On Fri, Jun 12, 2015 at 06:00:21AM +0000, mancha wrote: > Hi Folks. > > Today's OpenSSL releases 1.0.1n and 1.0.2b introduce ABI gremlins. > Specifically, the HMAC_CTX stucture has a new "key_init" field of type > integer: > > --- a/crypto/hmac/hmac.h > +++ b/crypto/hmac/hmac.h > @@ -75,6 +75,7 @@ typedef struct hmac_ctx_st { > EVP_MD_CTX o_ctx; > unsigned int key_length; > unsigned char key[HMAC_MAX_MD_CBLOCK]; > + int key_init; > } HMAC_CTX; > > > This issue was identified by Dan McDonald of OmniOS (an illumos > distribution) after their version of SSH (based on OpenSSH) broke. [1] > > I've quickly reviewed things in OpenSSH and it seems to impact versions > 4.7 through 6.5 inclusive (kex.h,v 1.62 makes it a NOP [2]). > > Just a friendly heads up... > > --mancha > > --- > [1] http://marc.info/?l=openssl-dev&m=143407129721271&w=2 > [2] http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.h.diff?r1=1.61&r2=1.62 By way of update, OpenSSL released versions 1.0.1o and 1.0.2c today to resolve this issue. https://twitter.com/mancha140/status/609386942489178112 --mancha
Attachment:
pgpeeeIvpdMjE.pgp
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev