[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value


Dear Members,

The cause to the problem is the code:

#if defined(OPENSSL_SYS_VXWORKS)
int RAND_poll(void)
    {
    return 0;
    }
#endif

in openssl-0.9.8e/crypto/rand/rand_unix.c

I replaced this code with the code used for OpenBSD:

#if defined(OPENSSL_SYS_VXWORKS)
int RAND_poll(void)
{
    u_int32_t rnd = 0, i;
    unsigned char buf[ENTROPY_NEEDED];

    for (i = 0; i < sizeof(buf); i++) {
        if (i % 4 == 0)
            rnd = rand();
        buf[i] = rnd;
        rnd >>= 8;
    }
    RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
    memset(buf, 0, sizeof(buf));

    return 1;
}
#endif

I replaced 'arc4random' in the original code with 'rand'. There is not
'arc4random' in vxWorks.

Do you think my solution is OK ?
Now, the ssh_connect is working fine.

Thanks,
Zvika

---------- Forwarded message ----------
From: Zvi Vered <veredz72@xxxxxxxxx>
Date: Thu, May 1, 2014 at 7:42 PM
Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad
client public DH value
To: libssh@xxxxxxxxxx


Hi Aris,

I did not do any changes in libssl.

Can you point to the exact code in libssl where random numbers are created ?
I will ask Windriver how to port this code to vxWorks.


Thanks,
Zvika

-----Original Message----- From: Aris Adamantiadis
Sent: Wednesday, April 30, 2014 11:14 PM

To: libssh@xxxxxxxxxx
Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad
client public DH value

Zvi,

Please tell me the random in libssh/openssl doesn't come out of rand().
This function is highly insecure and should not be used for
cryptography. There are two acceptable ways of generating random, one of
them is a /dev/?random device, the other is an EGD (entropy gathering
daemon). The 1024 bits integer is a bignum. It is generated by the
libcrypto library. I don't understand why the generated number is zero.

Did you modify libcrypto/libssl ? Does openssh run normally ?

Aris


Le 29/04/14 23:18, Zvi Vered a écrit :

> Hi Aris,
>
> vxWorks has no /dev/random or /dev/urandom.
> But it does have the function: int rand ()
>
> Can you tell what routine generates the "public part of the DH
> handshake " ?
> What is the "1024 bits long integer" ?  Is it a struct ?
> What is PRNG ? Is it calculated in "pki_key_dup" ?
>
> Thank you for your help !
> Zvika
>
> -----Original Message----- From: Aris Adamantiadis
> Sent: Tuesday, April 29, 2014 11:01 PM
> To: libssh@xxxxxxxxxx
> Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT
> 33554432:bad client public DH value
>
> Hi,
>
> Your capture tells me that the public part of the DH handshake generated
> by client is invalid (it is equal to 1 when it should be a 1024 bits
> long integer). I have no idea how that could happen. It is possible that
> the PRNG returns 0 and so the g^x ends up being 1.
> But this is not consistent with the random cookie looking random. Does
> VXWork have a /dev/random or /dev/urandom device ?
>
> Aris
>
> Le 27/04/14 16:07, Zvi Vered a écrit :
>
>> Hi Aris,
>>
>> Attached the cap file as saved with Wireshark.
>>
>> I hope this is the right cap format.
>>
>> Can you understand why the server sends a "disconnect" ?
>>
>> The client is: 128.172.5.22
>> The server is: 128.172.82.55
>>
>> Thanks,
>> Zvika
>>
>> -----Original Message----- From: Aris Adamantiadis
>> Sent: Thursday, April 24, 2014 11:57 PM
>> To: libssh@xxxxxxxxxx
>> Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT
>> 33554432:bad client public DH value
>>
>> Please upload you .cap to cloudshark.org or attach it to the email, I
>> can't help without seeing the content of packets.
>>
>> Aris
>> Le 24/04/14 22:46, Zvi Vered a écrit :
>>
>>> Hi Aris,
>>>
>>> Is it possible to upload files ?
>>>
>>> Attached a snapshot from wireshark.
>>> It starts from the ARP request the clients sends till "Server:
>>> Disconnect".
>>>
>>> Thanks,
>>> Zvika
>>>
>>> -----Original Message----- From: Aris Adamantiadis
>>> Sent: Thursday, April 24, 2014 10:52 PM
>>> To: libssh@xxxxxxxxxx
>>> Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT
>>> 33554432:bad client public DH value
>>>
>>> Can you please record a tcpdump capture with tcpdump or wireshark and
>>> post it on cloudshark ? This happens pre-encryption.
>>>
>>> Aris
>>> Le 24/04/14 21:45, Zvi Vered a écrit :
>>>
>>>> Hi Aris,
>>>>
>>>> It happens every time.
>>>>
>>>> Thanks,
>>>> Zvika
>>>>
>>>> -----Original Message----- From: Aris Adamantiadis
>>>> Sent: Thursday, April 24, 2014 9:23 PM
>>>> To: libssh@xxxxxxxxxx
>>>> Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT
>>>> 33554432:bad client public DH value
>>>>
>>>> Hi,
>>>>
>>>> Does it happen every time you connect or only sometimes ? It's very
>>>> strange.
>>>>
>>>> Aris
>>>> Le 24/04/14 20:14, Zvi Vered a écrit :
>>>>
>>>>> Dear Members,
>>>>>
>>>>> I ported libssh-0.6.3 and openssl-1.0.1g to vxWorks 6.9.2 (with very
>>>>> few code changes).
>>>>>
>>>>> Upon ssh_connect I got the messages listed below.
>>>>>
>>>>> As you can see the connection fails and the final message is:
>>>>>
>>>>> ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT
>>>>> 33554432:bad client public DH value
>>>>>
>>>>> On the server side (running under RHEL 5.3) I got the following
>>>>> messages in /var/log/secure:
>>>>>
>>>>> expecting SSH2_MSG_KEXDH_INIT
>>>>> invalid public DH value (1 / 2048)
>>>>> Disconnecting: bad client public DH value
>>>>>
>>>>> What can cause this problem ?
>>>>>
>>>>> Thanks,
>>>>> Zvika
>>>>>
>>>>> ------------------------------------------------------------
>>>>> ------------------------------------------------------------
>>>>> ------------------------------------------------------------
>>>>> -------------
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -> [1970/01/01 00:00:00.000000, 1] ssh_connect: libssh 0.6.3 (c)
>>>>> 2003-2014 Aris Adamantiadis, Andreas Schneider, and libssh
>>>>> contributors. Distributed under the LGPL, please refer to COPYING
>>>>> file
>>>>> for information about your rights, using threading threads_noop
>>>>> [1970/01/01 00:00:00.000064, 3] getai: host 128.172.82.55 matches an
>>>>> IP address
>>>>> [1970/01/01 00:00:00.000000, 2] ssh_socket_connect: Nonblocking
>>>>> connection socket: 6
>>>>> [1970/01/01 00:00:00.808925489, 2] ssh_connect: Socket connecting,
>>>>> now
>>>>> waiting for the callbacks to work
>>>>> [1974/09/05 19:44:04.145667616, 3] ssh_connect: ssh_connect: Actual
>>>>> timeout : 10000
>>>>> [2097/01/10 06:02:22.-286331154, 3] ssh_socket_pollcallback: Received
>>>>> POLLOUT in connecting state
>>>>> [2097/01/10 06:02:22.139554400, 1] socket_callback_connected: Socket
>>>>> connection callback: 1 (0)
>>>>> [1970/02/21 20:18:44.139848112, 3] callback_receive_banner: Received
>>>>> banner: SSH-2.0-OpenSSH_4.3
>>>>> [1974/09/05 19:43:04.000019, 1] ssh_client_connection_callback: SSH
>>>>> server banner: SSH-2.0-OpenSSH_4.3
>>>>> [1970/01/01 00:00:00.000000, 1] ssh_analyze_banner: Analyzing banner:
>>>>> SSH-2.0-OpenSSH_4.3
>>>>> [1974/06/07 14:41:52.147642244, 1] ssh_analyze_banner: We are talking
>>>>> to an OpenSSH client version: 4.3 (40300)
>>>>> [1970/01/01 00:00:00.000000, 3] ssh_socket_unbuffered_write: Enabling
>>>>> POLLOUT for socket
>>>>> [1970/01/01 00:17:04.131080, 3] ssh_packet_socket_callback: packet:
>>>>> read type 20 [len=700,padding=7,comp=692,payload=692]
>>>>> [1974/08/13 22:00:40.145663148, 3] ssh_packet_process: Dispatching
>>>>> handler for packet type 20
>>>>> [1970/02/23 18:37:26.147642212, 4] ssh_list_kex: kex algos:
>>>>> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-
>>>>> sha1,diffie-hellman-group1-sha1
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: server host key
>>>>> algo:
>>>>> ssh-rsa,ssh-dss
>>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: encryption
>>>>> client->server:
>>>>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
>>>>> arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx
>>>>> ,aes128-ctr,aes192-ctr,aes256-ctr
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: encryption
>>>>> server->client:
>>>>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
>>>>> arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx
>>>>> ,aes128-ctr,aes192-ctr,aes256-ctr
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: mac algo
>>>>> client->server:
>>>>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx
>>>>> ,hmac-sha1-96,hmac-md5-96
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: mac algo
>>>>> server->client:
>>>>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx
>>>>> ,hmac-sha1-96,hmac-md5-96
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: compression algo
>>>>> client->server: none,zlib@xxxxxxxxxxx
>>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: compression algo
>>>>> server->client: none,zlib@xxxxxxxxxxx
>>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: languages
>>>>> client->server:
>>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: languages
>>>>> server->client:
>>>>> [1970/01/01 00:00:00.000000, 4] ssh_list_kex: kex algos:
>>>>> diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: server host key algo:
>>>>> ssh-rsa,ssh-dss
>>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: encryption
>>>>> client->server:
>>>>> aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,
>>>>> aes128-cbc,blowfish-cbc,3des-cbc,des-cbc-ssh1
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: encryption
>>>>> server->client:
>>>>> aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,
>>>>> aes128-cbc,blowfish-cbc,3des-cbc,des-cbc-ssh1
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: mac algo
>>>>> client->server:
>>>>> hmac-sha1
>>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: mac algo
>>>>> server->client:
>>>>> hmac-sha1
>>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: compression algo
>>>>> client->server: none
>>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: compression algo
>>>>> server->client: none
>>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: languages
>>>>> client->server:
>>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: languages
>>>>> server->client:
>>>>> [1974/08/13 21:36:36.000000, 3] packet_send2: packet: wrote
>>>>> [len=364,padding=6,comp=357,payload=357]
>>>>> [1974/08/13 21:55:44.145662852, 3] packet_send2: packet: wrote
>>>>> [len=12,padding=5,comp=6,payload=6]
>>>>> [1970/01/01 00:00:00.000000, 3] ssh_socket_unbuffered_write: Enabling
>>>>> POLLOUT for socket
>>>>> [1970/01/01 00:17:04.131080, 3] ssh_packet_socket_callback: packet:
>>>>> read type 1 [len=44,padding=4,comp=39,payload=39]
>>>>> [1974/08/13 22:00:40.145663148, 3] ssh_packet_process: Dispatching
>>>>> handler for packet type 1
>>>>> [1970/01/01 00:00:00.000000, 3] ssh_packet_disconnect_callback:
>>>>> Received SSH_MSG_DISCONNECT 33554432:bad client public DH value
>>>>> [1970/01/01 00:00:16.139880016, 1] ssh_packet_disconnect_callback:
>>>>> Received SSH_MSG_DISCONNECT: 33554432:bad client public DH value
>>>>> [1974/08/13 23:13:32.145667616, 3] ssh_connect: ssh_connect: Actual
>>>>> state : 9
>>>>> ssh_connect failed: Received SSH_MSG_DISCONNECT: 33554432:bad client
>>>>> public DH value
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>
>
>

Archive administrator: postmaster@lists.cynapses.org