Recent "elliptic curve" -> "supported groups" change in libssl

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Recent "elliptic curve" -> "supported groups" change in libssl

Luigi30
Hi,

As someone with interests in kernel development and a lot of spare
time, I want to work on OS patches. I just installed OpenBSD 6.4 in a
clean development VM and started building the -current branch from CVS
to get up to date with the latest commits.

I noticed that the build was failing with an error in
usr.bin/openssl/c_sb.c line 703 caused by a missing #define. I traced
the cause back to this commit earlier today updating libssl's TLS
support for RFC 7919 compliance:
https://github.com/openbsd/src/commit/2cdb2b1d3f3f9272c0a1acf5fe1f067f3db09e29#diff-e050d3ba43ebfa12f82b36086dca3ea3

It renames the Elliptic Curves extensions to Supported Groups,
including the TLSEXT_TYPE_elliptic_curves #define which became
TLSEXT_TYPE_supported_groups. Simple, right? I updated the #define and
extname to match the new supported groups name and continued building.
Everything was fine and I was able to access HTTPS web pages and
retrieve packages.

However, when I went to create the diff afterward, I got an error from CVS...

--
ssh_dispatch_run_fatal: Connection to 129.128.197.20 port 22: invalid
elliptic curve value
--

Uh-oh. I'm going to assume that this is connected to the elliptic
curve diff. I tried a couple different anoncvs mirrors with no effect.
Just wondering if this was a known problem with -current or something
hokey going on with my system.

Katherine

Reply | Threaded
Open this post in threaded view
|

Re: Recent "elliptic curve" -> "supported groups" change in libssl

Joel Sing-3
On Tuesday 06 November 2018 00:39:11 Luigi30 wrote:

> Hi,
>
> As someone with interests in kernel development and a lot of spare
> time, I want to work on OS patches. I just installed OpenBSD 6.4 in a
> clean development VM and started building the -current branch from CVS
> to get up to date with the latest commits.
>
> I noticed that the build was failing with an error in
> usr.bin/openssl/c_sb.c line 703 caused by a missing #define. I traced
> the cause back to this commit earlier today updating libssl's TLS
> support for RFC 7919 compliance:
> https://github.com/openbsd/src/commit/2cdb2b1d3f3f9272c0a1acf5fe1f067f3db09e
> 29#diff-e050d3ba43ebfa12f82b36086dca3ea3
>
> It renames the Elliptic Curves extensions to Supported Groups,
> including the TLSEXT_TYPE_elliptic_curves #define which became
> TLSEXT_TYPE_supported_groups. Simple, right? I updated the #define and
> extname to match the new supported groups name and continued building.
> Everything was fine and I was able to access HTTPS web pages and
> retrieve packages.

Thanks - fixed.
 

> However, when I went to create the diff afterward, I got an error from
> CVS...
>
> --
> ssh_dispatch_run_fatal: Connection to 129.128.197.20 port 22: invalid
> elliptic curve value
> --
>
> Uh-oh. I'm going to assume that this is connected to the elliptic
> curve diff. I tried a couple different anoncvs mirrors with no effect.
> Just wondering if this was a known problem with -current or something
> hokey going on with my system.

You've probably run into another bug that was introduced and reverted. Please
update and try again.