I changed evp_*_ctr to EVPs in cipher.c . Now SSH connection takes place, but
after authentication connection gets closed.
Here is the debug mode log.
[root@PC]# ssh -p 2024 localhost
root@localhost's password:
Write failed: Broken pipe
[root@PC]#
debug1: sshd version OpenSSH_6.1p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/sshd'
debug1: rexec_argv[1]='-d'
FIPS mode initialized
Set /proc/self/oom_adj from 0 to -17
debug1: Bind to port 2024 on 0.0.0.0.
Server listening on 0.0.0.0 port 2024.
debug1: Bind to port 2024 on ::.
Server listening on :: port 2024.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
FIPS mode initialized
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 55851
debug1: Client protocol version 2.0; client software version OpenSSH_5.5p1
Debian-6+squeeze1
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze1 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1
debug1: permanently_set_uid: 101/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-sha1 none [preauth]
debug1: kex: server->client aes128-ctr hmac-sha1 none [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user root service ssh-connection method none
[preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: userauth-request for user root service ssh-connection method
password [preauth]
debug1: attempt 1 failures 0 [preauth]
Accepted password for root from 127.0.0.1 port 55851 ssh2
*ssh_aes_ctr_iv: no context [preauth]*
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: monitor_child_preauth: root has been authenticated by privileged
process
debug1: do_cleanup
debug1: Killing privsep child 1519
cipher-ctr.c needs to modified as well?
void ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, size_t len)
{
struct ssh_aes_ctr_ctx *c;
if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
fatal("ssh_aes_ctr_iv: no context");
if (doset)
memcpy(c->aes_counter, iv, len);
else
memcpy(iv, c->aes_counter, len);
}
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/OpenSSL-internal-error-assertion-failed-Low-level-API-call-to-cipher-AES-forbidden-in-FIPS-mode-tp44864p44897.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
