[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value
[Thread Prev] | [Thread Next]
- Subject: Re: Fwd: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value
- From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Sun, 04 May 2014 21:46:30 +0200
- To: libssh@xxxxxxxxxx
Hi,
Please forward the issue + patch to the openssl development team, this
is out of scope for libssh. I have no knowledge of VXWorks to advise on
the matter. The only thing I can say is that if the rand() you're using
is the rand() from the libc, your code is terribly insecure (output of
rand is easy to guess). FYI a broken PRNG can affect directly the
confidentiality of the communications and can even leak private keys.
This is not only theoretical.
Aris
Le 4/05/14 20:06, Zvi Vered a écrit :
> Dear Members,
>
> The cause to the problem is the code:
>
> #if defined(OPENSSL_SYS_VXWORKS)
> int RAND_poll(void)
> {
> return 0;
> }
> #endif
>
> in openssl-0.9.8e/crypto/rand/rand_unix.c
>
> I replaced this code with the code used for OpenBSD:
>
> #if defined(OPENSSL_SYS_VXWORKS)
> int RAND_poll(void)
> {
> u_int32_t rnd = 0, i;
> unsigned char buf[ENTROPY_NEEDED];
>
> for (i = 0; i < sizeof(buf); i++) {
> if (i % 4 == 0)
> rnd = rand();
> buf[i] = rnd;
> rnd >>= 8;
> }
> RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
> memset(buf, 0, sizeof(buf));
>
> return 1;
> }
> #endif
>
> I replaced 'arc4random' in the original code with 'rand'. There is not
> 'arc4random' in vxWorks.
>
> Do you think my solution is OK ?
> Now, the ssh_connect is working fine.
>
> Thanks,
> Zvika
>
> ---------- Forwarded message ----------
> From: *Zvi Vered* <veredz72@xxxxxxxxx <mailto:veredz72@xxxxxxxxx>>
> Date: Thu, May 1, 2014 at 7:42 PM
> Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT
> 33554432:bad client public DH value
> To: libssh@xxxxxxxxxx <mailto:libssh@xxxxxxxxxx>
>
>
> Hi Aris,
>
> I did not do any changes in libssl.
>
> Can you point to the exact code in libssl where random numbers are
> created ?
> I will ask Windriver how to port this code to vxWorks.
>
>
> Thanks,
> Zvika
>
> -----Original Message----- From: Aris Adamantiadis
> Sent: Wednesday, April 30, 2014 11:14 PM
>
> To: libssh@xxxxxxxxxx <mailto:libssh@xxxxxxxxxx>
> Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT
> 33554432:bad client public DH value
>
> Zvi,
>
> Please tell me the random in libssh/openssl doesn't come out of rand().
> This function is highly insecure and should not be used for
> cryptography. There are two acceptable ways of generating random, one of
> them is a /dev/?random device, the other is an EGD (entropy gathering
> daemon). The 1024 bits integer is a bignum. It is generated by the
> libcrypto library. I don't understand why the generated number is zero.
>
> Did you modify libcrypto/libssl ? Does openssh run normally ?
>
> Aris
>
>
> Le 29/04/14 23:18, Zvi Vered a écrit :
>
> Hi Aris,
>
> vxWorks has no /dev/random or /dev/urandom.
> But it does have the function: int rand ()
>
> Can you tell what routine generates the "public part of the DH
> handshake " ?
> What is the "1024 bits long integer" ? Is it a struct ?
> What is PRNG ? Is it calculated in "pki_key_dup" ?
>
> Thank you for your help !
> Zvika
>
> -----Original Message----- From: Aris Adamantiadis
> Sent: Tuesday, April 29, 2014 11:01 PM
> To: libssh@xxxxxxxxxx <mailto:libssh@xxxxxxxxxx>
> Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT
> 33554432:bad client public DH value
>
> Hi,
>
> Your capture tells me that the public part of the DH handshake
> generated
> by client is invalid (it is equal to 1 when it should be a 1024 bits
> long integer). I have no idea how that could happen. It is
> possible that
> the PRNG returns 0 and so the g^x ends up being 1.
> But this is not consistent with the random cookie looking random. Does
> VXWork have a /dev/random or /dev/urandom device ?
>
> Aris
>
> Le 27/04/14 16:07, Zvi Vered a écrit :
>
> Hi Aris,
>
> Attached the cap file as saved with Wireshark.
>
> I hope this is the right cap format.
>
> Can you understand why the server sends a "disconnect" ?
>
> The client is: 128.172.5.22
> The server is: 128.172.82.55
>
> Thanks,
> Zvika
>
> -----Original Message----- From: Aris Adamantiadis
> Sent: Thursday, April 24, 2014 11:57 PM
> To: libssh@xxxxxxxxxx <mailto:libssh@xxxxxxxxxx>
> Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT
> 33554432:bad client public DH value
>
> Please upload you .cap to cloudshark.org
> <http://cloudshark.org> or attach it to the email, I
> can't help without seeing the content of packets.
>
> Aris
> Le 24/04/14 22:46, Zvi Vered a écrit :
>
> Hi Aris,
>
> Is it possible to upload files ?
>
> Attached a snapshot from wireshark.
> It starts from the ARP request the clients sends till "Server:
> Disconnect".
>
> Thanks,
> Zvika
>
> -----Original Message----- From: Aris Adamantiadis
> Sent: Thursday, April 24, 2014 10:52 PM
> To: libssh@xxxxxxxxxx <mailto:libssh@xxxxxxxxxx>
> Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT
> 33554432:bad client public DH value
>
> Can you please record a tcpdump capture with tcpdump or
> wireshark and
> post it on cloudshark ? This happens pre-encryption.
>
> Aris
> Le 24/04/14 21:45, Zvi Vered a écrit :
>
> Hi Aris,
>
> It happens every time.
>
> Thanks,
> Zvika
>
> -----Original Message----- From: Aris Adamantiadis
> Sent: Thursday, April 24, 2014 9:23 PM
> To: libssh@xxxxxxxxxx <mailto:libssh@xxxxxxxxxx>
> Subject: Re: ssh_connect fails: Received
> SSH_MSG_DISCONNECT
> 33554432:bad client public DH value
>
> Hi,
>
> Does it happen every time you connect or only
> sometimes ? It's very
> strange.
>
> Aris
> Le 24/04/14 20:14, Zvi Vered a écrit :
>
> Dear Members,
>
> I ported libssh-0.6.3 and openssl-1.0.1g to
> vxWorks 6.9.2 (with very
> few code changes).
>
> Upon ssh_connect I got the messages listed below.
>
> As you can see the connection fails and the final
> message is:
>
> ssh_packet_disconnect_callback: Received
> SSH_MSG_DISCONNECT
> 33554432:bad client public DH value
>
> On the server side (running under RHEL 5.3) I got
> the following
> messages in /var/log/secure:
>
> expecting SSH2_MSG_KEXDH_INIT
> invalid public DH value (1 / 2048)
> Disconnecting: bad client public DH value
>
> What can cause this problem ?
>
> Thanks,
> Zvika
>
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
>
>
>
> -> [1970/01/01 00:00:00.000000, 1] ssh_connect:
> libssh 0.6.3 (c)
> 2003-2014 Aris Adamantiadis, Andreas Schneider,
> and libssh
> contributors. Distributed under the LGPL, please
> refer to COPYING
> file
> for information about your rights, using threading
> threads_noop
> [1970/01/01 00:00:00.000064, 3] getai: host
> 128.172.82.55 matches an
> IP address
> [1970/01/01 00:00:00.000000, 2]
> ssh_socket_connect: Nonblocking
> connection socket: 6
> [1970/01/01 00:00:00.808925489, 2] ssh_connect:
> Socket connecting,
> now
> waiting for the callbacks to work
> [1974/09/05 19:44:04.145667616, 3] ssh_connect:
> ssh_connect: Actual
> timeout : 10000
> [2097/01/10 06:02:22.-286331154, 3]
> ssh_socket_pollcallback: Received
> POLLOUT in connecting state
> [2097/01/10 06:02:22.139554400, 1]
> socket_callback_connected: Socket
> connection callback: 1 (0)
> [1970/02/21 20:18:44.139848112, 3]
> callback_receive_banner: Received
> banner: SSH-2.0-OpenSSH_4.3
> [1974/09/05 19:43:04.000019, 1]
> ssh_client_connection_callback: SSH
> server banner: SSH-2.0-OpenSSH_4.3
> [1970/01/01 00:00:00.000000, 1]
> ssh_analyze_banner: Analyzing banner:
> SSH-2.0-OpenSSH_4.3
> [1974/06/07 14:41:52.147642244, 1]
> ssh_analyze_banner: We are talking
> to an OpenSSH client version: 4.3 (40300)
> [1970/01/01 00:00:00.000000, 3]
> ssh_socket_unbuffered_write: Enabling
> POLLOUT for socket
> [1970/01/01 00:17:04.131080, 3]
> ssh_packet_socket_callback: packet:
> read type 20 [len=700,padding=7,comp=692,payload=692]
> [1974/08/13 22:00:40.145663148, 3]
> ssh_packet_process: Dispatching
> handler for packet type 20
> [1970/02/23 18:37:26.147642212, 4] ssh_list_kex:
> kex algos:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>
>
>
>
> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex:
> server host key
> algo:
> ssh-rsa,ssh-dss
> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex:
> encryption
> client->server:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx
> <mailto:rijndael-cbc@xxxxxxxxxxxxxx>,aes128-ctr,aes192-ctr,aes256-ctr
>
>
>
>
> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex:
> encryption
> server->client:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx
> <mailto:rijndael-cbc@xxxxxxxxxxxxxx>,aes128-ctr,aes192-ctr,aes256-ctr
>
>
>
>
> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex:
> mac algo
> client->server:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx
> <mailto:hmac-ripemd160@xxxxxxxxxxx>,hmac-sha1-96,hmac-md5-96
>
>
>
>
> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex:
> mac algo
> server->client:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx
> <mailto:hmac-ripemd160@xxxxxxxxxxx>,hmac-sha1-96,hmac-md5-96
>
>
>
>
> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex:
> compression algo
> client->server: none,zlib@xxxxxxxxxxx
> <mailto:zlib@xxxxxxxxxxx>
> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex:
> compression algo
> server->client: none,zlib@xxxxxxxxxxx
> <mailto:zlib@xxxxxxxxxxx>
> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex:
> languages
> client->server:
> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex:
> languages
> server->client:
> [1970/01/01 00:00:00.000000, 4] ssh_list_kex: kex
> algos:
> diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> [1974/08/13 21:56:04.000000, 4] ssh_list_kex:
> server host key algo:
> ssh-rsa,ssh-dss
> [1974/08/13 21:56:04.000000, 4] ssh_list_kex:
> encryption
> client->server:
> aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,des-cbc-ssh1
>
>
>
>
> [1974/08/13 21:56:04.000000, 4] ssh_list_kex:
> encryption
> server->client:
> aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,des-cbc-ssh1
>
>
>
>
> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: mac algo
> client->server:
> hmac-sha1
> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: mac algo
> server->client:
> hmac-sha1
> [1974/08/13 21:56:04.000000, 4] ssh_list_kex:
> compression algo
> client->server: none
> [1974/08/13 21:56:04.000000, 4] ssh_list_kex:
> compression algo
> server->client: none
> [1974/08/13 21:56:04.000000, 4] ssh_list_kex:
> languages
> client->server:
> [1974/08/13 21:56:04.000000, 4] ssh_list_kex:
> languages
> server->client:
> [1974/08/13 21:36:36.000000, 3] packet_send2:
> packet: wrote
> [len=364,padding=6,comp=357,payload=357]
> [1974/08/13 21:55:44.145662852, 3] packet_send2:
> packet: wrote
> [len=12,padding=5,comp=6,payload=6]
> [1970/01/01 00:00:00.000000, 3]
> ssh_socket_unbuffered_write: Enabling
> POLLOUT for socket
> [1970/01/01 00:17:04.131080, 3]
> ssh_packet_socket_callback: packet:
> read type 1 [len=44,padding=4,comp=39,payload=39]
> [1974/08/13 22:00:40.145663148, 3]
> ssh_packet_process: Dispatching
> handler for packet type 1
> [1970/01/01 00:00:00.000000, 3]
> ssh_packet_disconnect_callback:
> Received SSH_MSG_DISCONNECT 33554432:bad client
> public DH value
> [1970/01/01 00:00:16.139880016 <tel:16.139880016>,
> 1] ssh_packet_disconnect_callback:
> Received SSH_MSG_DISCONNECT: 33554432:bad client
> public DH value
> [1974/08/13 23:13:32.145667616, 3] ssh_connect:
> ssh_connect: Actual
> state : 9
> ssh_connect failed: Received SSH_MSG_DISCONNECT:
> 33554432:bad client
> public DH value
>
>
>
>
>
>
>
>
>
>
>
>
| Re: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value | "Zvi Vered" <veredz72@xxxxxxxxx> |
| Fwd: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value | Zvi Vered <veredz72@xxxxxxxxx> |