From nobody@FreeBSD.org  Thu Feb  7 02:10:54 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id AF80937B41C
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  7 Feb 2002 02:10:53 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g17AAru17304;
	Thu, 7 Feb 2002 02:10:53 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200202071010.g17AAru17304@freefall.freebsd.org>
Date: Thu, 7 Feb 2002 02:10:53 -0800 (PST)
From: Alexey Dokuchaev <danfe@dnd.nsu.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Very strong GCC optimizations (CFLAGS) break ssh(1) DSA authorization
X-Send-Pr-Version: www-1.0

>Number:         34690
>Category:       bin
>Synopsis:       Very strong GCC optimizations (CFLAGS) break ssh(1) DSA authorization
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 07 02:20:00 PST 2002
>Closed-Date:    Thu Feb 7 08:05:18 PST 2002
>Last-Modified:  Thu Feb 07 08:09:47 PST 2002
>Originator:     Alexey Dokuchaev
>Release:        4.5-STABLE
>Organization:
DND NSU
>Environment:
FreeBSD nowhere.universe.ru 4.5-STABLE FreeBSD 4.5-STABLE #0: Sun Feb  3 22:19:53 NOVT 2002 root@nowhere.universe.ru:/usr/src/sys/compile/CYTHEREA  i386     
>Description:
When world is compiled with "-O2 -mpentiumpro -march=pentiumpro -mcpu=pentiumpro -pipe -s -fexpensive-optimizations -ffast-math -fomit-frame-pointer -funroll-loops" CFLAGS, DSA key-based authorization does not work.  See below for exact description.  RSA authentification (similar) works (on this very box).
>How-To-Repeat:
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/danfe/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/danfe/.ssh/id_dsa.
Your public key has been saved in /home/danfe/.ssh/id_dsa.pub.
The key fingerprint is:
5e:45:44:1f:34:63:9c:c3:03:30:b5:75:bf:de:42:75 danfe@nowhere.universe.ru
$ cp id_dsa.pub authorized_keys2
$ ssh -2 localhost
key_verify failed for server_host_key
$

However, if .ssh/id_dsa* moved to another FreeBSD box, compiled with standard CFLAGS, they are proven to be valid.

>Fix:
None know.  Do not time, sorry :-(((
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dwmalone 
State-Changed-When: Thu Feb 7 08:05:18 PST 2002 
State-Changed-Why:  
Using high levels of optimisation to compile all of FreeBSD is 
unsuported, as gcc is known to be buggy. Unfortunately FreeBSD 
people don't have the time to track down these bugs. 

If you can produce a simple example of code which reproduces these 
bugs, then I believe the gcc people would be likely to entertain 
fixing them. You should be able to find out how to submit gcc bug 
reports at gcc.gnu.org. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=34690 
>Unformatted:
