Bug 2212937

Summary: segfault on connecting to legacy ssh-dss servers
Product: [Fedora] Fedora Reporter: Yanko Kaneti <yaneti>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: crypto-team, dbelyavs, dwalsh, jjelen, lkundrak, mattias.ellert, tm
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: openssh-9.3p1-3.fc39 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-07 10:30:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yanko Kaneti 2023-06-06 16:20:48 UTC 
This strted after the rebase from 9.0 to 9.3
The systems crypto policies are set to LEGACY

openssh-9.3p1-2.fc39.x86_64

ssh -vv  x.x.x.x  -l admin -o PreferredAuthentications=password 
OpenSSH_9.3p1, OpenSSL 3.0.9 30 May 2023
....
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss
debug2: ciphers ctos: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,chacha20-poly1305
.....
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-dss
...
debug1: Found key in /home/yaneti/.ssh/known_hosts:591
debug2: bits set: 1018/2048
Segmentation fault (core dumped)


Reproducible: Always
Comment 1 Yanko Kaneti 2023-06-06 16:28:17 UTC 
Forgot to mention, there are the following overrides in .ssh/config for the same host
        KexAlgorithms +diffie-hellman-group1-sha1
        HostKeyAlgorithms=+ssh-dss
Comment 2 Dmitry Belyavskiy 2023-06-06 18:21:40 UTC 
May I ask you for a coredump or at least backtrace?
Comment 3 Yanko Kaneti 2023-06-07 00:21:19 UTC 
Program terminated with signal SIGSEGV, Segmentation fault.
#0  BN_is_negative (a=0x2d68737307000000) at crypto/bn/bn_lib.c:945
945         return (a->neg != 0);                                                                                                                                                                                                      
(gdb) bt
#0  BN_is_negative (a=0x2d68737307000000) at crypto/bn/bn_lib.c:945
#1  0x00007fb7803bd36c in ossl_encode_der_integer (pkt=pkt@entry=0x7ffc39b57a30, n=n@entry=0x2d68737307000000) at crypto/asn1_dsa.c:71
#2  0x00007fb7803bd569 in ossl_encode_der_dsa_sig (pkt=0x7ffc39b57a30, r=0x2d68737307000000, s=0x128000000737364) at crypto/asn1_dsa.c:125
#3  0x00007fb7803319dd in i2d_DSA_SIG (sig=sig@entry=0x557b90475050, ppout=ppout@entry=0x0) at crypto/dsa/dsa_sign.c:99
#4  0x0000557b8fbf602a in ssh_dss_verify (key=0x557b90463220, sig=0x557b90475050 "", siglen=<optimized out>, data=0x7ffc39b57c30 "\262@\356_\302\003+\265\237", dlen=32, alg=<optimized out>, compat=335544322, detailsp=0x0)
    at /usr/src/debug/openssh-9.3p1-2.fc39.x86_64/ssh-dss.c:401
#5  0x0000557b8fc1c76e in sshkey_verify.constprop.0 (key=0x557b90463220, sig=0x557b90475050 "", siglen=55, data=0x7ffc39b57c30 "\262@\356_\302\003+\265\237", dlen=32, alg=0x557b9045b2b0 "ssh-dss", compat=335544322, detailsp=0x0)
    at /usr/src/debug/openssh-9.3p1-2.fc39.x86_64/sshkey.c:2354
#6  0x0000557b8fc0993d in input_kex_dh_gex_reply (type=<optimized out>, seq=<optimized out>, ssh=0x557b90459460) at /usr/src/debug/openssh-9.3p1-2.fc39.x86_64/kexgexc.c:210
#7  0x0000557b8fbf3204 in ssh_dispatch_run (done=0x557b90459f88, mode=0, ssh=0x557b90459460) at /usr/src/debug/openssh-9.3p1-2.fc39.x86_64/dispatch.c:112
#8  ssh_dispatch_run_fatal (ssh=0x557b90459460, mode=0, done=0x557b90459f88) at /usr/src/debug/openssh-9.3p1-2.fc39.x86_64/dispatch.c:132
#9  0x0000557b8fc198c9 in ssh_kex2.constprop.0 (ssh=ssh@entry=0x557b90459460, host=host@entry=0x557b9045c8c0 "bdcr1", port=port@entry=22, cinfo=cinfo@entry=0x557b904630e0, hostaddr=<optimized out>)
    at /usr/src/debug/openssh-9.3p1-2.fc39.x86_64/sshconnect2.c:362
#10 0x0000557b8fbacd11 in ssh_login (pw=<optimized out>, sensitive=0x557b8fc6b320 <sensitive_data>, hostaddr=0x557b8fc6b340 <hostaddr>, cinfo=0x557b904630e0, timeout_ms=<optimized out>, port=<optimized out>, 
    orighost=<optimized out>, ssh=<optimized out>) at /usr/src/debug/openssh-9.3p1-2.fc39.x86_64/sshconnect.c:1578
#11 main (ac=<optimized out>, av=<optimized out>) at /usr/src/debug/openssh-9.3p1-2.fc39.x86_64/ssh.c:1697
Comment 4 Dmitry Belyavskiy 2023-06-07 10:22:38 UTC 
Thanks for the backtrace! Could you please check the version I just built?
Comment 5 Fedora Update System 2023-06-07 10:27:30 UTC 
FEDORA-2023-1be6796021 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-1be6796021
Comment 6 Fedora Update System 2023-06-07 10:30:58 UTC 
FEDORA-2023-1be6796021 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 7 Yanko Kaneti 2023-06-07 12:37:07 UTC 
Fixes the crash and allows me to connect.

Thanks