Elliptic Curve host key and -R argument bug

Matt Johnston matt at ucc.asn.au
Tue Jan 28 22:47:53 WST 2014


Hi,

Could you see if the patch below fixes it? I think the ecdsa hostkeys are
coincidental. 

Cheers,
Matt

https://secure.ucc.asn.au/hg/dropbear/rev/6e6ae84d3dba
--- a/gensignkey.c      Thu Jan 23 22:29:04 2014 +0800
+++ b/gensignkey.c      Tue Jan 28 22:44:24 2014 +0800
@@ -26,7 +26,7 @@
        while (buf->pos != buf->len) {
                int len = write(fd, buf_getptr(buf, buf->len - buf->pos),
                                buf->len - buf->pos);
-               if (errno == EINTR) {
+               if (len == -1 && errno == EINTR) {
                        continue;
                }
                if (len <= 0) {



On Tue, Jan 28, 2014 at 02:18:44PM +0000, Bruno Thomsen wrote:
> Hi,
> 
> I have observed some strange dropbear behavior with the -R argument (Create hostkeys as required) and Elliptic Curve host keys.
> The result is an extremely large temporary host key file (multiple megabytes).
> 
> SSH client: Google Chrome extension: Secure Shell 0.8.25
> 
> 1) Connect to dropbear running without arguments and a single host key (ecdsa-sha2-nistp521) in /etc/dropbear/dropbear_ecdsa_host_key
> 2) Stop dropbear
> 3) Remove old host key and generate a single new host key (ecdsa-sha2-nistp256) in /etc/dropbear/dropbear_ecdsa_host_key
> 4) Start dropbear with -R argument
> 5) Reconnect to dropbear and it generate an extremely large host key (process never ends).
> 
> 
> 
> Result:
> root at target:~ ll /etc/dropbear/
> total 54508
> dr--------    2 root     root          1024 Jan 28 13:38 .
> drwxrwxr-x   19 root     root          1024 Jan 28 12:09 ..
> -r--------    1 root     root           140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw-------    1 root     root      55593054 Jan 28 13:39 dropbear_ecdsa_host_key.tmp377
> root at target:~ ll /etc/dropbear/
> total 66001
> dr--------    2 root     root          1024 Jan 28 13:38 .
> drwxrwxr-x   19 root     root          1024 Jan 28 12:09 ..
> -r--------    1 root     root           140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw-------    1 root     root      67316589 Jan 28 13:40 dropbear_ecdsa_host_key.tmp377
> root at target:~ ll /etc/dropbear/
> total 70657
> dr--------    2 root     root          1024 Jan 28 13:38 .
> drwxrwxr-x   19 root     root          1024 Jan 28 12:09 ..
> -r--------    1 root     root           140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw-------    1 root     root      72064080 Jan 28 13:40 dropbear_ecdsa_host_key.tmp377
> root at target:~ ll /etc/dropbear/
> total 84631
> dr--------    2 root     root          1024 Jan 28 13:38 .
> drwxrwxr-x   19 root     root          1024 Jan 28 12:09 ..
> -r--------    1 root     root           140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw-------    1 root     root      86317002 Jan 28 13:40 dropbear_ecdsa_host_key.tmp377
> root at target:~ ll /etc/dropbear/
> total 129200
> dr--------    2 root     root          1024 Jan 28 13:38 .
> drwxrwxr-x   19 root     root          1024 Jan 28 12:09 ..
> -r--------    1 root     root           140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw-------    1 root     root     131778657 Jan 28 13:41 dropbear_ecdsa_host_key.tmp377
> root at target:~ ll /etc/dropbear/
> total 130372
> dr--------    2 root     root          1024 Jan 28 13:38 .
> drwxrwxr-x   19 root     root          1024 Jan 28 12:09 ..
> -r--------    1 root     root           140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw-------    1 root     root     132973731 Jan 28 13:41 dropbear_ecdsa_host_key.tmp377
> root at target:~ ll /etc/dropbear/
> total 131219
> dr--------    2 root     root          1024 Jan 28 13:38 .
> drwxrwxr-x   19 root     root          1024 Jan 28 12:09 ..
> -r--------    1 root     root           140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw-------    1 root     root     133837839 Jan 28 13:41 dropbear_ecdsa_host_key.tmp377
> root at target:~ top
> Mem: 121580K used, 3376K free, 0K shrd, 10172K buff, 91900K cached
> CPU: 20.0% usr 80.0% sys  0.0% nic  0.0% idle  0.0% io  0.0% irq  0.0% sirq
> Load average: 2.30 1.04 0.52 2/55 1416
>   PID  PPID USER     STAT   VSZ %MEM CPU %CPU COMMAND
>   377 31162 root     R     2292  1.8   0 66.5 dropbear -R
> 
> 
> 
> Maybe it's a collision in /etc/dropbear/dropbear_ecdsa_host_key that holds an ecdsa-sha2-nistp256 and when dropbear tries to generate a new ecdsa-sha2-nistp521.
> 
> 
> Venlig hilsen / Best regards
> 
> Kamstrup A/S <http://www.kamstrup.dk> 
> Bruno Thomsen
> Development engineer
> Technology
> 
> Kamstrup A/S
> Industrivej 28
> DK-8660 Skanderborg
> Tel:	 +45 89 93 10 00	 
> Fax:	 +45 89 93 10 01	 
> Dir:	 +45 89 93 13 94	 
> E-mail:	 bth at kamstrup.dk	 
> Web:	 www.kamstrup.dk	 
> 


More information about the Dropbear mailing list