FIPS fix for signature verification in ssh-rsa.c

Keith Kaple kak at
Fri Feb 24 05:25:40 EST 2012

code version referenced: openssh-5.9p1

Hi all,

When building openssh with openssl (specifically versions newer than openssl 0.9.8q), there is an issue if FIPS mode is active for openssl.  In ssh-rsa.c on line 243 RSA_public_decrypt is called, which is disallowed now in openssl (if in FIPS mode).  The library requires appliactions to use the EVP API if running in FIPS mode so it can disallow certain cipher suites and hash algorithms that are not considered FIPS compliant.  The user experience is that the scp/ssh client fails because RSA_public_decrypt just returns null if FIPS mode is active in openssl > 0.9.8q.

I have a fix, essentially just check for FIPS mode in ssh-rsa.c and appropriately call a new function which uses the EVP API of openssl.  I'll be putting this fix in the fedora based rpm we're using in our appliance based product, but also wanted to offer the fix here so it can propogate to future linux distro releases.  

This is my first source modification of openssh so I'm not sure what I need to do to get approval/acceptance of the change or how to commit it, please let me know what the process is...



More information about the openssh-unix-dev mailing list