From owner-freebsd-bugs Thu Feb 7 2:20:30 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id BB9DB37B404 for ; Thu, 7 Feb 2002 02:20:00 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g17AK0a18417; Thu, 7 Feb 2002 02:20:00 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id AF80937B41C for ; Thu, 7 Feb 2002 02:10:53 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g17AAru17304; Thu, 7 Feb 2002 02:10:53 -0800 (PST) (envelope-from nobody) Message-Id: <200202071010.g17AAru17304@freefall.freebsd.org> Date: Thu, 7 Feb 2002 02:10:53 -0800 (PST) From: Alexey Dokuchaev To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: bin/34690: Very strong GCC optimizations (CFLAGS) break ssh(1) DSA authorization Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 34690 >Category: bin >Synopsis: Very strong GCC optimizations (CFLAGS) break ssh(1) DSA authorization >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Feb 07 02:20:00 PST 2002 >Closed-Date: >Last-Modified: >Originator: Alexey Dokuchaev >Release: 4.5-STABLE >Organization: DND NSU >Environment: FreeBSD nowhere.universe.ru 4.5-STABLE FreeBSD 4.5-STABLE #0: Sun Feb 3 22:19:53 NOVT 2002 root@nowhere.universe.ru:/usr/src/sys/compile/CYTHEREA i386 >Description: When world is compiled with "-O2 -mpentiumpro -march=pentiumpro -mcpu=pentiumpro -pipe -s -fexpensive-optimizations -ffast-math -fomit-frame-pointer -funroll-loops" CFLAGS, DSA key-based authorization does not work. See below for exact description. RSA authentification (similar) works (on this very box). >How-To-Repeat: $ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/danfe/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/danfe/.ssh/id_dsa. Your public key has been saved in /home/danfe/.ssh/id_dsa.pub. The key fingerprint is: 5e:45:44:1f:34:63:9c:c3:03:30:b5:75:bf:de:42:75 danfe@nowhere.universe.ru $ cp id_dsa.pub authorized_keys2 $ ssh -2 localhost key_verify failed for server_host_key $ However, if .ssh/id_dsa* moved to another FreeBSD box, compiled with standard CFLAGS, they are proven to be valid. >Fix: None know. Do not time, sorry :-((( >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message