Corrupted MAC on input

Deron Meranda dmeranda at iac.net
Mon May 3 15:45:52 EST 2004 

Darren Tucker wrote:

> If the encrypted packets are identical but decrypt differently that 
> sounds like a problem in the crypto itself.  Which algorithm were you 
> using?  Are you using the HP ANSI C compiler to compile OpenSSL?

No, I used gcc 3.3 for everything except for one hand-coded
assembly file "crypto/bn/asm/pa-risc2.s" for which I used
HP's assembler.  My ssh sessions are all SSH version 2, and
negotiate the AES crypto algorithm.

My OpenSSL binaries passed all self-tests, and I also use
the same libraries with Apache.  And since I use Mozilla, the
AES algos also get a good workout in the context of the webserver.
I've yet to see any type of peculiar behavior, except for the
MAC errors in OpenSSH.

I should also mention that I also use this same ssh server
all day long while at work (on the same 100 Mbps LAN).  I work
it really hard there and NEVER see any problem.  But all the
corrupted MAC errors I've seen only occur while working from home,
over an ADSL connection.  I can't explain how that may make any
difference.



I did recently encounter a couple more cases of a corrupted MAC.
This time I was using PuTTY 0.54 under Win 98SE, and the server
is "OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004" running under
HP-UX 11.0.

I did not have any sort of debugging enabled this time, but I
may have noticed another pattern.  I only seem to get a
corrupted MAC when a burst of traffic occurs, never when just
typing or something slow.  Also it seems to occur more readily
when the data stream contains a lot of repetitive patterns.
For example, when listing the contents of a huge tar file in
which the pathnames all have the same long prefix.

This got me thinking that perhaps this could also be a
compression issue.  I do have compression turned on.  I have
no idea if this is correct or not, but it's another observation
for what it's worth.

BTW, my server-side OpenSSH is linked against zlib 1.2.1,
compiled with gcc 3.3 at -O3 optimization level.

I hope this doesn't lead us in a misleading direction, but it's
just not repeatable enough for me to get good debug data.  Also
my occurances of MAC errors may or may not be related to those
reported by the first poster.

Deron

More information about the openssh-unix-dev mailing list