From owner-freebsd-questions@FreeBSD.ORG Sun Oct 8 18:09:23 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7CF7716A403 for ; Sun, 8 Oct 2006 18:09:23 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from strange.daemonsecurity.com (59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id D738243D49 for ; Sun, 8 Oct 2006 18:09:22 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [10.35.4.65] (65.4-35-10-static.chueca.wifi [10.35.4.65]) by strange.daemonsecurity.com (Postfix) with ESMTP id AF28B2E037; Sun, 8 Oct 2006 20:09:21 +0200 (CEST) Message-ID: <45293E81.9040604@locolomo.org> Date: Sun, 08 Oct 2006 20:08:01 +0200 From: Erik Norgaard User-Agent: Thunderbird 1.5.0.7 (X11/20060916) MIME-Version: 1.0 To: girishvenkatachalam@gmail.com References: <20061008163014.GA5712@lakshmi.susmita.org> In-Reply-To: <20061008163014.GA5712@lakshmi.susmita.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD OpenSSL broken X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Oct 2006 18:09:23 -0000 Girish Venkatachalam wrote: > Hi, > > I have been seeing scp xfers failing mysteriously with a "Corrupted MAC on input" error. This occurred more or less sporadically but for huge files it was sure to occur. I suspected the ethernet card and got it changed. > > Next, I suspected RAM since I used to get failed compiles saying "internal compiler error" and sefault. This had nothing to do with the other problems since if I issue compile again it used to go thro'. > > And the md5 and sha1 commands never worked. They always used to give corrupted results. Then I just gave up and moved on. I tried installing gentoo on that machine and did a memtest and it went fine. > > Anyway coming to the point, I am running 6.0 FreeBSD. > > I have come across the following cases. > > a) A person in Sweden had trouble with HTTPS and I solved it by reinstalling OpenSSL (check the archives, I think it was more than two months ago) > b) Recently two persons had severe trouble with OpenSSH > > At last I tried the same medicine I have been prescribing to others and with God's grace :-) , my MD5 and SHA1 started matching... > > I have other machines in LAN running OpenBSD and Debian. I try matching the checksums with those boxes. > > And the only common factor and culprit is ... yes, OpenSSL. > > I urge all of you to make life simpler with this. > > # cd /usr/ports/security/openssl > #make deinstall (it may fail, no problem :-) > #make reinstall > > Enjoy guys! :-) > > I might fix the real problem if I get time. Or one of u can too. > > What makes me wonder is how come this problem has gone unnoticed for so long... Two weeks ago a security advisory regarding FBSD/OpenSSL was announced, two days later FBSD/OpenSSH. I don't know if this is related to the problem you describe. The advisory for OpenSSL is to update your source and build/install world. Then you must rebuilt all applications that link against OpenSSL in base. For OpenSSH you only need to rebuild that, but this will be done in the step above. If you use OpenSSL/SSH from ports then these may or may not have been patched, but the result is the same with respect to rebuilding applications linking against a broken OpenSSL. Anyway, if you use OpenSSL/SSH from ports then it is NOT FreeBSD OpenSSL that is broken, it's the port that may be, and then the problem may be an entirely different one. Try first switching to OpenSSL/SSH in base, I have no problem with those. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9