[gentoo-dev] Current status with openssl-1.1

[gentoo-dev] Current status with openssl-1.1

[Lars Wendler]

[-- Attachment #1: Type: text/plain, Size: 2533 bytes --]

Hello dear Gentoo Devs,

this is somewhat written out of frustration so please bear with me ;)

CCing crypto@ in case they can provide some valuable input to the
topic. If not, sorry guys for wasting your time.

As you might have noticed, although being published back in August
2016, we still have openssl-1.1 in package.mask due to the numerous
build issues we still have with various packages[1] that uses openssl.

"Why is that so?" do I hear you asking. "Debian already switched over
to openssl-1.1 for months already".

Well... the did not entirely switch yet. There are still packages that
are being compiled/linked against openssl-1.0 in Debian because their
respective upstreams refuse to collaborate.

The most prominent example is openssh[2] which also is the reason that
this topic gives me so much frustration. They simply refuse to add
compatibility code for openssl-1.1 because openssl upstream did such a
silly move with making lots of interfaces opaque and make openssl-1.1
mostly incompatible with code written against older openssl versions.

This and the fact that you can build openssl-1.1 with three different
API versions (0.9.8, 1.0.0 and 1.1.0) makes it exceptionally hard for
openssl consumers to migrate their code to openssl-1.1.

openssh upstream even raised the idea to simply focus crypto support in
their software on libressl which I personally think is a really bad
move. But coming from the same people (openssh and libressl are both
developed by OpenBSD people), it's no big surprise this idea came up at
some point.

So, basically openssl is the last big showstopper for openssl-1.1 to
get out of p.mask. There are some inofficial patches floating around in
the WWW but each one of them has some issues and they all are not
really small in size.
Last time I checked, the most complete (but still to some degree
broken) patch had 2800+ LOC and was 80K in size. This is definitely
nothing I want to maintain as downstream, left aside the fact that
openssh should not be messed with lightly regarding security
implications.

My biggest concern right now is that openssh might still block
openssl-1.1.1 once that got released. openssl-1.1.1 provides TLSv1.3
which is something we should provide to our users as soon as possible
and is also targeted as next LTS release.



[1] https://bugs.gentoo.org/592438
[2] https://bugs.gentoo.org/592578

-- 
Lars Wendler
Gentoo package maintainer
GPG: 21CC CF02 4586 0A07 ED93  9F68 498F E765 960E 9B39

[-- Attachment #2: Digitale Signatur von OpenPGP --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-dev] Current status with openssl-1.1

[Michał Górny]

W dniu sob, 09.06.2018 o godzinie 10∶22 +0200, użytkownik Lars Wendler
napisał:
> This and the fact that you can build openssl-1.1 with three different
> API versions (0.9.8, 1.0.0 and 1.1.0) makes it exceptionally hard for
> openssl consumers to migrate their code to openssl-1.1.

Could you elaborate a bit on this?  Are those versions controlled
entirely at build time?  Do they provide some degree of compatibility
between different APIs, or are they exclusively 'only this API'?

> openssh upstream even raised the idea to simply focus crypto support in
> their software on libressl which I personally think is a really bad
> move. But coming from the same people (openssh and libressl are both
> developed by OpenBSD people), it's no big surprise this idea came up at
> some point.

Even if that happened, we have projects such as Qt on the other side
whose upstreams refuse to support LibreSSL.

-- 
Best regards,
Michał Górny

Re: [gentoo-dev] Current status with openssl-1.1

[Pacho Ramos]

El sáb, 09-06-2018 a las 10:22 +0200, Lars Wendler escribió:
> 
> [...[

> some point.
> 
> So, basically openssl is the last big showstopper for openssl-1.1 to
> get out of p.mask. There are some inofficial patches floating around in
> the WWW but each one of them has some issues and they all are not
> really small in size.
> Last time I checked, the most complete (but still to some degree
> broken) patch had 2800+ LOC and was 80K in size. This is definitely
> nothing I want to maintain as downstream, left aside the fact that
> openssh should not be messed with lightly regarding security
> implications.

Why don't try to use RedHat/Fedora patch for openssl-1.1 compat? It seems they
are taking care of maintaining that patch on their side

> 
> My biggest concern right now is that openssh might still block
> openssl-1.1.1 once that got released. openssl-1.1.1 provides TLSv1.3
> which is something we should provide to our users as soon as possible
> and is also targeted as next LTS release.
> 
> 
> 
> [1] https://bugs.gentoo.org/592438
> [2] https://bugs.gentoo.org/592578
> 

[gentoo-dev] Re: Current status with openssl-1.1

[Martin Vaeth]

Lars Wendler <polynomial-c@gentoo.org> wrote:
> So, basically openssl is the last big showstopper for openssl-1.1 to
> get out of p.mask.

s/openssl/openssh/

Another showstopper is net-libs/wvstreams, hence net-dialup/wvdial.
BTW, this is a Debian bug open without any comment since April 2017:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859791
Debians and Archs workarounds can be called slotting of openssl:1.0
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828603

While many of the new opaqueness problems are easy to fix,
some functions of wvstreams rely so much on internals which are
inaccessible with openssl-1.1 that they seem impossible to convert.
My guess (I am not an openssl guru) is that the whole wvstreams
implementation would need to change, maybe also the provided API with
some functionality being dropped or attacked completely differently.
The uncommented bugreports and missing PRs suggest that this will
never happen by upstream, and there also seems to be no fork with it.

Maybe for wvstreams a workaround might be to mask/remove USE=ssl:
Perhaps wvdial would then loose some functionality (does anybody
know what would break?) but given how useful wvdial is, this is
better than dropping it completely.

[gentoo-dev] Re: Current status with openssl-1.1

[Luca Barbato]

On 09/06/2018 10:22, Lars Wendler wrote:
> Hello dear Gentoo Devs,
> 
> this is somewhat written out of frustration so please bear with me ;)
> 
> CCing crypto@ in case they can provide some valuable input to the
> topic. If not, sorry guys for wasting your time.
> 
> As you might have noticed, although being published back in August
> 2016, we still have openssl-1.1 in package.mask due to the numerous
> build issues we still have with various packages[1] that uses openssl.
> 
> "Why is that so?" do I hear you asking. "Debian already switched over
> to openssl-1.1 for months already".
> 
> Well... the did not entirely switch yet. There are still packages that
> are being compiled/linked against openssl-1.0 in Debian because their
> respective upstreams refuse to collaborate.
> 
> The most prominent example is openssh[2] which also is the reason that
> this topic gives me so much frustration. They simply refuse to add
> compatibility code for openssl-1.1 because openssl upstream did such a
> silly move with making lots of interfaces opaque and make openssl-1.1
> mostly incompatible with code written against older openssl versions.
> 
> This and the fact that you can build openssl-1.1 with three different
> API versions (0.9.8, 1.0.0 and 1.1.0) makes it exceptionally hard for
> openssl consumers to migrate their code to openssl-1.1.
> 
> openssh upstream even raised the idea to simply focus crypto support in
> their software on libressl which I personally think is a really bad
> move. But coming from the same people (openssh and libressl are both
> developed by OpenBSD people), it's no big surprise this idea came up at
> some point.

Is libressl providing an API that is less silly and somehow compatible
with applications using the openssl-1.1 API ?

Do we have an openssh alternative that is interoperable AND usable?

Is it possible to have the never-libressl software use another
TLS/crypto provider?

lu

Re: [gentoo-dev] Current status with openssl-1.1

[James Cloos]

>>>>> "LW" == Lars Wendler <polynomial-c@gentoo.org> writes:

LW> openssh upstream even raised the idea to simply focus crypto support in
LW> their software on libressl

Debian plans on using libressl for openssh (statically, I presume), once
openssl-1.0 is removed from their archive.

-JimC
-- 
James Cloos <cloos@jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6