[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-bugs
Subject: [Bug 3238] New: Fix openssl-3.0 regression: fix dhgex for non-GCM ciphers
From: bugzilla-daemon () mindrot ! org
Date: 2020-12-03 14:37:55
Message-ID: bug-3238-705 () https ! bugzilla ! mindrot ! org/
[Download RAW message or body]
https://bugzilla.mindrot.org/show_bug.cgi?id=3238
Bug ID: 3238
Summary: Fix openssl-3.0 regression: fix dhgex for non-GCM
ciphers
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs@mindrot.org
Reporter: mkl@pengutronix.de
Created attachment 3461
--> https://bugzilla.mindrot.org/attachment.cgi?id=3461&action=edit
cipher: fix dhgex for non-GCM ciphers for OpenSSL 3.0
During OpenSSL 3.0 development since OpenSSL commits:
| 718b133a5328 Implement AES CBC ciphers in the default provider
| 819a7ae9fc77 Implement AES CTR ciphers in the default provider
the dhgex tests (make t-exec LTESTS="dhgex") are failing.
The issue is that openssh needs the "current" IV state (which the
now-deprecated EVP_CIPHER_CTX_iv() used to return), but it's calling
the wrong
openssl function to obtain it. See openssl PR #12233 for additional
discussion.
The latest changes in OpenSSL 3.0 in combination with this patch fixes
the
non-GCM ciphers. All but the chacha20-poly1305 test are not working
again:
| dhgex bits 3072 diffie-hellman-group-exchange-sha1 3des-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 3des-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-ctr
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-ctr
| dhgex bits 3072 diffie-hellman-group-exchange-sha1
aes128-gcm@openssh.com
| dhgex bits 3072 diffie-hellman-group-exchange-sha256
aes128-gcm@openssh.com
| dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-cbc
| dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-cbc
| dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-ctr
| dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-cbc
| dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-cbc
| dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
aes256-gcm@openssh.com
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
aes256-gcm@openssh.com
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
rijndael-cbc@lysator.liu.se
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
rijndael-cbc@lysator.liu.se
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
chacha20-poly1305@openssh.com
| ssh failed ()
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
chacha20-poly1305@openssh.com
| ssh failed ()
Link: https://www.spinics.net/lists/openssh-unix-dev/msg06860.html
Link: https://github.com/openssl/openssl/pull/12233
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic