search for: openssl_fips

...0 }, #endif - { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL } + { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL, 0 } }; /*--*/ @@ -156,6 +158,13 @@ for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); +#ifdef OPENSSL_FIPS + if (fips_mode && !(c->fips_allowed)) { + debug("cipher %s disallowed in FIPS mode [%s]", p, names); + xfree(cipher_list); + return 0; + } +#endif if (c == NULL || c->number !=...

Thanks Roumen. >Lets assume that application use OpenSSL FIPS validated module. FIPS mode is activated in openssl command if environment variable OPENSSL_FIPS is set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode. Did you mean the FIPS patched OpenSSH server and client (such as ssh-keygen) always check the environmental variable OPENSSL_FIPS to see if the FIPS m...

Thanks Roumen. I have few more questions below: 1. What version of OpenSSH can the patch be applied to? What branch should I check out the patch? 2. >Impact is not only for source code. Build process has to be updated as well. Red Hat is based on "fipscheck". What build process should be changed? What is fipscheck? 3. My understanding any application (such as OpenSSH) which need

Greetings. (Third try at sending this, the first two seemed to disappear without a trace. Perhaps use of MS Outlook was the problem, even though in plain text...? Or attachment too big (22Kb)? Would like to know...) The final source code and documentation package for a FIPS 140 validated mode of OpenSSL was recently submitted. Once the final certification is awarded by NIST, in a month or

...nnect2.c openssh-6.0p1-patched/sshconnect2.c *** openssh-6.0p1/sshconnect2.c Sun May 29 07:42:34 2011 --- openssh-6.0p1-patched/sshconnect2.c Wed Aug 29 14:59:19 2012 *************** *** 77,82 **** --- 77,88 ---- #include "ssh-gss.h" #endif + #include <openssl/sha.h> + #ifdef OPENSSL_FIPS + #include <openssl/fips.h> + #endif + + /* import */ extern char *client_version_string; extern char *server_version_string; *************** *** 591,597 **** key->type, pktype); goto done; } ! fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); debug2("input...

https://bugzilla.mindrot.org/show_bug.cgi?id=1197 halsteaw at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |halsteaw at yahoo.com --- Comment #1 from halsteaw at yahoo.com 2010-01-22 03:35:09 EST --- Patches were provided in the mailing list