Subject: Re: FIPS Compliance.

Re: FIPS Compliance.

From: john gloster <glosterj9_at_gmail.com>
Date: Mon, 28 Jul 2014 23:57:56 +0530

Thank you all for the response.

One of the stack trace is as follows:

#0 0x0000003076e328a5 in raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64

#1 0x0000003076e34085 in abort () at abort.c:92

#2 0x0000003076e2ba1e in __assert_fail_base (fmt=<value optimized out>,
assertion=0x3088a51661 "*lock == ((ath_mutex_t) 0)", file=0x3088a51640
"ath.c",

    line=<value optimized out>, function=<value optimized out>) at
assert.c:96

#3 0x0000003076e2bae0 in __assert_fail (assertion=0x3088a51661 "*lock ==
((ath_mutex_t) 0)", file=0x3088a51640 "ath.c", line=193,
function=0x3088a516a0 "_gcry_ath_mutex_lock")

    at assert.c:105

#4 0x0000003088a1038a in ?? () from /lib64/libgcrypt.so.11

#5 0x0000003088a44d80 in ?? () from /lib64/libgcrypt.so.11

#6 0x0000003088a4586e in ?? () from /lib64/libgcrypt.so.11

#7 0x0000003088a1c122 in ?? () from /lib64/libgcrypt.so.11

#8 0x0000003088a1c22a in ?? () from /lib64/libgcrypt.so.11

#9 0x00007f3815c4446b in mac_method_hmac_sha1_hash (session=Unhandled
dwarf expression opcode 0xf3

) at mac.c:116

#10 0x00007f3815c5236c in fullpacket (session=0x7f37e000aae0) at
transport.c:178

#11 _libssh2_transport_read (session=0x7f37e000aae0) at transport.c:556

#12 0x00007f3815c3efd8 in _libssh2_channel_read (channel=0x7f37e0019820,
stream_id=0, buf=0x7f37e0019b24 "", buflen=4) at channel.c:1767

#13 0x00007f3815c4aa1b in sftp_packet_read (sftp=0x7f37e0019ae0) at
sftp.c:323

#14 0x00007f3815c4b1cf in sftp_packet_requirev (sftp=0x7f37e0019ae0,
valid_responses=0x7f3815c58bee "fesftp_read", request_id=15,
data=0x7f37eb5fc788, data_len=0x7f37eb5fc780,

    num_valid_responses=2) at sftp.c:566

#15 0x00007f3815c4c1ca in sftp_open (sftp=0x7f37e0019ae0,
filename=0x7f37e0009b90 "/TESTDIR/file.txt", filename_len=47,
flags=Unhandled dwarf expression opcode 0xf3

) at sftp.c:1106

#16 libssh2_sftp_open_ex (sftp=0x7f37e0019ae0, filename=0x7f37e0009b90
"/TESTDIR/file.txt", filename_len=47, flags=Unhandled dwarf expression
opcode 0xf3

) at sftp.c:1222

#17 0x00007f3816df8c62 in ssh_statemach_act () from
/opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4

#18 0x00007f3816dfab87 in ssh_easy_statemach () from
/opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4

#19 0x00007f3816dfae71 in ssh_do () from
/opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4

#20 0x00007f3816dde8cc in Curl_do () from
/opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4

#21 0x00007f3816de9e58 in Curl_perform () from
/opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4

Looks like in libssh2 1.4.3 the following functions are being used:

EVP_aes_128_ctr()

EVP_aes_192_ctr()

EVP_aes_256_ctr()

which are not there for libcrypto of OpenSSL-1.0.0-20 and is there for
libcrypto of OpenSSL-1.0.1e-16.

Could this be a reason? If it does, is there a way to make libssh2 1.4.3 to
work with OpenSSL-1.0.0-20?

On Fri, Jul 25, 2014 at 3:38 PM, Peter Stuge <peter_at_stuge.se> wrote:

> john gloster wrote:
> > I wanted to know whether libssh2 1.4.2/1.4.3 are compatible with FIPS
> > compliant OpenSSL version *openssl-1.0.0-20* ?
> >
> > I compiled libssh2 1.4.3 with this particular version of openssl and i
> > could see that my application linking to this libssh crashes.
>
> Did you link libssh2 into a static or dynamic library?
>
> Did you link also your application with OpenSSL or not?
>
> If you link OpenSSL in your application (either because you use
> dynamic libssh2 or because you use OpenSSL directly) then you must
> make sure to link with the correct library files.
>
> If you try to mix them (link libssh2 with FIPS OpenSSL, but link your
> application with system OpenSSL) then you will have crashes indeed.
>
>
> //Peter
> _______________________________________________
> libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
>

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2014-07-28