Darren Tucker
2020-Dec-04 02:36 UTC
[PATCH] cipher: fix dhgex for non-GCM ciphers for OpenSSL 3.0
On Fri, 4 Dec 2020 at 01:59, Marc Kleine-Budde <mkl at pengutronix.de> wrote: [...] Thanks for the investigation.> The issue is that openssh needs the "current" IV state (which the > now-deprecated EVP_CIPHER_CTX_iv() used to return), but it's calling thewrong> openssl function to obtain it.It's not that simple. In 2018, LibreSSL added EVP_CIPHER_CTX_get_iv ( https://github.com/libressl-portable/openbsd/commit/db321d7792) which returns the current IV, and OpenSSH has been using it ever since. In 2020, OpenSSL added a function of the same name ( https://github.com/openssl/openssl/commit/79f4417ed94) which behaves differently. Maybe OpenSSL could change it before 3.0 instead of shipping an incompatible API? EVP_CIPHER_CTX_get_original_iv would be consistent with the function they deprecated. ie EVP_CIPHER_CTX_get_iv -> EVP_CIPHER_CTX_get_original_iv EVP_CIPHER_CTX_get_iv_state -> EVP_CIPHER_CTX_get_iv -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Marc Kleine-Budde
2020-Dec-07 16:10 UTC
[PATCH] cipher: fix dhgex for non-GCM ciphers for OpenSSL 3.0
On 12/4/20 3:36 AM, Darren Tucker wrote:> Thanks for the investigation. > >> The issue is that openssh needs the "current" IV state (which the >> now-deprecated EVP_CIPHER_CTX_iv() used to return), but it's calling the >> wrong openssl function to obtain it. > > It's not that simple. > > In 2018, LibreSSL added EVP_CIPHER_CTX_get_iv ( > https://github.com/libressl-portable/openbsd/commit/db321d7792) which > returns the current IV, and OpenSSH has been using it ever since. > > In 2020, OpenSSL added a function of the same name ( > https://github.com/openssl/openssl/commit/79f4417ed94) which behaves > differently. Maybe OpenSSL could change it before 3.0 instead of shipping > an incompatible API? EVP_CIPHER_CTX_get_original_iv would be consistent > with the function they deprecated. ie > > EVP_CIPHER_CTX_get_iv -> EVP_CIPHER_CTX_get_original_iv > EVP_CIPHER_CTX_get_iv_state -> EVP_CIPHER_CTX_get_ivI tried to wrap up the problem and created an openssl issue: https://github.com/openssl/openssl/issues/13631 Marc -- Pengutronix e.K. | Marc Kleine-Budde | Embedded Linux | https://www.pengutronix.de | Vertretung West/Dortmund | Phone: +49-231-2826-924 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20201207/28f34a58/attachment.asc>