OpenSSL 1.1 support #14
Comments
|
Is this for the 7.4 patch set? Also, recent investigations indicate that
the AES-CTR-MT cipher may be slower than the stock AES-CTR cipher since
the introduction of AES-NI on intel CPUs (westmere and later). Until we
figure out how to incorporate the AES-NI calls into AES-CTR-MT not using
the MT version may produce better throughput.
I'll be coming out with a full patch set for 7.4 in the next week. I'll
also be looking at this specific issue at that time.
…On 2/15/17 11:53 AM, Venkat Yekkirala wrote:
In trying to compile GSI-OpenSSH with the HPN patch included,
compilation fails as follows:
gcc -g -O2 -I/usr/local/ulyaoth/ssl/openssl1.1.0/include -Wall
-Wpointer-arith -Wsign-compare -Wformat-security -Wno-pointer-sign
-fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset
-fstack-protector-all -fPIE -g -O2
-I/usr/local/ulyaoth/ssl/openssl1.1.0/include
-I/usr/local/ulyaoth/ssl/openssl1.1.0/include -I/usr/include/globus -I.
-I. -I/usr/local/ulyaoth/ssl/openssl1.1.0//include
-D_PATH_SSH_ASKPASS_DEFAULT="/home/ysvenkat/gsi-openssh.install/libexec/ssh-askpass"
-DGSISSHDIR=""/home/ysvenkat/gsi-openssh.install/etc""
-D_PATH_SSH_PIDDIR="/var/run" -D_PATH_PRIVSEP_CHROOT_DIR="/var/empty"
-DHAVE_CONFIG_H -c cipher-ctr-mt.c -o cipher-ctr-mt.o
cipher-ctr-mt.c: In function ‘ssh_aes_ctr’:
cipher-ctr-mt.c:425: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c: In function ‘ssh_aes_ctr_init’:
cipher-ctr-mt.c:503: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c:509: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c:512: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c: In function ‘evp_aes_ctr_mt’:
cipher-ctr-mt.c:585: error: storage size of ‘aes_ctr’ isn’t known
cipher-ctr-mt.c:587: error: invalid application of ‘sizeof’ to
incomplete type ‘EVP_CIPHER’
cipher-ctr-mt.c:585: warning: unused variable ‘aes_ctr’
make: *** [cipher-ctr-mt.o] Error 1
$
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#14>, or mute the
thread
<https://github.com/notifications/unsubscribe-auth/ABS_eNOSWqlZYAuJKSqBvpppnD3Li_vaks5rcy2TgaJpZM4MB9wt>.
|
|
It's actually for 7.3p1 with the Fedora OpenSSL 1.1 patch for OpenSSH applied. Below is a patch to HPN for OpenSSL 1.1. If you can review and let me know of any issues, I would appreciate it. Thanks. https://github.com/globus/gsi-openssh/commit/516d21a0794d42680dc9e0d6788d8fd9c380b713 |
|
The above patch only fixes the compilation errors, but AES-CTR-MT remains inoperable with the Fedora OpenSSL 1.1 patch for OpenSSH at runtime as recorded in the below: |
andir
added a commit
to NixOS/nixpkgs
that referenced
this issue
Mar 6, 2019
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
andir
added a commit
to NixOS/nixpkgs
that referenced
this issue
Mar 10, 2019
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
andir
added a commit
to andir/nixpkgs
that referenced
this issue
Mar 12, 2019
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
andir
added a commit
to NixOS/nixpkgs
that referenced
this issue
Mar 15, 2019
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
andir
added a commit
to NixOS/nixpkgs
that referenced
this issue
Mar 20, 2019
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
andir
added a commit
to NixOS/nixpkgs
that referenced
this issue
Jul 19, 2019
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
globin
pushed a commit
to NixOS/nixpkgs
that referenced
this issue
Jul 24, 2019
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
andir
added a commit
to andir/nixpkgs
that referenced
this issue
Jul 28, 2019
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
globin
pushed a commit
to NixOS/nixpkgs
that referenced
this issue
Jul 29, 2019
The HPN patchset doesn't yet support OpenSSL1.1. There is a potential patch available but that seems to break during runtime [1]. [1] rapier1/hpn-ssh#14
|
Note that openssl 1.0.2 isn't supported anymore, at least not for free: https://www.openssl.org/news/secadv/20191206.txt EDIT: in other words, it's likely to become vulnerable soon. |
|
@vcunat Sorry to pollute this thread, but I really like your avatar. |
|
It seems the new release |
|
Crazy, I just put that one up. I'm glad it's working for you.
Chris
…On 6/16/20 1:07 PM, Pavol Rusnak wrote:
It seems the new release |hpn-KitchenSink-8_3_P1| can be compiled with
newer OpenSSL and this issue can be closed
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#14 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAKL66GA6YKY3SJFNLYCZELRW6RFTANCNFSM4DAH3QWQ>.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In trying to compile GSI-OpenSSH with the HPN patch included, compilation fails as follows:
gcc -g -O2 -I/usr/local/ulyaoth/ssl/openssl1.1.0/include -Wall -Wpointer-arith -Wsign-compare -Wformat-security -Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-all -fPIE -g -O2 -I/usr/local/ulyaoth/ssl/openssl1.1.0/include -I/usr/local/ulyaoth/ssl/openssl1.1.0/include -I/usr/include/globus -I. -I. -I/usr/local/ulyaoth/ssl/openssl1.1.0//include -D_PATH_SSH_ASKPASS_DEFAULT="/home/ysvenkat/gsi-openssh.install/libexec/ssh-askpass" -DGSISSHDIR=""/home/ysvenkat/gsi-openssh.install/etc"" -D_PATH_SSH_PIDDIR="/var/run" -D_PATH_PRIVSEP_CHROOT_DIR="/var/empty" -DHAVE_CONFIG_H -c cipher-ctr-mt.c -o cipher-ctr-mt.o
cipher-ctr-mt.c: In function ‘ssh_aes_ctr’:
cipher-ctr-mt.c:425: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c: In function ‘ssh_aes_ctr_init’:
cipher-ctr-mt.c:503: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c:509: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c:512: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c: In function ‘evp_aes_ctr_mt’:
cipher-ctr-mt.c:585: error: storage size of ‘aes_ctr’ isn’t known
cipher-ctr-mt.c:587: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_CIPHER’
cipher-ctr-mt.c:585: warning: unused variable ‘aes_ctr’
make: *** [cipher-ctr-mt.o] Error 1
$
The text was updated successfully, but these errors were encountered: