Announce: OpenSSH 4.6 released

Darren Tucker dtucker at zip.com.au
Fri Mar 9 08:57:47 EST 2007 

On Fri, Mar 09, 2007 at 07:25:22AM +1100, Darren Tucker wrote:
> Corinna Vinschen wrote:
[...]
> > $ ssh -1 somemachine
> > Disconnecting: Corrupted check bytes on input.
> > 
> > I can reproduce this behaviour and when starting ssh with -vvv flags,
> > the above error message is printed in this context:
> > 
> >   debug1: Found key in /home/corinna/.ssh/known_hosts:221
> >   debug1: Encryption type: 3des
> >   debug1: Sent encrypted session key.
> >   debug2: cipher_init: set keylen (16 -> 32)
> >   debug2: cipher_init: set keylen (16 -> 32)
> >   debug1: Installing crc compensation attack detector.
> >   Disconnecting: Corrupted check bytes on input.
> > 
> > The problem is that only the Cygwin 4.6p1 version seems to be affect.
> > 
> > I tested the following combinations, the rows are the ssh version
> > with which I tried to connect to the sshd versions in the columns,
> > always with version 1.5 protocol.
> > 
> >     sshd:   Linux 4.5    Linux 4.6    Cygwin 4.5    Cygwin 4.6
> > ssh:
> > Linux 4.5     ok            ok            ok        corrupted
> > Linux 4.6     ok            ok            ok        corrupted
> > Cygwin 4.5    ok            ok            ok        corrupted
> > Cygwin 4.6  corrupted    corrupted    corrupted         ok
> 
> If you're using OpenSSL 0.9.8e you could try backing out this bit in
> openbsd-compat/openssl-compat.h:
> 
> /* OpenSSL 0.9.8e returns cipher key len not context key len */
> #if (OPENSSL_VERSION_NUMBER == 0x0090805fL)
> # define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
> #endif

In fact, if you're using OpenSSL 0.9.8e I suggest you apply the following
patch to it, recompile everything and see if your problem persists.

The symmetry of the problem (ie it works with itself but doesn't
interoperate) is the same as  what I saw with the AES counter-mode
problems in OpenSSH bug #1291.

That workaround above only helps for the bits of OpenSSH that use
EVP_CIPHER_CTX_key_length, it doesn't help where OpenSSL itself uses it,
which may be the case here.  See bugzilla #1291 for details.

Index: crypto/evp/evp_lib.c
===================================================================
RCS file: /home/dtucker/src/security/openssl/cvs/openssl-cvs/openssl/crypto/evp/evp_lib.c,v
retrieving revision 1.10.2.1
diff -u -p -r1.10.2.1 evp_lib.c
--- crypto/evp/evp_lib.c	29 Nov 2006 20:47:13 -0000	1.10.2.1
+++ crypto/evp/evp_lib.c	3 Mar 2007 23:54:00 -0000
@@ -225,7 +225,7 @@ int EVP_CIPHER_key_length(const EVP_CIPH
 
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
 	{
-	return ctx->cipher->key_len;
+	return ctx->key_len;
 	}
 
 int EVP_CIPHER_nid(const EVP_CIPHER *cipher)

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list