Hi OpenSSL Dev,

I may find one bug of OpenSSL.
The machine I used is HPUX 11.23 IA box.
# uname -a
HP-UX sshia1 B.11.23 U ia64 3432702471 unlimited-user license

The issue I met is described in detail as follows.

Step1
I download openssl-0.9.7m.tar.gz and openssl-fips-1.1.2.tar.gz from official openssl site.
Step2
I try to build FIPS Capable OpenSSL according to the openssl FIPS 140-2 User Guide.
It works fine.
Step3
I download openssh-5.0p1.tar.gz from http://www.openssh.org/ site and use fipsld to link ssh with the previous generated FIPS Capable OpenSSL libcrypto.a according to FIPS 140-2 User Guide.
Everything is fine.
Step4
One odd issue happens.
I can 'ssh -1 localhost' (use ssh protocol 1) to connect sshd server for the first time. But for the next time, 'ssh -1 localhost' gives message:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA1 host key has just been changed.
The fingerprint for the RSA1 key sent by the remote host is
ed:93:9a:6b:b8:ee:9f:4b:ed:87:eb:07:c8:d4:5d:5d.
Please contact your system administrator.
Add correct host key in /.ssh/known_hosts to get rid of this message.
Offending key in /.ssh/known_hosts:3
RSA1 host key for localhost has changed and you have requested strict checking.
Host key verification failed.

After investigation, I find the problem is due to the below function from ssh, which writes the host key to ~/.ssh/known_hosts file for the first connection to sshd server. (It writes the wrong host key to file!)

static int
write_bignum(FILE *f, BIGNUM *num)
{
char *buf = BN_bn2dec(num);
if (buf == NULL) {
error('write_bignum: BN_bn2dec() failed');
return 0;
}
fprintf(f, ' %s', buf);
OPENSSL_free(buf);
return 1;
}

The BN_bn2dec function is from fips module fipscanister.o (crypto/bn/bn_print.c).
# nm -g fipscanister.o|grep BN_bn2dec
[889] | 420320| 1840|FUNC |GLOB |0| .text|BN_bn2dec

char *BN_bn2dec(const BIGNUM *a)
{
int i=0,num;
char *buf=NULL;
char *p;
BIGNUM *t=NULL;
BN_ULONG *bn_data=NULL,*lp;

i=BN_num_bits(a)*3;
num=(i/10+i/1000+3)+1;
bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
buf=(char *)OPENSSL_malloc(num+3);
if ((buf == NULL) || (bn_data == NULL))
{
BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
goto err;
}
if ((t=BN_dup(a)) == NULL) goto err;

#define BUF_REMAIN (num+3 - (size_t)(p - buf))
p=buf;
lp=bn_data;
if (t->neg) *(p++)='-';
if (t->top == 0)
{
*(p++)='0';
*(p++)='\0';
}
else
{
i=0;
while (!BN_is_zero(t))
{
*lp=BN_div_word(t,BN_DEC_CONV);
lp++;
}
lp--;
/* We now have a series of blocks, BN_DEC_NUM chars
* in length, where the last one needs truncation.
* The blocks need to be reversed in order. */
BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
while (*p) p++;
while (lp != bn_data)
{
lp--;
BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
while (*p) p++;
}
}
err:
if (bn_data != NULL) OPENSSL_free(bn_data);
if (t != NULL) BN_free(t);
return(buf);
}

Then I track to BIO_snprintf function.(crypto/bio/b_print.c)

/* As snprintf is not available everywhere, we provide our own implementation.
* This function has nothing to do with BIOs, but it's closely related
* to BIO_printf, and we need *some* name prefix ...
* (XXX the function should be renamed, but to what?) */
int BIO_snprintf(char *buf, size_t n, const char *format, ...)
{
va_list args;
int ret;

va_start(args, format);

ret = BIO_vsnprintf(buf, n, format, args);

va_end(args);
return(ret);
}

I doubt the BIO_snprintf is not fit for my box.
So I replace BIO_snprintf with snprintf in BN_bn2dec function.
After such modificatoin, 'ssh -1 localhost' works fine.

In fact, both openssl-0.9.7m.tar.gz and openssl-fips-1.1.2.tar.gz have such problem on HPUX 11.23 IA for 32bits mode. (I've run into the same problem when I used 32bits mode libcrypto.a generated by openssl-0.9.7m.tar.gz before.)

Again, the box I use is
# uname -a
HP-UX sshia1 B.11.23 U ia64 3432702471 unlimited-user license

Could you investigate?
Thank you!

Best Regards

__________________________________________________ _______________
多个邮箱同*管理,live mail客户端万人抢用*
http://get.live.cn/product/mail.html

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org