mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Davidsson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-737) "Invalid encoding: redundant leading 0s" when establishing session
Date Tue, 12 Sep 2017 10:40:00 GMT

    [ https://issues.apache.org/jira/browse/SSHD-737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16162779#comment-16162779
] 

Thomas Davidsson commented on SSHD-737:
---------------------------------------

JDK/OpenJDK will not solve the problem, As i understand it they have corrected some parts
in the security-libs (http://www.oracle.com/technetwork/java/javase/8u121-relnotes-3315208.html)
_More checks added to DER encoding parsing code
 More checks are added to the DER encoding parsing code to catch various encoding errors.
In addition, signatures which contain constructed indefinite length encoding will now lead
to IOException during parsing. Note that signatures generated using JDK default providers
are not affected by this change. _
 JDK-8168714 (not public)

So this issue need to be solved in sshd-core lib.

> "Invalid encoding: redundant leading 0s" when establishing session
> ------------------------------------------------------------------
>
>                 Key: SSHD-737
>                 URL: https://issues.apache.org/jira/browse/SSHD-737
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 0.14.0
>            Reporter: Grzegorz Grzybek
>            Assignee: Goldstein Lyor
>             Fix For: 1.4.0
>
>
> Probably related to https://bugs.openjdk.java.net/browse/JDK-8175251. I'm getting:
> {noformat}
> 2017-04-03 12:57:52,932 | INFO  | d]-nio2-thread-1 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Client session created
> 2017-04-03 12:57:52,932 | DEBUG | d]-nio2-thread-1 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Send SSH_MSG_KEXINIT
> 2017-04-03 12:57:52,932 | TRACE | d]-nio2-thread-1 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Sending packet #0: 14 5c dd 49 7d 80 20 9d 4b d8 c9
11 ac 42 34 81 08 00 00 00 9b 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70
2d 65 78 63 68 61 6e 67 65 2d 73 68 61 32 35 36 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61
6e 2d 67 72 6f 75 70 2d 65 78 63 68 61 6e 67 65 2d 73 68 61 31 2c 65 63 64 68 2d 73 68 61
32 2d 6e 69 73 74 70 32 35 36 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 33 38 34 2c
65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 2c 64 69 66 66 69 65 2d 68 65 6c 6c
6d 61 6e 2d 67 72 6f 75 70 31 2d 73 68 61 31 00 00 00 4b 65 63 64 73 61 2d 73 68 61 32 2d
6e 69 73 74 70 32 35 36 2c 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 33 38 34 2c 65
63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 2c 73 73 68 2d 64 73 73 2c 73 73 68
2d 72 73 61 00 00 00 36 61 65 73 31 32 38 2d 63 74 72 2c 61 72 63 66 6f 75 72 31 32 38 2c
61 65 73 31 32 38 2d 63 62 63 2c 33 64 65 73 2d 63 62 63 2c 62 6c 6f 77 66 69 73 68 2d 63
62 63 00 00 00 36 61 65 73 31 32 38 2d 63 74 72 2c 61 72 63 66 6f 75 72 31 32 38 2c 61 65
73 31 32 38 2d 63 62 63 2c 33 64 65 73 2d 63 62 63 2c 62 6c 6f 77 66 69 73 68 2d 63 62 63
00 00 00 47 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31
32 2c 68 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 2d 73 68 61 31
2d 39 36 2c 68 6d 61 63 2d 6d 64 35 2d 39 36 00 00 00 47 68 6d 61 63 2d 73 68 61 32 2d 32
35 36 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2c 68 6d 61 63 2d 73 68 61 31 2c 68 6d 61
63 2d 6d 64 35 2c 68 6d 61 63 2d 73 68 61 31 2d 39 36 2c 68 6d 61 63 2d 6d 64 35 2d 39 36
00 00 00 04 6e 6f 6e 65 00 00 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 00 00 00
> 2017-04-03 12:57:52,933 | DEBUG | 3)-192.168.0.220 | ClientUserAuthServiceOld       
 | 33 - org.apache.sshd.core - 0.14.0 | Trying authentication with org.apache.sshd.client.auth.deprecated.UserAuthPassword@30ed5323
> 2017-04-03 12:57:52,933 | DEBUG | 3)-192.168.0.220 | ClientUserAuthServiceOld       
 | 33 - org.apache.sshd.core - 0.14.0 | waiting to send authentication
> 2017-04-03 12:57:52,933 | INFO  | d]-nio2-thread-1 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Server version string: SSH-2.0-SSHD-CORE-0.14.0
> 2017-04-03 12:57:52,947 | TRACE | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Received packet #1: 14 7b 0e 99 05 b0 83 3c be 6a
22 3b 2b a1 c3 0b cb 00 00 00 9b 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75
70 2d 65 78 63 68 61 6e 67 65 2d 73 68 61 32 35 36 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d
61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 61 6e 67 65 2d 73 68 61 31 2c 65 63 64 68 2d 73 68
61 32 2d 6e 69 73 74 70 32 35 36 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 33 38 34
2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 2c 64 69 66 66 69 65 2d 68 65 6c
6c 6d 61 6e 2d 67 72 6f 75 70 31 2d 73 68 61 31 00 00 00 07 73 73 68 2d 64 73 73 00 00 00
0a 61 65 73 31 32 38 2d 63 74 72 00 00 00 0a 61 65 73 31 32 38 2d 63 74 72 00 00 00 09 68
6d 61 63 2d 73 68 61 31 00 00 00 09 68 6d 61 63 2d 73 68 61 31 00 00 00 04 6e 6f 6e 65 00
00 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 00 00 00
> 2017-04-03 12:57:52,947 | DEBUG | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Received SSH_MSG_KEXINIT
> 2017-04-03 12:57:52,947 | TRACE | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Kex: negotiate(kex algorithms) guess=diffie-hellman-group-exchange-sha256
(client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1
/ server: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1
> 2017-04-03 12:57:52,947 | TRACE | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Kex: negotiate(server host key algorithms) guess=ssh-dss
(client: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss,ssh-rsa / server:
ssh-dss
> 2017-04-03 12:57:52,947 | TRACE | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Kex: negotiate(encryption algorithms (client to server))
guess=aes128-ctr (client: aes128-ctr,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc / server:
aes128-ctr
> 2017-04-03 12:57:52,947 | TRACE | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Kex: negotiate(encryption algorithms (server to client))
guess=aes128-ctr (client: aes128-ctr,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc / server:
aes128-ctr
> 2017-04-03 12:57:52,947 | TRACE | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Kex: negotiate(mac algorithms (client to server))
guess=hmac-sha1 (client: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
/ server: hmac-sha1
> 2017-04-03 12:57:52,947 | TRACE | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Kex: negotiate(mac algorithms (server to client))
guess=hmac-sha1 (client: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
/ server: hmac-sha1
> 2017-04-03 12:57:52,947 | TRACE | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Kex: negotiate(compression algorithms (client to server))
guess=none (client: none / server: none
> 2017-04-03 12:57:52,947 | TRACE | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Kex: negotiate(compression algorithms (server to client))
guess=none (client: none / server: none
> 2017-04-03 12:57:52,947 | TRACE | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Kex: negotiate(languages (client to server)) guess=
(client:  / server: 
> 2017-04-03 12:57:52,948 | TRACE | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Kex: negotiate(languages (server to client)) guess=
(client:  / server: 
> 2017-04-03 12:57:52,948 | DEBUG | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Kex: server->client aes128-ctr hmac-sha1 none
> 2017-04-03 12:57:52,948 | DEBUG | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Kex: client->server aes128-ctr hmac-sha1 none
> 2017-04-03 12:57:52,948 | DEBUG | d]-nio2-thread-2 | DHGEX256                       
 | 33 - org.apache.sshd.core - 0.14.0 | Send SSH_MSG_KEX_DH_GEX_REQUEST
> 2017-04-03 12:57:52,948 | TRACE | d]-nio2-thread-2 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Sending packet #1: 22 00 00 04 00 00 00 10 00 00 00
20 00
> 2017-04-03 12:57:52,978 | TRACE | d]-nio2-thread-3 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Received packet #2: 1f 00 00 00 81 00 f7 29 60 31
d2 9f d5 76 a7 8c 44 b0 d5 33 a3 7a dc 00 46 c3 ee 1d 4a 47 33 2c be c5 94 d8 7a 9a 36 39
a7 92 5a 5b 88 bd 11 7a 03 7b 8b db 55 58 d4 cc 15 bc 02 8f ae 24 88 97 e5 24 00 c6 22 61
34 d0 96 f7 81 fd fc a5 05 5f f3 01 59 01 d6 ac e7 e1 4a 96 10 9d 62 27 61 5f 3f d9 99 01
39 e3 cb 94 53 fb 35 df 99 5e df dd 84 1e 0d 38 f3 e8 1e ca c1 57 e8 a8 04 b1 05 cc 47 4e
dc 87 85 43 00 00 00 01 02
> 2017-04-03 12:57:52,978 | DEBUG | d]-nio2-thread-3 | DHGEX256                       
 | 33 - org.apache.sshd.core - 0.14.0 | Received SSH_MSG_KEX_DH_GEX_GROUP
> 2017-04-03 12:57:52,981 | DEBUG | d]-nio2-thread-3 | DHGEX256                       
 | 33 - org.apache.sshd.core - 0.14.0 | Send SSH_MSG_KEX_DH_GEX_INIT
> 2017-04-03 12:57:52,981 | TRACE | d]-nio2-thread-3 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Sending packet #2: 20 00 00 00 81 00 83 b2 01 57 0f
c5 1b f2 bd 5a 48 9b 24 ce e3 5f 66 c5 5c 23 cf 39 62 c6 6e 1b 8a 3e 4b d4 d8 ef 70 c5 07
02 3f 98 5b fa cf 16 56 7f 32 aa bc 08 fd fe 53 1c 7e 8f 9e f1 b9 5b 16 56 7d 49 89 86 56
05 0b c0 89 07 1a 40 fa b4 95 c6 fe ed f0 89 15 ae 38 21 21 3a 12 dc 30 58 ff b1 23 72 1b
32 22 55 c4 04 d8 6b 5d 43 63 95 68 1b c5 ee 28 3b a1 4c 81 a9 83 4f c8 5f ce 77 70 a7 a6
c9 5d 03
> 2017-04-03 12:57:52,986 | TRACE | d]-nio2-thread-4 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Received packet #3: 21 00 00 01 b2 00 00 00 07 73
73 68 2d 64 73 73 00 00 00 81 00 fd 7f 53 81 1d 75 12 29 52 df 4a 9c 2e ec e4 e7 f6 11 b7
52 3c ef 44 00 c3 1e 3f 80 b6 51 26 69 45 5d 40 22 51 fb 59 3d 8d 58 fa bf c5 f5 ba 30 f6
cb 9b 55 6c d7 81 3b 80 1d 34 6f f2 66 60 b7 6b 99 50 a5 a4 9f 9f e8 04 7b 10 22 c2 4f bb
a9 d7 fe b7 c6 1b f8 3b 57 e7 c6 a8 a6 15 0f 04 fb 83 f6 d3 c5 1e c3 02 35 54 13 5a 16 91
32 f6 75 f3 ae 2b 61 d7 2a ef f2 22 03 19 9d d1 48 01 c7 00 00 00 15 00 97 60 50 8f 15 23
0b cc b2 92 b9 82 a2 eb 84 0b f0 58 1c f5 00 00 00 81 00 f7 e1 a0 85 d6 9b 3d de cb bc ab
5c 36 b8 57 b9 79 94 af bb fa 3a ea 82 f9 57 4c 0b 3d 07 82 67 51 59 57 8e ba d4 59 4f e6
71 07 10 81 80 b4 49 16 71 23 e8 4c 28 16 13 b7 cf 09 32 8c c8 a6 e1 3c 16 7a 8b 54 7c 8d
28 e0 a3 ae 1e 2b b3 a6 75 91 6e a3 7f 0b fa 21 35 62 f1 fb 62 7a 01 24 3b cc a4 f1 be a8
51 90 89 a8 83 df e1 5a e5 9f 06 92 8b 66 5e 80 7b 55 25 64 01 4c 3b fe cf 49 2a 00 00 00
80 49 e0 84 51 a8 5f 4b 24 d4 74 a6 81 5f f7 c6 14 44 e1 ef ff fd ed ad 8a e4 74 a0 9f 0d
dd 0a 42 b6 ee c7 74 3b ea ba db 02 8b 27 3c 96 74 9b 65 9b c4 25 b9 4e 58 4f d9 0d 3a b5
72 69 4f 06 31 b5 9f 20 f4 db f7 f7 4a 24 c3 05 51 d4 41 27 fd 55 db 7e 01 78 66 8d 82 ca
1a a3 4e bd d7 de 45 62 af 43 85 6b dd ec 41 41 74 c0 81 af 33 b4 6a 5b 24 50 0e 89 09 65
6d 43 36 cb 9c 89 83 3b b6 00 00 00 80 3b 41 1b 65 7c ad b9 64 2b 5c 75 76 0f c1 03 0c f4
d2 a7 da 73 21 bb 2e d4 a9 29 64 cd 32 78 f8 3f b5 32 22 c1 21 60 3d 33 75 d3 63 b3 15 11
f3 79 84 26 f7 02 56 0d 22 ae ac 89 66 c6 0d 99 1f 12 dc 74 bd 17 e9 26 e8 4b 92 1a ee eb
0c b6 9d 8c 9d d6 70 05 5c 11 3e 02 ac 26 1e 2a 0a 04 69 10 7c a0 4a 03 43 42 b7 b1 c7 01
6c a4 4f e8 7a b3 bd 47 e5 bc 26 06 87 60 e0 d0 0a e9 b6 35 73 00 00 00 37 00 00 00 07 73
73 68 2d 64 73 73 00 00 00 28 5f e9 49 68 89 5e fb 90 c0 11 d3 90 c5 12 94 09 a5 6c 32 10
00 75 21 e7 f2 e1 e3 99 03 b4 17 d6 89 12 6b b9 b4 e7 4f 2f
> 2017-04-03 12:57:52,987 | DEBUG | d]-nio2-thread-4 | DHGEX256                       
 | 33 - org.apache.sshd.core - 0.14.0 | Received SSH_MSG_KEX_DH_GEX_REPLY
> 2017-04-03 12:57:52,990 | WARN  | d]-nio2-thread-4 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Exception caught
> java.security.SignatureException: Invalid encoding for signature
> 	at sun.security.provider.DSA.engineVerify(DSA.java:283)[:1.8.0_121]
> 	at sun.security.provider.DSA.engineVerify(DSA.java:244)[:1.8.0_121]
> 	at java.security.Signature$Delegate.engineVerify(Signature.java:1219)[:1.8.0_121]
> 	at java.security.Signature.verify(Signature.java:652)[:1.8.0_121]
> 	at org.apache.sshd.common.signature.AbstractSignatureDSA.verify(AbstractSignatureDSA.java:88)[33:org.apache.sshd.core:0.14.0]
> 	at org.apache.sshd.client.kex.DHGEX.next(DHGEX.java:163)[33:org.apache.sshd.core:0.14.0]
> 	at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:425)[33:org.apache.sshd.core:0.14.0]
> 	at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)[33:org.apache.sshd.core:0.14.0]
> 	at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:306)[33:org.apache.sshd.core:0.14.0]
> 	at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)[33:org.apache.sshd.core:0.14.0]
> 	at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)[33:org.apache.sshd.core:0.14.0]
> 	at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)[33:org.apache.sshd.core:0.14.0]
> 	at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184)[33:org.apache.sshd.core:0.14.0]
> 	at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170)[33:org.apache.sshd.core:0.14.0]
> 	at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
> 	at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_121]
> 	at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[33:org.apache.sshd.core:0.14.0]
> 	at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.8.0_121]
> 	at sun.nio.ch.Invoker$2.run(Invoker.java:218)[:1.8.0_121]
> 	at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)[:1.8.0_121]
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_121]
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_121]
> 	at java.lang.Thread.run(Thread.java:745)[:1.8.0_121]
> Caused by: java.io.IOException: Invalid encoding: redundant leading 0s
> 	at sun.security.util.DerInputBuffer.getBigInteger(DerInputBuffer.java:152)[:1.8.0_121]
> 	at sun.security.util.DerValue.getBigInteger(DerValue.java:512)[:1.8.0_121]
> 	at sun.security.provider.DSA.engineVerify(DSA.java:281)[:1.8.0_121]
> 	... 22 more
> 2017-04-03 12:57:52,992 | DEBUG | d]-nio2-thread-4 | ClientSessionImpl              
 | 33 - org.apache.sshd.core - 0.14.0 | Closing ClientSessionImpl[view23480697227273_1@localhost/127.0.0.1:8101]
immediately
> 2017-04-03 12:57:52,992 | DEBUG | d]-nio2-thread-4 | ClientUserAuthService          
 | 33 - org.apache.sshd.core - 0.14.0 | Closing org.apache.sshd.client.session.ClientUserAuthService@76d1fdf
immediately
> 2017-04-03 12:57:52,992 | DEBUG | d]-nio2-thread-4 | ClientUserAuthServiceOld       
 | 33 - org.apache.sshd.core - 0.14.0 | Closing org.apache.sshd.client.session.ClientUserAuthServiceOld@70195e66
immediately
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message