Page 1 of 1

found openssh-7.4p1 -O2 compiler bug

Posted: Fri Feb 03, 2017 3:20 pm
by dexter1
Hello all,

I'm currently building my dual mips3/mips4 neko_openssh on both my ChallengeS and Origin 200 (6.5.22m/30m with MPro744+patches) with inclusion of all the unit-tests. While running them, it turns out that one particular openssh regression test fails:

Code: Select all

mech002:/usr/people/feverdij/src/openssh-o2/regress/unittests/sshkey> ./test_sshkey -d testdata
test_sshkey: ...........................
regress/unittests/sshkey/test_sshkey.c:462 test #28 "certify key"
ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k3), 0) failed:
sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k3) = -21
           0 = 0
Abort

Error code -21 tells me that there is an invalid key being generated or compared. After many evenings of tracing and trying out stuff i found the culprit: ge25519.c Elliptic curve key generation. When compiling this particular file with -O1 i got:

Code: Select all

mech002:/usr/people/feverdij/src/openssh-o2/regress/unittests/sshkey> ./test_sshkey -d testdata/
test_sshkey: ......................................................................

...And it's still running :o
So this looks like a compiler bug. I'll leave it for now and issue a bug report with the openssh guys. and package the stuff soon with the ge25519.c compiled with -O1. If you guys run a recent homebrew openssh compiled with MIPSPro -O2 or -O3 please make sure you include this fix.

There are other problems with printing size_t types in printf statements across the code as stated by Canavan in https://bugzilla.mindrot.org/show_bug.cgi?id=2301 but i have a workaround patch that fix these printf problems.

Re: found openssh-7.4p1 -O2 compiler bug

Posted: Sun Mar 19, 2017 6:13 pm
by praetor242
Hmm. I just compiled SSH 7.4p1 on my O2, and it compiled just fine

Re: found openssh-7.4p1 -O2 compiler bug

Posted: Sun Mar 19, 2017 6:58 pm
by foetz
praetor242 wrote:Hmm. I just compiled SSH 7.4p1 on my O2, and it compiled just fine

it compiled just fine for dexter as well but didn't work right afterwards. did you run the mentioned test?

Re: found openssh-7.4p1 -O2 compiler bug

Posted: Sun Mar 19, 2017 8:01 pm
by praetor242
No. I just compiled it. I didn't run any of the unit tests.

neko_openssh 7.5p1 released

Posted: Fri Aug 18, 2017 5:13 pm
by dexter1
I have finished the dual neko_openssl and neko_openssh packages. Sorry for taking so long, but life got in the way and i probably made every packaging mistake i could make: especially the neko_openssh helper scripts needed testing and updating. And i included the compile fix for the elliptic curve bug i found previously.

openssl: http://www.nekochan.net/nekoware/dual-m ... 2l.tardist
openssh: http://www.nekochan.net/nekoware/dual-m ... p1.tardist
You also need zlib: http://www.nekochan.net/nekoware/dual-m ... .8.tardist

This way i can finally get rid of the ancient IRIX openssh and openssl packages.

Be warned that openssh defaults have changed significantly:

- There is no more support for ssh1 and rsa1

- ssh-dss keys are deprecated and access with these keys will be refused by the sshd server. If you have such a key you can re-enable it in sshd_config with

Code: Select all

PubkeyAcceptedKeyTypes=+ssh-dss

- By default, root will not be able to login. If this is required, change to

Code: Select all

PermitRootLogin yes
in sshd_config

- UseDNS is set to no to solve delays coming from name resolves. This can cause problems if public-key entries in ~/.ssh/authorized_keys with 'from=' fields have a dns name. Switch to ip-addresses seems to quick-fix this.

Happy ssh'ing and let me know if there are any problems. So far, X11 and agent forwarding and sftp server usage seems to be working.

Re: found openssh-7.4p1 -O2 compiler bug

Posted: Thu Sep 14, 2017 5:30 pm
by praetor242
Bump up to thank Dexter for updated SSH packages. Now I don't have to spend all night compiling it on my rebuilt O2 :D