Dimitry Andric
2016-Mar-09 22:06 UTC
[FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man
On 09 Mar 2016, at 16:48, Eric Masson <emss at free.fr> wrote:> > Mike Tancsa <mike at sentex.net> writes: > > Hi, > >> good trace - pre openssl commit >> .... >> debug2: kex_parse_kexinit: >> hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac-64 at openssh.com [preauth] >> debug2: kex_parse_kexinit: >> hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac-64 at openssh.com [preauth] >> debug2: kex_parse_kexinit: none [preauth] >> debug2: kex_parse_kexinit: none [preauth] >> debug2: kex_parse_kexinit: [preauth] >> debug2: kex_parse_kexinit: [preauth] >> debug2: kex_parse_kexinit: first_kex_follows 0 [preauth] >> debug2: kex_parse_kexinit: reserved 0 [preauth] >> debug2: mac_setup: setup hmac-sha1 [preauth] >> debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth] >> debug2: mac_setup: setup hmac-sha1 [preauth] >> debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth] >> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] >> debug3: mm_request_send entering: type 0 [preauth] >> debug3: mm_request_receive entering >> debug3: monitor_read: checking request 0 >> debug3: mm_answer_moduli: got parameters: 1024 2048 2048 >> bad trace - with openssl commit. >> >> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] >> debug3: mm_request_send entering: type 0 [preauth] >> debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth] >> debug3: mm_request_receive_expect entering: type 1 [preauth] >> debug3: mm_request_receive entering [preauth] >> debug3: mm_request_receive entering >> debug3: monitor_read: checking request 0 >> debug3: mm_answer_moduli: got parameters: 1024 2048 2048 >> debug3: mm_request_send entering: type 1 >> debug2: monitor_read: 0 used once, disabling now >> debug3: mm_choose_dh: remaining 0 [preauth] >> *debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]* >> debug1: monitor_read_log: child log fd closed >> debug3: mm_request_receive entering >> debug1: do_cleanup >> debug3: PAM: sshpam_thread_cleanup entering >> debug1: Killing privsep child 1837 > > Similar symptoms on 9.3-p37 when trying to connect with putty from a Win > 7 station. > > Using cygwin's openssh client doesn't trigger the issue.Can you please try the attached patch, which I also attached to PR 207783? I think this will solve the crashes. It should be enough to rebuild secure/lib/libcrypto, and install it. -Dimitry -------------- next part -------------- A non-text attachment was scrubbed... Name: fix-pr207783-1.diff Type: application/octet-stream Size: 627 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20160309/5eb31166/attachment.obj> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 194 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20160309/5eb31166/attachment.sig>
Mike Tancsa
2016-Mar-09 22:19 UTC
[FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man
On 3/9/2016 5:06 PM, Dimitry Andric wrote:> Can you please try the attached patch, which I also attached to PR > 207783? I think this will solve the crashes. > > It should be enough to rebuild secure/lib/libcrypto, and install it.Hi, Yes it allows sshd to not crash on my one test case (secureCRT client) so far! Thanks. ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike at sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Eric Masson
2016-Mar-10 08:00 UTC
[FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man
Dimitry Andric <dim at FreeBSD.org> writes: Hi Dimitry,> Can you please try the attached patch, which I also attached to PR > 207783? I think this will solve the crashes.Works as expected with patch applied, thanks a lot. Will it be pushed to releng/9.3/ please ? Regards ?ric Masson -- J'arr?te pas d'essayer de m'abonner au mailing list sur la Nippon animation, mais le machin auromatique MAJORDOMO me renvoit toujours la m?me foutu page d'instruction de code. Comment ca marche ? -+- W in Guide du Neuneu d'Usenet : Mauvais abonn?, changer d'abonn? -+-