[ssh_x509] ssh handshake failed in FIPS mode

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Tue May 14 02:11:52 EEST 2019


Thank you very much for the reply. Sorry to say that we are in a bit
older version level of openssh and PKIX patch. Currently we are in
openssh 7.5p1 version level and hence the patch I applied is
https://roumenpetrov.info/openssh/x509-10.1.1/openssh-7.5p1+x509-10.1.1.diff.gz.
So the above diff would be good enough or do I need to add any more
extra code ?

Thanks in advance
~GKS

On Tue, 14 May 2019 at 00:08, <ssh_x509 at roumenpetrov.info> wrote:
>
> ssh_x509 at roumenpetrov.info wrote:
> > Hello Roumen
> >
> >     I was held up in some more investigation from openssl perspective.
> > Hence thought I will reply to this thread once my investigation in
> > that front is over with the help of experts.
> >
> >     What I observed is in our environment, in FIPS mode openssl doesn't
> > support sha1 based keys. Openssl accepts only sha256 or sha512 based
> > keys.
> >
> >     But I got to know that PKIX-SSH as of now support only sha1 based
> > keys and nothing more than sha1. (
> > http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2019q2/000493.html
> > )
> >
> >     The only option I have is to have support for sha256 based keys. I
> > would like to check with you, if it will be possible for you to give
> > me some guidance to develop a patch for this support.
>
> Something like following "diff" is minimal to add support for RFC 6187
> algorithm "x509v3-rsa2048-sha256".
> (even not build, just to show methods to update)
> ====================================================
> diff --git a/ssh-xkalg.c b/ssh-xkalg.c
> index 1cab7c7..2b07256 100644
> --- a/ssh-xkalg.c
> +++ b/ssh-xkalg.c
> @@ -371,6 +371,8 @@ logit("TRACE_XKALG add_default_xkalg:");
>       /* - RFC6187 */
>       if (ssh_add_x509key_alg("x509v3-ssh-rsa,rsa-sha1,ssh-rsa") < 0)
>           fatal("ssh_init_xkalg: oops");
> +    if (ssh_add_x509key_alg("x509v3-rsa2048-sha256,rsa2048-sha256") <
> 0)    /*TESTING*/
> +        fatal("ssh_init_xkalg: oops");
>
>       /* DSA public key algorithm: */
>       /* - default is compatible with draft-ietf-secsh-transport-NN.txt
> @@ -489,6 +491,7 @@ ssh_x509key_alg_digest(SSHX509KeyAlgs* p, const char
> *dgstname) {
>
>       if (strcasecmp("rsa-sha1", dgstname) == 0) { md = EVP_sha1(); goto
> done; }
>       if (strcasecmp("rsa-md5" , dgstname) == 0) { md = EVP_md5(); goto
> done; }
> +    if (strcasecmp("rsa2048-sha256", dgstname) == 0) { md =
> EVP_sha256(); goto done; }
>
>   #ifdef OPENSSL_HAS_NISTP256
>       if (strcasecmp("ssh-sha256"  , dgstname) == 0) {
> @@ -585,6 +588,10 @@ ssh_add_x509key_alg(const char *data) {
>           p->basetype = KEY_RSA;
>           p->chain = 1;
>       } else
> +    if (strcmp(name, "x509v3-rsa2048-sha256") == 0) {
> +        p->basetype = KEY_RSA;
> +        p->chain = 1;
> +    } else
>       if (strncmp(name, "x509v3-sign-rsa", 15) == 0) {
>           p->basetype = KEY_RSA;
>           p->chain = 0;
> ====================================================
>
>
> Extras include checks for proper encoding of signature, key size, to
> prefer x509v3-ssh-rsa or x509v3-rsa2048-sha256, functional tests,
> documentation and etc.
>
>
> > Thanks
> > GKS
> >
> [SNIP]
>
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info



More information about the ssh_x509 mailing list