Re: [FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

2016-03-10 Thread Eric Masson 
Xin Li  writes:

Hi Xin,

> It will.  The binary update is still compiling.

Good news. Thanks a lot.

Regards

Éric Masson

-- 
 > et sinon, quand on s'interesse a un media que l'on ne maitrise pas,
 > on essaye de le comprendre d'abord.
 (Suivi par l'intégralité du message initial de 45 lignes.)
 -+-BM in : GNU - La maîtrise est un long apprentissage petit scarabé -+-
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: [FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

2016-03-10 Thread Xin Li 


On 3/10/16 00:00, Eric Masson wrote:
> Dimitry Andric  writes:
> 
> Hi Dimitry,
> 
>> Can you please try the attached patch, which I also attached to PR
>> 207783?  I think this will solve the crashes.
> 
> Works as expected with patch applied, thanks a lot.
> Will it be pushed to releng/9.3/ please ?

It will.  The binary update is still compiling.

Cheers,



signature.asc
Description: OpenPGP digital signature

Re: [FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

2016-03-10 Thread Eric Masson 
Dimitry Andric  writes:

Hi Dimitry,

> Can you please try the attached patch, which I also attached to PR
> 207783?  I think this will solve the crashes.

Works as expected with patch applied, thanks a lot.
Will it be pushed to releng/9.3/ please ?

Regards

Éric Masson

-- 
 J'arrête pas d'essayer de m'abonner au mailing list sur la Nippon
 animation, mais le machin auromatique MAJORDOMO me renvoit toujours la
 même foutu page d'instruction de code. Comment ca marche ?
 -+- W in Guide du Neuneu d'Usenet : Mauvais abonné, changer d'abonné -+-
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: [FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

2016-03-09 Thread Craig Green 

On 2016-03-09 5:19 PM, Mike Tancsa wrote:

On 3/9/2016 5:06 PM, Dimitry Andric wrote:


Can you please try the attached patch, which I also attached to PR
207783?  I think this will solve the crashes.

It should be enough to rebuild secure/lib/libcrypto, and install it.

Hi,
Yes it allows sshd to not crash on my one test case (secureCRT client)
so far!  Thanks.


Looks to work as well on the second server here that SSH was crashing on.


Thanks. :-)

Craig.
--
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: [FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

2016-03-09 Thread Mike Tancsa 
On 3/9/2016 5:06 PM, Dimitry Andric wrote:

> Can you please try the attached patch, which I also attached to PR
> 207783?  I think this will solve the crashes.
> 
> It should be enough to rebuild secure/lib/libcrypto, and install it.

Hi,
Yes it allows sshd to not crash on my one test case (secureCRT client)
so far!  Thanks.

---Mike


-- 
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: [FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

2016-03-09 Thread Dimitry Andric 
On 09 Mar 2016, at 16:48, Eric Masson  wrote:
> 
> Mike Tancsa  writes:
> 
> Hi,
> 
>> good trace - pre openssl commit
>> 
>> debug2: kex_parse_kexinit:
>> hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac...@openssh.com [preauth]
>> debug2: kex_parse_kexinit:
>> hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac...@openssh.com [preauth]
>> debug2: kex_parse_kexinit: none [preauth]
>> debug2: kex_parse_kexinit: none [preauth]
>> debug2: kex_parse_kexinit:  [preauth]
>> debug2: kex_parse_kexinit:  [preauth]
>> debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
>> debug2: kex_parse_kexinit: reserved 0  [preauth]
>> debug2: mac_setup: setup hmac-sha1 [preauth]
>> debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth]
>> debug2: mac_setup: setup hmac-sha1 [preauth]
>> debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth]
>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
>> debug3: mm_request_send entering: type 0 [preauth]
>> debug3: mm_request_receive entering
>> debug3: monitor_read: checking request 0
>> debug3: mm_answer_moduli: got parameters: 1024 2048 2048
>> bad trace - with openssl commit.
>> 
>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
>> debug3: mm_request_send entering: type 0 [preauth]
>> debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth]
>> debug3: mm_request_receive_expect entering: type 1 [preauth]
>> debug3: mm_request_receive entering [preauth]
>> debug3: mm_request_receive entering
>> debug3: monitor_read: checking request 0
>> debug3: mm_answer_moduli: got parameters: 1024 2048 2048
>> debug3: mm_request_send entering: type 1
>> debug2: monitor_read: 0 used once, disabling now
>> debug3: mm_choose_dh: remaining 0 [preauth]
>> *debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]*
>> debug1: monitor_read_log: child log fd closed
>> debug3: mm_request_receive entering
>> debug1: do_cleanup
>> debug3: PAM: sshpam_thread_cleanup entering
>> debug1: Killing privsep child 1837
> 
> Similar symptoms on 9.3-p37 when trying to connect with putty from a Win
> 7 station.
> 
> Using cygwin's openssh client doesn't trigger the issue.

Can you please try the attached patch, which I also attached to PR
207783?  I think this will solve the crashes.

It should be enough to rebuild secure/lib/libcrypto, and install it.

-Dimitry


fix-pr207783-1.diff
Description: Binary data


signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

2016-03-09 Thread Eric Masson 
Mike Tancsa  writes:

Hi,

> good trace - pre openssl commit
> 
> debug2: kex_parse_kexinit:
> hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac...@openssh.com [preauth]
> debug2: kex_parse_kexinit:
> hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac...@openssh.com [preauth]
> debug2: kex_parse_kexinit: none [preauth]
> debug2: kex_parse_kexinit: none [preauth]
> debug2: kex_parse_kexinit:  [preauth]
> debug2: kex_parse_kexinit:  [preauth]
> debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
> debug2: kex_parse_kexinit: reserved 0  [preauth]
> debug2: mac_setup: setup hmac-sha1 [preauth]
> debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth]
> debug2: mac_setup: setup hmac-sha1 [preauth]
> debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth]
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
> debug3: mm_request_send entering: type 0 [preauth]
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 0
> debug3: mm_answer_moduli: got parameters: 1024 2048 2048
> bad trace - with openssl commit.
>
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
> debug3: mm_request_send entering: type 0 [preauth]
> debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth]
> debug3: mm_request_receive_expect entering: type 1 [preauth]
> debug3: mm_request_receive entering [preauth]
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 0
> debug3: mm_answer_moduli: got parameters: 1024 2048 2048
> debug3: mm_request_send entering: type 1
> debug2: monitor_read: 0 used once, disabling now
> debug3: mm_choose_dh: remaining 0 [preauth]
> *debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]*
> debug1: monitor_read_log: child log fd closed
> debug3: mm_request_receive entering
> debug1: do_cleanup
> debug3: PAM: sshpam_thread_cleanup entering
> debug1: Killing privsep child 1837

Similar symptoms on 9.3-p37 when trying to connect with putty from a Win
7 station.

Using cygwin's openssh client doesn't trigger the issue.

Éric Masson

-- 
 J'ai essayé de creer un news un alt.west.virginia ou sur d'autres
 alt.west.wirginia.xxx mais quand je vais sur ces forums rien n'apparait?
 l'emetteur d'un new recoit il un avertissement si celui ci est censuré?
 -+- LM in:  - Bien sansurer ses news sur C-I -+-
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: [FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

2016-03-09 Thread Mike Tancsa 
On 3/8/2016 1:13 PM, Craig Green wrote:
> 
> 
> On 2016-03-08 7:45 AM, Mike Tancsa wrote:
>> Hi,
>> I tried on 2 separate boxes, and sshd segfaults when this rev is
>> applied
>>
>> ---Mike
> 
> Just adding some debug logs showing a couple places where sshd exited.
> Encryption algorithm, kex and hmac didn't seem to matter.

Here is an example of where sshd chokes

good trace - pre openssl commit

debug2: kex_parse_kexinit:
hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac...@openssh.com [preauth]
debug2: kex_parse_kexinit:
hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac...@openssh.com [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
debug2: kex_parse_kexinit: reserved 0  [preauth]
debug2: mac_setup: setup hmac-sha1 [preauth]
debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth]
debug2: mac_setup: setup hmac-sha1 [preauth]
debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug3: mm_request_send entering: type 0 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 2048 2048
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth]
debug3: mm_request_receive_expect entering: type 1 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_choose_dh: remaining 0 [preauth]
*debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]*
*debug2: bits set: 1063/2048 [preauth]*
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
debug2: bits set: 1041/2048 [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x8034173c0(55)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]



bad trace - with openssl commit.

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug3: mm_request_send entering: type 0 [preauth]
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth]
debug3: mm_request_receive_expect entering: type 1 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 2048 2048
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_choose_dh: remaining 0 [preauth]
*debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]*
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 1837



-- 
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: [FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

2016-03-08 Thread Craig Green 



On 2016-03-08 7:45 AM, Mike Tancsa wrote:

Hi,
I tried on 2 separate boxes, and sshd segfaults when this rev is applied

---Mike


Just adding some debug logs showing a couple places where sshd exited. 
Encryption algorithm, kex and hmac didn't seem to matter.


Craig.
--


Mar  7 16:59:53 smtp1 sshd[40348]: debug1: rexec start in 5 out 5 
newsock 5 pipe 7 sock 8

Mar  7 16:59:53 smtp1 sshd[40348]: debug1: inetd sockets after dupping: 3, 3
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: res_init()
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: HPN Disabled: 0, HPN Buffer 
Size: 65536
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: Client protocol version 2.0; 
client software version SecureCRT_6.6.1 (x64 build 289) SecureCRT
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: no match: SecureCRT_6.6.1 
(x64 build 289) SecureCRT
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: Enabling compatibility mode 
for protocol 2.0
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: Local version string 
SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: list_hostkey_types: 
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519

Mar  7 16:59:53 smtp1 sshd[40348]: debug1: SSH2_MSG_KEXINIT sent
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: SSH2_MSG_KEXINIT received
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: kex: client->server 
aes256-ctr hmac-sha1 none
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: kex: server->client 
aes256-ctr hmac-sha1 none

Mar  7 16:59:53 smtp1 kernel: pid 40348 (sshd), uid 0: exited on signal 11


Mar  7 17:01:39 smtp1 sshd[46204]: debug1: rexec start in 5 out 5 
newsock 5 pipe 7 sock 8

Mar  7 17:01:39 smtp1 sshd[46204]: debug1: inetd sockets after dupping: 3, 3
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: res_init()
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: HPN Disabled: 0, HPN Buffer 
Size: 65536
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: Client protocol version 2.0; 
client software version OpenSSH_6.1_hpn13v11 FreeBSD-20120901
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: match: OpenSSH_6.1_hpn13v11 
FreeBSD-20120901 pat OpenSSH* compat 0x0400
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: Enabling compatibility mode 
for protocol 2.0
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: Local version string 
SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: list_hostkey_types: 
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519

Mar  7 17:01:39 smtp1 sshd[46204]: debug1: SSH2_MSG_KEXINIT sent
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: SSH2_MSG_KEXINIT received
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: kex: client->server 
aes128-ctr hmac-md5 none
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: kex: server->client 
aes128-ctr hmac-md5 none

Mar  7 17:01:39 smtp1 sshd[46204]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT
Mar  7 17:01:40 smtp1 kernel: pid 46204 (sshd), uid 0: exited on signal 11


Mar  7 17:02:01 smtp1 sshd[47350]: debug1: rexec start in 5 out 5 
newsock 5 pipe 7 sock 8

Mar  7 17:02:01 smtp1 sshd[47350]: debug1: inetd sockets after dupping: 3, 3
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: res_init()
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: HPN Disabled: 0, HPN Buffer 
Size: 65536
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: Client protocol version 2.0; 
client software version OpenSSH_6.1_hpn13v11 FreeBSD-20120901
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: match: OpenSSH_6.1_hpn13v11 
FreeBSD-20120901 pat OpenSSH* compat 0x0400
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: Enabling compatibility mode 
for protocol 2.0
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: Local version string 
SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: list_hostkey_types: 
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519

Mar  7 17:02:01 smtp1 sshd[47350]: debug1: SSH2_MSG_KEXINIT sent
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: SSH2_MSG_KEXINIT received
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: kex: client->server 
aes128-ctr hmac-md5 none
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: kex: server->client 
aes128-ctr hmac-md5 none

Mar  7 17:02:01 smtp1 sshd[47350]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT
Mar  7 17:02:01 smtp1 kernel: pid 47350 (sshd), uid 0: exited on signal 11


Mar  7 18:52:36 smtp1 sshd[1127]: debug1: rexec start in 5 out 5 newsock 
5 pipe 7 sock 8

Mar  7 18:52:36 smtp1 sshd[1127]: debug1: inetd sockets after dupping: 3, 3
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: res_init()
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: HPN Disabled: 0, HPN Buffer 
Size: 65536
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: Client protocol version 2.0; 
client software version PuTTY_Release_0.60

Mar  7 18:52:36 smtp1 sshd[1127]: debug1: no match: PuTTY_Release_0.60
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: Enabling compatibility mode 
for protocol 2.0
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: Local version string 
SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: list_hostkey_types: