OpenSSL ABI change 20150612

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi Folks.

Today's OpenSSL releases 1.0.1n and 1.0.2b introduce ABI gremlins.
Specifically, the HMAC_CTX stucture has a new "key_init" field of type
integer:

  --- a/crypto/hmac/hmac.h
  +++ b/crypto/hmac/hmac.h
  @@ -75,6 +75,7 @@ typedef struct hmac_ctx_st {
       EVP_MD_CTX o_ctx;
       unsigned int key_length;
       unsigned char key[HMAC_MAX_MD_CBLOCK];
  +    int key_init;
   } HMAC_CTX;


This issue was identified by Dan McDonald of OmniOS (an illumos
distribution) after their version of SSH (based on OpenSSH) broke. [1]

I've quickly reviewed things in OpenSSH and it seems to impact versions
4.7 through 6.5 inclusive (kex.h,v 1.62 makes it a NOP [2]).

Just a friendly heads up...

--mancha

---
[1] http://marc.info/?l=openssl-dev&m=143407129721271&w=2
[2] http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.h.diff?r1=1.61&r2=1.62

Attachment: pgpA63MkzqqQQ.pgp
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux