New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL 1.1 support #14
Comments
Is this for the 7.4 patch set? Also, recent investigations indicate that
the AES-CTR-MT cipher may be slower than the stock AES-CTR cipher since
the introduction of AES-NI on intel CPUs (westmere and later). Until we
figure out how to incorporate the AES-NI calls into AES-CTR-MT not using
the MT version may produce better throughput.
I'll be coming out with a full patch set for 7.4 in the next week. I'll
also be looking at this specific issue at that time.
…On 2/15/17 11:53 AM, Venkat Yekkirala wrote:
In trying to compile GSI-OpenSSH with the HPN patch included,
compilation fails as follows:
gcc -g -O2 -I/usr/local/ulyaoth/ssl/openssl1.1.0/include -Wall
-Wpointer-arith -Wsign-compare -Wformat-security -Wno-pointer-sign
-fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset
-fstack-protector-all -fPIE -g -O2
-I/usr/local/ulyaoth/ssl/openssl1.1.0/include
-I/usr/local/ulyaoth/ssl/openssl1.1.0/include -I/usr/include/globus -I.
-I. -I/usr/local/ulyaoth/ssl/openssl1.1.0//include
-D_PATH_SSH_ASKPASS_DEFAULT="/home/ysvenkat/gsi-openssh.install/libexec/ssh-askpass"
-DGSISSHDIR=""/home/ysvenkat/gsi-openssh.install/etc""
-D_PATH_SSH_PIDDIR="/var/run" -D_PATH_PRIVSEP_CHROOT_DIR="/var/empty"
-DHAVE_CONFIG_H -c cipher-ctr-mt.c -o cipher-ctr-mt.o
cipher-ctr-mt.c: In function ‘ssh_aes_ctr’:
cipher-ctr-mt.c:425: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c: In function ‘ssh_aes_ctr_init’:
cipher-ctr-mt.c:503: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c:509: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c:512: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c: In function ‘evp_aes_ctr_mt’:
cipher-ctr-mt.c:585: error: storage size of ‘aes_ctr’ isn’t known
cipher-ctr-mt.c:587: error: invalid application of ‘sizeof’ to
incomplete type ‘EVP_CIPHER’
cipher-ctr-mt.c:585: warning: unused variable ‘aes_ctr’
make: *** [cipher-ctr-mt.o] Error 1
$
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#14>, or mute the
thread
<https://github.com/notifications/unsubscribe-auth/ABS_eNOSWqlZYAuJKSqBvpppnD3Li_vaks5rcy2TgaJpZM4MB9wt>.
|
It's actually for 7.3p1 with the Fedora OpenSSL 1.1 patch for OpenSSH applied. Below is a patch to HPN for OpenSSL 1.1. If you can review and let me know of any issues, I would appreciate it. Thanks. https://github.com/globus/gsi-openssh/commit/516d21a0794d42680dc9e0d6788d8fd9c380b713 |
The above patch only fixes the compilation errors, but AES-CTR-MT remains inoperable with the Fedora OpenSSL 1.1 patch for OpenSSH at runtime as recorded in the below: |
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
Note that openssl 1.0.2 isn't supported anymore, at least not for free: https://www.openssl.org/news/secadv/20191206.txt EDIT: in other words, it's likely to become vulnerable soon. |
@vcunat Sorry to pollute this thread, but I really like your avatar. |
It seems the new release |
Crazy, I just put that one up. I'm glad it's working for you.
Chris
…On 6/16/20 1:07 PM, Pavol Rusnak wrote:
It seems the new release |hpn-KitchenSink-8_3_P1| can be compiled with
newer OpenSSL and this issue can be closed
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#14 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAKL66GA6YKY3SJFNLYCZELRW6RFTANCNFSM4DAH3QWQ>.
|
In trying to compile GSI-OpenSSH with the HPN patch included, compilation fails as follows:
gcc -g -O2 -I/usr/local/ulyaoth/ssl/openssl1.1.0/include -Wall -Wpointer-arith -Wsign-compare -Wformat-security -Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-all -fPIE -g -O2 -I/usr/local/ulyaoth/ssl/openssl1.1.0/include -I/usr/local/ulyaoth/ssl/openssl1.1.0/include -I/usr/include/globus -I. -I. -I/usr/local/ulyaoth/ssl/openssl1.1.0//include -D_PATH_SSH_ASKPASS_DEFAULT="/home/ysvenkat/gsi-openssh.install/libexec/ssh-askpass" -DGSISSHDIR=""/home/ysvenkat/gsi-openssh.install/etc"" -D_PATH_SSH_PIDDIR="/var/run" -D_PATH_PRIVSEP_CHROOT_DIR="/var/empty" -DHAVE_CONFIG_H -c cipher-ctr-mt.c -o cipher-ctr-mt.o
cipher-ctr-mt.c: In function ‘ssh_aes_ctr’:
cipher-ctr-mt.c:425: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c: In function ‘ssh_aes_ctr_init’:
cipher-ctr-mt.c:503: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c:509: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c:512: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c: In function ‘evp_aes_ctr_mt’:
cipher-ctr-mt.c:585: error: storage size of ‘aes_ctr’ isn’t known
cipher-ctr-mt.c:587: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_CIPHER’
cipher-ctr-mt.c:585: warning: unused variable ‘aes_ctr’
make: *** [cipher-ctr-mt.o] Error 1
$
The text was updated successfully, but these errors were encountered: