From libssh2-devel-bounces@cool.haxx.se Fri Jul 4 05:34:05 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s643Xaaj021842; Fri, 4 Jul 2014 05:33:59 +0200 Received: from mail-la0-f51.google.com (mail-la0-f51.google.com [209.85.215.51]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s643XYtC021694 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-RC4-SHA bits=128 verify=NOT) for ; Fri, 4 Jul 2014 05:33:35 +0200 Received: by mail-la0-f51.google.com with SMTP id mc6so776673lab.10 for ; Thu, 03 Jul 2014 20:33:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=P2j3wgmWCh9QgJKLUlPROfKXUBNMainpX3NldnftNUI=; b=iX9jjU472QStFnsBRREZBLS8izHhHdhmcDq3HHyr0hfcwXfZOZkmXvpq7/ZAzc3yoo +7X+9qdWz2iqj4IRdjrUYQT6BrChjsx7Rq+LeQCtnK71r/zyDsh7EpVoJSpB97TEw+C7 BYfSxQDFINK/EvpBUElmUTmhE+7ibRWFJf7WwmCGDW/NOR7Iyz6cMONqujC+uuz4eW/j c3COQ85IgmvpCHqsFOZooT10/m1p+n8K5Y8g8xmksBRV95NCf5Kk1aNUChpEqN8+Ocki ntYwLb6caT+R5GuQKDFjwVQCERqrsnBMNLfb7yO7qpf/BrmM0l3OYGhQ1iZIGOJ20bap lU3w== X-Gm-Message-State: ALoCoQkYM09lw5o2xYFOyC8lSZ8ViBnG8TfcVXPs49W1nd9k7mNrPcjF8kKeSGvsQd8XOLaQCmwn MIME-Version: 1.0 X-Received: by 10.112.163.65 with SMTP id yg1mr6173850lbb.44.1404444809815; Thu, 03 Jul 2014 20:33:29 -0700 (PDT) Received: by 10.114.79.202 with HTTP; Thu, 3 Jul 2014 20:33:29 -0700 (PDT) In-Reply-To: References: <299fdb986750cc9f580c4db8781e8090@mail.gmail.com> <9c6913fa9603d4fc9c2c4e64b17703b0@mail.gmail.com> Date: Fri, 4 Jul 2014 09:03:29 +0530 Message-ID: Subject: Re: Questions about libssh2_sftp_read() From: Nitin Deokate To: libssh2 development X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0629343459==" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" --===============0629343459== Content-Type: multipart/alternative; boundary=089e0115fdc4ff001e04fd55c9c9 --089e0115fdc4ff001e04fd55c9c9 Content-Type: text/plain; charset=UTF-8 Can somebody help me here? On Sat, Jun 28, 2014 at 8:38 AM, Daniel Stenberg wrote: > On Fri, 27 Jun 2014, Nitin Deokate wrote: > > Nevertheless, I tried with localhost as well as another machine from same >> network(no heavy IO,memory operations on both machine. so guessing, it >> would be low latency) . still I get 2000 bytes >> > > Then so be it. The point is how fast you transfer data, not how much data > you get returned in a single call to libssh2_sftp_read()... > > > -- > > / daniel.haxx.se > _______________________________________________ > libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel > --089e0115fdc4ff001e04fd55c9c9 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Can somebody help me here?



On Sat, Jun 28, 2014 at= 8:38 AM, Daniel Stenberg <daniel@haxx.se> wrote:
On Fri, 27 Jun 2014, Nitin D= eokate wrote:

Nevertheless, I tried with localhost as well as another machine from same n= etwork(no heavy IO,memory operations on both machine. so guessing, it would= be low latency) . still I get 2000 bytes

Then so be it. The point is how fast you transfer data, not how much data y= ou get returned in a single call to libssh2_sftp_read()...


--

=C2=A0/ daniel.haxx.se<= /a>
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/list= info/libssh2-devel

--089e0115fdc4ff001e04fd55c9c9-- --===============0629343459== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwOi8vY29vbC5oYXh4LnNlL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby9saWJzc2gy LWRldmVsCg== --===============0629343459==-- From libssh2-devel-bounces@cool.haxx.se Sun Jul 6 13:37:47 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s66BbF6L001996; Sun, 6 Jul 2014 13:37:39 +0200 Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com [IPv6:2607:f8b0:4001:c03::231]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s66BbBTL000547 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-RC4-SHA bits=128 verify=NOT) for ; Sun, 6 Jul 2014 13:37:12 +0200 Received: by mail-ie0-f177.google.com with SMTP id tp5so2627431ieb.8 for ; Sun, 06 Jul 2014 04:37:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=5Pjhov+eFABja0TOwivQXCeQQug0QYj6NMnHKhpV+nY=; b=B6MPnNu189G2waOGhAO3QyZi9tGw6/Yxa4WJ8U4oP5VnIDReRSWE+rzf4KhuQ0oJP9 HPQHbFicj6SAOpKzP24UP9xdXjRLPZtrF+m/9hrBd87UAQk6BSlk3fKMUkmNtqUr2790 d/QmZamuNjfweLSOwx6UnHeLcfy1GigFGQzbSpAWcBZjKi/5K9Osi4UF4YheIuTJ6tzZ j7m4SeZOhUs24KR3VnF7CBSsOWaE9rjdTcp62X2SvBB7pYv1/bSwHXoyfqmdPyGx75SL /m1l4hcSBQmSQLxrpqQARGixSzNl6z7GYPyLdJ37vJj0p12oH/oFPPSxOVia3eMgiBJY wIAg== MIME-Version: 1.0 X-Received: by 10.50.1.111 with SMTP id 15mr76302799igl.7.1404646626612; Sun, 06 Jul 2014 04:37:06 -0700 (PDT) Received: by 10.50.80.39 with HTTP; Sun, 6 Jul 2014 04:37:06 -0700 (PDT) In-Reply-To: References: <299fdb986750cc9f580c4db8781e8090@mail.gmail.com> <9c6913fa9603d4fc9c2c4e64b17703b0@mail.gmail.com> Date: Sun, 6 Jul 2014 12:37:06 +0100 X-Google-Sender-Auth: X-K_-y9-Vwz3Ohow5ZFDsILUjew Message-ID: Subject: Re: Questions about libssh2_sftp_read() From: Alexander Lamaison To: libssh2 development X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id s66BbF6L001996 > On Sat, Jun 28, 2014 at 8:38 AM, Daniel Stenberg wrote: >> >> On Fri, 27 Jun 2014, Nitin Deokate wrote: >> >>> Nevertheless, I tried with localhost as well as another machine from same >>> network(no heavy IO,memory operations on both machine. so guessing, it would >>> be low latency) . still I get 2000 bytes >> >> >> Then so be it. The point is how fast you transfer data, not how much data >> you get returned in a single call to libssh2_sftp_read()... >> On 4 July 2014 04:33, Nitin Deokate wrote: > Can somebody help me here? Are you seeing slow throughput? Alex -- Swish - Easy SFTP for Windows Explorer (http://www.swish-sftp.org) _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Thu Jul 17 08:28:55 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6GIBjCW018800; Wed, 16 Jul 2014 20:11:55 +0200 Received: from BAY004-OMC4S12.hotmail.com (bay004-omc4s12.hotmail.com [65.54.190.214]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6GIBhTv018331 for ; Wed, 16 Jul 2014 20:11:43 +0200 Received: from BAY407-EAS134 ([65.54.190.201]) by BAY004-OMC4S12.hotmail.com with Microsoft SMTPSVC(7.5.7601.22712); Wed, 16 Jul 2014 11:11:33 -0700 X-TMN: [43EuYPpeFM+Ubxq3/f3403tPa0TyHNJw] X-Originating-Email: [bob_2824@hotmail.com] Message-ID: From: Bob Kast To: "'libssh2 development'" References: In-Reply-To: Subject: RE: Getting "Internal Server Error" from SFTP server Date: Wed, 16 Jul 2014 14:11:33 -0400 MIME-Version: 1.0 X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQABAgMEUEMuGLBxIBwiM8Lt2v30gp9APnPg Content-Language: en-us X-OriginalArrivalTime: 16 Jul 2014 18:11:33.0228 (UTC) FILETIME=[5FEB42C0:01CFA121] X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id s6GIBjCW018800 Please ignore my previous email. The problem was I had a typo in a filename. You'd think if it tries downloading a file that doesn't exist it would return some more meaningful error, such as "file not found". Instead it gives me an SFTP protocol error and a message from the server: "Internal server error". Sorry for the false alarm. Bob > -----Original Message----- > From: Bob Kast [mailto:bob_2824@hotmail.com] > Sent: Wednesday, July 16, 2014 12:59 PM > To: 'libssh2 development' > Subject: Getting "Internal Server Error" from SFTP server > > My SFTP installation is used to fetch files from a specific SFTP server. It has > been working fine for many months and now suddenly it is failing. I suspect > that my company has upgraded their SFTP server. > > Some shorter files (about 78k bytes) work fine, but when it attempts to > download a 36Mbyte file it fails with -31 (LIBSSH2_ERROR_SFTP_PROTOCOL). > Oddly enough, it fails in the first call to libssh2_sftp_read() (with a buffer of > 40,000 bytes), so I'm not sure what the length of the file has to do with > anything. > > I can use filezilla to successfully download the files using SFTP, so I'm not sure > if this is a problem with their server or libssh2. > > I've done a run with debug tracing on and I've attached the output. > Unfortunately, I'm not sure what I'm looking at, except for the bit at the end > where it receives this from the server: > > 0000: 5E 00 00 00 00 00 00 00 2D 00 00 00 29 65 00 00 : ^.......-...)e.. > 0010: 00 02 00 00 00 04 00 00 00 16 49 6E 74 65 72 6E : ..........Intern > 0020: 61 6C 20 73 65 72 76 65 72 20 65 72 72 6F 72 2E : al server error. > 0030: 00 00 00 02 65 6E : ....en > > I've tried it with wincng and openssl and both fail and I've tried a buffer size > of 2000 bytes instead of 40000. > > I've found in the past that I NEED to specify a buffer that is an exact multiple > of 2000 bytes for it to work with this SFTP server. > > If anyone has any ideas on how to proceed, I'd greatly appreciate it. > > Thanks, > Bob Kast > _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Thu Jul 17 08:30:24 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6GGxVWD024694; Wed, 16 Jul 2014 18:59:55 +0200 Received: from BAY004-OMC4S23.hotmail.com (bay004-omc4s23.hotmail.com [65.54.190.225]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6GGxSaG024186 for ; Wed, 16 Jul 2014 18:59:29 +0200 Received: from BAY407-EAS21 ([65.54.190.201]) by BAY004-OMC4S23.hotmail.com with Microsoft SMTPSVC(7.5.7601.22712); Wed, 16 Jul 2014 09:59:14 -0700 X-TMN: [e1VNsItuF297rcqjDXLmWgRxUp5HOHWX] X-Originating-Email: [bob_2824@hotmail.com] Message-ID: From: Bob Kast To: "'libssh2 development'" Subject: Getting "Internal Server Error" from SFTP server Date: Wed, 16 Jul 2014 12:59:14 -0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0015_01CFA0F5.BEF877A0" X-Mailer: Microsoft Outlook 15.0 Thread-Index: Ac+hFXRrUvE77HrJT0O7Mh1d2fNjlA== Content-Language: en-us X-OriginalArrivalTime: 16 Jul 2014 16:59:14.0980 (UTC) FILETIME=[461F2640:01CFA117] X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" ------=_NextPart_000_0015_01CFA0F5.BEF877A0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit My SFTP installation is used to fetch files from a specific SFTP server. It has been working fine for many months and now suddenly it is failing. I suspect that my company has upgraded their SFTP server. Some shorter files (about 78k bytes) work fine, but when it attempts to download a 36Mbyte file it fails with -31 (LIBSSH2_ERROR_SFTP_PROTOCOL). Oddly enough, it fails in the first call to libssh2_sftp_read() (with a buffer of 40,000 bytes), so I'm not sure what the length of the file has to do with anything. I can use filezilla to successfully download the files using SFTP, so I'm not sure if this is a problem with their server or libssh2. I've done a run with debug tracing on and I've attached the output. Unfortunately, I'm not sure what I'm looking at, except for the bit at the end where it receives this from the server: 0000: 5E 00 00 00 00 00 00 00 2D 00 00 00 29 65 00 00 : ^.......-...)e.. 0010: 00 02 00 00 00 04 00 00 00 16 49 6E 74 65 72 6E : ..........Intern 0020: 61 6C 20 73 65 72 76 65 72 20 65 72 72 6F 72 2E : al server error. 0030: 00 00 00 02 65 6E : ....en I've tried it with wincng and openssl and both fail and I've tried a buffer size of 2000 bytes instead of 40000. I've found in the past that I NEED to specify a buffer that is an exact multiple of 2000 bytes for it to work with this SFTP server. If anyone has any ideas on how to proceed, I'd greatly appreciate it. Thanks, Bob Kast ------=_NextPart_000_0015_01CFA0F5.BEF877A0 Content-Type: text/plain; name="libssh2_log.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="libssh2_log.txt" [libssh2] 536.060738 Conn: Writing 29 bytes on channel 0/1, stream #0 [libssh2] 536.060738 Conn: Sending 29 bytes on channel 0/1, = stream_id=3D0 =3D> libssh2_transport_write plain (9 bytes) 0000: 5E 00 00 00 01 00 00 00 1D : ^........ =3D> libssh2_transport_write plain2 (29 bytes) 0000: 00 00 00 19 05 00 00 00 02 00 00 00 04 00 00 00 : = ................ 0010: 01 00 00 00 00 00 00 00 00 00 00 07 D0 : ............=D0 [libssh2] 536.060738 Socket: Sent 308/308 bytes at 0000000004981268 =3D> libssh2_transport_write send() (308 bytes) 0000: E1 9F 88 5D CA B9 89 49 58 55 DA FB B4 41 0D 47 : = =E1=9F.]=CA=B9=89IXU=DA=FB=B4A.G 0010: 32 B6 F9 F0 6C 3B CA 31 4A 0A C1 98 A9 D4 6E F5 : = 2=B6=F9=F0l;=CA1J.=C1.=A9=D4n=F5 0020: C4 41 0B 6C D3 52 ED AC 4D 1E 78 DA 81 0D 61 B7 : = =C4A.l=D3R=ED=ACM.x=DA..a=B7 0030: 83 C7 63 F6 30 C1 68 C4 06 19 54 A6 E3 FD 7B FC : = =83=C7c=F60=C1h=C4..T=A6=E3=FD{=FC 0040: E5 5F 11 DB 84 17 50 CF 90 36 A6 04 B0 6F A6 ED : = =E5_.=DB=84.P=CF.6=A6.=B0o=A6=ED 0050: 37 71 DC 0A EA 8F 85 C4 8A 94 4D 61 5E 30 13 2A : = 7q=DC.=EA.=85=C4=8A=94Ma^0.* 0060: E7 59 61 5C 13 E8 62 24 A7 5A 45 2C 92 01 70 A5 : = =E7Ya\.=E8b$=A7ZE,=92.p=A5 0070: B5 25 0C FC B0 35 8A 66 EE 67 22 82 EF DD 9A EB : = =B5%.=FC=B05=8Af=EEg"=82=EF=DD=9A=EB 0080: 25 BA E8 E2 8B 6D F0 10 0C 7B 5F 80 4F D9 7C 12 : = %=BA=E8=E2=8Bm=F0..{_.O=D9|. 0090: FA CF 5F 25 6A C0 02 68 E2 FC BF 21 CF 91 E5 77 : = =FA=CF_%j=C0.h=E2=FC=BF!=CF=91=E5w 00a0: CA 5B 09 AC E0 C5 AC 86 07 46 94 BB 54 0D A7 23 : =CA[ = =AC=E0=C5=AC=86.F=94=BBT.=A7# 00b0: 4E 73 7E 91 D5 DD D1 6A 4B 11 2B 25 3B E9 EA E7 : = Ns~=91=D5=DD=D1jK.+%;=E9=EA=E7 00c0: 7B 66 1F 12 FE F5 9D 2C 51 FB E4 47 E7 76 43 BC : = {f..=FE=F5.,Q=FB=E4G=E7vC=BC 00d0: 5C B5 B3 69 9E A0 A5 3C 53 FE AA AA 3E C2 FB 21 : = \=B5=B3i=9E=A0=A5=C2=FB! 00e0: 65 BD 5F A9 50 8F 96 39 3A AF DF A2 F2 32 36 5B : = e=BD_=A9P.=969:=AF=DF=A2=F226[ 00f0: 4D 71 22 56 48 8C 26 F7 39 0B E8 7F C9 7F AA 27 : = Mq"VH=8C&=F79.=E8.=C9.=AA' 0100: 31 35 BE 5D BA FA DC C0 9B 08 57 61 B6 A8 88 88 : = 15=BE]=BA=FA=DC=C0=9B.Wa=B6=A8.. 0110: A5 BE 66 77 7E 6A 59 C8 94 54 86 11 08 28 5E 75 : = =A5=BEfw~jY=C8=94T=86..(^u 0120: 31 98 63 AA C1 C8 CF 25 B5 DC 8F 2D BD D9 6E 36 : = 1.c=AA=C1=C8=CF%=B5=DC.-=BD=D9n6 0130: 77 2D 67 B6 : w-g=B6 [libssh2] 536.076363 Conn: Writing 29 bytes on channel 0/1, stream #0 [libssh2] 536.076363 Conn: Sending 29 bytes on channel 0/1, = stream_id=3D0 =3D> libssh2_transport_write plain (9 bytes) 0000: 5E 00 00 00 01 00 00 00 1D : ^........ =3D> libssh2_transport_write plain2 (29 bytes) 0000: 00 00 00 19 05 00 00 00 03 00 00 00 04 00 00 00 : = ................ 0010: 01 00 00 00 00 00 00 07 D0 00 00 07 D0 : = ........=D0...=D0 [libssh2] 536.076363 Socket: Sent 308/308 bytes at 0000000004981268 =3D> libssh2_transport_write send() (308 bytes) 0000: 0A 67 0D 9B 7E BC E1 40 3E 09 F4 BC 76 5C 1F C6 : .g.=9B~=BC=E1@> = =F4=BCv\.=C6 0010: 6F 8D 56 05 FC 2A E7 7A AB 14 79 18 25 2D 42 99 : = o.V.=FC*=E7z=AB.y.%-B. 0020: 85 7C 39 61 21 FA DF DE A8 93 D4 91 89 53 25 54 : = =85|9a!=FA=DF=DE=A8=93=D4=91=89S%T 0030: 65 B5 FB 56 74 7B 4D F5 10 30 66 F5 EA DF E3 F9 : = e=B5=FBVt{M=F5.0f=F5=EA=DF=E3=F9 0040: 93 AA 60 C2 25 15 F4 E7 79 AC 2D BF B2 D0 87 92 : = =93=AA`=C2%.=F4=E7y=AC-=BF=B2=D0=87=92 0050: 30 7B 1F 52 A6 27 FC EB 9A 65 21 EA B1 C3 E6 FA : = 0{.R=A6'=FC=EB=9Ae!=EA=B1=C3=E6=FA 0060: 99 9D 4D 89 51 DA 33 8B 6B 64 01 2F 98 20 7C 2E : = ..M=89Q=DA3=8Bkd./. |. 0070: 6A FF 12 3B CE 20 BA 2C 73 99 7B B7 D6 E0 29 D8 : j=FF.;=CE = =BA,s.{=B7=D6=E0)=D8 0080: 11 33 8C 9D C1 81 18 28 0F D4 48 10 7F D8 8A A0 : = .3=8C.=C1..(.=D4H..=D8=8A=A0 0090: CD F5 CA 61 07 57 F5 B3 82 0A 01 BD 2B 40 B1 7B : = =CD=F5=CAa.W=F5=B3=82..=BD+@=B1{ 00a0: 9A A6 59 60 76 57 25 22 8A 51 BB 47 EE F6 8B 6E : = =9A=A6Y`vW%"=8AQ=BBG=EE=F6=8Bn 00b0: 73 DA 2B F5 F2 27 FA C9 CF 97 4F 20 01 09 8E 5E : = s=DA+=F5=F2'=FA=C9=CF=97O . =8E^ 00c0: D2 AC C8 F5 9D BC CF 1D EF 11 20 2E D5 85 F0 29 : = =D2=AC=C8=F5.=BC=CF.=EF. .=D5=85=F0) 00d0: E8 5D A4 DC 36 68 AE 9C C2 12 74 5F F7 9E 1D E2 : = =E8]=A4=DC6h=AE=9C=C2.t_=F7=9E.=E2 00e0: 63 3D 66 D3 C0 C7 63 7A C7 BB F3 82 42 B8 2A 34 : = c=3Df=D3=C0=C7cz=C7=BB=F3=82B=B8*4 00f0: 41 5F 70 37 75 51 89 BC 9F 80 DC 7E 3A 8A FA 97 : = A_p7uQ=89=BC=9F.=DC~:=8A=FA=97 0100: 25 70 2B 01 CC BA E9 F7 1A 46 B9 06 6D B6 7B BD : = %p+.=CC=BA=E9=F7.F=B9.m=B6{=BD 0110: 67 52 9F B8 6E 63 67 48 FF F6 BB 30 3B AF 83 DB : = gR=9F=B8ncgH=FF=F6=BB0;=AF=83=DB 0120: CA FD 1B 7F E3 22 54 B8 D7 D2 00 EA EB D9 A5 30 : = =CA=FD..=E3"T=B8=D7=D2.=EA=EB=D9=A50 0130: 04 25 A4 60 : .%=A4` [libssh2] 536.091988 Conn: Writing 29 bytes on channel 0/1, stream #0 [libssh2] 536.091988 Conn: Sending 29 bytes on channel 0/1, = stream_id=3D0 =3D> libssh2_transport_write plain (9 bytes) 0000: 5E 00 00 00 01 00 00 00 1D : ^........ =3D> libssh2_transport_write plain2 (29 bytes) 0000: 00 00 00 19 05 00 00 00 04 00 00 00 04 00 00 00 : = ................ 0010: 01 00 00 00 00 00 00 0F A0 00 00 07 D0 : = ........=A0...=D0 [libssh2] 536.091988 Socket: Sent 308/308 bytes at 0000000004981268 =3D> libssh2_transport_write send() (308 bytes) 0000: B5 13 AD 7F F4 C6 5B 7C A7 AF 56 16 17 9B 32 1A : = =B5.=AD.=F4=C6[|=A7=AFV..=9B2. 0010: 2D DA 7F F0 88 BA 2F D9 5B 6F 99 52 5E 1E A8 11 : = -=DA.=F0.=BA/=D9[o.R^.=A8. 0020: EB 16 DD B3 C7 34 5D 2B F6 60 99 43 31 40 25 92 : = =EB.=DD=B3=C74]+=F6`.C1@%=92 0030: BB 93 6E 58 B7 30 A2 07 72 1A 2D D0 03 26 0B DF : = =BB=93nX=B70=A2.r.-=D0.&.=DF 0040: DC 2B 44 0F 32 99 D7 54 7A 0A 7C 65 10 E1 21 61 : = =DC+D.2.=D7Tz.|e.=E1!a 0050: 56 B7 2B 4E CD 63 6B 05 44 97 12 54 27 E9 36 01 : = V=B7+N=CDck.D=97.T'=E96. 0060: 61 6B 66 36 A3 FD 93 29 F1 9E 27 8B 68 01 87 F6 : = akf6=A3=FD=93)=F1=9E'=8Bh.=87=F6 0070: CA BA 62 75 97 8A 6A C5 49 AE BB 0C 27 8B BB C0 : = =CA=BAbu=97=8Aj=C5I=AE=BB.'=8B=BB=C0 0080: 89 96 D4 50 D3 44 04 88 7C 43 BE 71 F0 84 24 92 : = =89=96=D4P=D3D..|C=BEq=F0=84$=92 0090: 9D F4 56 76 63 62 D6 B5 B3 70 BA B7 2C 1D 95 A9 : = .=F4Vvcb=D6=B5=B3p=BA=B7,.=95=A9 00a0: 3E EA 87 D8 65 72 AC AA 97 5C EF FA EC 35 A5 8E : = >=EA=87=D8er=AC=AA=97\=EF=FA=EC5=A5=8E 00b0: A2 C1 74 56 5F 71 8A 49 C0 49 66 8B 02 B8 42 13 : = =A2=C1tV_q=8AI=C0If=8B.=B8B. 00c0: A3 65 DA 65 52 9D 1F 52 A6 FE 0D EB CD 8C 7A 94 : = =A3e=DAeR..R=A6=FE.=EB=CD=8Cz=94 00d0: 01 0B 14 99 A0 C4 86 66 4D 19 3D 4E 14 88 61 2B : = ....=A0=C4=86fM.=3DN..a+ 00e0: 7A 6D 7C 6C E9 F7 B0 81 A0 07 2D CB 63 E3 36 5C : = zm|l=E9=F7=B0.=A0.-=CBc=E36\ 00f0: C6 60 15 A1 D9 E2 19 4A D4 F0 B5 CA 64 04 F3 47 : = =C6`.=A1=D9=E2.J=D4=F0=B5=CAd.=F3G 0100: 20 11 F8 1B AD 7B 77 E0 FB 11 F1 67 60 86 ED 1B : = .=F8.=AD{w=E0=FB.=F1g`=86=ED. 0110: 29 9E 25 D7 8F DB 17 E1 43 A3 53 5F C3 68 34 CE : = )=9E%=D7.=DB.=E1C=A3S_=C3h4=CE 0120: E6 7D 85 19 FF CB B4 88 52 0A 55 36 F1 D0 61 8C : = =E6}=85.=FF=CB=B4.R.U6=F1=D0a=8C 0130: 6A 87 6C A4 : j=87l=A4 [libssh2] 536.091988 Conn: Writing 29 bytes on channel 0/1, stream #0 [libssh2] 536.091988 Socket: Recved 84/16384 bytes to 000000000497D228+0 =3D> libssh2_transport_read() raw (84 bytes) 0000: 3C 97 FE CD BB B2 77 F4 BE D0 86 A2 65 0A EB 98 : = <=97=FE=CD=BB=B2w=F4=BE=D0=86=A2e.=EB. 0010: 2C 55 03 30 08 C2 6E D2 C5 B6 8E 4D 5E 94 46 B6 : = ,U.0.=C2n=D2=C5=B6=8EM^=94F=B6 0020: CC 2A B1 9A 1B 49 F5 1B C9 C0 CE 0D DE 0E 57 81 : = =CC*=B1=9A.I=F5.=C9=C0=CE.=DE.W. 0030: BB F4 0D 8B 15 08 6B 94 FF 39 63 7C 81 25 96 FF : = =BB=F4.=8B..k=94=FF9c|.%=96=FF 0040: 54 B8 46 1B AF 66 1A F3 E7 FD C4 28 37 84 8F 2D : = T=B8F.=AFf.=F3=E7=FD=C4(7=84.- 0050: 60 BC 84 00 : `=BC=84. =3D> libssh2_transport_read() plain (54 bytes) 0000: 5E 00 00 00 00 00 00 00 2D 00 00 00 29 65 00 00 : = ^.......-...)e.. 0010: 00 02 00 00 00 04 00 00 00 16 49 6E 74 65 72 6E : = ..........Intern 0020: 61 6C 20 73 65 72 76 65 72 20 65 72 72 6F 72 2E : al server = error. 0030: 00 00 00 02 65 6E : ....en [libssh2] 536.107612 Transport: Packet type 94 received, length=3D54 [libssh2] 536.107612 Conn: 45 bytes packet_add() for 0/1/0 [libssh2] 536.107612 Conn: increasing read_avail by 45 bytes to = 45/2097093 [libssh2] 536.107612 Conn: Sending 29 bytes on channel 0/1, = stream_id=3D0 =3D> libssh2_transport_write plain (9 bytes) 0000: 5E 00 00 00 01 00 00 00 1D : ^........ =3D> libssh2_transport_write plain2 (29 bytes) 0000: 00 00 00 19 05 00 00 00 05 00 00 00 04 00 00 00 : = ................ 0010: 01 00 00 00 00 00 00 17 70 00 00 07 D0 : ........p...=D0 ------=_NextPart_000_0015_01CFA0F5.BEF877A0 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwOi8vY29vbC5oYXh4LnNlL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby9saWJzc2gy LWRldmVsCg== ------=_NextPart_000_0015_01CFA0F5.BEF877A0-- From libssh2-devel-bounces@cool.haxx.se Fri Jul 25 09:30:50 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6P7UMFK020613; Fri, 25 Jul 2014 09:30:46 +0200 Received: from mail-oa0-x244.google.com (mail-oa0-x244.google.com [IPv6:2607:f8b0:4003:c02::244]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6P7UIfW020292 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-RC4-SHA bits=128 verify=NOT) for ; Fri, 25 Jul 2014 09:30:19 +0200 Received: by mail-oa0-f68.google.com with SMTP id i7so1424479oag.11 for ; Fri, 25 Jul 2014 00:30:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=CY22CNTGwpa35jdN8f5KPf/bkC5ThBbc1XTXD1CrQo8=; b=NM7h/VJOuOTtrleo/PDTzijVsWSkGiRv8hBcyzFswvdn4agwyWASje6bhgaV7XbLg1 YBH2bWNXE+ta9vqwf9C7pyw1RddrDc83Y8hZYkkJ2AAevT7k4OcFfA+KcAjXUZ6aj/kR 5lP1WDC0tLv9Hl/FxshIDDV84Pjz6rTsEbZDCWF6dgXTNkGfxrAqWiIuy8u4B547Q/8p LWxp2Kaheo1zg1emR1Qminuw6h8ww8A6TQdmqu2dB+FkXHgYYAWlkBBGjaxirv3SAWRH d9r4exvozc+b7qjaiS+UvhvhOmyGc5L+ZHeRbcMxbkXk42dU2+8xKs25qWOv0Kr7t8D+ C/cQ== MIME-Version: 1.0 X-Received: by 10.60.161.136 with SMTP id xs8mr20021331oeb.42.1406273413005; Fri, 25 Jul 2014 00:30:13 -0700 (PDT) Received: by 10.182.81.10 with HTTP; Fri, 25 Jul 2014 00:30:12 -0700 (PDT) Date: Fri, 25 Jul 2014 13:00:12 +0530 Message-ID: Subject: FIPS Compliance. From: john gloster To: libssh2-devel@cool.haxx.se X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1552150779==" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" --===============1552150779== Content-Type: multipart/alternative; boundary=089e01183a183d43a904feff8b00 --089e01183a183d43a904feff8b00 Content-Type: text/plain; charset=UTF-8 Hi, I wanted to know whether libssh2 1.4.2/1.4.3 are compatible with FIPS compliant OpenSSL version *openssl-1.0.0-20* ? I compiled libssh2 1.4.3 with this particular version of openssl and i could see that my application linking to this libssh crashes. In other cases, my application runs successfully if i compile libssh2 1.4.3 with openssl-1.0.1e-16. Could some one please shed light on this one? Alternately please let me know whether i can configure libssh2 to use a particular set crypto algorithms supported by the openssl. Thanking you on advance. --089e01183a183d43a904feff8b00 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi,

I wanted to know whether libssh2 1.= 4.2/1.4.3 are compatible with FIPS compliant OpenSSL version openssl-1.0= .0-20 ?

I compiled libssh2 1.4.3 with t= his particular version of openssl and i could see that my application linki= ng to this libssh crashes.

In other cases, my application runs successfully if i c= ompile libssh2 1.4.3 with openssl-1.0.1e-16.

Could= some one please shed light on this one?

Alternate= ly please let me know whether i can configure libssh2 to use a particular s= et crypto algorithms supported by the openssl.

Thanking you on advance.=C2=A0

--089e01183a183d43a904feff8b00-- --===============1552150779== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwOi8vY29vbC5oYXh4LnNlL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby9saWJzc2gy LWRldmVsCg== --===============1552150779==-- From libssh2-devel-bounces@cool.haxx.se Fri Jul 25 09:36:20 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6P7aGlc031224; Fri, 25 Jul 2014 09:36:19 +0200 Received: from giant.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6P7aFh2031168 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 25 Jul 2014 09:36:15 +0200 Received: from localhost (dast@localhost) by giant.haxx.se (8.14.4/8.14.4/Submit) with ESMTP id s6P7aENY031152 for ; Fri, 25 Jul 2014 09:36:14 +0200 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Fri, 25 Jul 2014 09:36:14 +0200 (CEST) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: Re: FIPS Compliance. In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id s6P7aGlc031224 On Fri, 25 Jul 2014, john gloster wrote: > I wanted to know whether libssh2 1.4.2/1.4.3 are compatible with FIPS > compliant OpenSSL version *openssl-1.0.0-20* ? > > I compiled libssh2 1.4.3 with this particular version of openssl and i could > see that my application linking to this libssh crashes. I only have a vague idea of what FIPS is exactly and what the fips versions of OpenSSL do, but even a restricted openssl library should not be a reason for libssh2 to crash (as long as it maintains the API). I'd be interested in a stack trace of the crash to see what really happened. -- / daniel.haxx.se _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Fri Jul 25 10:08:22 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6P88Crh006687; Fri, 25 Jul 2014 10:08:20 +0200 Received: from mail-we0-x236.google.com (mail-we0-x236.google.com [IPv6:2a00:1450:400c:c03::236]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6P88A0t006498 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-RC4-SHA bits=128 verify=NOT) for ; Fri, 25 Jul 2014 10:08:10 +0200 Received: by mail-we0-f182.google.com with SMTP id k48so3882295wev.41 for ; Fri, 25 Jul 2014 01:08:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qqmail.nl; s=google; h=message-id:mime-version:to:from:subject:date:in-reply-to:references :content-type; bh=XVyEjiS7owIYjcf667OCZ/RNQItpxI+Ex+vG9ijAzZg=; b=ja7zKyAXVGFE2SVxBbvt/jQiIMagh8glCs7PF49WVNuhdltVWAAmPmisBiAInfdAWQ tfYOm+4709Rd+oNWdlrEj3omq9FX17io/1/M5k2fxgKpo0U61uk8SMYVXJ4dJCK8tiEM scI6kM3QC027bFTrLuS8mLtChETg7M9R9YuH8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:mime-version:to:from:subject:date :in-reply-to:references:content-type; bh=XVyEjiS7owIYjcf667OCZ/RNQItpxI+Ex+vG9ijAzZg=; b=KATvfqmweFihtUz4w4ZNhyOkHS/7VtmiQZzUhuHm3aBAoA1fEg6eKbA0h+m0ZeZUad X3AzMWEYOnr2gIgQgubD1hsYh7AFd0Vva3qKvknJzXcNJ/T6hXeyLJnNkXrFycRkVVy7 6uYUwtowK9DHNuf9otQVlLVco7PaKNtljBLJ68vFNwOfn7M2wRqrv0+huiDkQqYGtA/F nXpIBS8WLhpVtXSDvLmzzXmT3jsySJU6wkxnZvhKEY9rrCFOwxNylz62sf2G6TgG2pCj FwpvvuRM/bOZ294xpcIyvCDv4u7a5EHG2tTXK/buu9wWr+cnVT3TFsZg9M80f6HicoN2 hUsA== X-Gm-Message-State: ALoCoQmMrdkU9rIpYYi4AKjZSXDBtzKA+PenVznZ6gsn62pUKoceNryQflfC89ARZWyKUMYpOVKL X-Received: by 10.194.189.50 with SMTP id gf18mr19589994wjc.13.1406275685201; Fri, 25 Jul 2014 01:08:05 -0700 (PDT) Received: from [188.90.240.73] ([188.90.240.73]) by mx.google.com with ESMTPSA id gc8sm2957464wic.3.2014.07.25.01.08.03 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 25 Jul 2014 01:08:04 -0700 (PDT) Message-ID: <53d21064.c8bcb40a.5c9c.3fe3@mx.google.com> MIME-Version: 1.0 To: libssh2 development From: Bert Huijben Subject: RE: FIPS Compliance. Date: Fri, 25 Jul 2014 10:08:02 +0200 In-Reply-To: References: X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1340415989==" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" --===============1340415989== Content-Type: multipart/alternative; boundary="_4447582B-9176-4504-AE11-2B42B20F2579_" --_4447582B-9176-4504-AE11-2B42B20F2579_ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If I remember correctly there is a compile time flag for libssh2 to enable = a strict fips mode. I would guess this might break compatibility with some (probably older) ssh= implementations that don't implement newer (optional) cyphers. Bert -----Original Message----- From: "john gloster" Sent: =E2=80=8E25-=E2=80=8E7-=E2=80=8E2014 09:33 To: "libssh2-devel@cool.haxx.se" Subject: FIPS Compliance. Hi, I wanted to know whether libssh2 1.4.2/1.4.3 are compatible with FIPS compl= iant OpenSSL version openssl-1.0.0-20 ? I compiled libssh2 1.4.3 with this particular version of openssl and i coul= d see that my application linking to this libssh crashes. In other cases, my application runs successfully if i compile libssh2 1.4.3= with openssl-1.0.1e-16. Could some one please shed light on this one? Alternately please let me know whether i can configure libssh2 to use a par= ticular set crypto algorithms supported by the openssl. Thanking you on advance. = --_4447582B-9176-4504-AE11-2B42B20F2579_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"
If I remember correctly there is a compile time flag for = libssh2 to enable a strict fips mode.

I would guess this might break= compatibility with some (probably older) ssh implementations that don't im= plement newer (optional) cyphers.

Bert
<= hr>From: john gloster
Sent: =E2=80=8E25-=E2=80=8E7-=E2=80=8E2014 09:33
= To: libssh2-devel@coo= l.haxx.se
Subject: FIPS Compliance.

Hi,

I wanted to know whether libssh2= 1.4.2/1.4.3 are compatible with FIPS compliant OpenSSL version openssl-= 1.0.0-20 ?

I compiled libssh2 1.4.3 wit= h this particular version of openssl and i could see that my application li= nking to this libssh crashes.
=0A=

In other cases, my application runs successfully if i c= ompile libssh2 1.4.3 with openssl-1.0.1e-16.

Could= some one please shed light on this one?

Alternate= ly please let me know whether i can configure libssh2 to use a particular s= et crypto algorithms supported by the openssl.
=0A=

Thanking you on advance. 

=0A= = --_4447582B-9176-4504-AE11-2B42B20F2579_-- --===============1340415989== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwOi8vY29vbC5oYXh4LnNlL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby9saWJzc2gy LWRldmVsCg== --===============1340415989==-- From libssh2-devel-bounces@cool.haxx.se Fri Jul 25 10:31:37 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6P8VN6H031107; Fri, 25 Jul 2014 10:31:35 +0200 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6P8VLOC030912 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 25 Jul 2014 10:31:22 +0200 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s6P8VG1v010389 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 25 Jul 2014 04:31:17 -0400 Received: from nbkamil.localnet (vpn1-5-39.ams2.redhat.com [10.36.5.39]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s6P8VGXL030308; Fri, 25 Jul 2014 04:31:16 -0400 From: Kamil Dudka To: Bert Huijben , john gloster Subject: Re: FIPS Compliance. Date: Fri, 25 Jul 2014 10:29:57 +0200 Message-ID: <3666607.BLEhhFGrBq@nbkamil> User-Agent: KMail/4.12.5 (Linux/3.12.21-gentoo-r1; KDE/4.12.5; x86_64; ; ) In-Reply-To: <53d21064.c8bcb40a.5c9c.3fe3@mx.google.com> References: <53d21064.c8bcb40a.5c9c.3fe3@mx.google.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-MIME-Autoconverted: from quoted-printable to 8bit by giant.haxx.se id s6P8VLOC030912 Cc: libssh2-devel@cool.haxx.se X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id s6P8VN6H031107 On Friday, July 25, 2014 10:08:02 Bert Huijben wrote: > If I remember correctly there is a compile time flag for libssh2 to enable a > strict fips mode. I do not think so. Did not you mean a compile time flag for OpenSSL? > I would guess this might break compatibility with some (probably older) ssh > implementations that don't implement newer (optional) cyphers. > > Bert > > -----Original Message----- > From: "john gloster" > Sent: ‎25-‎7-‎2014 09:33 > To: "libssh2-devel@cool.haxx.se" > Subject: FIPS Compliance. > > Hi, > > > I wanted to know whether libssh2 1.4.2/1.4.3 are compatible with FIPS > compliant OpenSSL version openssl-1.0.0-20 ? I pushed a few FIPS-related patches between 1.4.2 and 1.4.3: http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=43b730c http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=bfbb5a4 http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=5d567fa http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=9f6fd5a > I compiled libssh2 1.4.3 with this particular version of openssl and i could > see that my application linking to this libssh crashes. > > > In other cases, my application runs successfully if i compile libssh2 1.4.3 > with openssl-1.0.1e-16. > > > Could some one please shed light on this one? The basic idea behind those patches is to return a failure if a non-FIPS algorithm (such as MD5) is requested by the application. So libssh2 should no longer crash on its own. Still you need to handle these failures in your application in order not to crash anyway. Kamil > Alternately please let me know whether i can configure libssh2 to use a > particular set crypto algorithms supported by the openssl. > > > Thanking you on advance. _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Fri Jul 25 12:08:49 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6PA8Z6W022814; Fri, 25 Jul 2014 12:08:47 +0200 Received: from foo.stuge.se (qmailr@foo.stuge.se [212.116.89.98]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6PA8Ws2022698 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 25 Jul 2014 12:08:32 +0200 Received: (qmail 11159 invoked by uid 501); 25 Jul 2014 10:08:32 -0000 Message-ID: <20140725100832.11158.qmail@stuge.se> Date: Fri, 25 Jul 2014 12:08:32 +0200 From: Peter Stuge To: libssh2-devel@cool.haxx.se Subject: Re: FIPS Compliance. Mail-Followup-To: libssh2-devel@cool.haxx.se References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id s6PA8Z6W022814 john gloster wrote: > I wanted to know whether libssh2 1.4.2/1.4.3 are compatible with FIPS > compliant OpenSSL version *openssl-1.0.0-20* ? > > I compiled libssh2 1.4.3 with this particular version of openssl and i > could see that my application linking to this libssh crashes. Did you link libssh2 into a static or dynamic library? Did you link also your application with OpenSSL or not? If you link OpenSSL in your application (either because you use dynamic libssh2 or because you use OpenSSL directly) then you must make sure to link with the correct library files. If you try to mix them (link libssh2 with FIPS OpenSSL, but link your application with system OpenSSL) then you will have crashes indeed. //Peter _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Mon Jul 28 20:28:39 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6SIS3lH014753; Mon, 28 Jul 2014 20:28:32 +0200 Received: from mail-oi0-x242.google.com (mail-oi0-x242.google.com [IPv6:2607:f8b0:4003:c06::242]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6SIS0ev014179 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-RC4-SHA bits=128 verify=NOT) for ; Mon, 28 Jul 2014 20:28:01 +0200 Received: by mail-oi0-f66.google.com with SMTP id e131so1996490oig.1 for ; Mon, 28 Jul 2014 11:27:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=tfFmhPLtGNVVD517jxfBYUZc9lKHHj5GSBbTTqXdaWQ=; b=PPJYYpxX86hxvi5QWLYiZh4kRIxoImd0+MWCUvhlPar+AtAxxhQfs9hrCmeeuAt4dW kSo2gF6qjCEQreJSy84qIGNbySI2bXyi1jMuyFNd+DidSTvDYPhMZsNwtYFtILVN8Wqa 6KFEJ3yoZwO+kVQAoDSNQWUD7vF4EZ3MK0U/AFh1TnnnRsvk/w1t7WBY14VWMeEayCVP A7BYAGaC3QNUSPvJkrkVBTnLS595bZ8PgazJLlAcq760UhXw6I1Bq1KW8KBJLsBpLJYD yFJj35uL9/WU7jpqMYUURCsE7aRN/ntcoxk7e5K3rxaZzBnYa+NrW3TfEni1vXABcOEq 0E2g== MIME-Version: 1.0 X-Received: by 10.60.118.8 with SMTP id ki8mr51947403oeb.29.1406572076120; Mon, 28 Jul 2014 11:27:56 -0700 (PDT) Received: by 10.182.81.10 with HTTP; Mon, 28 Jul 2014 11:27:56 -0700 (PDT) In-Reply-To: <20140725100832.11158.qmail@stuge.se> References: <20140725100832.11158.qmail@stuge.se> Date: Mon, 28 Jul 2014 23:57:56 +0530 Message-ID: Subject: Re: FIPS Compliance. From: john gloster To: libssh2 development X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1166420836==" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" --===============1166420836== Content-Type: multipart/alternative; boundary=047d7b47217af2e69104ff4514b4 --047d7b47217af2e69104ff4514b4 Content-Type: text/plain; charset=UTF-8 Thank you all for the response. One of the stack trace is as follows: #0 0x0000003076e328a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x0000003076e34085 in abort () at abort.c:92 #2 0x0000003076e2ba1e in __assert_fail_base (fmt=, assertion=0x3088a51661 "*lock == ((ath_mutex_t) 0)", file=0x3088a51640 "ath.c", line=, function=) at assert.c:96 #3 0x0000003076e2bae0 in __assert_fail (assertion=0x3088a51661 "*lock == ((ath_mutex_t) 0)", file=0x3088a51640 "ath.c", line=193, function=0x3088a516a0 "_gcry_ath_mutex_lock") at assert.c:105 #4 0x0000003088a1038a in ?? () from /lib64/libgcrypt.so.11 #5 0x0000003088a44d80 in ?? () from /lib64/libgcrypt.so.11 #6 0x0000003088a4586e in ?? () from /lib64/libgcrypt.so.11 #7 0x0000003088a1c122 in ?? () from /lib64/libgcrypt.so.11 #8 0x0000003088a1c22a in ?? () from /lib64/libgcrypt.so.11 #9 0x00007f3815c4446b in mac_method_hmac_sha1_hash (session=Unhandled dwarf expression opcode 0xf3 ) at mac.c:116 #10 0x00007f3815c5236c in fullpacket (session=0x7f37e000aae0) at transport.c:178 #11 _libssh2_transport_read (session=0x7f37e000aae0) at transport.c:556 #12 0x00007f3815c3efd8 in _libssh2_channel_read (channel=0x7f37e0019820, stream_id=0, buf=0x7f37e0019b24 "", buflen=4) at channel.c:1767 #13 0x00007f3815c4aa1b in sftp_packet_read (sftp=0x7f37e0019ae0) at sftp.c:323 #14 0x00007f3815c4b1cf in sftp_packet_requirev (sftp=0x7f37e0019ae0, valid_responses=0x7f3815c58bee "fesftp_read", request_id=15, data=0x7f37eb5fc788, data_len=0x7f37eb5fc780, num_valid_responses=2) at sftp.c:566 #15 0x00007f3815c4c1ca in sftp_open (sftp=0x7f37e0019ae0, filename=0x7f37e0009b90 "/TESTDIR/file.txt", filename_len=47, flags=Unhandled dwarf expression opcode 0xf3 ) at sftp.c:1106 #16 libssh2_sftp_open_ex (sftp=0x7f37e0019ae0, filename=0x7f37e0009b90 "/TESTDIR/file.txt", filename_len=47, flags=Unhandled dwarf expression opcode 0xf3 ) at sftp.c:1222 #17 0x00007f3816df8c62 in ssh_statemach_act () from /opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4 #18 0x00007f3816dfab87 in ssh_easy_statemach () from /opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4 #19 0x00007f3816dfae71 in ssh_do () from /opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4 #20 0x00007f3816dde8cc in Curl_do () from /opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4 #21 0x00007f3816de9e58 in Curl_perform () from /opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4 Looks like in libssh2 1.4.3 the following functions are being used: EVP_aes_128_ctr() EVP_aes_192_ctr() EVP_aes_256_ctr() which are not there for libcrypto of OpenSSL-1.0.0-20 and is there for libcrypto of OpenSSL-1.0.1e-16. Could this be a reason? If it does, is there a way to make libssh2 1.4.3 to work with OpenSSL-1.0.0-20? On Fri, Jul 25, 2014 at 3:38 PM, Peter Stuge wrote: > john gloster wrote: > > I wanted to know whether libssh2 1.4.2/1.4.3 are compatible with FIPS > > compliant OpenSSL version *openssl-1.0.0-20* ? > > > > I compiled libssh2 1.4.3 with this particular version of openssl and i > > could see that my application linking to this libssh crashes. > > Did you link libssh2 into a static or dynamic library? > > Did you link also your application with OpenSSL or not? > > If you link OpenSSL in your application (either because you use > dynamic libssh2 or because you use OpenSSL directly) then you must > make sure to link with the correct library files. > > If you try to mix them (link libssh2 with FIPS OpenSSL, but link your > application with system OpenSSL) then you will have crashes indeed. > > > //Peter > _______________________________________________ > libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel > --047d7b47217af2e69104ff4514b4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Thank you all for the response.

One of = the stack trace is as follows:

#0=C2=A0 0x0000003076e328a5 in raise (sig=3D6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64

#1=C2=A0 0x0000003076e34085 in abort () at abort.c:9= 2

#2=C2=A0 0x0000003076e2ba1e in __assert_fail_base (fmt=3D<value optimized out>, assertion=3D0x3088a51661 "*lock = =3D=3D ((ath_mutex_t) 0)", file=3D0x3088a51640 "ath.c",

=C2=A0=C2=A0=C2=A0 line=3D<value optimized out>= ;, function=3D<value optimized out>) at assert.c:96

#3=C2=A0 0x0000003076e2bae0 in __assert_fail (assertion=3D0x3088a51661 "*lock =3D=3D ((ath_mutex_t) 0)", file=3D0x3088a51640 "ath.c", line=3D193, function=3D0x3088a516a0 "_gcry_ath_mutex_lock")

=C2=A0=C2=A0=C2=A0 at assert.c:105

#4=C2=A0 0x0000003088a1038a in ?? () from /lib64/libgcrypt.so.11

#5=C2=A0 0x0000003088a44d80 in ?? () from /lib64/libgcrypt.so.11

#6=C2=A0 0x0000003088a4586e in ?? () from /lib64/libgcrypt.so.11

#7=C2=A0 0x0000003088a1c122 in ?? () from /lib64/libgcrypt.so.11

#8=C2=A0 0x0000003088a1c22a in ?? () from /lib64/libgcrypt.so.11

#9=C2=A0 0x00007f3815c4446b in mac_method_hmac_sha1_= hash (session=3DUnhandled dwarf expression opcode 0xf3

) at mac.c:116

#10 0x00007f3815c5236c in fullpacket (session=3D0x7f37e000aae0) at transport.c:178

#11 _libssh2_transport_read (session=3D0x7f37e000aae= 0) at transport.c:556

#12 0x00007f3815c3efd8 in _libssh2_channel_read (channel=3D0x7f37e0019820, stream_id=3D0, buf=3D0x7f37e0019b24 ""= , buflen=3D4) at channel.c:1767

#13 0x00007f3815c4aa1b in sftp_packet_read (sftp=3D0x7f37e0019ae0) at sftp.c:323

#14 0x00007f3815c4b1cf in sftp_packet_requirev (sftp=3D0x7f37e0019ae0, valid_responses=3D0x7f3815c58bee "fesftp_read&= quot;, request_id=3D15, data=3D0x7f37eb5fc788, data_len=3D0x7f37eb5fc780,

=C2=A0=C2=A0=C2=A0 num_valid_responses=3D2) at sftp.= c:566

#15 0x00007f3815c4c1ca in sftp_open (sftp=3D0x7f37e0= 019ae0, filename=3D0x7f37e0009b90 "/TESTDIR/file.txt", filename_len=3D47, flags=3DUnhandled dwarf expression opcode 0xf3

) at sftp.c:1106

#16 libssh2_sftp_open_ex (sftp=3D0x7f37e0019ae0, filename=3D0x7f37e0009b90 "/TESTDIR/file.txt", filename_len=3D47, flags=3DUnhandled dwarf expression opcode 0xf3

) at sftp.c:1222

#17 0x00007f3816df8c62 in ssh_statemach_act () from /opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4

#18 0x00007f3816dfab87 in ssh_easy_statemach () from /opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4

#19 0x00007f3816dfae71 in ssh_do () from /opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4

#20 0x00007f3816dde8cc in Curl_do () from /opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4

#21 0x00007f3816de9e58 in Curl_perform () from /opt/centos/devtoolset-1.1/root/usr/lib64/libcurl.so.4



Looks l= ike in libssh2 1.4.3 the following functions are being used:


EVP_aes_128_ctr()

EVP_aes_192_ctr()

EVP_aes_256_ctr()



which are not there for libcrypto of OpenSSL-1.0.0-20 and is there for libc= rypto of OpenSSL-1.0.1e-16.=C2=A0


Could this be a reason? If it does, is there a way to make = libssh2 1.4.3 to work with OpenSSL-1.0.0-20?



<= br>
On Fri, Jul 25, 2014 at 3:38 PM, Peter Stuge = <p= eter@stuge.se> wrote:
john gloster wrote:
> I wanted to know whether libssh2 1.4.2/1.4.3 are compatible with FIPS<= br>
> compliant OpenSSL version *openssl-1.0.0-20* ?
>
> I compiled libssh2 1.4.3 with this particular version of openssl and i=
> could see that my application linking to this libssh crashes.

Did you link libssh2 into a static or dynamic library?

Did you link also your application with OpenSSL or not?

If you link OpenSSL in your application (either because you use
dynamic libssh2 or because you use OpenSSL directly) then you must
make sure to link with the correct library files.

If you try to mix them (link libssh2 with FIPS OpenSSL, but link your
application with system OpenSSL) then you will have crashes indeed.


//Peter
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/li= bssh2-devel

--047d7b47217af2e69104ff4514b4-- --===============1166420836== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwOi8vY29vbC5oYXh4LnNlL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby9saWJzc2gy LWRldmVsCg== --===============1166420836==-- From libssh2-devel-bounces@cool.haxx.se Tue Jul 29 09:31:59 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6T7VYrQ027135; Tue, 29 Jul 2014 09:31:55 +0200 Received: from giant.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6T7VWDA027099 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 29 Jul 2014 09:31:32 +0200 Received: from localhost (dast@localhost) by giant.haxx.se (8.14.4/8.14.4/Submit) with ESMTP id s6T7VWMP027095 for ; Tue, 29 Jul 2014 09:31:32 +0200 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Tue, 29 Jul 2014 09:31:32 +0200 (CEST) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: Re: FIPS Compliance. In-Reply-To: Message-ID: References: <20140725100832.11158.qmail@stuge.se> User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id s6T7VYrQ027135 On Mon, 28 Jul 2014, john gloster wrote: > #3 0x0000003076e2bae0 in __assert_fail (assertion=0x3088a51661 "*lock == > ((ath_mutex_t) 0)", file=0x3088a51640 "ath.c", line=193, > function=0x3088a516a0 "_gcry_ath_mutex_lock") > > at assert.c:105 > > #4 0x0000003088a1038a in ?? () from /lib64/libgcrypt.so.11 This shows gcrypt being used, not OpenSSL... -- / daniel.haxx.se _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Wed Jul 30 10:51:28 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6U8ovL3032662; Wed, 30 Jul 2014 10:51:22 +0200 Received: from mail-qg0-x241.google.com (mail-qg0-x241.google.com [IPv6:2607:f8b0:400d:c04::241]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6U8ot4e032547 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-RC4-SHA bits=128 verify=NOT) for ; Wed, 30 Jul 2014 10:50:56 +0200 Received: by mail-qg0-f65.google.com with SMTP id z60so316160qgd.8 for ; Wed, 30 Jul 2014 01:50:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=09CEXxiKvJr3hK5Bm4Fo/gA1yL2kw7pz3tnen9bhDKk=; b=0AmV7uBcLJpnqPHI4tA3xyxNOLqvWoKg07AuNGvZeAWwwKr3+IEulpwMCJv9TqOhUq PM0iqUXLonQe6C1RmE0uaaDOrN0VY50IsxtBFIPzMuX6JGwix3qG4N+HSLUAS5frK8Su A+pAVlVRmB/lcSlWSxosRmxVu+8pmoFz28TW+Ecmq42A7k27gwHzuwKlxmCySjuGrC+W fzWySPa05iaMJTlccJFtvajVL8OadpaZDmHUtqmHdI07ZSwCftqAWZXvkYQmA5FvrnzZ qScrkkzcA02zku501U8Kdg6oUQ1xiEAYIZ/8JylVzvL/Y65b+0sWWUV/qdLktMyULQNr 6KQw== MIME-Version: 1.0 X-Received: by 10.229.221.201 with SMTP id id9mr4382245qcb.30.1406710244167; Wed, 30 Jul 2014 01:50:44 -0700 (PDT) Received: by 10.140.41.211 with HTTP; Wed, 30 Jul 2014 01:50:44 -0700 (PDT) In-Reply-To: References: <20140725100832.11158.qmail@stuge.se> Date: Wed, 30 Jul 2014 14:20:44 +0530 Message-ID: Subject: Re: FIPS Compliance. From: john gloster To: libssh2 development X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0075671537==" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" --===============0075671537== Content-Type: multipart/alternative; boundary=001a113447aa67d6c704ff65402d --001a113447aa67d6c704ff65402d Content-Type: text/plain; charset=UTF-8 Ok. The problem is during cipher initialization. Do not know the cause of this initialization. From libssh2-1.4.3/src/openssl.c _libssh2_cipher_init(_libssh2_cipher_ctx * h, 174 _libssh2_cipher_type(algo), 175 unsigned char *iv, unsigned char *secret, int encrypt) 176 { 177 EVP_CIPHER_CTX_init(h); 178 return !EVP_CipherInit(h, algo(), secret, iv, encrypt); 179 } I see that EVP_CipherInit() returns 0. The cipher initialization fails only for AES CTR functions. However, when i configure libssh2 1.4.3 with OpenSSL-1.0.1e it uses AES CTR implementation from the later and passes. From libssh2-1.4.3/src/openssl.h 154 #ifdef HAVE_EVP_AES_128_CTR 155 #define _libssh2_cipher_aes128ctr EVP_aes_128_ctr 156 #define _libssh2_cipher_aes192ctr EVP_aes_192_ctr 157 #define _libssh2_cipher_aes256ctr EVP_aes_256_ctr 158 #else 159 #define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr 160 #define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr 161 #define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr 162 #endif From libssh2-1.4.3/src/crypt.c 300 static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = { 301 #if LIBSSH2_AES_CTR 302 &libssh2_crypt_method_aes128_ctr, 303 &libssh2_crypt_method_aes192_ctr, 304 &libssh2_crypt_method_aes256_ctr, 305 #endif /* LIBSSH2_AES */ 306 #if LIBSSH2_AES 307 &libssh2_crypt_method_aes256_cbc, 308 &libssh2_crypt_method_rijndael_cbc_lysator_liu_se, /* == aes256-cbc */ 309 &libssh2_crypt_method_aes192_cbc, 310 &libssh2_crypt_method_aes128_cbc, Wonder how native support for this fails. I have tested undefining LIBSSH2_AES_CTR and it works. Could someone help? On Tue, Jul 29, 2014 at 1:01 PM, Daniel Stenberg wrote: > On Mon, 28 Jul 2014, john gloster wrote: > > #3 0x0000003076e2bae0 in __assert_fail (assertion=0x3088a51661 "*lock == >> ((ath_mutex_t) 0)", file=0x3088a51640 "ath.c", line=193, >> function=0x3088a516a0 "_gcry_ath_mutex_lock") >> >> at assert.c:105 >> >> #4 0x0000003088a1038a in ?? () from /lib64/libgcrypt.so.11 >> > > This shows gcrypt being used, not OpenSSL... > > > -- > > / daniel.haxx.se > _______________________________________________ > libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel > --001a113447aa67d6c704ff65402d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Ok. The problem is during cipher initialization.

<= /div>
Do not know the cause of this initialization.

From=C2=A0libssh2-1.4.3/src/openssl.c

_= libssh2_cipher_init(_libssh2_cipher_ctx * h,
=C2=A0 =C2=A0 174 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0_libssh2_cipher_type(algo),
=C2=A0 =C2=A0= 175 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0unsigned char *iv, unsigned char *secret, int encrypt)
=C2= =A0 =C2=A0 176 {
=C2=A0 =C2=A0 177 =C2=A0 =C2=A0 EVP_CIPHER_CTX_i= nit(h);
=C2=A0 =C2=A0 178 =C2=A0 =C2=A0 return !EVP_CipherInit(h, algo(), secr= et, iv, encrypt);
=C2=A0 =C2=A0 179 }

<= div>I see that EVP_CipherInit() returns 0.

The cip= her initialization fails only for AES CTR functions.

However, when i configure libssh2 1.4.3 with OpenSSL-1.= 0.1e it uses AES CTR implementation from the later and passes.
From libssh2-1.4.3/src/openssl.h

=C2=A0 =C2=A0 154 #ifdef HAVE_EVP_AES_128_CTR
=C2=A0 =C2=A0 = 155 #define _libssh2_cipher_aes128ctr EVP_aes_128_ctr
=C2=A0 =C2= =A0 156 #define _libssh2_cipher_aes192ctr EVP_aes_192_ctr
=C2=A0 = =C2=A0 157 #define _libssh2_cipher_aes256ctr EVP_aes_256_ctr
=C2=A0 =C2=A0 158 #else
=C2=A0 =C2=A0 159 #define _libssh2_c= ipher_aes128ctr _libssh2_EVP_aes_128_ctr
=C2=A0 =C2=A0 160 #defin= e _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr
=C2=A0 =C2= =A0 161 #define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr
=C2=A0 =C2=A0 162 #endif


From libssh2-1.4.3/src/crypt.c

=C2=A0 =C2=A0= 300 static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] =3D {
=C2=A0 =C2=A0 301 #if LIBSSH2_AES_CTR
=C2=A0 =C2=A0 302 =C2=A0 &libssh2_crypt_method_aes128_ctr,
=C2=A0 =C2=A0 303 =C2=A0 &libssh2_crypt_method_aes192_ctr,
=C2=A0 =C2=A0 304 =C2=A0 &libssh2_crypt_method_aes256_ctr,
= =C2=A0 =C2=A0 305 #endif /* LIBSSH2_AES */
=C2=A0 =C2=A0 306 #if LIBSSH2_AES
=C2=A0 =C2=A0 307 =C2=A0 =C2=A0= &libssh2_crypt_method_aes256_cbc,
=C2=A0 =C2=A0 308 =C2=A0 = =C2=A0 &libssh2_crypt_method_rijndael_cbc_lysator_liu_se, =C2=A0/* =3D= =3D aes256-cbc */
=C2=A0 =C2=A0 309 =C2=A0 =C2=A0 &libssh2_cr= ypt_method_aes192_cbc,
=C2=A0 =C2=A0 310 =C2=A0 =C2=A0 &libssh2_crypt_method_aes128_cbc,<= /div>


Wonder how native support for= this fails.
I have tested undefining LIBSSH2_AES_CTR and it = works.

Could someone help?


=



On Tue, Jul 29, 2014 at 1:01 PM, Daniel St= enberg <daniel@haxx.se> wrote:
On Mon, 28 Jul 2014, john gl= oster wrote:

#3 =C2=A00x0000003076e2bae0 in __assert_fail (assertion=3D0x3088a51661 &quo= t;*lock =3D=3D
((ath_mutex_t) 0)", file=3D0x3088a51640 "ath.c", line=3D193,=
function=3D0x3088a516a0 "_gcry_ath_mutex_lock")

=C2=A0 =C2=A0at assert.c:105

#4 =C2=A00x0000003088a1038a in ?? () from /lib64/libgcrypt.so.11

This shows gcrypt being used, not OpenSSL...

--001a113447aa67d6c704ff65402d-- --===============0075671537== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwOi8vY29vbC5oYXh4LnNlL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby9saWJzc2gy LWRldmVsCg== --===============0075671537==-- From libssh2-devel-bounces@cool.haxx.se Wed Jul 30 12:46:34 2014 Return-Path: Received: from www.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6UAkIaU019469; Wed, 30 Jul 2014 12:46:32 +0200 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by giant.haxx.se (8.14.4/8.14.4/Debian-7) with ESMTP id s6UAkF22019426 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 30 Jul 2014 12:46:16 +0200 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s6UAkERH016212 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 30 Jul 2014 06:46:14 -0400 Received: from kdudka.brq.redhat.com (kdudka.brq.redhat.com [10.34.4.67]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s6UAkDYF028996 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Wed, 30 Jul 2014 06:46:14 -0400 From: Kamil Dudka To: john gloster Subject: Re: FIPS Compliance. Date: Wed, 30 Jul 2014 12:46:12 +0200 Message-ID: <1879603.t9Qn2jsCme@kdudka.brq.redhat.com> User-Agent: KMail/4.12.5 (Linux/3.15.6-200.fc20.x86_64; KDE/4.12.5; x86_64; ; ) In-Reply-To: References: <3666607.BLEhhFGrBq@nbkamil> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-MIME-Autoconverted: from quoted-printable to 8bit by giant.haxx.se id s6UAkF22019426 Cc: libssh2 development X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id s6UAkIaU019469 On Tuesday, July 29, 2014 02:48:58 john gloster wrote: > Hi, > > From http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=9f6fd5a > > Did you mean that the following are not FIPS compliant? > > · EVP_aes_256_cbc > > · EVP_aes_192_cbc > > · EVP_aes_128_cbc I think the problem was that OpenSSL did not like that libssh2 implemented the CTR cipher mode on its own when FIPS mode was enabled. When I switched libssh2 back to use the OpenSSL-provided implementation of those ciphers, it started to work (after fixing the surrounding code to use correct block sizes via commit 5d567fa). Kamil > On Fri, Jul 25, 2014 at 1:59 PM, Kamil Dudka wrote: > > On Friday, July 25, 2014 10:08:02 Bert Huijben wrote: > > > If I remember correctly there is a compile time flag for libssh2 to > > > > enable a > > > > > strict fips mode. > > > > I do not think so. Did not you mean a compile time flag for OpenSSL? > > > > > I would guess this might break compatibility with some (probably older) > > > > ssh > > > > > implementations that don't implement newer (optional) cyphers. > > > > > > Bert > > > > > > -----Original Message----- > > > From: "john gloster" > > > Sent: ‎25-‎7-‎2014 09:33 > > > To: "libssh2-devel@cool.haxx.se" > > > Subject: FIPS Compliance. > > > > > > Hi, > > > > > > > > > I wanted to know whether libssh2 1.4.2/1.4.3 are compatible with FIPS > > > compliant OpenSSL version openssl-1.0.0-20 ? > > > > I pushed a few FIPS-related patches between 1.4.2 and 1.4.3: > > > > http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=43b730c > > http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=bfbb5a4 > > http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=5d567fa > > http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=9f6fd5a > > > > > I compiled libssh2 1.4.3 with this particular version of openssl and i > > > > could > > > > > see that my application linking to this libssh crashes. > > > > > > > > > In other cases, my application runs successfully if i compile libssh2 > > > > 1.4.3 > > > > > with openssl-1.0.1e-16. > > > > > > > > > Could some one please shed light on this one? > > > > The basic idea behind those patches is to return a failure if a non-FIPS > > algorithm (such as MD5) is requested by the application. So libssh2 > > should > > no longer crash on its own. Still you need to handle these failures in > > your > > application in order not to crash anyway. > > > > Kamil > > > > > Alternately please let me know whether i can configure libssh2 to use a > > > particular set crypto algorithms supported by the openssl. > > > > > > > > > Thanking you on advance. _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel