openssh bugs - Dec 2020 - [Bug 3238] New: Fix openssl-3.0 regression: fix dhgex for non-GCM ciphers

https://bugzilla.mindrot.org/show_bug.cgi?id=3238

            Bug ID: 3238
           Summary: Fix openssl-3.0 regression: fix dhgex for non-GCM
                    ciphers
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mkl at pengutronix.de

Created attachment 3461
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3461&action=edit
cipher: fix dhgex for non-GCM ciphers for OpenSSL 3.0

During OpenSSL 3.0 development since OpenSSL commits:

| 718b133a5328 Implement AES CBC ciphers in the default provider
| 819a7ae9fc77 Implement AES CTR ciphers in the default provider

the dhgex tests (make t-exec LTESTS="dhgex") are failing.

The issue is that openssh needs the "current" IV state (which the
now-deprecated EVP_CIPHER_CTX_iv() used to return), but it's calling
the wrong
openssl function to obtain it. See openssl PR #12233 for additional
discussion.

The latest changes in OpenSSL 3.0 in combination with this patch fixes
the
non-GCM ciphers. All but the chacha20-poly1305 test are not working
again:

| dhgex bits 3072 diffie-hellman-group-exchange-sha1 3des-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 3des-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-ctr
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-ctr
| dhgex bits 3072 diffie-hellman-group-exchange-sha1
aes128-gcm at openssh.com
| dhgex bits 3072 diffie-hellman-group-exchange-sha256
aes128-gcm at openssh.com
| dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-cbc
| dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-cbc
| dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-ctr
| dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-cbc
| dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-cbc
| dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
aes256-gcm at openssh.com
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
aes256-gcm at openssh.com
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
rijndael-cbc at lysator.liu.se
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
rijndael-cbc at lysator.liu.se
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
chacha20-poly1305 at openssh.com
| ssh failed ()
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
chacha20-poly1305 at openssh.com
| ssh failed ()

Link: https://www.spinics.net/lists/openssh-unix-dev/msg06860.html
Link: https://github.com/openssl/openssl/pull/12233

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3238

--- Comment #1 from Marc Kleine-Budde <mkl at pengutronix.de> ---
Created attachment 3462
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3462&action=edit
v2

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3238

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |rajesh.satya at gmail.com

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
*** Bug 3249 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3238

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Current status is that we're waiting for OpenSSL to rename an
incompatible API: https://github.com/openssl/openssl/issues/13411

Until then, please consider OpenSSL 3.* unsupported by OpenSSH

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3238

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3461|0                           |1
        is obsolete|                            |
   Attachment #3462|0                           |1
        is obsolete|                            |
                 CC|                            |dtucker at dtucker.net
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
   Attachment #3473|                            |ok?(dtucker at dtucker.net)
              Flags|                            |

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Created attachment 3473
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3473&action=edit
adapt to OpenSSL 3.x API

It looks like OpenSSL did finally fix this:
https://github.com/openssl/openssl/commit/0d83b7b9036feea680ba45751df028ff5e86cd63

Here's a patch that tries to use the new names. Darren - do you have a
ossl3x builder handy to test this against?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3238

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED
             Blocks|                            |3217

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
this has been committed and will be in openssh-8.5, due real soon


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3217
[Bug 3217] Tracking bug for 8.5 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3238

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #6 from Damien Miller <djm at mindrot.org> ---
close bugs that were resolved in OpenSSH 8.5 release cycle

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3238

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3473|ok?(dtucker at dtucker.net)    |
              Flags|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.