Marc Kleine-Budde
2020-Dec-10 07:43 UTC
[PATCH] cipher: fix dhgex for non-GCM ciphers for OpenSSL 3.0
On 12/10/20 12:29 AM, Damien Miller wrote:>> Are you interested in another take on a patch to fix OpenSSH with the current >> OpenSSL-3.0? > > It looks like OpenSSL are considering renaming the API. I think we can wait > for them to make up their minds before proceeding. If the go ahead with > the plan to rename EVP_CIPHER_CTX_get_iv_state to get_running_iv then the > fix will be a single #define in one of our compat headers AFAIK.Yes, but the name of EVP_CIPHER_CTX_get_iv_state(), EVP_CIPHER_CTX_get_running_iv() or something else is not the only problem. The other problem is the going-to-be-renamed OpenSSL function EVP_CIPHER_CTX_get_iv(). See my patch on trying to work around this with the current situation: https://lists.mindrot.org/pipermail/openssh-unix-dev/2020-December/039008.html Marc -- Pengutronix e.K. | Marc Kleine-Budde | Embedded Linux | https://www.pengutronix.de | Vertretung West/Dortmund | Phone: +49-231-2826-924 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20201210/580e9001/attachment.asc>
Thorsten Glaser
2020-Dec-10 08:15 UTC
[PATCH] cipher: fix dhgex for non-GCM ciphers for OpenSSL 3.0
On Thu, 10 Dec 2020, Marc Kleine-Budde wrote:> See my patch on trying to work around this with the current situation:AIUI the ?current situation? is an unreleased beta. If the OpenSSL people are going to fix this before the release, no need to even consider doing these acrobatics. bye, //mirabilos -- 15:41?<Lo-lan-do:#fusionforge> Somebody write a testsuite for helloworld :-)
Marc Kleine-Budde
2021-Jan-18 13:37 UTC
[PATCH] cipher: fix dhgex for non-GCM ciphers for OpenSSL 3.0
On 12/10/20 9:15 AM, Thorsten Glaser wrote:> On Thu, 10 Dec 2020, Marc Kleine-Budde wrote: > >> See my patch on trying to work around this with the current situation: > > AIUI the ?current situation? is an unreleased beta. > > If the OpenSSL people are going to fix this before the > release, no need to even consider doing these acrobatics.OpenSSL just closed the issue. It should be fixed with: https://github.com/openssl/openssl/commit/0d83b7b9036feea680ba45751df028ff5e86cd63> Rename EVP_CIPHER_CTX_get_iv and EVP_CIPHER_CTX_get_iv_state for clarity > > To clarify the purpose of these two calls rename them to > EVP_CIPHER_CTX_get_original_iv and EVP_CIPHER_CTX_get_updated_iv. > > Also rename the OSSL_CIPHER_PARAM_IV_STATE to OSSL_CIPHER_PARAM_UPDATED_IV > to better align with the function name.regards, Marc -- Pengutronix e.K. | Marc Kleine-Budde | Embedded Linux | https://www.pengutronix.de | Vertretung West/Dortmund | Phone: +49-231-2826-924 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210118/ecf2a96a/attachment.asc>