bf1.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh/cipher-bf1.c,v
retrieving revision 1.7
diff -u -p -r1.7 cipher-bf1.c
--- cipher-bf1.c 1 Sep 2006 05:38:36 -0000 1.7
+++ cipher-bf1.c 8 Mar 2007 22:08:54 -0000
@@ -35,6 +35,8 @@
#include "xmalloc.h"
#include "log.h"
+#include "openbsd-compat/openssl-compat.h"
+
#if OPENSSL_VERSION_NUMBER < 0x00906000L
#define SSH_OLD_EVP
#endif
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|