[ssh_x509] ssh handshake failed in FIPS mode

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon May 13 21:37:53 EEST 2019


ssh_x509 at roumenpetrov.info wrote:
> Hello Roumen
>
>     I was held up in some more investigation from openssl perspective.
> Hence thought I will reply to this thread once my investigation in
> that front is over with the help of experts.
>
>     What I observed is in our environment, in FIPS mode openssl doesn't
> support sha1 based keys. Openssl accepts only sha256 or sha512 based
> keys.
>
>     But I got to know that PKIX-SSH as of now support only sha1 based
> keys and nothing more than sha1. (
> http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2019q2/000493.html
> )
>
>     The only option I have is to have support for sha256 based keys. I
> would like to check with you, if it will be possible for you to give
> me some guidance to develop a patch for this support.

Something like following "diff" is minimal to add support for RFC 6187 
algorithm "x509v3-rsa2048-sha256".
(even not build, just to show methods to update)
====================================================
diff --git a/ssh-xkalg.c b/ssh-xkalg.c
index 1cab7c7..2b07256 100644
--- a/ssh-xkalg.c
+++ b/ssh-xkalg.c
@@ -371,6 +371,8 @@ logit("TRACE_XKALG add_default_xkalg:");
      /* - RFC6187 */
      if (ssh_add_x509key_alg("x509v3-ssh-rsa,rsa-sha1,ssh-rsa") < 0)
          fatal("ssh_init_xkalg: oops");
+    if (ssh_add_x509key_alg("x509v3-rsa2048-sha256,rsa2048-sha256") < 
0)    /*TESTING*/
+        fatal("ssh_init_xkalg: oops");

      /* DSA public key algorithm: */
      /* - default is compatible with draft-ietf-secsh-transport-NN.txt
@@ -489,6 +491,7 @@ ssh_x509key_alg_digest(SSHX509KeyAlgs* p, const char 
*dgstname) {

      if (strcasecmp("rsa-sha1", dgstname) == 0) { md = EVP_sha1(); goto 
done; }
      if (strcasecmp("rsa-md5" , dgstname) == 0) { md = EVP_md5(); goto 
done; }
+    if (strcasecmp("rsa2048-sha256", dgstname) == 0) { md = 
EVP_sha256(); goto done; }

  #ifdef OPENSSL_HAS_NISTP256
      if (strcasecmp("ssh-sha256"  , dgstname) == 0) {
@@ -585,6 +588,10 @@ ssh_add_x509key_alg(const char *data) {
          p->basetype = KEY_RSA;
          p->chain = 1;
      } else
+    if (strcmp(name, "x509v3-rsa2048-sha256") == 0) {
+        p->basetype = KEY_RSA;
+        p->chain = 1;
+    } else
      if (strncmp(name, "x509v3-sign-rsa", 15) == 0) {
          p->basetype = KEY_RSA;
          p->chain = 0;
====================================================


Extras include checks for proper encoding of signature, key size, to 
prefer x509v3-ssh-rsa or x509v3-rsa2048-sha256, functional tests, 
documentation and etc.


> Thanks
> GKS
>
[SNIP]



More information about the ssh_x509 mailing list