Displaying 5 results from an estimated 5 matches for "ossl_param_bld".
2023 Apr 19
3
FIPS compliance efforts in Fedora and RHEL
...rote:
>
> > > While I'm sure this is good for RHEL/rawhide users who care about FIPS,
> > > Portable OpenSSH won't be able to merge this. We explictly aim to support
> > > LibreSSL's libcrypto as well as openssl-1.1.x and neither supports the
> > > OSSL_PARAM_BLD API (neither does BoringSSL, though our support for that
> > > I'd describe as "best effort").
> > >
> > > If this changes we can look again.
> >
> > Yes, we understand and respect your choice.
> > Would it be acceptable in any form being w...
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
...023, Dmitry Belyavskiy wrote:
> > While I'm sure this is good for RHEL/rawhide users who care about FIPS,
> > Portable OpenSSH won't be able to merge this. We explictly aim to support
> > LibreSSL's libcrypto as well as openssl-1.1.x and neither supports the
> > OSSL_PARAM_BLD API (neither does BoringSSL, though our support for that
> > I'd describe as "best effort").
> >
> > If this changes we can look again.
>
> Yes, we understand and respect your choice.
> Would it be acceptable in any form being wrapped in necessary #ifdefs ?...
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
...PS
>
> module, therefore the change is needed for the new API.
While I'm sure this is good for RHEL/rawhide users who care about FIPS,
Portable OpenSSH won't be able to merge this. We explictly aim to support
LibreSSL's libcrypto as well as openssl-1.1.x and neither supports the
OSSL_PARAM_BLD API (neither does BoringSSL, though our support for that
I'd describe as "best effort").
If this changes we can look again.
-d
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
...erefore the change is needed for the new API.
>
> While I'm sure this is good for RHEL/rawhide users who care about FIPS,
> Portable OpenSSH won't be able to merge this. We explictly aim to support
> LibreSSL's libcrypto as well as openssl-1.1.x and neither supports the
> OSSL_PARAM_BLD API (neither does BoringSSL, though our support for that
> I'd describe as "best effort").
>
> If this changes we can look again.
Yes, we understand and respect your choice.
Would it be acceptable in any form being wrapped in necessary #ifdefs ?
--
Dmitry Belyavskiy
2023 Apr 18
3
FIPS compliance efforts in Fedora and RHEL
Hi OpenSSH mailing list,
I would like to announce the newly introduced patch in Fedora rawhide [0]
for
FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
version.
The patch targets OpenSSL support of OpenSSH, specifically the usage of
old low level API. The new OpenSSL version 3.0 introduces a FIPS
module (going through FIPS 140-2 validation and to be FIPS 140-3