search for: fips_mode

...HER_INVALID, 0, 0, 0, NULL } + { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL, 0 } }; /*--*/ @@ -156,6 +158,13 @@ for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); +#ifdef OPENSSL_FIPS + if (fips_mode && !(c->fips_allowed)) { + debug("cipher %s disallowed in FIPS mode [%s]", p, names); + xfree(cipher_list); + return 0; + } +#endif if (c == NULL || c->number != SSH_CIPHER_SSH2) { debug(...

...l be, in the OpenSSL_0_9_7_stable branch. The documentation describing the building and use of the FIPS library has not been released yet pending approval by NIST, but will be included in the OpenSSL source distributions. 5) This patch has been tested on Linux RH 9.0 and HP-UX 11.0 only 6) The FIPS_mode_set() call tries to self-seed using the non-FIPS PRNG, but doesn't get enough entropy on HP-UX (no EGD or /dev/urandom). So for ssh.c I moved the seed_rng() call forwards quite a bit, that may cause other problems. Also, the PRNG is awkwardly re-seeded for the child process with a new PID....

Dear team The API FIPS_selftest() is failing . The content of the file /proc/sys/crypto/fips_enabled is 1 I have executed the below mentioned code The code is #include "stdio.h" int main() { int ret=0; ret=FIPS_mode(); printf("\nFIPS_mode = %u \n",ret); ret=FIPS_selftest(); printf("\nFIPS_selftest=%u \n",ret); ERR_print_errors_fp(stderr); } Output is " FIPS_mode = 1 FIPS_selftest=0 140091346814640:error:0607B0A3:lib(6):func(123):reason(163):evp_enc.c:313: 140091346814640:err...

Does anyone knows why in some OpenSSH patches for FIPS we have something like: SSLeay_add_all_algorithms(); if (FIPS_mode() && !FIPSCHECK_verify(NULL, NULL)) { fprintf(stderr, "FIPS integrity verification test failed.\n"); exit(3); } This block of code is always in main() soon after starting service/client. Why are they checking FIPS_mode() if the...

...******* *** 591,597 **** key->type, pktype); goto done; } ! fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); debug2("input_userauth_pk_ok: fp %s", fp); xfree(fp); --- 604,611 ---- key->type, pktype); goto done; } ! fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, ! SSH_FP_HEX); debug2("input_userauth_pk_ok: fp %s", fp); xfree(fp); *************** *** 1204,1210 **** int have_sig = 1; char *fp; ! fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); debug3("sign...

I am trying to install dotnet20 in 0.9.58 with sh winetricks dotnet20 It hangs after extracting a file with sh winetricks dotnet20 Using system libcrypto, version 90709F DLSYM: Failed to resolve FIPS_mode_set: 127 DLSYM: Failed to resolve FIPS_mode: 127 DLSYM: Failed to resolve SHA256: 127 DLSYM: Failed to resolve SHA512: 127 DLSYM: Failed to resolve EVP_sha224: 127 DLSYM: Failed to resolve EVP_sha256: 127 DLSYM: Failed to resolve EVP_sha384: 127 DLSYM: Failed to resolve EVP_sha512: 127 fixm...

https://bugzilla.mindrot.org/show_bug.cgi?id=1197 halsteaw at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |halsteaw at yahoo.com --- Comment #1 from halsteaw at yahoo.com 2010-01-22 03:35:09 EST --- Patches were provided in the mailing list

https://bugzilla.mindrot.org/show_bug.cgi?id=1991 Bug #: 1991 Summary: openssl version checking needs updating Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous