Displaying 20 results from an estimated 60000 matches similar to: "[Bug 1987] FIPS signature verification incompatibility with openssl versions > 0.9.8q"
2012 Feb 24
2
[Bug 1987] New: FIPS signature verification incompatibility with openssl versions > 0.9.8q
https://bugzilla.mindrot.org/show_bug.cgi?id=1987
Bug #: 1987
Summary: FIPS signature verification incompatibility with
openssl versions > 0.9.8q
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
2012 Feb 23
1
FIPS fix for signature verification in ssh-rsa.c
code version referenced: openssh-5.9p1
Hi all,
When building openssh with openssl (specifically versions newer than openssl 0.9.8q), there is an issue if FIPS mode is active for openssl. In ssh-rsa.c on line 243 RSA_public_decrypt is called, which is disallowed now in openssl (if in FIPS mode). The library requires appliactions to use the EVP API if running in FIPS mode so it can disallow
2023 Apr 19
3
FIPS compliance efforts in Fedora and RHEL
Dear Damien,
On Wed, Apr 19, 2023 at 9:55?AM Damien Miller <djm at mindrot.org> wrote:
>
> On Wed, 19 Apr 2023, Dmitry Belyavskiy wrote:
>
> > > While I'm sure this is good for RHEL/rawhide users who care about FIPS,
> > > Portable OpenSSH won't be able to merge this. We explictly aim to support
> > > LibreSSL's libcrypto as well as
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
Dear Damien,
On Wed, Apr 19, 2023 at 7:13?AM Damien Miller <djm at mindrot.org> wrote:
>
> On Tue, 18 Apr 2023, Norbert Pocs wrote:
>
> > Hi OpenSSH mailing list,
> >
> > I would like to announce the newly introduced patch in Fedora rawhide [0]
> > for
> >
> > FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
> >
2015 Aug 11
0
[Bug 1954] configure: error: OpenSSL version header not found.
https://bugzilla.mindrot.org/show_bug.cgi?id=1954
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release
2015 Aug 11
0
[Bug 1991] openssl version checking needs updating
https://bugzilla.mindrot.org/show_bug.cgi?id=1991
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #11 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with
2013 Jul 25
1
[Bug 1872] proposal how to change fingerprints to come fips compatible
https://bugzilla.mindrot.org/show_bug.cgi?id=1872
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2130
--- Comment #9 from Damien Miller <djm at mindrot.org> ---
Retarget to openssh-6.4
--
You are receiving
2014 Dec 17
0
[Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
https://bugzilla.mindrot.org/show_bug.cgi?id=1872
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2007|0 |1
is obsolete| |
Attachment #2429|0 |1
is
2016 Feb 05
0
[Bug 1647] Implement FIPS 186-3 for DSA keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
CC|
2014 Feb 05
0
[Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
https://bugzilla.mindrot.org/show_bug.cgi?id=1872
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2188
--- Comment #11 from Damien Miller <djm at mindrot.org> ---
Retarget incomplete bugs / feature requests
2014 Apr 12
0
[Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
https://bugzilla.mindrot.org/show_bug.cgi?id=1872
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2226
--- Comment #13 from Damien Miller <djm at mindrot.org> ---
Retarget to 6.7 release, since 6.6 was mostly
2014 Aug 29
0
[Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
https://bugzilla.mindrot.org/show_bug.cgi?id=1872
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2266
--- Comment #18 from Damien Miller <djm at mindrot.org> ---
Retarget incomplete bugs to 6.8 release.
--
2014 Dec 22
0
[Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
https://bugzilla.mindrot.org/show_bug.cgi?id=1872
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #22 from Damien Miller <djm at
2015 Mar 18
0
[Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
https://bugzilla.mindrot.org/show_bug.cgi?id=1872
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #23 from Damien Miller <djm at mindrot.org> ---
openssh-6.8 is released
--
You are
2016 Aug 02
0
[Bug 1647] Implement FIPS 186-3 for DSA keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release
2013 Oct 27
1
[Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
https://bugzilla.mindrot.org/show_bug.cgi?id=1872
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Summary|proposal how to change |Support better hash
2001 Mar 22
3
Improper (?) OpenSSL version mismatch(was RE: OpenSSH_2.5.1p1 - RH 6.2)
Well, I've finally gotten around to compiling
and testing OpenSSH 2.5.2p1, in order to update
the contrib/solaris packaging scripts.
Somehow on my test system, I'm getting errors
that indicate that I've still got some old copy
of OpenSSL being found somewhere...but I can't
for the life of me tell where. The compile went
fine (it found the OpenSSL 0.9.5a libraries that
I had
2008 Apr 03
0
[Bug 1266] incompatibility between s/key and keys Autentification
https://bugzilla.mindrot.org/show_bug.cgi?id=1266
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #8 from Damien Miller <djm at mindrot.org>
2000 Dec 30
1
[Re: openSSH/openSSL question.]
Damien Miller <djm at mindrot.org> wrote:
On 29 Dec 2000, sunil vallamkonda wrote:
> Hello,
>
> Looking at:
> http://www.openssh.com/features.html
>
> Under 'Free Licensing' section:
>
> "any licensed or patented components are chosen from
> external libraries (e.g. OpenSSL)"
>
> Can someone please enlighten me which
> components
2018 Oct 11
2
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
On Thu, Oct 11, 2018 at 10:41 AM Damien Miller <djm at mindrot.org> wrote:
> On Wed, 10 Oct 2018, Adam Eijdenberg wrote:
> > We see this error on the client side:
> >
> > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> > ...
> > debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key
> > debug1: send_pubkey_test: no