FIPS fix for signature verification in ssh-rsa.c

Damien Miller djm at mindrot.org
Thu Mar 1 07:31:23 EST 2012



On Thu, 23 Feb 2012, Keith Kaple wrote:

> code version referenced: openssh-5.9p1
>
> Hi all,
>
> When building openssh with openssl (specifically versions newer
> than openssl 0.9.8q), there is an issue if FIPS mode is active for
> openssl. In ssh-rsa.c on line 243 RSA_public_decrypt is called, which
> is disallowed now in openssl (if in FIPS mode). The library requires
> appliactions to use the EVP API if running in FIPS mode so it can
> disallow certain cipher suites and hash algorithms that are not
> considered FIPS compliant. The user experience is that the scp/ssh
> client fails because RSA_public_decrypt just returns null if FIPS mode
> is active in openssl > 0.9.8q.
>
> I have a fix, essentially just check for FIPS mode in ssh-rsa.c and
> appropriately call a new function which uses the EVP API of openssl.
> I'll be putting this fix in the fedora based rpm we're using in our
> appliance based product, but also wanted to offer the fix here so it
> can propogate to future linux distro releases.
>
> This is my first source modification of openssh so I'm not sure what I
> need to do to get approval/acceptance of the change or how to commit
> it, please let me know what the process is...

The usual way is to post the patch to https://bugzilla.mindrot.org in a
new bug. We'll (eventually) get to looking at it.

-d


More information about the openssh-unix-dev mailing list