dropbear fails on uClinux ARM NOMMU target with gcc-3.4.5 but not gcc-2.95.3

Fri Jan 6 23:24:59 WST 2006

I'm building/running the version of dropbear 0.43 included with 
uClinux-dist-20051014. Target is little endian ARM CPU with no MMU. If I 
use the arm-elf-tools-20040427 toolchain everything builds and works 
fine. I cannot to the target using both ssh-rsa and ssh-dss. If I use my 
binutils-2.15.90.0.1.1 + gcc-3.4.5 toolchain everything builds and runs 
but...

when the host connects with ssh-rsa it errors out with:

RSA_public_decrypt failed: error:0407006A:rsa 
routines:RSA_padding_check_PKCS1_type_1:block type is not 01
debug1: ssh_rsa_verify: signature incorrect
key_verify failed for server_host_key

when the host connects with ssh-dss the target errors out with:

/bin/staticdropbear: dss.c: 366: buf_put_dss_sign: Assertion `writelen 
<= 20' failed.

I haven't had any other trouble with the binutils-2.15.90.0.1.1 + 
gcc-3.4.5 toolchain, but I haven't done anything very math intensive 
like crypto. Are there any testsuites that can be compiled to 
exhaustively test the toolchain / target CPU?

Below are details:

CPU: OKI ML67Q5003 (ARM7TDMI)

uClinux-dist-20051014

Kernel:
linux-2.6.14
linux-2.6.14-uc0.patch
linux-2.6.14-hsc0.patch

uClibc:
0.9.27

dropbear:
v0.43 from uClinux-dist-20051014. No changes made. I did rm -rf 
uClinux-dist/user/dropbear and reextracted from 
uClinux-dist-20051014.tar.bz2 before each test to be sure.

Working toolchain:
 From http://opensrc.sec.samsung.com/download/arm-elf-tools-20040427.sh
binutils-2.14
gcc version 2.95.3 20010315 (release)(ColdFire patches - 20010318 from 
http://fiddes.net/coldfire/)(uClinux XIP and shared lib patches from 
http://www.snapgear.com/)

Non working toolchain:
binutils-2.15.90.0.1.1
gcc-3.4.5 Configured with: ./configure --target=arm-elf 
--prefix=/usr/local --disable-shared --enable-languages=c 
--enable-target-optspace --with-gnu-ld --disable-nls 
--disable-__cxa_atexit --disable-c99 --disable-clocale 
--disable-c-mbchar --disable-long-long 
--enable-cxx-flags=-D_ISOC99_SOURCE,-D_BSD_SOURCE --with-float=soft
Thread model: single
elf2flt-20040326

inetd.conf:
ssh     stream tcp nowait root /bin/staticdropbear -i
telnet  stream tcp nowait root /bin/telnetd

 From target (client forcing ssh-rsa):

Load /bin/staticdropbear: TEXT=600040-6236a0 DATA=660004-6664b4 
BSS=6664b4-67a464
[23] Jan 01 00:01:34 Child connection from 172.16.64.11:34123
[23] Jan 01 00:01:40 exit before auth: error reading: Connection reset 
by peer

 From host (client forcing ssh-rsa):

ssh -vvv -o HostKeyAlgorithms=ssh-rsa root at 172.16.64.208
OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 172.16.64.208 [172.16.64.208] port 22.
debug1: Connection established.
debug1: identity file /home/georgem/.ssh/identity type -1
debug1: identity file /home/georgem/.ssh/id_rsa type -1
debug1: identity file /home/georgem/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version dropbear_0.43
debug1: no match: dropbear_0.43
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug2: fd 5 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client 3des-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server 3des-cbc hmac-md5 none
debug2: dh_gen_key: priv key bits set: 203/384
debug2: bits set: 520/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug3: check_host_in_hostfile: filename /home/georgem/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/georgem/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host 172.16.64.208
debug3: check_host_in_hostfile: filename /home/georgem/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/georgem/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host 172.16.64.208
The authenticity of host '172.16.64.208 (172.16.64.208)' can't be 
established.
RSA key fingerprint is 72:21:49:0c:5e:f6:91:20:ff:d5:f2:69:d4:fc:b9:e1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.64.208' (RSA) to the list of known hosts.
debug2: bits set: 516/1024
RSA_public_decrypt failed: error:0407006A:rsa 
routines:RSA_padding_check_PKCS1_type_1:block type is not 01
debug1: ssh_rsa_verify: signature incorrect
key_verify failed for server_host_key

 From target (client forcing ssh-dss):
[24] Jan 01 00:34:17 Child connection from 172.16.64.11:34216
/bin/staticdropbear: dss.c: 366: buf_put_dss_sign: Assertion `writelen 
<= 20' failed.

 From host (client forcing ssh-dss):
ssh -vvv -o HostKeyAlgorithms=ssh-dss root at 172.16.64.208
OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 172.16.64.208 [172.16.64.208] port 22.
debug1: Connection established.
debug1: identity file /home/georgem/.ssh/identity type -1
debug1: identity file /home/georgem/.ssh/id_rsa type -1
debug1: identity file /home/georgem/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version dropbear_0.43
debug1: no match: dropbear_0.43
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug2: fd 5 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client 3des-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server 3des-cbc hmac-md5 none
debug2: dh_gen_key: priv key bits set: 191/384
debug2: bits set: 513/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
Connection closed by 172.16.64.208

Any solutions, conjectures or wild ass guesses are greatly appreciated.

Cheers,
George McCollister

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information.  If you have
received it in error, please notify the sender immediately and delete
the original.  Any other use of the email by you is prohibited.