similar to: [Bug 1197] Enhancement request to enable fips compatibility mode in OpenSSH

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

https://bugzilla.mindrot.org/show_bug.cgi?id=1197 kpimm at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kpimm at yahoo.com --- Comment #7 from kpimm at yahoo.com --- I'm having likely the same problem as halsteaw. Can someone please

Greetings. (Third try at sending this, the first two seemed to disappear without a trace. Perhaps use of MS Outlook was the problem, even though in plain text...? Or attachment too big (22Kb)? Would like to know...) The final source code and documentation package for a FIPS 140 validated mode of OpenSSL was recently submitted. Once the final certification is awarded by NIST, in a month or

Thanks Roumen. >Lets assume that application use OpenSSL FIPS validated module. FIPS mode is activated in openssl command if environment variable OPENSSL_FIPS is set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode. Did you mean the FIPS patched OpenSSH server and client (such as ssh-keygen) always

Thanks Roumen. I have few more questions below: 1. What version of OpenSSH can the patch be applied to? What branch should I check out the patch? 2. >Impact is not only for source code. Build process has to be updated as well. Red Hat is based on "fipscheck". What build process should be changed? What is fipscheck? 3. My understanding any application (such as OpenSSH) which need

https://bugzilla.mindrot.org/show_bug.cgi?id=3599 Bug ID: 3599 Summary: How to scan for keys when sshd server has fips enabled? Product: Portable OpenSSH Version: 9.3p2 Hardware: All OS: Linux Status: NEW Severity: critical Priority: P5 Component: ssh-keyscan

http://bugzilla.mindrot.org/show_bug.cgi?id=1197 Summary: Enhancement request to enable fips compatibility mode in OpenSSH Product: Portable OpenSSH Version: 4.3p2 Platform: All URL: http://csrc.nist.gov/cryptval/140-1/140sp/140sp642.pdf http://www.openssl.org/docs/fips/UserGuide-1.0.pdf

https://bugzilla.mindrot.org/show_bug.cgi?id=1197 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #8 from Darren Tucker <dtucker at zip.com.au> --- You're pretty much

Hi OpenSSh Developer, Currently, I can make openssh-5.0p1 working in FIPS mode. The detail steps I did are as follows. 1) Build FIPS OpenSSL according to FIPS User Guide(http://www.openssl.org/docs/fips/) on HP-UX PA 11.23 box. FIPS object module is generated by compiling openssl-fips-1.1.2. FIPS OpenSSL is built by openssl-0.9.7m, which is passed fips option for Configure step. 2) Modify

My office is working with government contracts, and it appears that they are wanting FIPS enabled OpenSSL and OpenSSH is coming in the next year. We have been able to compile OpenSSL to create the container, but all the diffs to enable FIPS 140-2 in OpenSSH are for 5.3p1. Will the diffs from: https://bugzilla.mindrot.org/attachment.cgi?id=1789&action=edit build in 5.4p1 will a little

https://bugzilla.netfilter.org/show_bug.cgi?id=1197 Bug ID: 1197 Summary: 255.255.255.255 is transformed into 255.255.255.255-255.255.255.255 Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft

CentOS Errata and Security Advisory 2015:1197 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1197.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 8b8c609255b3fc78e8a8227dfcf456fc6fad6ee44402b00741d66eb7a7c91b02 openssl-0.9.8e-36.el5_11.i386.rpm

CentOS Errata and Security Advisory 2015:1197 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1197.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 8b8c609255b3fc78e8a8227dfcf456fc6fad6ee44402b00741d66eb7a7c91b02 openssl-0.9.8e-36.el5_11.i386.rpm

Full_Name: Allan McRae Version: 1.6.0 OS: Win 2000 P Submission from: (NULL) (129.215.190.229) When using predict.Arima in library ts(), it appears differencing is only accounted for in the first step of prediction and so any trend is not apparent in the predictions. The example shows the difference between the predictions of an arima(1,1,1) model and the backtransformed predictions of an

The patch to enable FIPS mode for openssh 6.0p1 missed two instances of the ssh client trying to use MD5. It causes pubkey-based authentication to fail in FIPS mode. I have copied the missing changes from auth2-pubkey.c into sshconnect2.c. Here is a patch: diff -cr openssh-6.0p1/sshconnect2.c openssh-6.0p1-patched/sshconnect2.c *** openssh-6.0p1/sshconnect2.c Sun May 29 07:42:34 2011 ---

Hi All, Our requirement is to have OpenSSH with FIPS 140-2 support deployed on RHEL 4.8 (going to RHEL 5 is not an option as of now). From the mailing list I have found that FIPS patches are available for openssh 3.8p1, but that is older than the openssh version (3.9 p1) that is bundled with RHEL 4.8. FIPS support seems to be available on 5.3p1, however I am not sure whether that can be built

Greetings, As those working in the government sector (US and Canada) already know, compliance with FIPS 140-2 is a significant issue. While there are a few patches out there that add support for FIPS mode to OpenSSH, it is not currently in the mainstream. With the recent validation of the 1.2 version of the OpenSSL FIPS cryptographic object module, is there any chance that support could be added

https://bugzilla.mindrot.org/show_bug.cgi?id=1701 Summary: FIPS-140-2 requires call to RAND_cleanup() before the program using RAND exits Product: Portable OpenSSH Version: 5.3p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous

Hello all! I have a problem to group my data (years) in 10 years classes. For example for year year decade 1598 1590-1600 1599 1590-1600 1600 1590-1600 1601 1600-1610 --- my is like this> [1] 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 [16] 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 [31] 1628 1629 1630 1631 1632 1633

FYI I believe applying this openssl update may result in breaking SSL MySQL connections similar to RHEL/CentOS 6 - https://bugzilla.redhat.com/show_bug.cgi?id=1228755 I opened a bug report for RHEL5/CentOS 5 weeks ago - https://bugzilla.redhat.com/show_bug.cgi?id=1231960. However, it hasn't gained any attention. --Blake Johnny Hughes wrote on 7/2/2015 7:10 AM: > CentOS Errata and