[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libssh 0.9.7 and 0.10.5 were released

Subject: Re: libssh 0.9.7 and 0.10.5 were released
From: Orion Poplawski <orion@xxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Mon, 15 May 2023 10:09:50 -0600
To: libssh@xxxxxxxxxx

On 5/15/23 04:04, Jakub Jelen wrote:
> On 5/9/23 19:25, Jakub Jelen wrote:
>> On 5/8/23 19:52, Jakub Jelen wrote:
>>> On 5/8/23 04:05, Orion Poplawski wrote:
>>>> On 5/4/23 06:23, Jakub Jelen wrote:
>>>>> Hello,
>>>>>
>>>>> the libssh team released libssh 0.9.7 and 0.10.5, fixing previously
>>>>> announced security issues CVE-2023-1667 and CVE-2023-2283:
>>>>>
>>>>> https://www.libssh.org/2023/05/04/libssh-0-10-5-and-libssh-0-9-7-security-releases/
>>>>
>>>> We're seeing a test failure just on i686 on Fedora rawhide:
>>>>
>>>> 40/62 Test #40: torture_rekey ....................***Failed   23.34 sec
>>>> [==========] tests: Running 14 test(s).
>>>> OK: SSH-2.0-OpenSSH_9.0
>>>> [ RUN      ] torture_rekey_default
>>>> [       OK ] torture_rekey_default
>>>> [ RUN      ] torture_rekey_time
>>>> [       OK ] torture_rekey_time
>>>> [ RUN      ] torture_rekey_recv
>>>> [       OK ] torture_rekey_recv
>>>> [ RUN      ] torture_rekey_send
>>>> [       OK ] torture_rekey_send
>>>> [ RUN      ] torture_rekey_different_kex
>>>> [  ERROR   ] --- 0x20 != 0x40
>>>> [   LINE   ] ---
>>>> /builddir/build/BUILD/libssh-0.10.5/tests/client/torture_rekey.c:522:
>>>> error: Failure!
>>>> [  FAILED  ] torture_rekey_different_kex
>>>> [ RUN      ] torture_rekey_send_compression_delayed
>>>> [       OK ] torture_rekey_send_compression_delayed
>>>> [ RUN      ] torture_rekey_recv_compression_delayed
>>>> [       OK ] torture_rekey_recv_compression_delayed
>>>> [ RUN      ] torture_rekey_server_different_kex
>>>> OK: SSH-2.0-OpenSSH_9.0
>>>> [  ERROR   ] --- 0x20 != 0x40
>>>> [   LINE   ] ---
>>>> /builddir/build/BUILD/libssh-0.10.5/tests/client/torture_rekey.c:597:
>>>> error: Failure!
>>>> [  FAILED  ] torture_rekey_server_different_kex
>>>> [ RUN      ] torture_rekey_server_send
>>>> OK: SSH-2.0-OpenSSH_9.0
>>>> [       OK ] torture_rekey_server_send
>>>> [ RUN      ] torture_rekey_guess_send
>>>> OK: SSH-2.0-OpenSSH_9.0
>>>> [       OK ] torture_rekey_guess_send
>>>> [ RUN      ] torture_rekey_guess_wrong_send
>>>> OK: SSH-2.0-OpenSSH_9.0
>>>> [       OK ] torture_rekey_guess_wrong_send
>>>> [ RUN      ] torture_rekey_server_recv
>>>> OK: SSH-2.0-OpenSSH_9.0
>>>> [       OK ] torture_rekey_server_recv
>>>> [ RUN      ] torture_rekey_guess_recv
>>>> OK: SSH-2.0-OpenSSH_9.0
>>>> [       OK ] torture_rekey_guess_recv
>>>> [ RUN      ] torture_rekey_guess_wrong_recv
>>>> OK: SSH-2.0-OpenSSH_9.0
>>>> [       OK ] torture_rekey_guess_wrong_recv
>>>> [==========] tests: 14 test(s) run.
>>>> [  PASSED  ] 12 test(s).
>>>> [  FAILED  ] tests: 2 test(s), listed below:
>>>> [  FAILED  ] torture_rekey_different_kex
>>>> [  FAILED  ] torture_rekey_server_different_kex
>>>>   2 FAILED TEST(S)
>>>>
>>>>
>>>> any idea what might be causing that?
>>>
>>>
>>> Hi,
>>> I was hoping I debugged all these issues while working on the release, but
>>> it looks like there are still some timing/memory/architecture variables.
>>>
>>> This error happens in case the rekey did not happen as expected (unexpected
>>> size of digest size). I was bumping the amount of sent data in [1] and [2]
>>> in both branches, which looked like solving the problem in upstream tests.
>>> Other option might be adding some sleep between the sending and processing
>>> the packets to make sure the server gets its turn, but hard to say if this
>>> would help ... the packet processing and rekey is asynchronous ... but
>>> there might better ways to do that.
>>>
>>> [1]
>>> https://gitlab.com/libssh/libssh-mirror/-/commit/31a33fd2fd0fdad7c814748fdff75c7390c7f06e [0.9]
>>> [2]
>>> https://gitlab.com/libssh/libssh-mirror/-/commit/dc1254d53e4fc6cbeb4797fc6ca1c9ed2c21f15c [0.10]
>>>
>>> Regards,
>>
>>  From my understanding, this is an issue of the OpenSSH in Rawhide. I can
>> reliably reproduce it in mock and it goes away when I try the same code in
>> Fedora 38 (regardless of architecture).
>>
>> There are several patches in rawhide openssh that are missing from the F38
>> version so I will continue some investigation tomorrow.
> 
> This is a Fedora's OpenSSH bug on i686 (or OpenSSL one):
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=2203241
> 
> We are still investigating the real cause.
> 
> In the meantime, the libssh in Fedora rawhide was updated with skipping this
> test. Updates in older versions are landing as they do not have this issue.
> 
> Regards,

Thank you for the investigation and the updates.

-- 
Orion Poplawski
IT Systems Manager                         720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion@xxxxxxxx
Boulder, CO 80301                 https://www.nwra.com/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
Re: libssh 0.9.7 and 0.10.5 were released	Jakub Jelen <jjelen@xxxxxxxxxx>

References:
libssh 0.9.7 and 0.10.5 were released	Jakub Jelen <jjelen@xxxxxxxxxx>
Re: libssh 0.9.7 and 0.10.5 were released	Orion Poplawski <orion@xxxxxxxx>
Re: libssh 0.9.7 and 0.10.5 were released	Jakub Jelen <jjelen@xxxxxxxxxx>
Re: libssh 0.9.7 and 0.10.5 were released	Jakub Jelen <jjelen@xxxxxxxxxx>
Re: libssh 0.9.7 and 0.10.5 were released	Jakub Jelen <jjelen@xxxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org