[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libssh 0.9.7 and 0.10.5 were released


On 5/9/23 19:25, Jakub Jelen wrote:
On 5/8/23 19:52, Jakub Jelen wrote:
On 5/8/23 04:05, Orion Poplawski wrote:
On 5/4/23 06:23, Jakub Jelen wrote:
Hello,

the libssh team released libssh 0.9.7 and 0.10.5, fixing previously announced security issues CVE-2023-1667 and CVE-2023-2283:

https://www.libssh.org/2023/05/04/libssh-0-10-5-and-libssh-0-9-7-security-releases/

We're seeing a test failure just on i686 on Fedora rawhide:

40/62 Test #40: torture_rekey ....................***Failed   23.34 sec
[==========] tests: Running 14 test(s).
OK: SSH-2.0-OpenSSH_9.0
[ RUN      ] torture_rekey_default
[       OK ] torture_rekey_default
[ RUN      ] torture_rekey_time
[       OK ] torture_rekey_time
[ RUN      ] torture_rekey_recv
[       OK ] torture_rekey_recv
[ RUN      ] torture_rekey_send
[       OK ] torture_rekey_send
[ RUN      ] torture_rekey_different_kex
[  ERROR   ] --- 0x20 != 0x40
[   LINE   ] --- /builddir/build/BUILD/libssh-0.10.5/tests/client/torture_rekey.c:522: error: Failure!
[  FAILED  ] torture_rekey_different_kex
[ RUN      ] torture_rekey_send_compression_delayed
[       OK ] torture_rekey_send_compression_delayed
[ RUN      ] torture_rekey_recv_compression_delayed
[       OK ] torture_rekey_recv_compression_delayed
[ RUN      ] torture_rekey_server_different_kex
OK: SSH-2.0-OpenSSH_9.0
[  ERROR   ] --- 0x20 != 0x40
[   LINE   ] --- /builddir/build/BUILD/libssh-0.10.5/tests/client/torture_rekey.c:597: error: Failure!
[  FAILED  ] torture_rekey_server_different_kex
[ RUN      ] torture_rekey_server_send
OK: SSH-2.0-OpenSSH_9.0
[       OK ] torture_rekey_server_send
[ RUN      ] torture_rekey_guess_send
OK: SSH-2.0-OpenSSH_9.0
[       OK ] torture_rekey_guess_send
[ RUN      ] torture_rekey_guess_wrong_send
OK: SSH-2.0-OpenSSH_9.0
[       OK ] torture_rekey_guess_wrong_send
[ RUN      ] torture_rekey_server_recv
OK: SSH-2.0-OpenSSH_9.0
[       OK ] torture_rekey_server_recv
[ RUN      ] torture_rekey_guess_recv
OK: SSH-2.0-OpenSSH_9.0
[       OK ] torture_rekey_guess_recv
[ RUN      ] torture_rekey_guess_wrong_recv
OK: SSH-2.0-OpenSSH_9.0
[       OK ] torture_rekey_guess_wrong_recv
[==========] tests: 14 test(s) run.
[  PASSED  ] 12 test(s).
[  FAILED  ] tests: 2 test(s), listed below:
[  FAILED  ] torture_rekey_different_kex
[  FAILED  ] torture_rekey_server_different_kex
  2 FAILED TEST(S)


any idea what might be causing that?


Hi,
I was hoping I debugged all these issues while working on the release, but it looks like there are still some timing/memory/architecture variables.

This error happens in case the rekey did not happen as expected (unexpected size of digest size). I was bumping the amount of sent data in [1] and [2] in both branches, which looked like solving the problem in upstream tests. Other option might be adding some sleep between the sending and processing the packets to make sure the server gets its turn, but hard to say if this would help ... the packet processing and rekey is asynchronous ... but there might better ways to do that.

[1] https://gitlab.com/libssh/libssh-mirror/-/commit/31a33fd2fd0fdad7c814748fdff75c7390c7f06e [0.9] [2] https://gitlab.com/libssh/libssh-mirror/-/commit/dc1254d53e4fc6cbeb4797fc6ca1c9ed2c21f15c [0.10]

Regards,

From my understanding, this is an issue of the OpenSSH in Rawhide. I can reliably reproduce it in mock and it goes away when I try the same code in Fedora 38 (regardless of architecture).

There are several patches in rawhide openssh that are missing from the F38 version so I will continue some investigation tomorrow.

This is a Fedora's OpenSSH bug on i686 (or OpenSSL one):

https://bugzilla.redhat.com/show_bug.cgi?id=2203241

We are still investigating the real cause.

In the meantime, the libssh in Fedora rawhide was updated with skipping this test. Updates in older versions are landing as they do not have this issue.

Regards,
--
Jakub Jelen
Crypto Team, Security Engineering
Red Hat, Inc.


Follow-Ups:
Re: libssh 0.9.7 and 0.10.5 were releasedOrion Poplawski <orion@xxxxxxxx>
References:
libssh 0.9.7 and 0.10.5 were releasedJakub Jelen <jjelen@xxxxxxxxxx>
Re: libssh 0.9.7 and 0.10.5 were releasedOrion Poplawski <orion@xxxxxxxx>
Re: libssh 0.9.7 and 0.10.5 were releasedJakub Jelen <jjelen@xxxxxxxxxx>
Re: libssh 0.9.7 and 0.10.5 were releasedJakub Jelen <jjelen@xxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org