openssh-unix-dev August 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: RSA_public_decrypt and FIPS

Re: RSA_public_decrypt and FIPS

From: Jan F. Chadima <jchadima_at_nospam>
Date: Thu Aug 25 2011 - 19:52:15 GMT
To: "Christian S. Perone" <christian.perone@gmail.com>

On Aug 18, 2011, at 6:47 PM, Christian S. Perone wrote:

> Does anyone knows if there is a patch for OpenSSH in order to make it work
> with 0.9.8r OpenSSL in FIPS Mode ?
> I'm having problem with the RSA_public_decrypt() function that is failing in
> FIPS Mode, I changed it to use RSA_verify instead and setting the flag
> "RSA_FLAG_NON_FIPS_ALLOW", and it's working fine now, but I'm not sure if
> this is allowed in FIPS Mode, does anyone knows something about that ? I
> read something about the use of EVP_Verify* functions, is there any patch
> for this ?
>
> Great thanks !
> --
> "Forgive, O Lord, my little jokes on Thee, and I'll forgive Thy great big
> joke on me."
> http://pyevolve.sourceforge.net/wordpress/
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

we have the patch in all red hat distributions including fedora

Jan F. Chadima
jchadima@redhat.com

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev