Date: Sat, 9 Mar 2013 14:30:01 GMT From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@ximalas.info> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/171809: sshd EVP_CipherInit: set key failed for aes128-cbc [preauth] Message-ID: <201303091430.r29EU1ws062491@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/171809; it has been noted by GNATS.
From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@ximalas.info>
To: bug-followup@FreeBSD.org
Cc: freebsd@nagilum.org
Subject: Re: bin/171809: sshd EVP_CipherInit: set key failed for aes128-cbc
[preauth]
Date: Sat, 09 Mar 2013 15:22:17 +0100
Hi,
The very same issue has recently appeared in stable/9.
I see tons of log messages like this one:
Mar 8 00:00:00 <auth.crit> enterprise sshd[31525]: fatal: cipher_init:
EVP_CipherInit: set key failed for aes128-cbc [preauth]
It all began after upgrading to:
FreeBSD enterprise.ximalas.info 9.1-STABLE FreeBSD 9.1-STABLE #0
r247533: Fri Mar 1 12:41:25 CET 2013
root@enterprise.ximalas.info:/usr/obj/usr/src/sys/ENTERPRISE amd64
The OP runs a system based on AMD Geode LX with the Security Block
enabled, i.e. glxsb(4).
My system is as follows:
CPU: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz (3109.20-MHz K8-class CPU)
Origin = "GenuineIntel" Id = 0x206a7 Family = 0x6 Model = 0x2a
Stepping = 7
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x1fbae3ff<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX>
AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>
AMD Features2=0x1<LAHF>
TSC: P-state invariant, performance statistics
real memory = 8589934592 (8192 MB)
avail memory = 8227381248 (7846 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <GBT GBTUACPI>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s)
cpu0 (BSP): APIC ID: 0
cpu1 (AP): APIC ID: 2
cpu2 (AP): APIC ID: 4
cpu3 (AP): APIC ID: 6
ioapic0: Changing APIC ID to 2
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kbd1 at kbdmux0
cryptosoft0: <software crypto> on motherboard
aesni0: <AES-CBC,AES-XTS> on motherboard
Notice aesni(4) is enabled in my kernel.
This would suggest the problem is either both in the aesni driver and in
the glxsb driver, or in some code common to these two drivers, or even
within OpenSSH itself.
It would nice to see this issue being resolved once and for all, and at
the same time I urge you to suggest upstream that OpenSSH log messages
such as the one above always include the IPv4/IPv6 address and/or the
domain name of the client. Such a change makes it easier for DenyHosts
to blacklist attackers, not to mention us poor sysadmins.
--
----------------------------------------------------------------------
Trond Endrestøl | Trond.Endrestol@ximalas.info
ACM, NAS, NUUG, SAGE, USENIX | Mozilla Thunderbird 13.0.1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303091430.r29EU1ws062491>