openssh unix dev - Feb 2001 - OpenSSH 2.3.0p4/2.2.0p1, Solaris 8, ssh-keygen bus error

Hi,

I'm having a problem with ssh-keygen on Solaris 8; upon running, it
produces a bus error due to a function call in OpenSSL (RC4_set_key):

[...]
(gdb) where
#0  0x3440c in RC4_set_key ()
#1  0x2b890 in arc4random_stir ()
    at /merc/tools/src/openssh-2.3.0p1/bsd-arc4random.c:65
#2  0x23ca8 in main (ac=1, av=0xffbefb94)
    at /merc/tools/src/openssh-2.3.0p1/ssh-keygen.c:720

I get identical results with any combination of:

- gcc 2.95.2/binutils 2.10.1, or just gcc with Sun's as/ld (I do not have
  a WorkShop C licence), either built from source or obtained from Sun's
  "companion" CD (gcc only; they don't ship binutils).

- OpenSSL 0.9.5a and 0.9.6, built from source.

- OpenSSH 2.3.0p4 and 2.2.0p1, built from source.

I'm using the ANDIrand (http://www.cosy.sbg.ac.at/~andi/) package to
provide /dev/random, rather than EGD or SUNWski. ssh and sshd appear to be
working as advertised, but key generation fails consistantly.

I'm planning on trying the 10/00 Solaris 8 release as soon as I get a
chance to download it from Sun.

Suggestions? This looks like an openssl problem, but I'd think I
wouldn't
be the only one seeing this (the archives didn't indicate anyone else
having this kind of problem)...

-- 
Edward S. Marshall <emarshall at mercantec.com>                 UNIX
Administrator
http://www.nyx.net/~emarshal/                                   Mercantec, Inc.

On Thu, 8 Feb 2001, Edward S. Marshall wrote:
> Hi,
> 
> I'm having a problem with ssh-keygen on Solaris 8; upon running, it
> produces a bus error due to a function call in OpenSSL (RC4_set_key):
Could you please turn on very verbose debugging "ssh -v -v -v " and
report the output?

Thanks
-d


-- 
| Damien Miler <djm at mindrot.org> \ ``E-mail attachments are the poor
man's
| http://www.mindrot.org         /   distributed filesystem'' - Dan Geer

On Fri, 9 Feb 2001, Damien Miller wrote:
> Could you please turn on very verbose debugging "ssh -v -v -v "
and
> report the output?
A little more information; sshd is failing with a bus error as well (the
client seems fine so far in light use):

#  gdb ./sshd
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "sparc-sun-solaris2.8"...
(gdb) set args -ddd
(gdb) run
Starting program: /merc/tools/obj/openssh-2.3.0p4/./sshd -ddd
debug1: sshd version OpenSSH_2.3.0p1
debug1: Seeding random number generator
debug1: read DSA private key done
debug1: Seeding random number generator
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
debug1: Seeding random number generator
debug1: Seeding random number generator
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 172.16.64.201 port 1022
debug1: Client protocol version 2.0; client software version OpenSSH_2.3.0p1
debug1: no match: OpenSSH_2.3.0p1
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_2.3.0p1
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: got kexinit: ssh-dss
debug1: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
debug1: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
debug1: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug1: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug1: got kexinit: none
debug1: got kexinit: none
debug1: got kexinit:
debug1: got kexinit:
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug1: kex: client->server 3des-cbc hmac-sha1 none
debug1: kex: server->client 3des-cbc hmac-sha1 none
debug1: Wait SSH2_MSG_KEX_DH_GEX_REQUEST.

Program received signal SIGSEGV, Segmentation fault.
0x4de9c in DH_new_method ()
(gdb) where
#0  0x4de9c in DH_new_method ()
#1  0x4e16c in DH_new ()
#2  0x2fb30 in dh_new_group (gen=0xe5498, modulus=0xe54b8)
    at /merc/tools/src/openssh-2.3.0p1/kex.c:178
#3  0x209d8 in choose_dh (minbits=4096)
    at /merc/tools/src/openssh-2.3.0p1/dh.c:156
#4  0x1cbfc in ssh_dhgex_server (kex=0xdaa88, client_kexinit=0xdd250,
    server_kexinit=0xdd2b0) at /merc/tools/src/openssh-2.3.0p1/sshd.c:1511
#5  0x1c918 in do_ssh2_kex () at
/merc/tools/src/openssh-2.3.0p1/sshd.c:1332
#6  0x1c320 in main (ac=2, av=0xd2000)
    at /merc/tools/src/openssh-2.3.0p1/sshd.c:1084
(gdb)

Any ideas?

-- 
Edward S. Marshall <emarshall at mercantec.com>                 UNIX
Administrator
http://www.nyx.net/~emarshal/                                   Mercantec, Inc.