Re: Call for testing: OpenSSH 7.6

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Sep 21, 2017 at 02:22:10AM -0500, Zev Weiss wrote:
>  test_kex:  regress/unittests/kex/test_kex.c:91 test #1 "sshkey_generate"
>  ASSERT_INT_EQ(sshkey_generate(keytype, bits, &private), 0) failed:
>  sshkey_generate(keytype, bits, &private) = -56

That error code is:
$ grep -- -56 ssherr.h 
#define SSH_ERR_KEY_LENGTH			-56

Unfortunately there's lots of places in that code that can return that.
I have seen that on one Cygwin system (OpenSSL 1.0.2k) here so I added
the below code to try to narrow it down.  On mine it gave:

test_kex: dsa_generate_private_key bits 2048 expected 1024

but I don't understand how.

Don't try to use ssh or sshd with this diff as it'll probably mess
things up pretty good.

diff --git a/ssh-sandbox.h b/ssh-sandbox.h
index bd5fd83..6bd76b3 100644
--- a/ssh-sandbox.h
+++ b/ssh-sandbox.h
@@ -22,3 +22,4 @@ struct ssh_sandbox *ssh_sandbox_init(struct monitor *);
 void ssh_sandbox_child(struct ssh_sandbox *);
 void ssh_sandbox_parent_finish(struct ssh_sandbox *);
 void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);
+#define setrlimit(x,y) (0)
diff --git a/sshkey.c b/sshkey.c
index e91c54f..cfdd437 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1394,8 +1394,11 @@ rsa_generate_private_key(u_int bits, RSA **rsap)
 	if (rsap == NULL)
 		return SSH_ERR_INVALID_ARGUMENT;
 	if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE ||
-	    bits > SSHBUF_MAX_BIGNUM * 8)
+	    bits > SSHBUF_MAX_BIGNUM * 8) {
+		fprintf(stderr, "%s bits %d min %d max %d\n", __func__, bits,
+		    SSH_RSA_MINIMUM_MODULUS_SIZE, SSHBUF_MAX_BIGNUM);
 		return SSH_ERR_KEY_LENGTH;
+	}
 	*rsap = NULL;
 	if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) {
 		ret = SSH_ERR_ALLOC_FAIL;
@@ -1425,8 +1428,10 @@ dsa_generate_private_key(u_int bits, DSA **dsap)
 
 	if (dsap == NULL)
 		return SSH_ERR_INVALID_ARGUMENT;
-	if (bits != 1024)
+	if (bits != 1024) {
+		fprintf(stderr, "%s bits %d expected %d\n", __func__, bits, 1024);
 		return SSH_ERR_KEY_LENGTH;
+	}
 	if ((private = DSA_new()) == NULL) {
 		ret = SSH_ERR_ALLOC_FAIL;
 		goto out;
@@ -1505,8 +1510,10 @@ ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap)
 
 	if (nid == NULL || ecdsap == NULL)
 		return SSH_ERR_INVALID_ARGUMENT;
-	if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1)
+	if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) {
+		fprintf(stderr, "%s bits %d\n", __func__, bits);
 		return SSH_ERR_KEY_LENGTH;
+	}
 	*ecdsap = NULL;
 	if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) {
 		ret = SSH_ERR_ALLOC_FAIL;
@@ -1881,6 +1888,8 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
 			goto out;
 		}
 		if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+			fprintf(stderr, "%s num_bits %d min %d\n", __func__,
+			    BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
 			ret = SSH_ERR_KEY_LENGTH;
 			goto out;
 		}
@@ -2664,6 +2673,8 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
 		    (r = ssh_rsa_generate_additional_parameters(k)) != 0)
 			goto out;
 		if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+			fprintf(stderr, "%s num_bits %d min %d\n", __func__,
+			    BN_num_bits(k->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
 			r = SSH_ERR_KEY_LENGTH;
 			goto out;
 		}
@@ -2678,6 +2689,8 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
 		    (r = ssh_rsa_generate_additional_parameters(k)) != 0)
 			goto out;
 		if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+			fprintf(stderr, "%s num_bits %d min %d\n", __func__,
+			    BN_num_bits(k->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
 			r = SSH_ERR_KEY_LENGTH;
 			goto out;
 		}
@@ -3476,6 +3489,8 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
 			goto out;
 		}
 		if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+			fprintf(stderr, "%s num_bits %d min %d\n", __func__,
+			    BN_num_bits(prv->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
 			r = SSH_ERR_KEY_LENGTH;
 			goto out;
 		}

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux