Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
compat: fix dhgex for non-GCM ciphers for OpenSSL 3.0 alpha
During OpenSSL 3.0 development since OpenSSL commits: | 718b133a5328 Implement AES CBC ciphers in the default provider | 819a7ae9fc77 Implement AES CTR ciphers in the default provider the dhgex tests ("make t-exec LTESTS=dhgex") are failing. OpenSSH needs the "current" IV state, which is aquired with the accessor function EVP_CIPHER_CTX_get_iv(). The libressl compat layer uses EVP_CIPHER_CTX_iv() to implement EVP_CIPHER_CTX_get_iv(), see: | 482d23b upstream: hold our collective noses and use the openssl-1.1.x API in | 48f54b9 adapt -portable to OpenSSL 1.1x API Duing OpenSSL 3.0 development EVP_CIPHER_CTX_iv() was deprecated, and later OpenSSL re-added the functionality: EVP_CIPHER_CTX_get_iv() and EVP_CIPHER_CTX_get_iv_state() were introduced. However, EVP_CIPHER_CTX_get_iv() returns the original IV, while EVP_CIPHER_CTX_get_iv_state() returns the current IV. See openssl PR #12233 for additional discussion. This is a API clash, since OpenSSH expects EVP_CIPHER_CTX_get_iv() to return the running IV. See OpenSSL issue #13411 for an ongoing discussion on how to fix the problem, by renaming the functions. This patch works around the problem in the libressl compat layer, by providing a EVP_CIPHER_CTX_get_iv() function, that calls EVP_CIPHER_CTX_get_iv_state(), only if EVP_CIPHER_CTX_get_iv_state() is available. This internal EVP_CIPHER_CTX_get_iv() will be used by OpenSSH instead of the EVP_CIPHER_CTX_get_iv() provided by OpenSSL-3.0. The latest changes in OpenSSL 3.0 in combination with this patch fixes the non-GCM ciphers. All but the chacha20-poly1305 test are working again: | dhgex bits 3072 diffie-hellman-group-exchange-sha1 3des-cbc | dhgex bits 3072 diffie-hellman-group-exchange-sha256 3des-cbc | dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-cbc | dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-cbc | dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-ctr | dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-ctr | dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-gcm@openssh.com | dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-gcm@openssh.com | dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-cbc | dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-cbc | dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-ctr | dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-ctr | dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-cbc | dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-cbc | dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-ctr | dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-ctr | dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-gcm@openssh.com | dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-gcm@openssh.com | dhgex bits 8192 diffie-hellman-group-exchange-sha1 rijndael-cbc@lysator.liu.se | dhgex bits 8192 diffie-hellman-group-exchange-sha256 rijndael-cbc@lysator.liu.se | dhgex bits 8192 diffie-hellman-group-exchange-sha1 chacha20-poly1305@openssh.com | ssh failed () | dhgex bits 8192 diffie-hellman-group-exchange-sha256 chacha20-poly1305@openssh.com | ssh failed () Cc: Thomas Dwyer III <tomiii@tomiii.com> Link: https://www.spinics.net/lists/openssh-unix-dev/msg06860.html Link: openssl/openssl#12233 Link: openssl/openssl#13411 Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
- Loading branch information