From owner-freebsd-stable@freebsd.org Wed Mar 9 15:27:58 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 359A5AC8EEB for ; Wed, 9 Mar 2016 15:27:58 +0000 (UTC) (envelope-from mike@sentex.net) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 1A0C3E2C for ; Wed, 9 Mar 2016 15:27:58 +0000 (UTC) (envelope-from mike@sentex.net) Received: by mailman.ysv.freebsd.org (Postfix) id 19842AC8EEA; Wed, 9 Mar 2016 15:27:58 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3439AC8EE9 for ; Wed, 9 Mar 2016 15:27:57 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [IPv6:2607:f3e0:80:80::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "smarthost.sentex.ca", Issuer "smarthost.sentex.ca" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D153AE2B; Wed, 9 Mar 2016 15:27:57 +0000 (UTC) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (lava.sentex.ca [IPv6:2607:f3e0:0:5::11]) by smarthost2.sentex.ca (8.15.2/8.15.2) with ESMTPS id u29FRuE5089325 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 9 Mar 2016 10:27:56 -0500 (EST) (envelope-from mike@sentex.net) Received: from [IPv6:2607:f3e0:0:4:5c30:ed1b:e203:c55c] ([IPv6:2607:f3e0:0:4:5c30:ed1b:e203:c55c]) by lava.sentex.ca (8.14.9/8.14.9) with ESMTP id u29FRtCl040345; Wed, 9 Mar 2016 10:27:55 -0500 (EST) (envelope-from mike@sentex.net) Subject: Re: [FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man To: Craig Green , Xin LI , src-committers@freebsd.org, "stable@freebsd.org" References: <201603071618.u27GI736079901@repo.freebsd.org> <56DEC973.5000106@sentex.net> <56DF1654.7010308@sentex.net> From: Mike Tancsa Organization: Sentex Communications Message-ID: <56E040E5.8080205@sentex.net> Date: Wed, 9 Mar 2016 10:27:33 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <56DF1654.7010308@sentex.net> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.78 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2016 15:27:58 -0000 On 3/8/2016 1:13 PM, Craig Green wrote: > > > On 2016-03-08 7:45 AM, Mike Tancsa wrote: >> Hi, >> I tried on 2 separate boxes, and sshd segfaults when this rev is >> applied >> >> ---Mike > > Just adding some debug logs showing a couple places where sshd exited. > Encryption algorithm, kex and hmac didn't seem to matter. Here is an example of where sshd chokes good trace - pre openssl commit .... debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac-64@openssh.com [preauth] debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac-64@openssh.com [preauth] debug2: kex_parse_kexinit: none [preauth] debug2: kex_parse_kexinit: none [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: first_kex_follows 0 [preauth] debug2: kex_parse_kexinit: reserved 0 [preauth] debug2: mac_setup: setup hmac-sha1 [preauth] debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth] debug2: mac_setup: setup hmac-sha1 [preauth] debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] debug3: mm_request_send entering: type 0 [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 2048 2048 debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth] debug3: mm_request_receive_expect entering: type 1 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_choose_dh: remaining 0 [preauth] *debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]* *debug2: bits set: 1063/2048 [preauth]* debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] debug2: bits set: 1041/2048 [preauth] debug3: mm_key_sign entering [preauth] debug3: mm_request_send entering: type 6 [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_sign debug3: mm_answer_sign: signature 0x8034173c0(55) debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth] bad trace - with openssl commit. debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] debug3: mm_request_send entering: type 0 [preauth] debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth] debug3: mm_request_receive_expect entering: type 1 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 2048 2048 debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_choose_dh: remaining 0 [preauth] *debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]* debug1: monitor_read_log: child log fd closed debug3: mm_request_receive entering debug1: do_cleanup debug3: PAM: sshpam_thread_cleanup entering debug1: Killing privsep child 1837 -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/