NetBSD Problem Report #37562

From martin@aprisoft.de  Tue Dec 18 11:29:04 2007
Return-Path: <martin@aprisoft.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 3FDBE63B8A2
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 18 Dec 2007 11:29:04 +0000 (UTC)
Message-Id: <20071218112900.A6718AF5824@emmas.aprisoft.de>
Date: Tue, 18 Dec 2007 12:29:00 +0100 (CET)
From: martin@duskware.de
Reply-To: martin@duskware.de
To: gnats-bugs@NetBSD.org
Subject: new ssh MAC is not working
X-Send-Pr-Version: 3.95

>Number:         37562
>Category:       bin
>Synopsis:       new ssh MAC is not working
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          suspended
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Dec 18 11:30:01 +0000 2007
>Closed-Date:    
>Last-Modified:  Thu Jan 10 01:50:01 +0000 2008
>Originator:     Martin Husemann
>Release:        NetBSD 4.99.42
>Organization:
>Environment:
System: NetBSD nelly.aprisoft.de 4.99.42 NetBSD 4.99.42 (NELLY) #5: Tue Dec 18 10:00:02 CET 2007 martin@emmas.aprisoft.de:/nelly/usr/src/sys/arch/sparc64/compile/NELLY sparc64
Architecture: sparc64
Machine: sparc64
>Description:

The new umac-64 code is broken on alignement critical architectures.

>How-To-Repeat:

ssh -m umac-64@openssh.com host

and watch the client core on a bus error.

>Fix:
disable umac-64 untill it is usable?

>Release-Note:

>Audit-Trail:
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org,
	netbsd-bugs@netbsd.org
Cc: 
Subject: Re: bin/37562: new ssh MAC is not working
Date: Tue, 18 Dec 2007 11:55:10 -0500

 On Dec 18, 11:30am, martin@duskware.de (martin@duskware.de) wrote:
 -- Subject: bin/37562: new ssh MAC is not working

 | >Number:         37562
 | >Category:       bin
 | >Synopsis:       new ssh MAC is not working
 | >Confidential:   no
 | >Severity:       critical
 | >Priority:       high
 | >Responsible:    bin-bug-people
 | >State:          open
 | >Class:          sw-bug
 | >Submitter-Id:   net
 | >Arrival-Date:   Tue Dec 18 11:30:01 +0000 2007
 | >Originator:     Martin Husemann
 | >Release:        NetBSD 4.99.42
 | >Organization:
 | >Environment:
 | System: NetBSD nelly.aprisoft.de 4.99.42 NetBSD 4.99.42 (NELLY) #5: Tue Dec 18 10:00:02 CET 2007 martin@emmas.aprisoft.de:/nelly/usr/src/sys/arch/sparc64/compile/NELLY sparc64
 | Architecture: sparc64
 | Machine: sparc64
 | >Description:
 | 
 | The new umac-64 code is broken on alignement critical architectures.
 | 
 | >How-To-Repeat:
 | 
 | ssh -m umac-64@openssh.com host
 | 
 | and watch the client core on a bus error.
 | 
 | >Fix:
 | disable umac-64 untill it is usable?

 This has been fixed by dogcow? Works on my sparc64...

 sparcacus:/usr/src [11:51am] 2163>ssh -m umac-64@openssh.com sparcacus
 Last login: Tue Dec 18 11:40:39 2007 from quasar.astron.com
 NetBSD 4.99.42 (GENERIC) #13: Wed Dec 12 17:38:57 EST 2007
 sparcacus:/usr/src [11:51am] 2164>uname -a
 NetBSD sparcacus.astron.com 4.99.42 NetBSD 4.99.42 (GENERIC) #13: Wed Dec 12 17:38:57 EST 2007  christos@sparcacus.astron.com:/usr/src/sys/arch/sparc64/compile/GENERIC sparc64
 sparcacus:/usr/src [11:51am] 2165>

 christos

From: Martin Husemann <martin@duskware.de>
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org,
	netbsd-bugs@netbsd.org
Subject: Re: bin/37562: new ssh MAC is not working
Date: Tue, 18 Dec 2007 18:23:01 +0100

 On Tue, Dec 18, 2007 at 11:55:10AM -0500, Christos Zoulas wrote:
 > This has been fixed by dogcow? Works on my sparc64...

 Still does not work for me - doing a clean rebuild to test for sure now.

 Martin

From: christos@zoulas.com (Christos Zoulas)
To: Martin Husemann <martin@duskware.de>
Cc: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org,
	netbsd-bugs@netbsd.org
Subject: Re: bin/37562: new ssh MAC is not working
Date: Tue, 18 Dec 2007 12:24:42 -0500

 On Dec 18,  6:23pm, martin@duskware.de (Martin Husemann) wrote:
 -- Subject: Re: bin/37562: new ssh MAC is not working

 | On Tue, Dec 18, 2007 at 11:55:10AM -0500, Christos Zoulas wrote:
 | > This has been fixed by dogcow? Works on my sparc64...
 | 
 | Still does not work for me - doing a clean rebuild to test for sure now.
 | 

 The code is in libssh...

 christos

From: Martin Husemann <martin@duskware.de>
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@NetBSD.org
Subject: Re: bin/37562: new ssh MAC is not working
Date: Tue, 18 Dec 2007 20:49:35 +0100

 I looked at the code where it died and it made me barf.
 Let's just delete this from our source, please!

    ((UINT64 *)result)[0] = ((UINT64 *)hc->state)[0] + nbits;

 and result is UINT8*.

 Martin

From: christos@zoulas.com (Christos Zoulas)
To: Martin Husemann <martin@duskware.de>
Cc: gnats-bugs@NetBSD.org
Subject: Re: bin/37562: new ssh MAC is not working
Date: Tue, 18 Dec 2007 15:51:18 -0500

 On Dec 18,  8:49pm, martin@duskware.de (Martin Husemann) wrote:
 -- Subject: Re: bin/37562: new ssh MAC is not working

 | I looked at the code where it died and it made me barf.
 | Let's just delete this from our source, please!
 | 
 |    ((UINT64 *)result)[0] = ((UINT64 *)hc->state)[0] + nbits;
 | 
 | and result is UINT8*.

 The whole thing is disgusting.

 christos

State-Changed-From-To: open->suspended
State-Changed-By: martin@netbsd.org
State-Changed-When: Thu, 20 Dec 2007 14:16:31 +0000
State-Changed-Why:
umac has been disabled untill someone rewrites it.


From: Martin Husemann <martin@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: PR/37562 CVS commit: src
Date: Thu, 20 Dec 2007 14:14:04 +0000 (UTC)

 Module Name:	src
 Committed By:	martin
 Date:		Thu Dec 20 14:14:04 UTC 2007

 Modified Files:
 	src/crypto/dist/ssh: mac.c myproposal.h
 	src/lib/libssh: Makefile

 Log Message:
 Disable the umac-64 MAC for now, it needs to be rewritten from scractch.
 Addresses PR bin/37562.


 To generate a diff of this commit:
 cvs rdiff -r1.11 -r1.12 src/crypto/dist/ssh/mac.c
 cvs rdiff -r1.4 -r1.5 src/crypto/dist/ssh/myproposal.h
 cvs rdiff -r1.11 -r1.12 src/lib/libssh/Makefile

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: bin/37562: new ssh MAC is not working
Date: Fri, 28 Dec 2007 15:52:22 +0100

 Just for the record: as reading the code suggested, I now verified by
 testing: the umac-64@openssh.com MAC does not interoperate at all between
 big endian and little endian machines. Trying to ssh from a mac68k machine
 into a i386 machine with this MAC imediately says:

   Disconnecting: Corrupted MAC on input.

 Martin

From: Peter Valchev <pvalchev@sightly.net>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: bin/37562: new ssh MAC is not working
Date: Wed, 9 Jan 2008 16:47:58 -0800

 Actually this code was tested between little- and big-endian machines as
 well as strict alignment architectures before it was made a part of
 OpenSSH. (It works between my sparc64, alpha, mips64, i386 and even
 tested vax on OpenBSD, and we have received successful reports from
 Linux between different combinations of picky architectures as well).  I
 just verified that this is still the case and there hasn't been a newly
 introduced problem.

 I believe it is correct; feel free to show otherwise.  What you are
 seeing is likely not a UMAC bug, but instead a toolchain problem
 introduced with GCC-4 in NetBSD. A similar problem was tracked by
 Thorsten Glaser recently, outlined below.

 Do 'gcc -v foo.c' and see whether -lgcc or -lc comes first - probably
 libgcc. The problem is that libgcc and libc contain duplicate symbols,
 and due to -lgcc being passed first to ld/collect2, they are used
 instead of the libc ones. It seems like libgcc has introduced some bugs
 lately, but I don't have a system where to reproduce this right now.
 The misbehaving functions in libgcc are those that override libc/quad
 routines, specifically umoddi3, muldi3, etc. seem to be causing the
 problem.

 One way to fix this is to alter the gcc configuration to always
 pass -lc before -lgcc in ld/collect2, so that the libc symbols
 take precedence over the libgcc ones, which is what Thorsten did:
 http://mirbsd.org/cvs.cgi/gcc/gcc/config/mirbsd.h
 +#define LINK_GCC_C_SEQUENCE_SPEC "--start-group %L %G --end-group"

 However this may break some things and doesn't really solve the problem,
 rather avoids it. So the best solution would be to fix libgcc and/or
 disable those functions from being built so there is no duplication.

 Feel free to double check whether this is the problem in NetBSD (all
 signs seem to point that it is), and/or point to an actual problem in
 UMAC.  If it is the issue described above, chances are it might bite you
 somewhere else, if it hasn't already...

 Peter

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.