MAC integrity failure

Question

MAC integrity failure

rapier1 opened this issue 9 years ago · 5 comments

mac hmac-ripemd160-etm@openssh.com is failing to pass the regression tests for the KitchenSink version of the code. There seems to be some sort of odd interaction that wasn't happening in 7.1p2. I believe it's some issue between the code for the none cipher switch and the aes_mt_ctr cipher. The aes-mt-ctr cipher works fine on it's own, it's only when that code set is incorporated with the null switch that we seem to have problems. As a work around please do not use ripemd160-etm until this issue is fixed.

Answer 1 · 2016-06-03T18:44:26.000Z

Well, it's not an interaction issue with the None cipher code as I see the same problem when I merge the AES-MT-CTR into the DynamicWindow tag. This is not an issue when only the AES_MT_CTR code set is applied.

Answer 2 · 2016-06-17T20:07:11.000Z

More data: If the integrity test is forced to use other ciphers then it passes as expected so it's specific to the way that the aes-ctr-mt cipher is being used. The problem is that I'm not sure how the integrity tests are being run so I need to look into this more deeply. If anyone has any suggestions please speak up.

Answer 3 · 2016-09-08T08:22:25.000Z

I forward ported the patch to openssh-7.3p1 and this failure does not happen for me (dropping the server logging stuff). I suspect that it must be an upstream issue rather than something in the hpn patchset.

Answer 4 · 2016-09-08T17:40:27.000Z

I'll have to check that out. Also, thank you for the patches for CTR MT.

Answer 5 · 2016-11-27T20:59:27.000Z

i've pushed updates for 7.3p1 to the repo and the tests are passing for me now