'[Bug 3238] New: Fix openssl-3.0 regression: fix dhgex for non-GCM ciphers'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-bugs
Subject:    [Bug 3238] New: Fix openssl-3.0 regression: fix dhgex for non-GCM ciphers
From:       bugzilla-daemon () mindrot ! org
Date:       2020-12-03 14:37:55
Message-ID: bug-3238-705 () https ! bugzilla ! mindrot ! org/
[Download RAW message or body]

https://bugzilla.mindrot.org/show_bug.cgi?id=3238

            Bug ID: 3238
           Summary: Fix openssl-3.0 regression: fix dhgex for non-GCM
                    ciphers
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs@mindrot.org
          Reporter: mkl@pengutronix.de

Created attachment 3461
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3461&action=edit
cipher: fix dhgex for non-GCM ciphers for OpenSSL 3.0

During OpenSSL 3.0 development since OpenSSL commits:

| 718b133a5328 Implement AES CBC ciphers in the default provider
| 819a7ae9fc77 Implement AES CTR ciphers in the default provider

the dhgex tests (make t-exec LTESTS="dhgex") are failing.

The issue is that openssh needs the "current" IV state (which the
now-deprecated EVP_CIPHER_CTX_iv() used to return), but it's calling
the wrong
openssl function to obtain it. See openssl PR #12233 for additional
discussion.

The latest changes in OpenSSL 3.0 in combination with this patch fixes
the
non-GCM ciphers. All but the chacha20-poly1305 test are not working
again:

| dhgex bits 3072 diffie-hellman-group-exchange-sha1 3des-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 3des-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-ctr
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-ctr
| dhgex bits 3072 diffie-hellman-group-exchange-sha1
aes128-gcm@openssh.com
| dhgex bits 3072 diffie-hellman-group-exchange-sha256
aes128-gcm@openssh.com
| dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-cbc
| dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-cbc
| dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-ctr
| dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-cbc
| dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-cbc
| dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
aes256-gcm@openssh.com
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
aes256-gcm@openssh.com
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
rijndael-cbc@lysator.liu.se
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
rijndael-cbc@lysator.liu.se
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
chacha20-poly1305@openssh.com
| ssh failed ()
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
chacha20-poly1305@openssh.com
| ssh failed ()

Link: https://www.spinics.net/lists/openssh-unix-dev/msg06860.html
Link: https://github.com/openssl/openssl/pull/12233

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[prev in list] [next in list] [prev in thread] [next in thread] 