Bug 675

Summary: cipher.c build error with openssl 0.9.5a
Product: Portable OpenSSH Reporter: Bill Bacher <bill.bacher>
Component: Build systemAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: normal CC: john
Priority: P2    
Version: 3.7.1p1   
Hardware: All   
OS: All   
Attachments:
Description Flags
Try to fix old OpenSSL problems
none
regression test log
none
Disable CTR modes for old OpenSSL none

Description Bill Bacher 2003-09-18 13:27:42 AEST 
I'm getting an error when I try to compile 3.7.1p1 source on a Mandrake 7.2
server with OpenSSL 0.9.5a:


./configure --with-tcp-wrappers

...

OpenSSH has been configured with the following options:
                     User binaries: /usr/local/bin
                   System binaries: /usr/local/sbin
               Configuration files: /usr/local/etc
                   Askpass program: /usr/local/libexec/ssh-askpass
                      Manual pages: /usr/local/man/catX
                          PID file: /var/run
  Privilege separation chroot path: /var/empty
            sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
                    Manpage format: cat
                       DNS support: no
                       PAM support: no
                 KerberosV support: no
                 Smartcard support: no
                     S/KEY support: no
              TCP Wrappers support: yes
              MD5 password support: no
       IP address in $DISPLAY hack: no
           Translate v4 in v6 hack: yes
                  BSD Auth support: no
              Random number source: OpenSSL internal ONLY

              Host: i686-pc-linux-gnu
          Compiler: gcc
    Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized
Preprocessor flags:
      Linker flags:
         Libraries: -lwrap  -lutil -lz -lnsl  -lcrypto -lcrypt


make

....

gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. 
-DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
-DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c cipher.c
cipher.c:68: warning: initialization from incompatible pointer type
cipher.c:69: warning: initialization from incompatible pointer type
cipher.c:73: warning: initialization from incompatible pointer type
cipher.c:74: warning: initialization from incompatible pointer type
cipher.c:75: warning: initialization from incompatible pointer type
cipher.c:76: warning: initialization from incompatible pointer type
cipher.c: In function `cipher_init':
cipher.c:230: warning: assignment discards qualifiers from pointer target type
cipher.c:209: warning: unused variable `klen'
cipher.c: In function `cipher_get_keycontext':
cipher.c:403: warning: comparison of distinct pointer types lacks a cast
cipher.c: In function `cipher_set_keycontext':
cipher.c:418: warning: comparison of distinct pointer types lacks a cast
gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. 
-DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
-DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c
cipher-aes.c
cipher-aes.c: In function `ssh_rijndael_init':
cipher-aes.c:50: warning: assignment from incompatible pointer type
cipher-aes.c: In function `ssh_rijndael_cbc':
cipher-aes.c:78: warning: assignment from incompatible pointer type
cipher-aes.c: In function `ssh_rijndael_cleanup':
cipher-aes.c:116: warning: assignment from incompatible pointer type
cipher-aes.c: In function `ssh_rijndael_iv':
cipher-aes.c:129: warning: assignment from incompatible pointer type
cipher-aes.c: In function `evp_rijndael':
cipher-aes.c:147: warning: assignment from incompatible pointer type
cipher-aes.c:148: warning: assignment from incompatible pointer type
cipher-aes.c:149: warning: assignment from incompatible pointer type
cipher-aes.c:151: structure has no member named `flags'
cipher-aes.c:151: `EVP_CIPH_CBC_MODE' undeclared (first use in this function)
cipher-aes.c:151: (Each undeclared identifier is reported only once
cipher-aes.c:151: for each function it appears in.)
cipher-aes.c:151: `EVP_CIPH_VARIABLE_LENGTH' undeclared (first use in this function)
cipher-aes.c:152: `EVP_CIPH_ALWAYS_CALL_INIT' undeclared (first use in this
function)
cipher-aes.c:152: `EVP_CIPH_CUSTOM_IV' undeclared (first use in this function)
make: *** [cipher-aes.o] Error 1
Comment 1 Darren Tucker 2003-09-19 23:37:05 AEST 
Info provide by Martin Vermeer (martin.vermeer at hut.fi):

The latest openssh didn't build for me apparently because of my old
openssl (openssl-0.9.5a-2.6.x installed as rpm). I managed to fix and
get it working, however. The fix is as follows (sorry for not having a
patch -- if this is of interest to you I could checkout the CVS and
make one): 

1) in cipher-aes.c add the stanza

#if OPENSSL_VERSION_NUMBER < 0x00906000L
#define SSH_OLD_EVP
#endif

to the beginning of the file (under #include "includes.h")

2) in cipher-ctr.c do the same (under #include "xmalloc.h")

3) in cipher-3des1.c, do the same

4) in cipher-ctr.c line 97, replace key_len by buf_len 
[Is this right? No idea. key_len doesn't compile.]

5) in cipher-ctr.c, add the following conditional around 'flags':

#ifndef SSH_OLD_EVP
    aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
        EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
#endif

That's it. Apparently this was never tested as RH 6.2 is getting old :-(

- Martin V
Comment 2 Darren Tucker 2003-09-19 23:57:11 AEST 
This applies to other platforms with OpenSSL 0.9.5, not just Mandrake.
Comment 3 Bill Bacher 2003-09-22 00:55:06 AEST 
The changes suggested by Darren Tucker did the trick. I was able to build 
successfully.
Comment 4 Damien Miller 2003-09-23 12:54:57 AEST 
Created attachment 451 [details]
Try to fix old OpenSSL problems

Please try this patch. It includes most of the changes discussed. If it breaks,
please post a compilation log.
Comment 5 Tim Rice 2003-09-23 14:33:02 AEST 
Created attachment 452 [details]
regression test log

Your patch builds on UnixWare 7.1.1 using
--with-ssl-dir=/usr/local/openssl-0.9.5a
but it fails regression tests.

Test log attached
Comment 6 Damien Miller 2003-09-23 16:08:10 AEST 
*** Bug 704 has been marked as a duplicate of this bug. ***
Comment 7 Damien Miller 2003-09-23 16:26:10 AEST 
Created attachment 453 [details]
Disable CTR modes for old OpenSSL

This diff (incremental to the last) just disables the CTR modes for older
OpenSSL. I think we should do this for no, unless someone interested steps
forward to make it work.
Comment 8 Darren Tucker 2003-09-23 23:16:12 AEST 
This has been fixed in 3.7.1p2:
 - (djm) Enable build with old OpenSSL again
Comment 9 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED