For what it's worth, the latest changes in OpenSSL 3.0 (specifically, PR
#12233) in combination with this patch fixed the non-GCM ciphers for me:
Index: openssh-8.0p1/cipher.c
===================================================================
--- openssh-8.0p1/cipher.c (revision 136940)
+++ openssh-8.0p1/cipher.c (working copy)
@@ -594,7 +594,7 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char
if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
len, iv))
return SSH_ERR_LIBCRYPTO_ERROR;
- } else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len))
+ } else if (!EVP_CIPHER_CTX_get_iv_state(cc->evp, iv, len))
return SSH_ERR_LIBCRYPTO_ERROR;
#endif
return 0;
Regards,
Tom.III
>On Fri, 24 Jul 2020 at 22:46, The Doctor <doctor at doctor.nl2k.ab.ca>
wrote:
>> Anyone trying openssl 3 against openssh?
>
>I used to test OpenSSH head against OpenSSL head but it was broken
>enough that I didn't have time to keep up and I ended up giving up.
>Here's what I found as of a few months ago in case it provides any
>clues, I have not attempted since then:
>
>Several months ago a commit to OpenSSL head broke OpenSSH Portable's
>AES-GCM ciphers. I didn't have time to look at this for a while, and
>by the time I did there were at least 2 other unrelated breakages that
>muddied the waters sufficiently that I never got to the bottom of it.
>
>I tried retesting at the hackathon and didn't get the results I
>expected: now the GCM ones worked and the NON-GCM ones didn't
>
>After some clues from tb and a lot of time bisecting I have identified
>commits #1 and #3 below as the likely culprits. I don't know if they
>or we are doing the wrong thing. Can anyone tell me?
>
>Thanks.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
