[Bug 3238] New: Fix openssl-3.0 regression: fix dhgex for non-GCM ciphers

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Dec 4 01:37:55 AEDT 2020 

https://bugzilla.mindrot.org/show_bug.cgi?id=3238

            Bug ID: 3238
           Summary: Fix openssl-3.0 regression: fix dhgex for non-GCM
                    ciphers
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mkl at pengutronix.de

Created attachment 3461
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3461&action=edit
cipher: fix dhgex for non-GCM ciphers for OpenSSL 3.0

During OpenSSL 3.0 development since OpenSSL commits:

| 718b133a5328 Implement AES CBC ciphers in the default provider
| 819a7ae9fc77 Implement AES CTR ciphers in the default provider

the dhgex tests (make t-exec LTESTS="dhgex") are failing.

The issue is that openssh needs the "current" IV state (which the
now-deprecated EVP_CIPHER_CTX_iv() used to return), but it's calling
the wrong
openssl function to obtain it. See openssl PR #12233 for additional
discussion.

The latest changes in OpenSSL 3.0 in combination with this patch fixes
the
non-GCM ciphers. All but the chacha20-poly1305 test are not working
again:

| dhgex bits 3072 diffie-hellman-group-exchange-sha1 3des-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 3des-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-ctr
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-ctr
| dhgex bits 3072 diffie-hellman-group-exchange-sha1
aes128-gcm at openssh.com
| dhgex bits 3072 diffie-hellman-group-exchange-sha256
aes128-gcm at openssh.com
| dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-cbc
| dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-cbc
| dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-ctr
| dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-cbc
| dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-cbc
| dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
aes256-gcm at openssh.com
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
aes256-gcm at openssh.com
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
rijndael-cbc at lysator.liu.se
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
rijndael-cbc at lysator.liu.se
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
chacha20-poly1305 at openssh.com
| ssh failed ()
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
chacha20-poly1305 at openssh.com
| ssh failed ()

Link: https://www.spinics.net/lists/openssh-unix-dev/msg06860.html
Link: https://github.com/openssl/openssl/pull/12233

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list