search for: fip

Hi All: I tried to rebuild openssl with the FIPS modules, and then install the new openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box. After that I noticed it seemed to break OpenSSH: I couldn't login to the box using ssh, and couldn't run the client command like ssh-keygen either. My questions are: 1. Does OpenSSH sup...

Thanks Roumen. >Lets assume that application use OpenSSL FIPS validated module. FIPS mode is activated in openssl command if environment variable OPENSSL_FIPS is set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode. Did you mean the FIPS patched OpenSSH server and cli...

Thanks Roumen. I have few more questions below: 1. What version of OpenSSH can the patch be applied to? What branch should I check out the patch? 2. >Impact is not only for source code. Build process has to be updated as well. Red Hat is based on "fipscheck". What build process should be changed? What is fipscheck? 3. My understanding any application (such as OpenSSH) which need to use the OpenSSL FIPS module will need to invoke the "FIPS_mode_set()" function first, otherwise the OpenSSL library will be operating as the non-FIPS...

I'm checking back in to see if samba is FIPS compliant, as in using FIPS compliant algorithms ? Can it be built with openssl, which is FIPS compliant ? We're currently running 4.7.5. Please let me know. Regards, Mike

Hi OpenSSh Developer, Currently, I can make openssh-5.0p1 working in FIPS mode. The detail steps I did are as follows. 1) Build FIPS OpenSSL according to FIPS User Guide(http://www.openssl.org/docs/fips/) on HP-UX PA 11.23 box. FIPS object module is generated by compiling openssl-fips-1.1.2. FIPS OpenSSL is built by openssl-0.9.7m, which is passed fips option for Confi...

Hi OpenSSH team, I find a url http://www.gossamer-threads.com/lists/openssh/dev/42808?do=post_view_threaded#42808, which provides unofficial patch for FIPS Capable OpenSSH. I try it and it seems working for some cases. (BTW, I also find that aes128-ctr, aes192-ctr and aes256-ctr ciphers can't work in FIPS mode properly. The fips mode sshd debug info is as following. *************************** debug2: set_newkeys: mode 1 cipher_init: EVP_Ciphe...

Greetings. (Third try at sending this, the first two seemed to disappear without a trace. Perhaps use of MS Outlook was the problem, even though in plain text...? Or attachment too big (22Kb)? Would like to know...) The final source code and documentation package for a FIPS 140 validated mode of OpenSSL was recently submitted. Once the final certification is awarded by NIST, in a month or two hopefully, it will be possible to build FIPS 140 validated applications with the FIPS mode OpenSSL library. Ben Laurie and I have developed the attached patch that adapts Op...

Hello, I am using the latest Tinc 1.1 from git (tinc version 1.1pre14-17-g2784a17 (built Jul 14 2016 14:18:09, protocol 17.7) on a CentOS 7.2 64bit with both test servers set it FIPS mode (cat /proc/sys/crypto/fips_enabled to verify or add fips=1 to your grub2 command line ). We need our test servers running in FIPS mode due to a minimum requirement for our project. OpenSSL in CentOS/RHEL has FIPS support compiled in OpenSSL. FIPS will *only* allow high end encryption to be u...

On Fri, Mar 10, 2023 at 10:27?AM Joel GUITTET <jguittet.opensource at witekio.com> wrote: > We currently work on a project that require SSH server with FIPS and > using OpenSSL v3. Gently: this is meaningless. You probably mean one of the following: 1. The SSH server implementation is required to use only cryptographic algorithms that are FIPS-approved. 2. The SSH server implementation is required to be FIPS-validated. If you mean #1, you d...

...# # Historic temp_hist <- read.csv("/work/sd00815/giss_historic/giss_temp_hist.csv") humid_hist <- read.csv("/work/sd00815/giss_historic/giss_hum_hist.csv") # temp_hist <- as.data.table(temp_hist) humid_hist <- as.data.table(humid_hist) # # Merge mykey<- c("FIPS", "year","month", "week") setkeyv(temp_hist, mykey) setkeyv(humid_hist, mykey) # hist<- merge(temp_hist, humid_hist, by=mykey) # hist$X.x <- NULL hist$X.y <- NULL # # Max hist_max <- hist hist_max$FIPS <- hist_max$year <- hist_max$month <- hi...

Hi, I was trying to run sshd after applying the fips patches mentioned in http://www.gossamer-threads.com/lists/engine?do=post_attachment;postatt_id=1835;list=openssh but for some reason sshd refuses to accept the connection. I guess I do something terribly wrong. Is there a reason that this is bound to fail? These 5.6 patches were the most re...

Hi OpenSSH mailing list, I would like to announce the newly introduced patch in Fedora rawhide [0] for FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9 version. The patch targets OpenSSL support of OpenSSH, specifically the usage of old low level API. The new OpenSSL version 3.0 introduces a FIPS module (going through FIPS 140-2 validation and to be FIPS 140-3 validated)...

Now that OpenSSL has received FIPS 140-2 certification, does anyone know if the work started a couple of years ago to allow OpenSSH to use OpenSSL in FIPS mode will be reactivated? Bill

Hi, ssh server: OpenSSH_6.3-FIPS, OpenSSL FIPS Object Module v2.0.5 ssh client: OpenSSH_5.3p1, OpenSSL FIPS Object Module v1.2 We have built and installed FIPS object module (v2.0.5) using http://www.openssl.org/source/openssl-fips-2.0.5.tar.gz Using this FIPS object module, we have build FIPS capable openssl as well. Note...

On Tue, 18 Apr 2023, Norbert Pocs wrote: > Hi OpenSSH mailing list, > > I would like to announce the newly introduced patch in Fedora rawhide [0] > for > > FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9 > > version. > > The patch targets OpenSSL support of OpenSSH, specifically the usage of > > old low level API. The new OpenSSL version 3.0 introduces a FIPS > > module (going through FIPS 140-2 val...

Hello All, Im using OpenSSH 4.2p1 statically linked with OpenSSL 0.9.7i. It looks now that a fips certified OpenSSL is now available at http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz . I like to know of any patches applicable for OpenSSH versions to make it fips compliant. Is there any idea for OpenSSH core team to make OpenSSH as fips compliant? What amount of work it needs at this...

Thanks for the quick reply Jeremy. We have other FIPS compliant libraries, which check for, and ensure the proper FIPS compliant algorithms are used. Is there a link option to specify this kind of library ? ~ Mike -----Original Message----- From: Jeremy Allison <jra at samba.org> Sent: Tuesday, October 2, 2018 2:08 PM To: Tompkins, Michael...

Hi I am using seed_fu to seed initial data to tables (http://github.com/mbleigh/seed-fu) . And in db/fixtures/state.rb I have values like (I am filling only two data for simplicity) State.seed_many(:name, :abbr,:fips,:country_id, [ { :name => "Alberta", :abbr => ''AB'',:fips => ''01'', :country_id => 2 }, { :name => "Alaska", :abbr => ''AK'',:fips => ''02'', :country_id => 1 } ]) It works an...

Hi, We would like to use openssh in fips mode. It looks it is not provided as a configurable option through sshd_config, Are there plans to do incorporate such change. Do we have to change openssh code for now until the option is provided. If sshd is operating in fipsmode, does it provide additional errors/audits to indicate failures su...

Hi experts, Current I am doing FIPS gap analysis for our product, can someone help to have a look my questions? Our product is server running under CentOS 6.x, and according to the upstream (RedHat) document, CentOS can be configured to FIPS mode: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Securit...