openssh bugs - Feb 2012 - [Bug 1987] New: FIPS signature verification incompatibility with openssl versions > 0.9.8q

https://bugzilla.mindrot.org/show_bug.cgi?id=1987

             Bug #: 1987
           Summary: FIPS signature verification incompatibility with
                    openssl versions > 0.9.8q
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.9p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: kak at cisco.com


Created attachment 2135
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2135
Suggested patch

When building openssh with openssl library with FIPS (specifically
versions newer than openssl 0.9.8q), there is an issue if FIPS mode is
active for openssl.  In ssh-rsa.c on line 243 RSA_public_decrypt is
called, which is disallowed now in openssl (if in FIPS mode).  The
library requires applications to use the EVP API if running in FIPS
mode so it can disallow certain cipher suites and hash algorithms that
are not considered FIPS compliant.  The user experience is that the
scp/ssh client fails because RSA_public_decrypt just returns null if
FIPS mode is active in openssl > 0.9.8q.

The reference below states that there is a patch, but I cannot find it
so I am submitting my own for review.



References:
http://www.mail-archive.com/openssl-users at openssl.org/msg63512.html

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1987

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #1 from Damien Miller <djm at mindrot.org> 2012-03-09 10:14:23
EST ---
OpenSSH doesn't (yet) have support for FIPS OpenSSL. We might one day,
but in the meantime you should address this to the developers of one of
the FIPS patchsets.

Unfortunately, this approach disables our custom RSA
signature-verification code that is designed to save a substantial
amount of pre-authentication attack surface from sshd. For this reason
it is not going to be accepted for regular OpenSSH,

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1987

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2135|application/octet-stream    |text/plain
          mime type|                            |
   Attachment #2135|0                           |1
           is patch|                            |

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.