I'm getting an error when I try to compile 3.7.1p1 source on a Mandrake 7.2 server with OpenSSL 0.9.5a: ./configure --with-tcp-wrappers ... OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /usr/local/etc Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/catX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin Manpage format: cat DNS support: no PAM support: no KerberosV support: no Smartcard support: no S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: yes BSD Auth support: no Random number source: OpenSSL internal ONLY Host: i686-pc-linux-gnu Compiler: gcc Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized Preprocessor flags: Linker flags: Libraries: -lwrap -lutil -lz -lnsl -lcrypto -lcrypt make .... gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c cipher.c cipher.c:68: warning: initialization from incompatible pointer type cipher.c:69: warning: initialization from incompatible pointer type cipher.c:73: warning: initialization from incompatible pointer type cipher.c:74: warning: initialization from incompatible pointer type cipher.c:75: warning: initialization from incompatible pointer type cipher.c:76: warning: initialization from incompatible pointer type cipher.c: In function `cipher_init': cipher.c:230: warning: assignment discards qualifiers from pointer target type cipher.c:209: warning: unused variable `klen' cipher.c: In function `cipher_get_keycontext': cipher.c:403: warning: comparison of distinct pointer types lacks a cast cipher.c: In function `cipher_set_keycontext': cipher.c:418: warning: comparison of distinct pointer types lacks a cast gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c cipher-aes.c cipher-aes.c: In function `ssh_rijndael_init': cipher-aes.c:50: warning: assignment from incompatible pointer type cipher-aes.c: In function `ssh_rijndael_cbc': cipher-aes.c:78: warning: assignment from incompatible pointer type cipher-aes.c: In function `ssh_rijndael_cleanup': cipher-aes.c:116: warning: assignment from incompatible pointer type cipher-aes.c: In function `ssh_rijndael_iv': cipher-aes.c:129: warning: assignment from incompatible pointer type cipher-aes.c: In function `evp_rijndael': cipher-aes.c:147: warning: assignment from incompatible pointer type cipher-aes.c:148: warning: assignment from incompatible pointer type cipher-aes.c:149: warning: assignment from incompatible pointer type cipher-aes.c:151: structure has no member named `flags' cipher-aes.c:151: `EVP_CIPH_CBC_MODE' undeclared (first use in this function) cipher-aes.c:151: (Each undeclared identifier is reported only once cipher-aes.c:151: for each function it appears in.) cipher-aes.c:151: `EVP_CIPH_VARIABLE_LENGTH' undeclared (first use in this function) cipher-aes.c:152: `EVP_CIPH_ALWAYS_CALL_INIT' undeclared (first use in this function) cipher-aes.c:152: `EVP_CIPH_CUSTOM_IV' undeclared (first use in this function) make: *** [cipher-aes.o] Error 1
Info provide by Martin Vermeer (martin.vermeer at hut.fi): The latest openssh didn't build for me apparently because of my old openssl (openssl-0.9.5a-2.6.x installed as rpm). I managed to fix and get it working, however. The fix is as follows (sorry for not having a patch -- if this is of interest to you I could checkout the CVS and make one): 1) in cipher-aes.c add the stanza #if OPENSSL_VERSION_NUMBER < 0x00906000L #define SSH_OLD_EVP #endif to the beginning of the file (under #include "includes.h") 2) in cipher-ctr.c do the same (under #include "xmalloc.h") 3) in cipher-3des1.c, do the same 4) in cipher-ctr.c line 97, replace key_len by buf_len [Is this right? No idea. key_len doesn't compile.] 5) in cipher-ctr.c, add the following conditional around 'flags': #ifndef SSH_OLD_EVP aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; #endif That's it. Apparently this was never tested as RH 6.2 is getting old :-( - Martin V
This applies to other platforms with OpenSSL 0.9.5, not just Mandrake.
The changes suggested by Darren Tucker did the trick. I was able to build successfully.
Created attachment 451 [details] Try to fix old OpenSSL problems Please try this patch. It includes most of the changes discussed. If it breaks, please post a compilation log.
Created attachment 452 [details] regression test log Your patch builds on UnixWare 7.1.1 using --with-ssl-dir=/usr/local/openssl-0.9.5a but it fails regression tests. Test log attached
*** Bug 704 has been marked as a duplicate of this bug. ***
Created attachment 453 [details] Disable CTR modes for old OpenSSL This diff (incremental to the last) just disables the CTR modes for older OpenSSL. I think we should do this for no, unless someone interested steps forward to make it work.
This has been fixed in 3.7.1p2: - (djm) Enable build with old OpenSSL again
Mass change of RESOLVED bugs to CLOSED