2392 – unable to ssh with umac hash algorithm. error:Disconnecting packet:corrupted MAC on input.

Bug 2392 - unable to ssh with umac hash algorithm. error:Disconnecting packet:corrupted MAC on input.

Summary: unable to ssh with umac hash algorithm. error:Disconnecting packet:corrupted ...

Status:	CLOSED WORKSFORME

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	5.0p1
Hardware:	ARM Other

Importance:	P5 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-05-03 02:24 AEST by Ramya
Modified:	2016-08-02 10:43 AEST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ramya 2015-05-03 02:24:12 AEST

Tried to ssh from client(Openssh version 4.7p1) to server(openssh version 5.0p1) using umac hash algorithm but ssh was disconnected from server end with the following error."Disconnecting packet:Corrupted MAC on input".
But ssh from client to server using hmac is successful.


Please confirm whether the error is due to software or hardware issues.Is there any workaround to resolve the issue.

Comment 1 Darren Tucker 2015-05-03 14:01:24 AEST

You'd need to provide a lot more information before we could even guess.

What OSes are on each of the client and server?  Compilers?  Hardware?  Network?

Both versions you cite are quite old although I am not aware of any bugs affecting umac.

There have been many causes found for this in the past, ranging from broken hardware, ethernet drivers, network equipment, memory and compilers.  For some examples see: https://bugzilla.mindrot.org/show_bug.cgi?id=845

Given that it happens with umac but not hmac, I'd guess it's a compiler bug, but that's pure speculation.

As for workarounds: hmac seems to not have that problem, why not just use that?

Comment 2 Ramya 2015-05-04 20:02:45 AEST

Hi

Client OS – Linux
Server OS - VxWorks
Compiler  – gcc compiler
Processor - ARM

We tried to SSH from clent(Linux) to server(VxWorks)with the following command.
ssh -v -m umac-64@openssh.com xx.xx.xx.xx

We found that before MAC computation, final value of input buffer(input) after buffer_consume is Offset as 32 and End as 40.
MAC length was set as 8.

But the computed MAC looks different when compared with the input MAC.
Hence the below error was displayed and SSH was disconnected.
"Disconnecting: Corrupted MAC on input".

Comment 3 Darren Tucker 2015-05-04 21:28:00 AEST

I'd be looking at the vxworks side since there are few reports of problems on Linux x86.  I'd suggest building your vxworks binaries without optimizations and see if that helps:

$ CFLAGS="" ./configure --target whatever

Comment 4 Ramya 2015-05-09 00:18:31 AEST

Hi,

Tried by disabling optimization while building.
But this did not help.Issue still seen.

We also found that it is working fine when we try to SSH with UMAC hash algorithm from linux machine(with OpenSSH version 4.7p1) to linux machine(openSSH version 4.7p1)

But when we try to SSH with umac from linux(OpenSSH version 4.7p1) to 
vxworks(OpenSSH 5.0p1), it fails with the below error.
"Disconnecting packet:Corrupted MAC on input".

Comment 5 Darren Tucker 2015-06-05 13:28:07 AEST

Do you have an alternative compiler you could try?
Other than that, I don't have anything else I can suggest.

Comment 6 Damien Miller 2015-06-05 14:52:30 AEST

both 4.7 and 5.0 are really old versions, could you try something more current?

Comment 7 Damien Miller 2015-11-13 14:14:59 AEDT

5 months with no followup = no bug

Comment 8 Damien Miller 2016-08-02 10:43:02 AEST

Close all resolved bugs after 7.3p1 release