Re: Compiling openssh-4.0p1 on Solaris 10.

This is a multi-part message in MIME format.
--------------020906070801040106090401
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Darren Tucker wrote:
> Peter Losher wrote:
>
>> Undefined first referenced
>> symbol in file
>> EVP_aes_192_cbc ./libssh.a(cipher.o)
>> EVP_aes_256_cbc ./libssh.a(cipher.o)
>> ld: fatal: Symbol referencing errors. No output written to ssh
>
> [...]
>
>> Looks like more OpenSSL issues?
>
> Yeah that's the missing strong ciphers in the Solaris OpenSSL. If the
> packages I mentioned earlier don't provide it (maybe it sticks the
> libraries in a non-standard path?) then you ought to be able to build it
> with the vanilla OpenSSL distribution, configure'ed --with-ssl-dir.

Here's a patch, please let me know if it helps.

-d


--------------020906070801040106090401
Content-Type: text/plain;
name="openssl-lobotomy.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="openssl-lobotomy.diff"

I just noticed this on the Solaris 10 beta box that is lying around here:
fix compilation on Sun's cripples SUNWopenssl package.

Is this worth having before 4.1?

-d


Index: acconfig.h
================================================== =================
RCS file: /var/cvs/openssh/acconfig.h,v
retrieving revision 1.181
diff -u -r1.181 acconfig.h
--- acconfig.h 25 Feb 2005 23:07:38 -0000 1.181
+++ acconfig.h 6 May 2005 00:55:41 -0000
@@ -457,6 +457,9 @@
/* Define if you have /proc/$pid/fd */
#undef HAVE_PROC_PID

+/* Define if OpenSSL is lacking > 128 bit AES EVP support */
+#undef OPENSSL_LOBOTOMISED_AES
+
@BOTTOM@

/* ******************* Shouldn't need to edit below this line ************** */
Index: cipher.c
================================================== =================
RCS file: /var/cvs/openssh/cipher.c,v
retrieving revision 1.75
diff -u -r1.75 cipher.c
--- cipher.c 24 Jan 2005 10:57:11 -0000 1.75
+++ cipher.c 6 May 2005 00:55:41 -0000
@@ -93,15 +93,19 @@
SSH_CIPHER_SSH2, 16, 32, evp_rijndael },
#else
{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc },
+#ifndef OPENSSL_LOBOTOMISED_AES
{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc },
{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },
{ "rijndael-cbc@lysator.liu.se",
SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },
#endif
+#endif
#if OPENSSL_VERSION_NUMBER >= 0x00905000L
{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr },
+#ifndef OPENSSL_LOBOTOMISED_AES
{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },
{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },
+#endif
#endif
#if defined(EVP_CTRL_SET_ACSS_MODE)
{ "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss },
Index: configure.ac
================================================== =================
RCS file: /var/cvs/openssh/configure.ac,v
retrieving revision 1.260
diff -u -r1.260 configure.ac
--- configure.ac 24 Apr 2005 07:52:23 -0000 1.260
+++ configure.ac 6 May 2005 00:55:42 -0000
@@ -1457,6 +1457,26 @@
]
)

+# Check for OpenSSL without EVP_aes_{192,256}_cbc
+AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <string.h>
+#include <openssl/evp.h>
+int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL)}
+ ]])],
+ [
+ AC_MSG_RESULT(no)
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(OPENSSL_LOBOTOMISED_AES)
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
+ ]
+)
+
# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
# because the system crypt() is more featureful.
if test "x$check_for_libcrypt_before" = "x1"; then

--------------020906070801040106090401
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev

--------------020906070801040106090401--