Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 7 Feb 2002 02:10:53 -0800 (PST)
From:      Alexey Dokuchaev <danfe@dnd.nsu.ru>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   bin/34690: Very strong GCC optimizations (CFLAGS) break ssh(1) DSA authorization
Message-ID:  <200202071010.g17AAru17304@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         34690
>Category:       bin
>Synopsis:       Very strong GCC optimizations (CFLAGS) break ssh(1) DSA authorization
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 07 02:20:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Alexey Dokuchaev
>Release:        4.5-STABLE
>Organization:
DND NSU
>Environment:
FreeBSD nowhere.universe.ru 4.5-STABLE FreeBSD 4.5-STABLE #0: Sun Feb  3 22:19:53 NOVT 2002 root@nowhere.universe.ru:/usr/src/sys/compile/CYTHEREA  i386     
>Description:
When world is compiled with "-O2 -mpentiumpro -march=pentiumpro -mcpu=pentiumpro -pipe -s -fexpensive-optimizations -ffast-math -fomit-frame-pointer -funroll-loops" CFLAGS, DSA key-based authorization does not work.  See below for exact description.  RSA authentification (similar) works (on this very box).
>How-To-Repeat:
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/danfe/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/danfe/.ssh/id_dsa.
Your public key has been saved in /home/danfe/.ssh/id_dsa.pub.
The key fingerprint is:
5e:45:44:1f:34:63:9c:c3:03:30:b5:75:bf:de:42:75 danfe@nowhere.universe.ru
$ cp id_dsa.pub authorized_keys2
$ ssh -2 localhost
key_verify failed for server_host_key
$

However, if .ssh/id_dsa* moved to another FreeBSD box, compiled with standard CFLAGS, they are proven to be valid.

>Fix:
None know.  Do not time, sorry :-(((
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202071010.g17AAru17304>