search for: kex_free_newkey

While doing some related work I built openssh 9.3p1 with -fsanitize=address and this came up during compilation. In file included from /usr/include/string.h:535, from kex.c:34: In function 'explicit_bzero', inlined from 'kex_free_newkeys' at kex.c:743:2: /usr/include/bits/string_fortified.h:72:3: warning: '__explicit_bzero_chk' writing 48 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=] 72 | __explicit_bzero_chk (__dest, __len, __glibc_objsize0 (__dest)); | ^~~~~~~~~~~~~~~...

...:23.324850+00:00 err kernel: [ 1206.116019] cryptodev: sshd-session[2108] (crypto_copy_hash_state:516): Failed to get sesssions with sid=0x9198779A sid=f7160dd008X! .... I spent some time tracing through the openssl and openssh code, and I found that If I comment out the call to mac_clear() within kex_free_newkeys(), the issue does not occur. Therefore, I wonder if there is some bug in openssh that causes re-use of a cryptodev session ID, or causes the digest to be cleaned up prematurely. I'd appreciate any feedback or suggestions. I assume that cryptodev should be well-supported and tested, so maybe th...

...0 err kernel: [ 1206.116019] cryptodev: sshd-session[2108] (crypto_copy_hash_state:516): Failed to get sesssions with sid=0x9198779A sid=f7160dd008X! > .... > > I spent some time tracing through the openssl and openssh code, and I found that If I comment out the call to mac_clear() within kex_free_newkeys(), the issue does not occur. Therefore, I wonder if there is some bug in openssh that causes re-use of a cryptodev session ID, or causes the digest to be cleaned up prematurely. I'd appreciate any feedback or suggestions. I assume that cryptodev should be well-supported and tested, so maybe th...