Mailing List Archive

OpenSSL 1.1.0 support
Hi,

Attached is a patch that add supports for building against OpenSSL
1.1.0. I also made a github pull request for it at:
https://github.com/openssh/openssh-portable/pull/48

It has the same regression tests failures as the master branch,
and it has been tested with both 1.0.2 and 1.1.0.

Some comments about the patch:
- I've included an libcrypto-compat.c to add new functions from
OpenSSL that are needed with 1.1.0 but didn't exist in 1.0.2.
Since they are copied from the OpenSSL source code, I also added
the OpenSSL license to it. If this is a problem we can probably
agree to put that file under a different license.
- I've replaced the 2 EVP_CipherInit() calls in cipher_init() with
1. OpenSSL now clears everything when you call EVP_CipherInit()
again, so what was passed in the first but not in the second
call, and what the function calls between them did, was lost.
- The test suite was insitng that things like rsa->n where not
NULL in sshkey/test_sshkey.c. sshkey_add_private was also doing
something like that for the private parts. I don't agree that it
should just have BN members that are not set to a real value. So I
removed that code and the checks. I'm not even sure why this was
done. But sshkey_add_private() ends up as a rather useless
function now.
- In sshkey_private_deserialize() there was a KEY_RSA_CERT case.
I'm not sure what it's about and I guess the test suite also
doesn't check it. But it seems that it only has the private key
in that case and OpenSSL now seems to insist that an RSA needs
to have the public key information too.


PS: I didn't subscribe to the list.


Kurt
Re: OpenSSL 1.1.0 support [ In reply to ]
On Sun, Sep 18, 2016 at 08:22:31PM +0200, Kurt Roeckx wrote:
> Attached is a patch that add supports for building against OpenSSL
> 1.1.0. I also made a github pull request for it at:
> https://github.com/openssh/openssh-portable/pull/48

Hi,

Debian unstable now has OpenSSL 1.1.0 as the default, so I'll have to
take some kind of positive action if I want my OpenSSH packages to keep
building cleanly. I know it's a big patch, but is anyone likely to be
able to look at Kurt's changes soon? I'm not very comfortable with
applying a change of this size as a local patch.

Thanks,

--
Colin Watson [cjwatson@debian.org]
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSL 1.1.0 support [ In reply to ]
On 11/02/2016 01:43 AM, Colin Watson wrote:
> On Sun, Sep 18, 2016 at 08:22:31PM +0200, Kurt Roeckx wrote:
>> Attached is a patch that add supports for building against OpenSSL
>> 1.1.0. I also made a github pull request for it at:
>> https://github.com/openssh/openssh-portable/pull/48
> Hi,
>
> Debian unstable now has OpenSSL 1.1.0 as the default, so I'll have to
> take some kind of positive action if I want my OpenSSH packages to keep
> building cleanly. I know it's a big patch, but is anyone likely to be
> able to look at Kurt's changes soon? I'm not very comfortable with
> applying a change of this size as a local patch.
Hello Colin,
Fedora Rawhide has already OpenSSL 1.1.0 and we use the patch based on
the Kurt's one (after fixing initial bugs and extending for GSSAPI and
SSH1 client support). The full Fedora patch is available in our git [1].

The current set of patches are rebased on current upstream is attached
with few more tweaks needed to build, pass testsuite and make it work.
The upstream review and insight would be helpful.

[1]
https://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/openssh-7.3p1-openssl-1.1.0.patch

Regards,

--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
Re: OpenSSL 1.1.0 support [ In reply to ]
On 2016-11-02, Jakub Jelen <jjelen@redhat.com> wrote:
> The current set of patches are rebased on current upstream is attached
> with few more tweaks needed to build, pass testsuite and make it work.
> The upstream review and insight would be helpful.

Since these are going to break things with LibreSSL, I doubt they'll be
acceptable as-is.


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSL 1.1.0 support [ In reply to ]
On Wed, 2 Nov 2016, Stuart Henderson wrote:

> On 2016-11-02, Jakub Jelen <jjelen@redhat.com> wrote:
> > The current set of patches are rebased on current upstream is attached
> > with few more tweaks needed to build, pass testsuite and make it work.
> > The upstream review and insight would be helpful.
>
> Since these are going to break things with LibreSSL, I doubt they'll be
> acceptable as-is.

This is the nub of the problem: upstream (OpenBSD) OpenSSH targets
LibreSSL natively (it's also used by Apple for their OS X builds). If we
pick up the 1.1.0 patch, we'd probably have to do it in portable because
there's little point in patching OpenBSD for API that doesn't exist
there. I don't want to have to carry such a major divergence in just the
portable tree.

I don't know what LibreSSL's plans are wrt the 1.1.x API, but convincing
them to adopt it would remove much of the problem.

It's disappointing though that OpenSSL didn't see fit to write their own
set of 1.0.x->1.1.x API shims and ship it alongside 1.0.x releases. It
would have made the transition easier for everyone I think.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSL 1.1.0 support [ In reply to ]
On Thu, Nov 03, 2016 at 09:33:23AM +1100, Damien Miller wrote:
>It's disappointing though that OpenSSL didn't see fit to write their own
>set of 1.0.x->1.1.x API shims and ship it alongside 1.0.x releases. It
>would have made the transition easier for everyone I think.

Given how much flack they got from various quarters, including in
particular the libressl folks, for carrying "too much legacy baggage"
that would have ironic if nothing else.

All that aside, I'm not entirely clear on why there's a pressing need to
link openssh against openssl 1.1 instead of just linking it to 1.0;
1.0.2 is actually scheduled to be supported for longer than 1.1.0.

Mike Stone
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSL 1.1.0 support [ In reply to ]
On Wed, 2 Nov 2016, Michael Stone wrote:

> On Thu, Nov 03, 2016 at 09:33:23AM +1100, Damien Miller wrote:
> > It's disappointing though that OpenSSL didn't see fit to write their own
> > set of 1.0.x->1.1.x API shims and ship it alongside 1.0.x releases. It
> > would have made the transition easier for everyone I think.
>
> Given how much flack they got from various quarters, including in
> particular the libressl folks, for carrying "too much legacy baggage" that
> would have ironic if nothing else.

I think you misunderstand: I'm not suggesting they carry 1.0.x API in
1.1.x (that would be self-defeating), but providing standard forward-
compat code in 1.0.x so everyone else doesn't have to write their own.

IMO nobody is in a better position to write said compat code than
the OpenSSL developers and forcing application developers to write
them greatly multiplies the number of shim implementations and thus
the likelihood of bugs in one or more of them.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSL 1.1.0 support [ In reply to ]
Jakub Jelen wrote:
> On 11/02/2016 01:43 AM, Colin Watson wrote:
>> On Sun, Sep 18, 2016 at 08:22:31PM +0200, Kurt Roeckx wrote:
>>> Attached is a patch that add supports for building against OpenSSL
>>> 1.1.0. [SNIP]

Version 9.2 of PKIX-SSH supports OpenSSL API 1.1 (final).
It was a continuous process, that stats with v8.7 that move to opaque
structures.

There is not need to patch anything. You could get all in single source
tarball.
Version 9.2 is compatible with OpenSSH 7.3 and include more features and
improvements..


Regards,
Roumen Petrov

--
Secure shell with X.509 certificate support
http://roumenpetrov.info/secsh/

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSL 1.1.0 support [ In reply to ]
On 11/02/2016 11:33 PM, Damien Miller wrote:
> On Wed, 2 Nov 2016, Stuart Henderson wrote:
>
>> On 2016-11-02, Jakub Jelen <jjelen@redhat.com> wrote:
>>> The current set of patches are rebased on current upstream is attached
>>> with few more tweaks needed to build, pass testsuite and make it work.
>>> The upstream review and insight would be helpful.
>> Since these are going to break things with LibreSSL, I doubt they'll be
>> acceptable as-is.
> This is the nub of the problem: upstream (OpenBSD) OpenSSH targets
> LibreSSL natively (it's also used by Apple for their OS X builds). If we
> pick up the 1.1.0 patch, we'd probably have to do it in portable because
> there's little point in patching OpenBSD for API that doesn't exist
> there. I don't want to have to carry such a major divergence in just the
> portable tree.

Thank you for the comments. I understand the upstream directions and
that the OpenSSL step is not ideal. The distros will probably have to
carry these patches until the changes will settle down a bit.

Other possible solution we were discussing here was implementation of
non-OpenSSL specific abstract layer for crypto operations, which would
allow implementation of cryto-library specific bits in separate file
(unlike current situation with calls all over the place) and would
possibly allow different crypto library providers, similar way how the
audit is handled at this moment. It would also abstract the code from
the changes in one or the other crypto library interface. Would
something like this be acceptable for OpenSSH upstream?

Kind regards,

--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSL 1.1.0 support [ In reply to ]
On Mon, Nov 14, 2016 at 04:36:28PM +0100, Jakub Jelen wrote:
> On 11/02/2016 11:33 PM, Damien Miller wrote:
> > On Wed, 2 Nov 2016, Stuart Henderson wrote:
> >
> >> On 2016-11-02, Jakub Jelen <jjelen@redhat.com> wrote:
> >>> The current set of patches are rebased on current upstream is attached
> >>> with few more tweaks needed to build, pass testsuite and make it work.
> >>> The upstream review and insight would be helpful.
> >> Since these are going to break things with LibreSSL, I doubt they'll be
> >> acceptable as-is.
> > This is the nub of the problem: upstream (OpenBSD) OpenSSH targets
> > LibreSSL natively (it's also used by Apple for their OS X builds). If we
> > pick up the 1.1.0 patch, we'd probably have to do it in portable because
> > there's little point in patching OpenBSD for API that doesn't exist
> > there. I don't want to have to carry such a major divergence in just the
> > portable tree.
>
> Thank you for the comments. I understand the upstream directions and
> that the OpenSSL step is not ideal. The distros will probably have to
> carry these patches until the changes will settle down a bit.
>
> Other possible solution we were discussing here was implementation of
> non-OpenSSL specific abstract layer for crypto operations, which would
> allow implementation of cryto-library specific bits in separate file
> (unlike current situation with calls all over the place) and would
> possibly allow different crypto library providers, similar way how the
> audit is handled at this moment. It would also abstract the code from
> the changes in one or the other crypto library interface. Would
> something like this be acceptable for OpenSSH upstream?
>

All SSL developers have to take into account

1) LibreSSL

2) Openssl 1.0.X and below

and
3) OPenssl 1.1 +


So stop stop living in the past and march towards the future.

> Kind regards,
>
> --
> Jakub Jelen
> Software Engineer
> Security Technologies
> Red Hat
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

--
For effective Internet Etiquette and communications read
http://catb.org/jargon/html/T/top-post.html, http://idallen.com/topposting.html
& http://www.caliburn.nl/topposting.html
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSL 1.1.0 support [ In reply to ]
On Mon, 14 Nov 2016, Jakub Jelen wrote:

> Thank you for the comments. I understand the upstream directions and
> that the OpenSSL step is not ideal. The distros will probably have to
> carry these patches until the changes will settle down a bit.

AFAIK Red Hat employs at least one OpenSSL maintainer. What is their
view on this situation?

> Other possible solution we were discussing here was implementation of
> non-OpenSSL specific abstract layer for crypto operations, which would
> allow implementation of cryto-library specific bits in separate file
> (unlike current situation with calls all over the place) and would
> possibly allow different crypto library providers, similar way how
> the audit is handled at this moment. It would also abstract the code
> from the changes in one or the other crypto library interface. Would
> something like this be acceptable for OpenSSH upstream?

That's an option that involves a heap of work. I've toyed with it
for a while now, but haven't been motivated enough to start it. Part
of the reason is that there has been no compelling alternative open-
source crypto library to justify the effort of building the abstraction
layer. I don't really feel like OpenSSL 1.1 is sufficiently different
to justify it either.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSL 1.1.0 support [ In reply to ]
On Tue 2016-11-15 08:02:06 +0900, Damien Miller wrote:
> That's an option that involves a heap of work. I've toyed with it
> for a while now, but haven't been motivated enough to start it. Part
> of the reason is that there has been no compelling alternative open-
> source crypto library to justify the effort of building the abstraction
> layer. I don't really feel like OpenSSL 1.1 is sufficiently different
> to justify it either.

FWIW, i consider nettle to be a compelling FLOSS crypto primitive
library. It doesn't provide TLS or SSL, but i don't think that's
anything that OpenSSH would care about.

https://www.lysator.liu.se/~nisse/nettle/

--dkg
Re: OpenSSL 1.1.0 support [ In reply to ]
On 11/15/2016 12:02 AM, Damien Miller wrote:
> On Mon, 14 Nov 2016, Jakub Jelen wrote:
>
>> Thank you for the comments. I understand the upstream directions and
>> that the OpenSSL step is not ideal. The distros will probably have to
>> carry these patches until the changes will settle down a bit.
> AFAIK Red Hat employs at least one OpenSSL maintainer. What is their
> view on this situation?

Yes, you got a message off-the-list from Tomas Mraz, our OpenSSL
maintainer, one week ago. The OpenSSL certainly wants to resolve these
issues from their side (compat library in addition to 1.0.2 from OpenSSL
side). But that will not help us with compatibility against LibreSSL if
I see right.

Regards,

--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSL 1.1.0 support [ In reply to ]
On Tue, 15 Nov 2016, Jakub Jelen wrote:

> On 11/15/2016 12:02 AM, Damien Miller wrote:
> > On Mon, 14 Nov 2016, Jakub Jelen wrote:
> >
> > > Thank you for the comments. I understand the upstream directions and
> > > that the OpenSSL step is not ideal. The distros will probably have to
> > > carry these patches until the changes will settle down a bit.
> > AFAIK Red Hat employs at least one OpenSSL maintainer. What is their
> > view on this situation?
>
> Yes, you got a message off-the-list from Tomas Mraz, our OpenSSL maintainer,
> one week ago. The OpenSSL certainly wants to resolve these issues from their
> side (compat library in addition to 1.0.2 from OpenSSL side). But that will
> not help us with compatibility against LibreSSL if I see right.

For my part, I'm going to wait a while to see what migration improvements
come from OpenSSL and I don't plan on merging any changes to support 1.1.x
until there's a better story.

I'm sure that if OpenSSL come up with a cleaner way for their users to
support 1.0.x and 1.1.x then it will be easier to convince Libre/BoringSSL
to follow suit.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSL 1.1.0 support [ In reply to ]
Jakub Jelen wrote:
> On 11/15/2016 12:02 AM, Damien Miller wrote:
>> On Mon, 14 Nov 2016, Jakub Jelen wrote:
>>> Thank you for the comments. I understand the upstream directions and
>>> that the OpenSSL step is not ideal. The distros will probably have to
>>> carry these patches until the changes will settle down a bit.
>> AFAIK Red Hat employs at least one OpenSSL maintainer. What is their
>> view on this situation?
> Yes, you got a message off-the-list from Tomas Mraz, our OpenSSL
> maintainer, one week ago. The OpenSSL certainly wants to resolve these
> issues from their side (compat library in addition to 1.0.2 from
> OpenSSL side).
I don't think that this is so important. Each project has specific use
of crypto library and is not so difficult to write compatibility layer.
I know a number of projects that already has such layer.

> But that will not help us with compatibility against LibreSSL if I see
> right.
If compatibility layer is written properly OpenSSL compatible libraries
will be supported as well.
For instance PKIX-SSH mainly tests for the presence of each feature and
as result supported builds with various OpenSSL versions, including FIPS
or Kerberos enable. Such tests ensure builds with OpenSSL compatible
libraries.


Using cryptographic library A or B version c or d and etc. depends of
many things. One criteria is that know defects are fixed, but this is
off-topic to OpenSSL API 1.1 support.


Just one remark: Long time ago OpenSSL team announce plan to hide
structures to ensure better compatibility between releases. Team miss
1.0 release but now this is fact.


Regards,
Roumen Petrov

--
Secure shell with X.509 certificate support
http://roumenpetrov.info/secsh/

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev