openssh unix dev - Feb 2001 - Bad packet length in 2.5.1 with rijndael (fwd)

I think we are not detecting and setting endianness properly for
rijndael.c.

Can someone on a big endian machine do a "ssh -2 -oCiphers=rijndael128-cbc
littleendianmachine" and vice versa?

-d

-- 
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor
man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan
Geer

---------- Forwarded message ----------
Date: Mon, 26 Feb 2001 22:54:43 -0800 (PST)
From: Gregory Steuck <greg at nest.cx>
To: openssh at openssh.com
Subject: Bad packet length in 2.5.1 with rijndael

Hello,

If I go between machines with different byte order using rijndael
ciphers I get "Bad packet length" error. I was using
openssh-openbsd-current-i386 -> openssh-2.5.1p1-sparc-solaris and vice
versa.

It works fine if I use 3des-cbc, blowfish-cbc, arcfour or
cast128-cbc. (To make sure this is not the 2.8 rijndael blow up, I just
rebulit libssl from -current, didn't change a thing)

Here're the relevant parts of .ssh/config:

Host puma
HostName ::1
Port 10022
ForwardX11 yes

Host *
Protocol  2,1
Cipher blowfish
Ciphers rijndael128-cbc,aes128-cbc,blowfish-cbc,3des-cbc
ForwardX11 no
ForwardAgent no

And this is the log:
ssh -v puma
OpenSSH_2.5.1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug: Reading configuration data /home/greg/.ssh/config
debug: Applying options for puma
debug: Applying options for *
debug: Reading configuration data /etc/ssh_config
debug: ssh_connect: getuid 1001 geteuid 0 anon 0
debug: Connecting to ::1 [::1] port 10022.
debug: Allocated local port 809.
debug: Connection established.
debug: identity file /home/greg/.ssh/identity type 0
debug: identity file /home/greg/.ssh/id_rsa type 3
debug: identity file /home/greg/.ssh/id_dsa type 3
debug: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1
debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.5.1
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client rijndael128-cbc hmac-sha1 none
debug: kex: client->server rijndael128-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug: bits set: 1012/2049
debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: Forcing accepting of host key for loopback/localhost.
debug: bits set: 1025/2049
debug: len 55 datafellows 0
debug: ssh_dss_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
 e3 03 f4 e0 5e 27 3c ff 53 f4 60 3e 5a 72 b5 67
Disconnecting: Bad packet length -486279968.
debug: Calling cleanup 0x15f10(0x0)

Thanks
Greg

On Tue, 27 Feb 2001, Damien Miller wrote:
: I think we are not detecting and setting endianness properly for
: rijndael.c.
:
: Can someone on a big endian machine do a "ssh -2
-oCiphers=rijndael128-cbc
: littleendianmachine" and vice versa?

every platform doesn't have BYTE_ORDER.  this is from openbsd
/include/arpa/nameser.h.  should we import it?

#ifndef BYTE_ORDER
#if (BSD >= 199103)
# include <machine/endian.h>
#else
#ifdef linux
# include <endian.h>
#else
#define LITTLE_ENDIAN	1234	/* least-significant byte first (vax, pc) */
#define BIG_ENDIAN	4321	/* most-significant byte first (IBM, net) */
#define PDP_ENDIAN	3412	/* LSB first in word, MSW first in long (pdp)*/

#if defined(vax) || defined(ns32000) || defined(sun386) || defined(i386) || \
    defined(MIPSEL) || defined(_MIPSEL) || defined(BIT_ZERO_ON_RIGHT) || \
    defined(__alpha__) || defined(__alpha)
#define BYTE_ORDER	LITTLE_ENDIAN
#endif

#if defined(sel) || defined(pyr) || defined(mc68000) || defined(sparc) || \
    defined(is68k) || defined(tahoe) || defined(ibm032) || defined(ibm370) || \
    defined(MIPSEB) || defined(_MIPSEB) || defined(_IBMR2) || defined(DGUX) ||\
    defined(apollo) || defined(__convex__) || defined(_CRAY) || \
    defined(__hppa) || defined(__hp9000) || \
    defined(__hp9000s300) || defined(__hp9000s700) || \
    defined (BIT_ZERO_ON_LEFT) || defined(m68k)
#define BYTE_ORDER	BIG_ENDIAN
#endif
#endif /* linux */
#endif /* BSD */
#endif /* BYTE_ORDER */

#if !defined(BYTE_ORDER) || \
    (BYTE_ORDER != BIG_ENDIAN && BYTE_ORDER != LITTLE_ENDIAN &&
\
    BYTE_ORDER != PDP_ENDIAN)
	/* you must determine what the correct bit order is for
	 * your compiler - the next line is an intentional error
	 * which will force your compiles to bomb until you fix
	 * the above macros.
	 */
  error "Undefined or invalid BYTE_ORDER";
#endif