When rebuilding openssh-3.1p1-1.src.rpm, on a RedHat Linux 6.1 machine, the following error occurs: i386-redhat-linux-gcc -O2 -march=i386 -mcpu=i686 -Wall -Wpointer-arith -Wno- uninitialized -I. -I. -DSSHDIR=\"/etc/ssh\" - D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" - D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/openssh/ssh-askpass\" - D_PATH_SFTP_SERVER=\"/usr/libexec/openssh/sftp-server\" - D_PATH_SSH_PIDDIR=\"/var/run\" -DSSH_RAND_HELPER=\"/usr/libexec/openssh/ssh- rand-helper\" -DHAVE_CONFIG_H -c cipher.c cipher.c: In function `cipher_init': cipher.c:200: void value not ignored as it ought to be cipher.c:206: warning: implicit declaration of function `EVP_CIPHER_CTX_set_key_length' cipher.c:210: void value not ignored as it ought to be cipher.c: In function `cipher_crypt': cipher.c:220: void value not ignored as it ought to be cipher.c: In function `cipher_cleanup': cipher.c:227: void value not ignored as it ought to be cipher.c: In function `ssh1_3des_init': cipher.c:280: warning: assignment from incompatible pointer type cipher.c:299: void value not ignored as it ought to be cipher.c:300: void value not ignored as it ought to be cipher.c:301: void value not ignored as it ought to be cipher.c: In function `ssh1_3des_cbc': cipher.c:314: warning: assignment from incompatible pointer type cipher.c:318: void value not ignored as it ought to be cipher.c:319: void value not ignored as it ought to be cipher.c:320: void value not ignored as it ought to be cipher.c: In function `ssh1_3des_cleanup': cipher.c:329: warning: assignment from incompatible pointer type cipher.c: In function `evp_ssh1_3des': cipher.c:346: warning: assignment from incompatible pointer type cipher.c:347: warning: assignment from incompatible pointer type cipher.c:348: warning: assignment from incompatible pointer type cipher.c:349: structure has no member named `flags' cipher.c:349: `EVP_CIPH_CBC_MODE' undeclared (first use in this function) cipher.c:349: (Each undeclared identifier is reported only once cipher.c:349: for each function it appears in.) cipher.c:349: `EVP_CIPH_VARIABLE_LENGTH' undeclared (first use in this function) cipher.c: In function `evp_ssh1_bf': cipher.c:392: warning: assignment from incompatible pointer type cipher.c:394: warning: assignment from incompatible pointer type cipher.c: In function `ssh_rijndael_init': cipher.c:413: warning: assignment from incompatible pointer type cipher.c: In function `ssh_rijndael_cbc': cipher.c:440: warning: assignment from incompatible pointer type cipher.c: In function `ssh_rijndael_cleanup': cipher.c:477: warning: assignment from incompatible pointer type cipher.c: In function `evp_rijndael': cipher.c:494: warning: assignment from incompatible pointer type cipher.c:495: warning: assignment from incompatible pointer type cipher.c:496: warning: assignment from incompatible pointer type cipher.c:497: structure has no member named `flags' cipher.c:497: `EVP_CIPH_CBC_MODE' undeclared (first use in this function) cipher.c:497: `EVP_CIPH_VARIABLE_LENGTH' undeclared (first use in this function) cipher.c:498: `EVP_CIPH_ALWAYS_CALL_INIT' undeclared (first use in this function) make: *** [cipher.o] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.2018 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.2018 (%build) On this build, the following changes have been made on the openssh.spec file: # Do we want to disable building of x11-askpass? (1=yes 0=no) %define no_x11_askpass 1 # Do we want to disable building of gnome-askpass? (1=yes 0=no) %define no_gnome_askpass 1 # Do we want to link against a static libcrypto? (1=yes 0=no) %define static_libcrypto 0 # Do we want smartcard support (1=yes 0=no) %define scard 0 # Use Redhat 7.0 pam control file # %define redhat7 0 The machine has the following library versions: glibc-profile-2.1.3-23 compat-glibc-5.2-2.0.7.1 glib-1.2.6-2 glib-devel-1.2.6-2 glib10-1.0.6-6 glibc-devel-2.1.2-11 glibc-2.1.3-23 rpm-4.0.2-6x rpm-devel-4.0.2-6x openssl-0.9.5a-7.6.x openssl-misc-0.9.5a-3 openssl-devel-0.9.5a-7.6.x
http://bugzilla.mindrot.org/showattachment.cgi?attach_id=32 does this help?
This seems to fix it on my Red Hat Linux 6.2 based system (openssl-0.9.5a)
This allows the rpm to compile and install; however, sshd is unusable after the install. I get the following errors (from ssh -v): OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 500 geteuid 0 anon 1 debug1: Connecting to foo [x.x.x.x] port 22. debug1: temporarily_use_uid: 500/500 (e=0) debug1: restore_uid debug1: temporarily_use_uid: 500/500 (e=0) debug1: restore_uid debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /home/wearl/.ssh/identity type 0 debug1: identity file /home/wearl/.ssh/id_rsa type -1 debug1: identity file /home/wearl/.ssh/id_dsa type -1 debug1: Remote protocol version 1.5, remote software version OpenSSH_3.1p1 debug1: match: OpenSSH_3.1p1 pat OpenSSH* debug1: Local version string SSH-1.5-OpenSSH_3.1p1 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug1: Host 'foo' is known and matches the RSA1 host key. debug1: Found key in /home/foo/.ssh/known_hosts:6 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: cipher_init: set keylen (16 -> 32) debug1: cipher_init: set keylen (16 -> 32) debug1: Installing crc compensation attack detector. Disconnecting: Corrupted check bytes on input. debug1: Calling cleanup 0x8063550(0x0) I cannot now ssh out of or into this machine. When cipher.c compiles, it still gives the following warnings: i386-redhat-linux-gcc -O2 -march=i386 -mcpu=i686 -Wall -Wpointer-arith -Wno- uninitialized -I. -I. -DSSHDIR=\"/etc/ssh\" - D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" - D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/openssh/ssh-askpass\" - D_PATH_SFTP_SERVER=\"/usr/libexec/openssh/sftp-server\" - D_PATH_SSH_PIDDIR=\"/var/run\" -DSSH_RAND_HELPER=\"/usr/libexec/openssh/ssh- rand-helper\" -DHAVE_CONFIG_H -c cipher.c cipher.c: In function `cipher_init': cipher.c:177: warning: unused variable `klen' cipher.c: In function `ssh1_3des_init': cipher.c:268: warning: assignment from incompatible pointer type cipher.c: In function `ssh1_3des_cbc': cipher.c:297: warning: assignment from incompatible pointer type cipher.c: In function `ssh1_3des_cleanup': cipher.c:311: warning: assignment from incompatible pointer type cipher.c: In function `evp_ssh1_3des': cipher.c:328: warning: assignment from incompatible pointer type cipher.c:329: warning: assignment from incompatible pointer type cipher.c:330: warning: assignment from incompatible pointer type cipher.c: In function `evp_ssh1_bf': cipher.c:373: warning: assignment from incompatible pointer type cipher.c:375: warning: assignment from incompatible pointer type cipher.c: In function `ssh_rijndael_init': cipher.c:394: warning: assignment from incompatible pointer type cipher.c: In function `ssh_rijndael_cbc': cipher.c:421: warning: assignment from incompatible pointer type cipher.c: In function `ssh_rijndael_cleanup': cipher.c:458: warning: assignment from incompatible pointer type cipher.c: In function `evp_rijndael': cipher.c:475: warning: assignment from incompatible pointer type cipher.c:476: warning: assignment from incompatible pointer type cipher.c:477: warning: assignment from incompatible pointer type
I had the same compile issues under AIX 4.3.3. However, the patch resolved this, and I have no subsequent problems running sshd...just a heads up. - Mandar
It appears to me that the claim in the INSTALL file that OpenSSH 3.1p1 requires only OpenSSL 0.9.5a or greater is FALSE. As reported in the original description, the cipher.c file of OpenSSH 3.1p1 will not compile against OpenSSL 0.9.5a headers. The "flags" field was not added to the EVP_CIPHER struct until release 0.9.6. After upgrading my OpenSSL installation to 0.9.6c, things were fine. The INSTALL file of OpenSSH should be updated to reflect the dependence on OpenSSL 0.9.6. Additional checks in the ./configure would be a good idea too.
Created attachment 34 [details] Patches openssh.spc in contrib/redhat to check for correct OpenSSL
OpenSSH 3.1 required OpenSSL >= 0.9.6. See bugs 138 & 139 as to the updated documentation. I've attached a patch to fix contrib/redhat/openssh.spec to make the RPM dependencies correct. Not sure this covers all the issues here, but I think it does.
I tested that I could ssh into and out of a machine running ssh with the patch from Markus, and it worked fine. Is anyone aware of other places where OpenSSH requires OpenSSL 0.9.6?
When building with OpenSSL 0.9.6, openssh-3.1p1-1.src.rpm builds and installs correctly, even without Markus' patch. FYI: There is no OpenSSL 0.9.6 package for RedHat 6.1 - 0.9.5a is the last released. One can build the library from the 7.x srpm, and install with the -- nodeps option to rpm(OpenSSH 3.0 depends on 0.9.5a, but works fine with 0.9.6). Of course, this is not directly an OpenSSH issue, but may be of use to RedHat Linux users.
I have verified this problem. I built rpms from the openssh-3.1p1-2 redhat srpm (modified spec) and installed it on the same system, RHL 6.2 i386, 2.2.19- 6.2.12 errata kernel, with openssl-0.9.5a-7.6.x installed. However, in my experience, the problem only occurs if AES-256 or AES-192 ciphers are used; ssh and sshd both work fine as long as they are not forced to use these two ciphers. This is just fyi, installing openssl 0.9.6 solves the problem, as noted in the last comment.
Created attachment 35 [details] this should make AES > 128 work (and 3des in ssh1)
Created attachment 36 [details] another revision of the cipher.c patch
Created attachment 37 [details] this should work....
Mass change of RESOLVED bugs to CLOSED