Hi OpenSSL Dev, I may find one bug of OpenSSL. The machine I used is HPUX 11.23 IA box. # uname -a HP-UX sshia1 B.11.23 U ia64 3432702471 unlimited-user license
The issue I met is described in detail as follows. Step1 I download openssl-0.9.7m.tar.gz and openssl-fips-1.1.2.tar.gz from official openssl site. Step2 I try to build FIPS Capable OpenSSL according to the openssl FIPS 140-2 User Guide. It works fine. Step3 I download openssh-5.0p1.tar.gz from http://www.openssh.org/ site and use fipsld to link ssh with the previous generated FIPS Capable OpenSSL libcrypto.a according to FIPS 140-2 User Guide. Everything is fine. Step4 One odd issue happens. I can 'ssh -1 localhost' (use ssh protocol 1) to connect sshd server for the first time. But for the next time, 'ssh -1 localhost' gives message: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA1 host key has just been changed. The fingerprint for the RSA1 key sent by the remote host is ed:93:9a:6b:b8:ee:9f:4b:ed:87:eb:07:c8:d4:5d:5d. Please contact your system administrator. Add correct host key in /.ssh/known_hosts to get rid of this message. Offending key in /.ssh/known_hosts:3 RSA1 host key for localhost has changed and you have requested strict checking. Host key verification failed. After investigation, I find the problem is due to the below function from ssh, which writes the host key to ~/.ssh/known_hosts file for the first connection to sshd server. (It writes the wrong host key to file!) static int write_bignum(FILE *f, BIGNUM *num) { char *buf = BN_bn2dec(num); if (buf == NULL) { error('write_bignum: BN_bn2dec() failed'); return 0; } fprintf(f, ' %s', buf); OPENSSL_free(buf); return 1; } The BN_bn2dec function is from fips module fipscanister.o (crypto/bn/bn_print.c). # nm -g fipscanister.o|grep BN_bn2dec [889] | 420320| 1840|FUNC |GLOB |0| .text|BN_bn2dec char *BN_bn2dec(const BIGNUM *a) { int i=0,num; char *buf=NULL; char *p; BIGNUM *t=NULL; BN_ULONG *bn_data=NULL,*lp; i=BN_num_bits(a)*3; num=(i/10+i/1000+3)+1; bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG)); buf=(char *)OPENSSL_malloc(num+3); if ((buf == NULL) || (bn_data == NULL)) { BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE); goto err; } if ((t=BN_dup(a)) == NULL) goto err; #define BUF_REMAIN (num+3 - (size_t)(p - buf)) p=buf; lp=bn_data; if (t->neg) *(p++)='-'; if (t->top == 0) { *(p++)='0'; *(p++)='\0'; } else { i=0; while (!BN_is_zero(t)) { *lp=BN_div_word(t,BN_DEC_CONV); lp++; } lp--; /* We now have a series of blocks, BN_DEC_NUM chars * in length, where the last one needs truncation. * The blocks need to be reversed in order. */ BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp); while (*p) p++; while (lp != bn_data) { lp--; BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp); while (*p) p++; } } err: if (bn_data != NULL) OPENSSL_free(bn_data); if (t != NULL) BN_free(t); return(buf); } Then I track to BIO_snprintf function.(crypto/bio/b_print.c) /* As snprintf is not available everywhere, we provide our own implementation. * This function has nothing to do with BIOs, but it's closely related * to BIO_printf, and we need *some* name prefix ... * (XXX the function should be renamed, but to what?) */ int BIO_snprintf(char *buf, size_t n, const char *format, ...) { va_list args; int ret; va_start(args, format); ret = BIO_vsnprintf(buf, n, format, args); va_end(args); return(ret); } I doubt the BIO_snprintf is not fit for my box. So I replace BIO_snprintf with snprintf in BN_bn2dec function. After such modificatoin, 'ssh -1 localhost' works fine. In fact, both openssl-0.9.7m.tar.gz and openssl-fips-1.1.2.tar.gz have such problem on HPUX 11.23 IA for 32bits mode. (I've run into the same problem when I used 32bits mode libcrypto.a generated by openssl-0.9.7m.tar.gz before.) Again, the box I use is # uname -a HP-UX sshia1 B.11.23 U ia64 3432702471 unlimited-user license Could you investigate? Thank you! Best Regards _________________________________________________________________ 多个邮箱同步管理,live mail客户端万人抢用中 http://get.live.cn/product/mail.html ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]