Subject: Re: FIPS Compliance.

Re: FIPS Compliance.

From: john gloster <glosterj9_at_gmail.com>
Date: Wed, 30 Jul 2014 14:20:44 +0530

Ok. The problem is during cipher initialization.

Do not know the cause of this initialization.

From libssh2-1.4.3/src/openssl.c

_libssh2_cipher_init(_libssh2_cipher_ctx * h,
    174 _libssh2_cipher_type(algo),
    175 unsigned char *iv, unsigned char *secret, int
encrypt)
    176 {
    177 EVP_CIPHER_CTX_init(h);
    178 return !EVP_CipherInit(h, algo(), secret, iv, encrypt);
    179 }

I see that EVP_CipherInit() returns 0.

The cipher initialization fails only for AES CTR functions.

However, when i configure libssh2 1.4.3 with OpenSSL-1.0.1e it uses AES CTR
implementation from the later and passes.

From libssh2-1.4.3/src/openssl.h

    154 #ifdef HAVE_EVP_AES_128_CTR
    155 #define _libssh2_cipher_aes128ctr EVP_aes_128_ctr
    156 #define _libssh2_cipher_aes192ctr EVP_aes_192_ctr
    157 #define _libssh2_cipher_aes256ctr EVP_aes_256_ctr
    158 #else
    159 #define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr
    160 #define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr
    161 #define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr
    162 #endif

From libssh2-1.4.3/src/crypt.c

    300 static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
    301 #if LIBSSH2_AES_CTR
    302 &libssh2_crypt_method_aes128_ctr,
    303 &libssh2_crypt_method_aes192_ctr,
    304 &libssh2_crypt_method_aes256_ctr,
    305 #endif /* LIBSSH2_AES */
    306 #if LIBSSH2_AES
    307 &libssh2_crypt_method_aes256_cbc,
    308 &libssh2_crypt_method_rijndael_cbc_lysator_liu_se, /* ==
aes256-cbc */
    309 &libssh2_crypt_method_aes192_cbc,
    310 &libssh2_crypt_method_aes128_cbc,

Wonder how native support for this fails.
I have tested undefining LIBSSH2_AES_CTR and it works.

Could someone help?

On Tue, Jul 29, 2014 at 1:01 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Mon, 28 Jul 2014, john gloster wrote:
>
> #3 0x0000003076e2bae0 in __assert_fail (assertion=0x3088a51661 "*lock ==
>> ((ath_mutex_t) 0)", file=0x3088a51640 "ath.c", line=193,
>> function=0x3088a516a0 "_gcry_ath_mutex_lock")
>>
>> at assert.c:105
>>
>> #4 0x0000003088a1038a in ?? () from /lib64/libgcrypt.so.11
>>
>
> This shows gcrypt being used, not OpenSSL...
>
>
> --
>
> / daniel.haxx.se
> _______________________________________________
> libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
>

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2014-07-30