Hello All,
I
am working on an IPF(Itanium Processor Family) HPUX machine. Using the configure
option
hpux-ia64-cc would be the appropriate configure option while building OpenSSL in this platform. But I
have problems with OpenSSH authentication when I use this
option.
OpenSSH uses libcrypto of OpenSSL to generate the RSA key pair. Scenario 1 - SSH built using OpenSSL configured with hpux-ia64-cc i. Generate RSA key pair
#/usr/bin/ssh-keygen -t rsa1
ii. View the public key
#cat //.ssh/identity.pub
1024 35
1329300000000020907656400000000001780747579000000000426351223300000000029905744590000000002509467023000 0000003490192052000000000107451472800000000005030360980000000000597134397000000000316864390100000000029 1017538400000000027044763640000000002448290262000000000263627463900000000020287714850000000000919047739 [EMAIL PROTECTED] iii. Run the sshd
daemon
#/opt/ssh_hpux-cc/sbin/sshd -o'protocol 1' -ddd
-e
iv. Run the client
#/opt/ssh_hpux-cc/bin/ssh -1 -l root -o
'PreferredAuthentications="pubkey"' localhost -vvv
The sshd daemon rejects this key as a result the client authentication fails The compiler
options for hpux-ia64-cc
"hpux-ia64-cc","cc:-Ae +DD32 +O1 +Olit=all -z
-DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR
DES_U NROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", Scenario 2 -SSH built using OpenSSL configured with
hpux-cc
i. Generate RSA key pair
#/usr/bin/ssh-keygen -t rsa1
ii. View
the public key
#cat //.ssh/identity.pub 1024 35 1437122910944460067534870792490584153638875494206294171941680796472959390850506068660764130660092003114 6511827709926115182557164733137352007577919492698063416540177245308126918665480672846829658795559358482 1448512729384759808648867203588282392206887007723304276717097798871889974434155451797730883704857498211 [EMAIL PROTECTED] iii.
Run the sshd daemon
#/opt/ssh_hpux-cc/sbin/sshd -o'protocol 1' -ddd
-e
iv. Run the client
#/opt/ssh_hpux-cc/bin/ssh -1 -l root -o
'PreferredAuthentications="pubkey"' localhost -vvv
The sshd daemon accepts this key as a
result the client authentication
passes
The Compiler options for hpux-cc are as follows : hpux-cc
"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O1 -z::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROL L DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", My Analysis of the problem so far.
1. The problem
occurs while creation of n in the public key part of the
rsa
key
n=p*q (where p and q are prime big numbers) 2 . The value of dmax in the big number structure indicates the size of the big number 3. The following function returns the value of dmax #define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)? (a):bn_expand2((a),(bits)/BN_BITS2+1)) In this macro dmax is calculated as (bits)/BN_BITS2+1 OpenSSL configure option is hpux-cc dmax=(512)/32 +1 = 17
OpenSSL configure option is hpux-ia64-cc dmax=(512)64 +1=
9
Is
this change in the value of dmax causes the variation in the public
key.
4. The compiler options SIXTY_FOUR_BIT
and asm/ia64-cpp.o in
hpux-ia64-cc causes this problem. When
SIXTY_FOUR_BIT is replaced by
BN_LLONG and
the asm/ia64-cpp.o option is removed then
hpux-ia64-cc configure option works fine.
Please correct me if I am wrong ?
Thanks,
Prakash
__________________________________________________ |