Displaying 8 results from an estimated 8 matches for "cmvp".
Did you mean:
cmp
2007 Mar 01
2
OpenSSH use of OpenSSL in FIPS Mode
Now that OpenSSL has received FIPS 140-2 certification, does anyone know
if the work started a couple of years ago to allow OpenSSH to use
OpenSSL in FIPS mode will be reactivated?
Bill
2023 Mar 10
2
OpenSSH FIPS support
...you mean #1, you don?t have to patch anything: it is trivial to
configure the various sshd options to permit only FIPS-approved
cryptographic algorithms.
If you mean #2, then patches aren?t going to help you: being
FIPS-validated means that you have submitted your cryptographic module
to the NIST CMVP (Cryptographic Module Validation Program), paid the
requisite fee, passed, and received a certificate number that others
can verify:
https://csrc.nist.gov/Projects/cryptographic-module-validation-program/validated-modules/Search
If your SSH server must be FIPS-validated, then use the CMVP search...
2015 Dec 04
6
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
...sh-keygen either.
My questions are:
1. Does OpenSSH support FIPS mode?
2. Or does OpenSSH support with OpenSSL FIPS modules?
3. Is there a way to re-compile OpenSSH by turning on/off some flags to
make it FIPS complaint?
4. Does the RedHat OpenSSH FIPS modules (
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf)
also open sourced to the OpenSSH community?
Thanks.
2015 Dec 04
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
...edhat.com> wrote:
>
> On 12/04/2015 03:26 AM, security veteran wrote:
>
>> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to
>> make it FIPS complaint?
>>
>> 4. Does the RedHat OpenSSH FIPS modules (
>> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf)
>> also open sourced to the OpenSSH community?
>>
> Yes, what we ship in RHEL is open-source. You can pick up sources that are
> actually used in RHEL version in CentOS repository:
> https://git.centos.org/summary/?r=rpms/openssh
>
> S...
2016 Jan 04
2
Alternate Open Source Crypto Solution in OpenSSH
...it really matter
anyway?
1. wolfSSL offers a pluggable Federal Information Processing Standard
(FIPS 140-2) certified crypto library.
a. Read more about FIPS in wolfSSL
<https://wolfssl.com/wolfSSL/fips.html>.
b. See our FIPS certification.
<http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2425>
2. OpenSSL has suffered over the past few years with too many
contributions from a variety of sources. The lack of testing and
verification of each submission to OpenSSL has resulted in numerous
security vulnerabilities.
3. We are very selective a...
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
...de?
>>
>> 2. Or does OpenSSH support with OpenSSL FIPS modules?
>>
>> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to
>> make it FIPS complaint?
>>
>> 4. Does the RedHat OpenSSH FIPS modules (
>> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf)
>> also open sourced to the OpenSSH community?
>>
>> Redhat use different FIPS validation process for OpenSSL. You could
> extract fips patch from source package.
> Impact is not only for source code. Build process has to be updated as
&g...
2010 Nov 25
3
Announce: new team member (to work on Mozilla NSS port)
Dear fellows,
As you have probably seen, NUT has had a recent boost through the help of
Eaton.
Frederic Bohe (contractor for Eaton France) has worked on Augeas, and is now
working the Windows port.
Chetan Agarwal, seconded by Prashi Gandi (both from Eaton India) are working
on XCP and quality / validation related projects.
I'm now pleased to announce that Emilien Kia (contractor for Eaton
2012 Sep 18
8
Collecting entropy from device_attach() times.
Hi.
I experimented a bit with collecting entropy from the time it takes for
device_attach() to run (in CPU cycles). It seems that those times have
enough variation that we can use it for entropy harvesting. It happens
even before root is mounted, so pretty early.
On the machine I'm testing it, which has minimal kernel plus NIC driver
I see 75 device_attach() calls. I'm being very careful