Bug#931272: openssh-server: incoming connections fail if openssl's afalg engine is enabled

[Colin Watson]

On Sun, Jun 30, 2019 at 05:25:42AM -0300, Emilio López wrote:
> After enabling afalg engine on OpenSSL and configuring OpenSSH server to use 
> the following
> ciphers, incoming ssh connections stop working. When a client tries to 
> connect, you can
> observe the following message on the server's dmesg output:
> 
> [271686.264598] audit: type=1326 audit(1561879548.303:14): auid=1000 
> uid=104 gid=65534 ses=99 subj==unconfined pid=8164 comm="sshd" 
> exe="/usr/sbin/sshd" sig=31 arch=4028 syscall=281 compat=0 ip=0xb6a5ee6c 
> code=0x0
> 
> The device is a Buffalo Linkstation LS-WXL (armel, kirkwood). I would like to 
> use the crypto
> hardware accelerator (marvell_cesa) on SSH to get better performance out of 
> it, that's why
> I enabled the afalg engine.
> 
> This happens both with openssh-server from buster and experimental. Syscall 
> 281 appears to be
> socket(...) from what I could gather. Maybe it is necessary to add a few more 
> allowed syscall
> rules to the seccomp sandbox in OpenSSH?

Thanks for your report.  Would you mind filing this directly upstream?
This is the sort of thing I'd much rather get upstream review of.

  https://bugzilla.mindrot.org/

Thanks,

-- 
Colin Watson   [cjwat...@debian.org]

Bug#931272: openssh-server: incoming connections fail if openssl's afalg engine is enabled

[Emilio López]

Package: openssh-server
Version: 1:8.0p1-2
Severity: important

Dear Maintainer,

After enabling afalg engine on OpenSSL and configuring OpenSSH server to use 
the following
ciphers, incoming ssh connections stop working. When a client tries to connect, 
you can
observe the following message on the server's dmesg output:

[271686.264598] audit: type=1326 audit(1561879548.303:14): auid=1000 
uid=104 gid=65534 ses=99 subj==unconfined pid=8164 comm="sshd" 
exe="/usr/sbin/sshd" sig=31 arch=4028 syscall=281 compat=0 ip=0xb6a5ee6c 
code=0x0

The device is a Buffalo Linkstation LS-WXL (armel, kirkwood). I would like to 
use the crypto
hardware accelerator (marvell_cesa) on SSH to get better performance out of it, 
that's why
I enabled the afalg engine.

This happens both with openssh-server from buster and experimental. Syscall 281 
appears to be
socket(...) from what I could gather. Maybe it is necessary to add a few more 
allowed syscall
rules to the seccomp sandbox in OpenSSH?

Config changes I performed below:

Changes on /etc/ssh/sshd_config

Ciphers aes128-cbc,aes192-cbc,aes256-cbc

Changes on /etc/ssl/openssl.cnf

[default_conf]
engines = openssl_engines

[openssl_engines]
afalg = afalg_engine

[afalg_engine]
default_algorithms = ALL

Thank you for your time,
Emilio

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: armel (armv5tel)

Kernel: Linux 4.19.0-5-marvell
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages openssh-server depends on:
ii  adduser3.118
ii  debconf [debconf-2.0]  1.5.71
ii  dpkg   1.19.7
ii  libaudit1  1:2.8.4-3
ii  libc6  2.28-10
ii  libcom-err21.44.5-1
ii  libgssapi-krb5-2   1.17-3
ii  libkrb5-3  1.17-3
ii  libpam-modules 1.3.1-5
ii  libpam-runtime 1.3.1-5
ii  libpam0g   1.3.1-5
ii  libselinux12.8-1+b1
ii  libssl1.1  1.1.1c-1
ii  libsystemd0241-5
ii  libwrap0   7.6.q-28
ii  lsb-base   10.2019051400
ii  openssh-client 1:8.0p1-2
ii  openssh-sftp-server1:8.0p1-2
ii  procps 2:3.3.15-2
ii  ucf3.0038+nmu1
ii  zlib1g 1:1.2.11.dfsg-1

Versions of packages openssh-server recommends:
pn  default-logind | logind | libpam-systemd  
ii  ncurses-term  6.1+20181013-2
pn  xauth 

Versions of packages openssh-server suggests:
pn  molly-guard   
pn  monkeysphere  
pn  rssh  
pn  ssh-askpass   
pn  ufw   

-- debconf information:
  openssh-server/permit-root-login: true
  openssh-server/password-authentication: true