Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encryption failure during handshake when using libssh2 and wolfssl #1299

Closed
brucsc opened this issue Dec 26, 2023 · 7 comments
Closed

Encryption failure during handshake when using libssh2 and wolfssl #1299

brucsc opened this issue Dec 26, 2023 · 7 comments
Labels
bug

Comments

@brucsc
Copy link

brucsc commented Dec 26, 2023

I'm getting a -44 error code and message of "Unable to ask for ssh-userauth service" when using wolfssl as the encryption engine during ssh handshake. I've tracked the error to this code on line 584 of openssl.c:

if(IS_LAST(firstlast)) {
  /* This is the last block.
     encrypt: compute tag, if applicable
     decrypt: verify tag, if applicable
     in!=NULL is equivalent to EVP_CipherUpdate
     in==NULL is equivalent to EVP_CipherFinal */
#ifdef HAVE_OPAQUE_STRUCTS
  ret = EVP_Cipher(*ctx, NULL, NULL, 0); /* final */
#else
  ret = EVP_Cipher(ctx, NULL, NULL, 0); /* final */
#endif

The comment indicates the expectation that EVP_CipherFinal should be equivalent to EVP_Cipher when finalizing the encryption. The EVP_Cipher method resolves to wolfSSL_EVP_Cipher on line 7080 of the wolfssl/wolfcrypt/src/evp.c file. There a check of NULL on the incoming buffers returns a WOLFSSL_FATAL_ERROR. After modifying the code to follow the comment, EVP_CipherFinal is used instead of EVP_Cipher, then the encryption seems to work as expected:

int final_length = 0;
ret = EVP_CipherFinal(*ctx, buf + aadlen, &final_length); /* final */

I do not know enough about these internals to know if this is the correct solution or not and would appreciate any assistance in getting this fixed. The comment suggests a break in the interface expectations with wolfssl.

To Reproduce
Extract libssh2 1.11.0, wolfssl 5.6.4. Build wolfssl. Build libssh2 to use wolfssl. Attempt to connect to an ssh server. In my case OpenSSH 8.9.

Expected behavior
For the encryption to work and the ssh handshake to complete.

Version

  • OS and version: Linux Ubuntu 22.04.3 LTS
  • libssh2 version: 1.11.0
  • crypto backend and version: wolfSSL 5.6.4

Additional context
Add any other context about the problem here.
@vszakats
Copy link
Member

vszakats commented Dec 26, 2023
edited
Loading

initial report: #1020

@vszakats vszakats marked this as a duplicate of #1020 Dec 26, 2023
@vszakats vszakats reopened this Apr 2, 2024
@vszakats
Copy link
Member

vszakats commented Apr 5, 2024
edited
Loading

@brucsc: Can you make PR out of your fix proposal?

You can also find earlier discussions about this in #1020, with
the patch necessary to re-enable CI tests for wolfSSL, in this comment:
#1020 (comment)

MichaelBuckley added a commit to MichaelBuckley/libssh2 that referenced this issue May 24, 2024
@MichaelBuckley
Call EVP_CipherFinal when using WolfSSL. Fixes libssh2#1299
6acf5a8
@MichaelBuckley MichaelBuckley mentioned this issue May 24, 2024
Closed
MichaelBuckley added a commit to MichaelBuckley/libssh2 that referenced this issue May 24, 2024
@MichaelBuckley
Call EVP_CipherFinal when using WolfSSL. Fixes libssh2#1299
8ea4ced
@kareem-wolfssl
Copy link

This should be fixed with my colleague's PR here: wolfSSL/wolfssl#7143
This PR was not merged until wolfSSL 5.7.0, please try updating to 5.7.0 and try again.

@vszakats
Copy link
Member

@kareem-wolfssl Can you confirm this is the same issue as #1020, or are they different?

@kareem-wolfssl
Copy link

@vszakats as best as I can tell this is the same issue, #1020 was also caused by the line EVP_Cipher(*ctx, NULL, NULL, 0);. So the linked PR/5.7.0 should resolve both issues.

@vszakats
Copy link
Member

vszakats commented May 24, 2024
edited
Loading

Thanks, also for the info about the fix!

I prefer @MichaelBuckley's PR, which replaces that API call with one that works with all wolfSSL versions. The Linux CI runner is still at 5.2.0.

@brucsc
Copy link
Author

brucsc commented May 24, 2024

Great, I was very uncomfortable with what I presented in the initial question since it seemed like I was covering over an issue instead of fixing it.

vszakats added a commit to vszakats/libssh2 that referenced this issue Jun 21, 2024
@vszakats
ci/GHA: add Linux job with latest wolfSSL built from source
992b765 
wolfSSL 5.7.0 fixes a bug that affects libssh2#1020 and libssh2#1299.

Closes #xxxx
vszakats added a commit to vszakats/libssh2 that referenced this issue Jun 21, 2024
@vszakats
ci/GHA: add Linux job with latest wolfSSL built from source
fcc2fec 
wolfSSL 5.7.0 fixes this bug that affects libssh2#1020 and libssh2#1299:
wolfSSL/wolfssl#7143

`-DWOLFSSL_OPENSSLALL=ON` necessary for `wolfSSL_FIPS_mode()`

Closes #xxxx
@vszakats vszakats mentioned this issue Jun 21, 2024
Closed
vszakats added a commit that referenced this issue Jun 21, 2024
@vszakats
ci/GHA: add Linux job with latest wolfSSL built from source
d4cea53 
After this patch it's possible to run tests with wolfSSL 5.7.0.

wolfSSL 5.7.0 fixes this bug that affects open issues #1020 and #1299:
wolfSSL/wolfssl#7143

`-DWOLFSSL_OPENSSLALL=ON` is necessary for `wolfSSL_FIPS_mode()`

Closes #1408
vszakats added a commit to vszakats/libssh2 that referenced this issue Jun 24, 2024
@vszakats
wolfssl: require v5.4.0 for AES-GCM
cbb1389 
Also re-enable tests in wolfSSL Linux CI jobs. That wolfSSL is v5.2.0,
which is broken with AES-GCM enabled.

This patch is part of a series of fixes to make wolfSSL AES-GCM support
work together with libssh2.

Ref: libssh2#1020
Ref: libssh2#1299
Cherry-picked from libssh2#1407
Closes libssh2#1411
@vszakats vszakats mentioned this issue Jun 24, 2024
Closed
vszakats added a commit to vszakats/libssh2 that referenced this issue Jun 24, 2024
@vszakats
wolfssl: require v5.4.0 for AES-GCM
2be57de 
Also re-enable tests in wolfSSL Linux CI jobs. That wolfSSL is v5.2.0,
which is broken with AES-GCM enabled.

This patch is part of a series of fixes to make wolfSSL AES-GCM support
work together with libssh2.

Ref: libssh2#1020
Ref: libssh2#1299
Cherry-picked from libssh2#1407
Closes libssh2#1411
vszakats added a commit that referenced this issue Jun 24, 2024
@vszakats
wolfssl: require v5.4.0 for AES-GCM
260a721 
Earlier versions crash while running tests.

This patch is part of a series of fixes to make wolfSSL AES-GCM support
work together with libssh2.

Possibly related is this wolfSSL bugfix patch, released in v5.4.0:
wolfSSL/wolfssl#5205
wolfSSL/wolfssl@fb3c611
"Fix another AES-GCM EVP control command issue"

Ref: #1020
Ref: #1299
Cherry-picked from #1407
Closes #1411
@vszakats vszakats mentioned this issue Jun 24, 2024
Closed
agreppin pushed a commit to agreppin/libssh2 that referenced this issue Jul 14, 2024
@vszakats @agreppin
ci/GHA: add Linux job with latest wolfSSL built from source
4078122 
After this patch it's possible to run tests with wolfSSL 5.7.0.

wolfSSL 5.7.0 fixes this bug that affects open issues libssh2#1020 and libssh2#1299:
wolfSSL/wolfssl#7143

`-DWOLFSSL_OPENSSLALL=ON` is necessary for `wolfSSL_FIPS_mode()`

Closes libssh2#1408
agreppin pushed a commit to agreppin/libssh2 that referenced this issue Jul 14, 2024
@vszakats @agreppin
wolfssl: require v5.4.0 for AES-GCM
a4a6dff 
Earlier versions crash while running tests.

This patch is part of a series of fixes to make wolfSSL AES-GCM support
work together with libssh2.

Possibly related is this wolfSSL bugfix patch, released in v5.4.0:
wolfSSL/wolfssl#5205
wolfSSL/wolfssl@fb3c611
"Fix another AES-GCM EVP control command issue"

Ref: libssh2#1020
Ref: libssh2#1299
Cherry-picked from libssh2#1407
Closes libssh2#1411
agreppin pushed a commit to agreppin/libssh2 that referenced this issue Jul 14, 2024
@vszakats @agreppin
wolfssl: fix EVP_Cipher() use with v5.6.0 and older
6298403 
Add workaround for the wolfSSL `EVP_Cipher(*p, NULL, NULL, 0)` bug to
make libssh2 work with wolfSSL v5.6.0 and older.

wolfSSL fixed this issue in v5.7.0:
wolfSSL/wolfssl#7143
wolfSSL/wolfssl@b0de0a1

Without our local workaround:

- v5.3.0 and older fail most tests:
  Ref: https://github.com/libssh2/libssh2/actions/runs/9646827522/job/26604211476#step:17:1263

- v5.4.0, v5.5.x, v5.6.0 fail these:
  ```
  29 - test_read-aes128-cbc (Failed)
  30 - test_read-aes128-ctr (Failed)
  32 - test_read-aes192-cbc (Failed)
  33 - test_read-aes192-ctr (Failed)
  34 - test_read-aes256-cbc (Failed)
  35 - test_read-aes256-ctr (Failed)
  ```
  Ref: https://github.com/libssh2/libssh2/actions/runs/9646827522/job/26604233819#step:17:978

Oddly enough the workaround breaks OpenSSL tests, so only enable it for
the affected wolfSSL versions.

Also add new build-from-source wolfSSL CI job to test the new codepath.

wolfSSL has a build bug where `wolfssl/options.h` and
`wolfssl/version.h` are not copied to the `install` destination with
autotools. With CMake it has a different bug where `wolfcrypt/sp_int.h`
is not copied (with v5.4.0). And another with CMake where `FIPS_mode()`
remains missing (with v5.6.0 and earlier.)

Therefore use CMake with v5.5.4 and a workaround for `FIPS_mode()`.
Another option is autotools with v5.4.0 and a workaround for `install`,
but CMake builds quicker.

Regression-from 3c953c0 libssh2#797
Fixes libssh2#1020
Fixes libssh2#1299
Assisted-by: Michael Buckley via libssh2#1394
Closes libssh2#1394 (another attempt to fix the mentioned wolfSSL bug)
Closes libssh2#1407
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

wolfssl: fix EVP_Cipher() use with v5.6.0 and older vszakats/libssh2
3 participants
@vszakats @kareem-wolfssl @brucsc