Displaying 8 results from an estimated 8 matches for "fips_mode_set".
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
>Lets assume that application use OpenSSL FIPS validated module. FIPS mode
is activated in openssl command if environment variable OPENSSL_FIPS is
set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS
mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode.
Did you mean the FIPS patched OpenSSH server and client (such as
ssh-keygen) always check the environmental variable OPENSSL_FIPS to see if
the FIPS mode is activated?
Also I think for the applications which need to use OpenSSL FIPS mode will
also need to run...
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
...ct is not only for source code. Build process has to be updated as
well. Red Hat is based on "fipscheck".
What build process should be changed? What is fipscheck?
3. My understanding any application (such as OpenSSH) which need to use the
OpenSSL FIPS module will need to invoke the "FIPS_mode_set()" function
first, otherwise the OpenSSL library will be operating as the non-FIPS
version.
My question is, how and when does OpenSSH server invoke the FIPS function?
Thanks.
On Sun, Dec 6, 2015 at 1:30 AM, Roumen Petrov <openssh at roumenpetrov.info>
wrote:
> security veteran w...
2015 Dec 04
6
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Hi All:
I tried to rebuild openssl with the FIPS modules, and then install the new
openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box.
After that I noticed it seemed to break OpenSSH: I couldn't login to the
box using ssh, and couldn't run the client command like ssh-keygen either.
My questions are:
1. Does OpenSSH support FIPS mode?
2. Or does OpenSSH support with
2008 Apr 05
2
installing dotnet20 fails
I am trying to install dotnet20 in 0.9.58 with
sh winetricks dotnet20
It hangs after extracting a file with
sh winetricks dotnet20
Using system libcrypto, version 90709F
DLSYM: Failed to resolve FIPS_mode_set: 127
DLSYM: Failed to resolve FIPS_mode: 127
DLSYM: Failed to resolve SHA256: 127
DLSYM: Failed to resolve SHA512: 127
DLSYM: Failed to resolve EVP_sha224: 127
DLSYM: Failed to resolve EVP_sha256: 127
DLSYM: Failed to resolve EVP_sha384: 127
DLSYM: Failed to resolve EVP_sha512: 127
fixme:to...
2011 Aug 03
0
OpenSSH and FIPS 140-2
...() && !FIPSCHECK_verify(NULL, NULL)) {
fprintf(stderr,
"FIPS integrity verification test failed.\n");
exit(3);
}
This block of code is always in main() soon after starting
service/client. Why are they checking FIPS_mode() if the
FIPS_mode_set() wasn't even called before that ? The
SSLeay_add_all_algorithms() is supposed call FIPS_mode_set() ?
Another question I have is why are they using FIPSCHECK_verify() from
libfipscheck if the FIPS_mode_set() already check the incore
fingerprint when called. Is this another requirement from FIPS...
2004 Jun 04
2
Patch for FIPS 140 mode - take 3
...l be, in the OpenSSL_0_9_7_stable branch. The documentation
describing the
building and use of the FIPS library has not been released yet pending
approval
by NIST, but will be included in the OpenSSL source distributions.
5) This patch has been tested on Linux RH 9.0 and HP-UX 11.0 only
6) The FIPS_mode_set() call tries to self-seed using the non-FIPS PRNG, but
doesn't get enough entropy on HP-UX (no EGD or /dev/urandom). So for
ssh.c I
moved the seed_rng() call forwards quite a bit, that may cause other
problems.
Also, the PRNG is awkwardly re-seeded for the child process with a new
PID. Ben...
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
...if test "x$withval" != "xno" ; then
+ AC_CACHE_CHECK([for FIPS mode], ac_cv_fips, [
+ AC_TRY_COMPILE(
+ [ #include <openssl/fips.h> ],
+ [ FIPS_mode_set(1); ],
+ [ ac_cv_fips="yes" ],
+ [ ac_cv_fips="no" ]
+ )
+ ])
+ fi
+ ]
+)
+if test "x$ac_cv_fips" = "xyes" ; th...
2012 Mar 15
11
[Bug 1991] New: openssl version checking needs updating
https://bugzilla.mindrot.org/show_bug.cgi?id=1991
Bug #: 1991
Summary: openssl version checking needs updating
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous