New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/ssh: Connections using "chacha20-poly1305@openssh.com" fail with "ssh: MAC failure" #23510
Labels
Milestone
Comments
thanks for the report. Looking. |
Change https://golang.org/cl/88995 mentions this issue: |
gopherbot
pushed a commit
to golang/crypto
that referenced
this issue
Jan 22, 2018
This effectively disables the cipher. Add a test against OpenSSH which sends larger packets through the tested ciphers. This reproduces the problem reported in golang/go#23510 Change-Id: I4b124c690c409c6a0af2621e58a964ff55815f57 Reviewed-on: https://go-review.googlesource.com/88995 Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
Change https://golang.org/cl/89075 mentions this issue: |
bored-engineer
pushed a commit
to bored-engineer/ssh
that referenced
this issue
Oct 13, 2019
Incomplete reads leave (part of) the verification tag zeroed, leading to a failing MAC, and this is more likely to happen with larger packets. The test added in the previous commit should stop this from regressing. Reinstate chacha20-poly1305 as a default cipher and prefer it over AES CTR flavors. Fixes golang/go#23510 Change-Id: I7599897e59448edb7b814eebcc8226ea15b365d6 Reviewed-on: https://go-review.googlesource.com/89075 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
bored-engineer
pushed a commit
to bored-engineer/ssh
that referenced
this issue
Oct 13, 2019
Incomplete reads leave (part of) the verification tag zeroed, leading to a failing MAC, and this is more likely to happen with larger packets. The test added in the previous commit should stop this from regressing. Reinstate chacha20-poly1305 as a default cipher and prefer it over AES CTR flavors. Fixes golang/go#23510 Change-Id: I7599897e59448edb7b814eebcc8226ea15b365d6 Reviewed-on: https://go-review.googlesource.com/89075 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
bored-engineer
pushed a commit
to bored-engineer/ssh
that referenced
this issue
Oct 13, 2019
Incomplete reads leave (part of) the verification tag zeroed, leading to a failing MAC, and this is more likely to happen with larger packets. The test added in the previous commit should stop this from regressing. Reinstate chacha20-poly1305 as a default cipher and prefer it over AES CTR flavors. Fixes golang/go#23510 Change-Id: I7599897e59448edb7b814eebcc8226ea15b365d6 Reviewed-on: https://go-review.googlesource.com/89075 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
c-expert-zigbee
pushed a commit
to c-expert-zigbee/crypto_go
that referenced
this issue
Mar 28, 2022
Incomplete reads leave (part of) the verification tag zeroed, leading to a failing MAC, and this is more likely to happen with larger packets. The test added in the previous commit should stop this from regressing. Reinstate chacha20-poly1305 as a default cipher and prefer it over AES CTR flavors. Fixes golang/go#23510 Change-Id: I7599897e59448edb7b814eebcc8226ea15b365d6 Reviewed-on: https://go-review.googlesource.com/89075 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
c-expert-zigbee
pushed a commit
to c-expert-zigbee/crypto_go
that referenced
this issue
Mar 29, 2022
Incomplete reads leave (part of) the verification tag zeroed, leading to a failing MAC, and this is more likely to happen with larger packets. The test added in the previous commit should stop this from regressing. Reinstate chacha20-poly1305 as a default cipher and prefer it over AES CTR flavors. Fixes golang/go#23510 Change-Id: I7599897e59448edb7b814eebcc8226ea15b365d6 Reviewed-on: https://go-review.googlesource.com/89075 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
LewiGoddard
pushed a commit
to LewiGoddard/crypto
that referenced
this issue
Feb 16, 2023
Incomplete reads leave (part of) the verification tag zeroed, leading to a failing MAC, and this is more likely to happen with larger packets. The test added in the previous commit should stop this from regressing. Reinstate chacha20-poly1305 as a default cipher and prefer it over AES CTR flavors. Fixes golang/go#23510 Change-Id: I7599897e59448edb7b814eebcc8226ea15b365d6 Reviewed-on: https://go-review.googlesource.com/89075 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
BiiChris
pushed a commit
to BiiChris/crypto
that referenced
this issue
Sep 15, 2023
Incomplete reads leave (part of) the verification tag zeroed, leading to a failing MAC, and this is more likely to happen with larger packets. The test added in the previous commit should stop this from regressing. Reinstate chacha20-poly1305 as a default cipher and prefer it over AES CTR flavors. Fixes golang/go#23510 Change-Id: I7599897e59448edb7b814eebcc8226ea15b365d6 Reviewed-on: https://go-review.googlesource.com/89075 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
What did you do?
I work on an SSH server project for hosting Git repositories and we recently updated our
golang.org/x/crypto
toa6600008915114d9c087fad9f03d75087b1a74df
to get support for thechacha20-poly1305@openssh.com
cipher. During our testing, we discovered that our SSH sessions seem to fail when usingchacha20-poly1305@openssh.com
. Some of our internal users reported that short SSH commands didn't see the problem (i.e. commands that reply with a single line of text) but attempting to clone a repository over SSH would fail.The server sees a
ssh: MAC failure
and the client seespacket_write_wait: Connection to 10.192.25.108 port 22: Broken pipe
.I'm using OpenSSH 7.4 (client) against a server running
golang.org/x/crypto
at a660000.Failing logs from
ssh -vvv -c chacha20-poly1305@openssh.com
ssh-chacha20-poly1305.txt
Successful logs from
ssh -vvv -c aes128-gcm
ssh-aes.txt
What version of Go are you using (
go version
)?go version go1.9.1 linux/amd64
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/go"
GORACE=""
GOROOT="/usr/local/go"
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build670065654=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
What did you expect to see?
The SSH session did not fail.
What did you see instead?
The SSH session failed. The client saw a disconnect error and the server saw a
ssh: MAC error
.cc: @hanwen
The text was updated successfully, but these errors were encountered: