https://bugzilla.mindrot.org/show_bug.cgi?id=3238
Bug ID: 3238
Summary: Fix openssl-3.0 regression: fix dhgex for non-GCM
ciphers
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Miscellaneous
Assignee: [email protected]
Reporter: [email protected]
Created attachment 3461
--> https://bugzilla.mindrot.org/attachment.cgi?id=3461&action=edit
cipher: fix dhgex for non-GCM ciphers for OpenSSL 3.0
During OpenSSL 3.0 development since OpenSSL commits:
| 718b133a5328 Implement AES CBC ciphers in the default provider
| 819a7ae9fc77 Implement AES CTR ciphers in the default provider
the dhgex tests (make t-exec LTESTS="dhgex") are failing.
The issue is that openssh needs the "current" IV state (which the
now-deprecated EVP_CIPHER_CTX_iv() used to return), but it's calling
the wrong
openssl function to obtain it. See openssl PR #12233 for additional
discussion.
The latest changes in OpenSSL 3.0 in combination with this patch fixes
the
non-GCM ciphers. All but the chacha20-poly1305 test are not working
again:
| dhgex bits 3072 diffie-hellman-group-exchange-sha1 3des-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 3des-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-cbc
| dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-ctr
| dhgex bits 3072 diffie-hellman-group-exchange-sha256 aes128-ctr
| dhgex bits 3072 diffie-hellman-group-exchange-sha1
[email protected]
| dhgex bits 3072 diffie-hellman-group-exchange-sha256
[email protected]
| dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-cbc
| dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-cbc
| dhgex bits 7680 diffie-hellman-group-exchange-sha1 aes192-ctr
| dhgex bits 7680 diffie-hellman-group-exchange-sha256 aes192-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-cbc
| dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-cbc
| dhgex bits 8192 diffie-hellman-group-exchange-sha1 aes256-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha256 aes256-ctr
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
[email protected]
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
[email protected]
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
[email protected]
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
[email protected]
| dhgex bits 8192 diffie-hellman-group-exchange-sha1
[email protected]
| ssh failed ()
| dhgex bits 8192 diffie-hellman-group-exchange-sha256
[email protected]
| ssh failed ()
Link: https://www.spinics.net/lists/openssh-unix-dev/msg06860.html
Link: https://github.com/openssl/openssl/pull/12233
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
