Bug 2466

Summary:

Cipher defines from opensslconf.h

Product:

Portable OpenSSH

Reporter:

Hugo Lopata <hugo>

Component:

Miscellaneous

Assignee:

Darren Tucker <dtucker>

Status:

CLOSED FIXED

Severity:

minor

CC:

djm, dtucker

Priority:

Version:

7.1p1

Hardware:

All

OS:

Linux

Bug Depends on:

Bug Blocks:

2543

Attachments:

Description	Flags
patch with preprocessor checks of available ciphers	none
handle RC4, CAST and/or Blowfish being disabled in libcrypto	none
revised diff; with cipher-bf1.c bits	dtucker: ok+

Description Hugo Lopata 2015-09-14 20:54:36 AEST

Created attachment 2703 [details]
patch with preprocessor checks of available ciphers

I use OpenSSL 1.0.2c configured and compiled with "no-rc4" flag.
It breaks compilation of cipher.c from Openssh.

The attached patch adds more preprocessor checks of available ciphers form OpenSSL.

Comment 1 Darren Tucker 2015-09-14 21:10:38 AEST

Looks reasonable, putting on the list for 7.2

Comment 2 Damien Miller 2015-10-06 05:55:29 AEDT

ok for OPENSSL_NO_BF, OPENSSL_NO_CAST and OPENSSL_NO_RC4.

I don't think we want to support no-AES / no-3DES configurations so IMO we should skip the extra ifdef (it's tangled enough already)

Comment 3 Darren Tucker 2015-10-26 14:32:23 AEDT

Created attachment 2738 [details]
handle RC4, CAST and/or Blowfish being disabled in libcrypto

(In reply to Damien Miller from comment #2)
> ok for OPENSSL_NO_BF, OPENSSL_NO_CAST and OPENSSL_NO_RC4.

patch updated thusly.

> I don't think we want to support no-AES / no-3DES configurations so
> IMO we should skip the extra ifdef (it's tangled enough already)

I agree with this, because disabling AES in libcrypto will end up using the AES code in rijndael.c anyway, and 3DES is the only cipher required by RFC4253.

Comment 4 Damien Miller 2015-10-26 14:33:56 AEDT

Comment on attachment 2738 [details]
handle RC4, CAST and/or Blowfish being disabled in libcrypto

Does this do the right thing wrt filtering myproposal.h values?

Comment 5 Darren Tucker 2015-10-29 13:03:15 AEDT

(In reply to Damien Miller from comment #4) 
> Does this do the right thing wrt filtering myproposal.h values?

Hm.  I don't think it does.

I'm tempted to filter the proposal to remove any ciphers not actually in the sshcipher list.  This will prevent either server or client from advertising a cipher it can't actually do.  It'd simplify the ifdef maze in myproposal.h.

Comment 6 Damien Miller 2015-10-29 14:27:50 AEDT

+1000

Comment 7 Damien Miller 2016-02-26 14:44:29 AEDT

Retarget to openssh-7.3

Comment 8 Damien Miller 2016-02-26 14:47:17 AEDT

Retarget to openssh-7.3

Comment 9 Damien Miller 2016-07-15 14:35:12 AEST

Created attachment 2850 [details]
revised diff; with cipher-bf1.c bits

Comment 10 Damien Miller 2016-07-15 14:47:43 AEST

Patch is committed, but I'll keep the bug open for now - I'm not sure whether we need better filtering of the default KEX proposals too.

Comment 11 Damien Miller 2016-07-15 14:58:22 AEST

no filtering is required - we've already removed all the offending ciphers from myproposal.h :)

This bug fix will be included in the openssh-7.3 release

Comment 12 Damien Miller 2016-08-02 10:41:01 AEST

Close all resolved bugs after 7.3p1 release