freebsd stable - Aug 2004 - key_verify failed for server_host_key solution

Folks,

I found that SSH broke after an upgrade to 4.10 stable.  The
problem I saw was the same one reported by Daren Desjardins
back in March.  The symptom is a client failing to establish a
connection with the complaint:

  key_verify failed for server_host_key

The culprit turns out to be a problem in libcrypto that is tickled 
by too aggressive optimization settings.

When building 4.10, my make.conf included:

  CFLAGS= -O -pipe -funroll-loops -ffast-math
  COPTFLAGS= -O -pipe -funroll-loops -ffast-math

By removing both the unroll-loops and fast-math optimizations,
and rebuilding libcrypto, the problem disappears.  For anyone
unfamiliar with rebuilding libcrypto, the following should do the
job:

  cd /usr/src/secure/lib/libcrypto
  make clean
  make obj && make depend && make all install

mb

> The culprit turns out to be a problem in libcrypto that is tickled
> by too aggressive optimization settings.
>
> When building 4.10, my make.conf included:
>
>  CFLAGS= -O -pipe -funroll-loops -ffast-math
>  COPTFLAGS= -O -pipe -funroll-loops -ffast-math
>
> By removing both the unroll-loops and fast-math optimizations,
> and rebuilding libcrypto, the problem disappears.
I had the same issue. I had this in my make.conf when it went wrong:

CFLAGS= -O2 -pipe -funroll-loops

and this solved the problem:

CFLAGS= -O -pipe

So I suspect the unroll loops option to be the cause. I guess I could 
rebuild with -O2 again without -funroll-loops to prove it...

regards,

Henno