NetBSD Problem Report #37562
From martin@aprisoft.de Tue Dec 18 11:29:04 2007
Return-Path: <martin@aprisoft.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 3FDBE63B8A2
for <gnats-bugs@gnats.NetBSD.org>; Tue, 18 Dec 2007 11:29:04 +0000 (UTC)
Message-Id: <20071218112900.A6718AF5824@emmas.aprisoft.de>
Date: Tue, 18 Dec 2007 12:29:00 +0100 (CET)
From: martin@duskware.de
Reply-To: martin@duskware.de
To: gnats-bugs@NetBSD.org
Subject: new ssh MAC is not working
X-Send-Pr-Version: 3.95
>Number: 37562
>Category: bin
>Synopsis: new ssh MAC is not working
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: suspended
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Dec 18 11:30:01 +0000 2007
>Closed-Date:
>Last-Modified: Thu Jan 10 01:50:01 +0000 2008
>Originator: Martin Husemann
>Release: NetBSD 4.99.42
>Organization:
>Environment:
System: NetBSD nelly.aprisoft.de 4.99.42 NetBSD 4.99.42 (NELLY) #5: Tue Dec 18 10:00:02 CET 2007 martin@emmas.aprisoft.de:/nelly/usr/src/sys/arch/sparc64/compile/NELLY sparc64
Architecture: sparc64
Machine: sparc64
>Description:
The new umac-64 code is broken on alignement critical architectures.
>How-To-Repeat:
ssh -m umac-64@openssh.com host
and watch the client core on a bus error.
>Fix:
disable umac-64 untill it is usable?
>Release-Note:
>Audit-Trail:
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Cc:
Subject: Re: bin/37562: new ssh MAC is not working
Date: Tue, 18 Dec 2007 11:55:10 -0500
On Dec 18, 11:30am, martin@duskware.de (martin@duskware.de) wrote:
-- Subject: bin/37562: new ssh MAC is not working
| >Number: 37562
| >Category: bin
| >Synopsis: new ssh MAC is not working
| >Confidential: no
| >Severity: critical
| >Priority: high
| >Responsible: bin-bug-people
| >State: open
| >Class: sw-bug
| >Submitter-Id: net
| >Arrival-Date: Tue Dec 18 11:30:01 +0000 2007
| >Originator: Martin Husemann
| >Release: NetBSD 4.99.42
| >Organization:
| >Environment:
| System: NetBSD nelly.aprisoft.de 4.99.42 NetBSD 4.99.42 (NELLY) #5: Tue Dec 18 10:00:02 CET 2007 martin@emmas.aprisoft.de:/nelly/usr/src/sys/arch/sparc64/compile/NELLY sparc64
| Architecture: sparc64
| Machine: sparc64
| >Description:
|
| The new umac-64 code is broken on alignement critical architectures.
|
| >How-To-Repeat:
|
| ssh -m umac-64@openssh.com host
|
| and watch the client core on a bus error.
|
| >Fix:
| disable umac-64 untill it is usable?
This has been fixed by dogcow? Works on my sparc64...
sparcacus:/usr/src [11:51am] 2163>ssh -m umac-64@openssh.com sparcacus
Last login: Tue Dec 18 11:40:39 2007 from quasar.astron.com
NetBSD 4.99.42 (GENERIC) #13: Wed Dec 12 17:38:57 EST 2007
sparcacus:/usr/src [11:51am] 2164>uname -a
NetBSD sparcacus.astron.com 4.99.42 NetBSD 4.99.42 (GENERIC) #13: Wed Dec 12 17:38:57 EST 2007 christos@sparcacus.astron.com:/usr/src/sys/arch/sparc64/compile/GENERIC sparc64
sparcacus:/usr/src [11:51am] 2165>
christos
From: Martin Husemann <martin@duskware.de>
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: bin/37562: new ssh MAC is not working
Date: Tue, 18 Dec 2007 18:23:01 +0100
On Tue, Dec 18, 2007 at 11:55:10AM -0500, Christos Zoulas wrote:
> This has been fixed by dogcow? Works on my sparc64...
Still does not work for me - doing a clean rebuild to test for sure now.
Martin
From: christos@zoulas.com (Christos Zoulas)
To: Martin Husemann <martin@duskware.de>
Cc: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: bin/37562: new ssh MAC is not working
Date: Tue, 18 Dec 2007 12:24:42 -0500
On Dec 18, 6:23pm, martin@duskware.de (Martin Husemann) wrote:
-- Subject: Re: bin/37562: new ssh MAC is not working
| On Tue, Dec 18, 2007 at 11:55:10AM -0500, Christos Zoulas wrote:
| > This has been fixed by dogcow? Works on my sparc64...
|
| Still does not work for me - doing a clean rebuild to test for sure now.
|
The code is in libssh...
christos
From: Martin Husemann <martin@duskware.de>
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@NetBSD.org
Subject: Re: bin/37562: new ssh MAC is not working
Date: Tue, 18 Dec 2007 20:49:35 +0100
I looked at the code where it died and it made me barf.
Let's just delete this from our source, please!
((UINT64 *)result)[0] = ((UINT64 *)hc->state)[0] + nbits;
and result is UINT8*.
Martin
From: christos@zoulas.com (Christos Zoulas)
To: Martin Husemann <martin@duskware.de>
Cc: gnats-bugs@NetBSD.org
Subject: Re: bin/37562: new ssh MAC is not working
Date: Tue, 18 Dec 2007 15:51:18 -0500
On Dec 18, 8:49pm, martin@duskware.de (Martin Husemann) wrote:
-- Subject: Re: bin/37562: new ssh MAC is not working
| I looked at the code where it died and it made me barf.
| Let's just delete this from our source, please!
|
| ((UINT64 *)result)[0] = ((UINT64 *)hc->state)[0] + nbits;
|
| and result is UINT8*.
The whole thing is disgusting.
christos
State-Changed-From-To: open->suspended
State-Changed-By: martin@netbsd.org
State-Changed-When: Thu, 20 Dec 2007 14:16:31 +0000
State-Changed-Why:
umac has been disabled untill someone rewrites it.
From: Martin Husemann <martin@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: PR/37562 CVS commit: src
Date: Thu, 20 Dec 2007 14:14:04 +0000 (UTC)
Module Name: src
Committed By: martin
Date: Thu Dec 20 14:14:04 UTC 2007
Modified Files:
src/crypto/dist/ssh: mac.c myproposal.h
src/lib/libssh: Makefile
Log Message:
Disable the umac-64 MAC for now, it needs to be rewritten from scractch.
Addresses PR bin/37562.
To generate a diff of this commit:
cvs rdiff -r1.11 -r1.12 src/crypto/dist/ssh/mac.c
cvs rdiff -r1.4 -r1.5 src/crypto/dist/ssh/myproposal.h
cvs rdiff -r1.11 -r1.12 src/lib/libssh/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/37562: new ssh MAC is not working
Date: Fri, 28 Dec 2007 15:52:22 +0100
Just for the record: as reading the code suggested, I now verified by
testing: the umac-64@openssh.com MAC does not interoperate at all between
big endian and little endian machines. Trying to ssh from a mac68k machine
into a i386 machine with this MAC imediately says:
Disconnecting: Corrupted MAC on input.
Martin
From: Peter Valchev <pvalchev@sightly.net>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/37562: new ssh MAC is not working
Date: Wed, 9 Jan 2008 16:47:58 -0800
Actually this code was tested between little- and big-endian machines as
well as strict alignment architectures before it was made a part of
OpenSSH. (It works between my sparc64, alpha, mips64, i386 and even
tested vax on OpenBSD, and we have received successful reports from
Linux between different combinations of picky architectures as well). I
just verified that this is still the case and there hasn't been a newly
introduced problem.
I believe it is correct; feel free to show otherwise. What you are
seeing is likely not a UMAC bug, but instead a toolchain problem
introduced with GCC-4 in NetBSD. A similar problem was tracked by
Thorsten Glaser recently, outlined below.
Do 'gcc -v foo.c' and see whether -lgcc or -lc comes first - probably
libgcc. The problem is that libgcc and libc contain duplicate symbols,
and due to -lgcc being passed first to ld/collect2, they are used
instead of the libc ones. It seems like libgcc has introduced some bugs
lately, but I don't have a system where to reproduce this right now.
The misbehaving functions in libgcc are those that override libc/quad
routines, specifically umoddi3, muldi3, etc. seem to be causing the
problem.
One way to fix this is to alter the gcc configuration to always
pass -lc before -lgcc in ld/collect2, so that the libc symbols
take precedence over the libgcc ones, which is what Thorsten did:
http://mirbsd.org/cvs.cgi/gcc/gcc/config/mirbsd.h
+#define LINK_GCC_C_SEQUENCE_SPEC "--start-group %L %G --end-group"
However this may break some things and doesn't really solve the problem,
rather avoids it. So the best solution would be to fix libgcc and/or
disable those functions from being built so there is no duplication.
Feel free to double check whether this is the problem in NetBSD (all
signs seem to point that it is), and/or point to an actual problem in
UMAC. If it is the issue described above, chances are it might bite you
somewhere else, if it hasn't already...
Peter
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.