search for: fipsld

Hello All, Im using OpenSSH 4.2p1 statically linked with OpenSSL 0.9.7i. It looks now that a fips certified OpenSSL is now available at http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz . I like to know of any patches applicable for OpenSSH versions to make it fips compliant. Is there any idea for OpenSSH core team to make OpenSSH as fips compliant? What amount of work it needs at this

...d fips option for Configure step. 2) Modify openssh-5.0p1 according to http://www.gossamer-threads.com/lists/openssh/dev/42808?do=post_view_threaded#42808 . Although the patch is for openssh 4.7, I make some necessary minor changes fit for 5.0. 3) On HP-UX PA 11.23 box, compile openssh (using fipsld instead of cc), which links against FIPS object module and FIPS libcrypto.a generated from step 1. 4) Set OpenSSH_FIPS environment variable to "1", lauch sshd by "sshd -ddd" From the debug information, I can see sshd enters FIPS mode successfully 5) On the same machine, con...

...plit into two due to mailing list size limitations: [openssh.spec] > %define openssldir /usr/local/ssl > %define openssllib %{openssldir}/lib > %define opensslinclude %{openssldir}/include > export LD_LIBRARY_PATH=$(LD_LIBRARY_PATH):%{openssllib} > export CC=gcc > export LD=fipsld > > # --with-md5-passwords 198d221 < --with-md5-passwords \ 209a233,240 > --with-ssl-dir=%{openssldir} \ > --with-fips \ > --with-cppflags="%{fsgccopts}" \ > --with-cflags="%{fsgccopts} -g" \ > --with-ldflags...