Re: [openssl.org #1114] Bug: RC4 on IA64 and OpenSSH
Summary can be found at http://cvs.openssl.org/chngview?cn=14145. Point is that I assumed that RC4_KEY structure initialized by RC4_set_key is passed down to RC4 verbatim in its original memory location, while OpenSSH takes freedom to swap the structures initialized in different locations. We need some way to export a cipher's state (key + iv + anything else) to implement privilege separation, where we need to pass encryption state around. If OpenSSL can implement some way to import and export state, then the direct copying can go away in OpenSSH (at least for newer libcryptos). As an extra EVP method. Well, things are cool for now and we can postpone it for the future... A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1114] Bug: RC4 on IA64 and OpenSSH
Andy Polyakov via RT wrote: Summary can be found at http://cvs.openssl.org/chngview?cn=14145. Point is that I assumed that RC4_KEY structure initialized by RC4_set_key is passed down to RC4 verbatim in its original memory location, while OpenSSH takes freedom to swap the structures initialized in different locations. One can argue that the latter is inappropriate design choice, but it works on too many other platforms to argue. And so IA64 was reduced to common denominator. Case dismissed. A. We need some way to export a cipher's state (key + iv + anything else) to implement privilege separation, where we need to pass encryption state around. If OpenSSL can implement some way to import and export state, then the direct copying can go away in OpenSSH (at least for newer libcryptos). -d __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1114] Bug: RC4 on IA64 and OpenSSH
On Sun Jun 26 10:42:05 2005, Andy Polyakov via RT wrote: When building OpenSSH 4.1p1 against OpenSSL 0.9.7g on Itanium (Linux) the OpenSSH 'make tests' regression tests fail wrt the RC4 cipher. Verify ftp://ftp.openssl.org/snapshot/openssl-0.9.7-stable-SNAP-20050627.tar.gz *as it becomes available* and report back. A. Yes! That seems to do the trick. -- Iain Morgan __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1114] Bug: RC4 on IA64 and OpenSSH
When building OpenSSH 4.1p1 against OpenSSL 0.9.7g on Itanium (Linux) the OpenSSH 'make tests' regression tests fail wrt the RC4 cipher. Verify ftp://ftp.openssl.org/snapshot/openssl-0.9.7-stable-SNAP-20050627.tar.gz *as it becomes available* and report back. A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1114] Bug: RC4 on IA64 and OpenSSH
On Tue Jun 14 13:12:00 2005, Iain Morgan via RT wrote: If OpenSSL is built with the 'no_asm' flag, the problem goes away. Alternatively, if RC4_CHAR is set and SZ in crypto/rc4/asm/rc4-ia64.S is changed from 4 to 1, the problem also goes away. Oops. These workarounds don't actually work. I had modified try-ciphers.sh in the OpenSSH regression suite in order to bypass any testing of the RC4 cipher so that the rest of the regression tests could be completed. Unfortunately, I forgot to clean up after myself after that. Repeating those tests, with a clean distribution, shows that the workarounds don't actually work. -- Iain Morgan __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]