[openssl-dev] please make clear on website that 1.1.0e is Development release, not GA / Production release

Jason Vas Dias jason.vas.dias at gmail.com
Tue Mar 21 00:13:57 UTC 2017 

On 20/03/2017, Kurt Roeckx <kurt at roeckx.be> wrote:
> On Mon, Mar 20, 2017 at 10:41:12PM +0000, Jason Vas Dias wrote:
>> Hi - much thanks for many years of great OpenSSL releases,
>> but this 1.1.0 branch, IMHO, should not be put above the 1.0.2k
>> release on the website as the 'latest / best OpenSSL release' - this just
>> wastes everybody's time .  No using software can use this release,
>> such as the latest releases of OpenSSH,  ISC BIND (named) / ISC DHCP,
>> ntpd
>> (... the list can go on and on - does the latest httpd  compile with it?
>> )
>
> I have send patches for all of those that you just mentioned so
> that they can get build using both 1.0.2 and 1.1.0.

Great, thanks, but they are not being distributed anywhere .
Please could you send the patch sets against bind-9.11.0-P3
& DHCP 9.3.5 to me ?

>
>> I did waste a few hours today getting ISC BIND 9.11.0-P3 & DHCP 4.3.5
>> & ntpd 4.3.93 to use 1.1.0e , (I can generate & send the patches for
>> them to anyone who wants them),
>
> DHCP 4.3.5 seems to work just fine with 1.1.0.
>

Yes, as I said, named & dhcp & wpa_supplicant are working fine with 1.1.0 and
after  patching   to use the internal 1.1.0 headers.  DHCP uses OpenSSL via the
BIND libisc & libdns libraries, anyway , so doesn't really count as an OpenSSL
user in its own right.

None of their latest versions can compile unmodified against 1.1.0 .

That is why I think it is somewhat premature to call 1.1.0 the official
stable OpenSSL release.

> The latest ntp release is 4.2.8p9 which should just work with
> openssl 1.1.0. (I have no idea why they don't list it on their
> download page now, or why the development version is so old.)
>

No, the latest version is 4.3.93 , not 4.2.8p9,  and it also needed to include
                                           ^                  ^
internal 1.1.0 headers to compile.

> bind has applied patches, I'm just not sure in which branches.
>
It may be years yet before they see the light of day in a BIND release.

>> the latest version of OpenSSH (v7.4.P1) to at least compile with it,
>> but that version of OpenSSH is broken in so many ways because of
>> openssl 1.1.0  - it can't even read or write its ED25519
>> /etc/ssh_host_ed25519.key file.
>
> The ed25519 support in openssh doesn't even come from openssl.
>
What happens is OpenSSH's cipher.c calls
       if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv,
          (do_encrypt == CIPHER_ENCRYPT)) == 0) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto out;
	}
which always does 'goto out' for any ED25519 file.
OpenSSL's EVP_CipherInit calls EVP_CipherInit_ex which fails in this case.
I'm not really an OpenSSL / cryptography expert (but have written a few
SSL / plain transparent I/O modules in C/C++  in my time), but I can
see OpenSSH
is expecting OpenSSL to respond in a certain way to these parameters which
it does not do in 1.1.0, but does in 1.0.2x .

>> which mainly
>> involved including the '*_lo?cl.h' & '*_int.h'  headers
>
> Including the internal headers is not a good patch. This will
> break.
>

It doesn't break at all - the code remains 100% unchanged  - just different
headers need including - and seems to work fine including the API
hiding headers.
But considering the work necessary to make all OpenSSH using apps include those
headers , it doesn't seem worth it.

My question is really, why ?  Why make ALL OpenSSL users
(and there are thousands of them) now jump through new hoops
to use the same API they've been using for years ? What does it get them?

And my point is really not to criticize your effort, it is just a plea to make
clear on the web-page that the 1.1.0 branch is a development branch and
does not work yet with most OpenSSL using applications .

OpenSSL in its 1.0.2 incarnation has been hardened by over (10,15,20)? years
of testing , and its API is usable by all OpenSSL using applications,
unlike 1.1.0 .

Out of these using applications, which have their latest versions switched
to using the 1.1.0 API :  bind, OpenSSH, httpd, firefox ?
AFAICS, none.

It is just premature and confusing and a timewaster to claim the latest
stable OpenSSL release is 1.1.0 on the main web page. No using applications
can use it yet.  Give them a few years, and they will .  But please, make clear
on the web-page that most applications still use the 1.0.2 API .

Friendly Regards,
Jason

More information about the openssl-dev mailing list