similar to: Patch for FIPS 140 mode - take 3

Displaying 20 results from an estimated 2000 matches similar to: "Patch for FIPS 140 mode - take 3"

2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen. >Lets assume that application use OpenSSL FIPS validated module. FIPS mode is activated in openssl command if environment variable OPENSSL_FIPS is set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode. Did you mean the FIPS patched OpenSSH server and client (such as ssh-keygen) always
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen. I have few more questions below: 1. What version of OpenSSH can the patch be applied to? What branch should I check out the patch? 2. >Impact is not only for source code. Build process has to be updated as well. Red Hat is based on "fipscheck". What build process should be changed? What is fipscheck? 3. My understanding any application (such as OpenSSH) which need
2010 Jan 21
7
[Bug 1197] Enhancement request to enable fips compatibility mode in OpenSSH
https://bugzilla.mindrot.org/show_bug.cgi?id=1197 halsteaw at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |halsteaw at yahoo.com --- Comment #1 from halsteaw at yahoo.com 2010-01-22 03:35:09 EST --- Patches were provided in the mailing list
2018 Mar 16
3
using sshd in fips mode
Hi, We would like to use openssh in fips mode. It looks it is not provided as a configurable option through sshd_config, Are there plans to do incorporate such change. Do we have to change openssh code for now until the option is provided. If sshd is operating in fipsmode, does it provide additional errors/audits to indicate failures such as pair wise consistency failed during on of the sshd
2012 Aug 29
1
second FIPS patch for openssh 6.0p1, fix pubkey
The patch to enable FIPS mode for openssh 6.0p1 missed two instances of the ssh client trying to use MD5. It causes pubkey-based authentication to fail in FIPS mode. I have copied the missing changes from auth2-pubkey.c into sshconnect2.c. Here is a patch: diff -cr openssh-6.0p1/sshconnect2.c openssh-6.0p1-patched/sshconnect2.c *** openssh-6.0p1/sshconnect2.c Sun May 29 07:42:34 2011 ---
2013 Oct 10
3
FIPS 140-2 patch for openssh 6.3.p1
Hi, Is FIPS 140-2 patch for openssh 6.3.p1 available somewhere or do I have to make one using http://www.openssl.com/export/openssh/openssh-6.0p1.fips-revised.patch ? Regards, Manish
2014 Feb 17
1
[ DRAFT PATCH ] - FIPS 140-2 patch for OpenSSH 6.5p1
Hi, Here is FIPS 140-2 patch for OpenSSH 6.5p1. Since our expertise in OpenSSH code is limited, request moderators to validate this patch and update as required. Regards, Manish Jagtap
2011 Aug 03
0
OpenSSH and FIPS 140-2
Does anyone knows why in some OpenSSH patches for FIPS we have something like: SSLeay_add_all_algorithms(); if (FIPS_mode() && !FIPSCHECK_verify(NULL, NULL)) { fprintf(stderr, "FIPS integrity verification test failed.\n"); exit(3); } This block of code is always in main() soon after starting service/client. Why are they
2015 Dec 04
6
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Hi All: I tried to rebuild openssl with the FIPS modules, and then install the new openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box. After that I noticed it seemed to break OpenSSH: I couldn't login to the box using ssh, and couldn't run the client command like ssh-keygen either. My questions are: 1. Does OpenSSH support FIPS mode? 2. Or does OpenSSH support with
2011 Jun 28
3
FIPS 140-2 compliance
I''ve just posted a feature request <http://projects.puppetlabs.com/issues/8120> relating to FIPS 140-2 compliance. I''m pointing to it here on the mailing list because I listed there five places where Puppet (nay, Ruby!) crashed while I was testing a deployment using FIPS mode on all hosts. It crashed because it tried to use MD5, and OpenSSL in FIPS mode doesn''t let
2015 Dec 04
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Jakub. How does this patch match the OpenSSH source version? Does the patch only applicable to OpenSSH version 6.6.1, or does other version available as well? Thanks. On Fri, Dec 4, 2015 at 4:26 AM, Jakub Jelen <jjelen at redhat.com> wrote: > > On 12/04/2015 03:26 AM, security veteran wrote: > >> 3. Is there a way to re-compile OpenSSH by turning on/off some flags
2010 Mar 15
1
5.4p1 and FIPS 140-2
My office is working with government contracts, and it appears that they are wanting FIPS enabled OpenSSL and OpenSSH is coming in the next year. We have been able to compile OpenSSL to create the container, but all the diffs to enable FIPS 140-2 in OpenSSH are for 5.3p1. Will the diffs from: https://bugzilla.mindrot.org/attachment.cgi?id=1789&action=edit build in 5.4p1 will a little
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
On 12/04/2015 10:02 PM, security veteran wrote: > Hi Jakub, > > Another question I have is, are there any changes in this patch RedHat > Linux distribution specific? The reason I ask is, if I port the changes to > other Linux distribution like Debian or Ubuntu, do you see any issues? I don't think there is something distro-specific. Distro specific parts are handled in other
2005 Feb 18
0
OpenSSH and OpenSSL 0.9.7.e with FIPS
Michael Selvesteen wrote: >I use OpenSSH 3.9 on HP-UX 11vi. I compiled OpenSSL 0.9.7e by enabling >FIPS. I found in the FIPS document that OpenSSL now contains the >FIPS 140 specific cryptographic API and algorithm implementations >only; i.e. the API for low level algorithms (RSA, AES, 3DES, DSA, >SHA-1). Does it have any functional impacts on SSH. > >Will all the
2016 Apr 20
1
Use multiple cores on Linux
I am trying to run the following code in R on a Linux cluster. I would like to use the full processing power (specifying cores/nodes/memory). The code essentially runs predictions based on a GAM regression and saves the results as a CSV file for multiple sets of data (here I only show two). Is it possible to run this code using HPC packages such as Rmpi/snow/doParallel? Thank you!
2016 Jul 20
1
Tinc and FIPS mode fails to connect.
Hello, I am using the latest Tinc 1.1 from git (tinc version 1.1pre14-17-g2784a17 (built Jul 14 2016 14:18:09, protocol 17.7) on a CentOS 7.2 64bit with both test servers set it FIPS mode (cat /proc/sys/crypto/fips_enabled to verify or add fips=1 to your grub2 command line ). We need our test servers running in FIPS mode due to a minimum requirement for our project. OpenSSL in CentOS/RHEL has
2023 Mar 10
2
OpenSSH FIPS support
On Fri, Mar 10, 2023 at 10:27?AM Joel GUITTET <jguittet.opensource at witekio.com> wrote: > We currently work on a project that require SSH server with FIPS and > using OpenSSL v3. Gently: this is meaningless. You probably mean one of the following: 1. The SSH server implementation is required to use only cryptographic algorithms that are FIPS-approved. 2. The SSH server
2008 Jun 12
2
FIPS mode OpenSSH suggestion
Hi OpenSSH team, I find a url http://www.gossamer-threads.com/lists/openssh/dev/42808?do=post_view_threaded#42808, which provides unofficial patch for FIPS Capable OpenSSH. I try it and it seems working for some cases. (BTW, I also find that aes128-ctr, aes192-ctr and aes256-ctr ciphers can't work in FIPS mode properly. The fips mode sshd debug info is as following.
2002 Sep 27
2
FIPS 140-2 certification
Hello everyone! I work for a company that uses OpenSSH to remotely support systems we've sold. Since some of our clients are US Dept. of Defense hospitals, our access to these servers needs to comply with a whole range of requirements and standards. At this point it's looking like the SSH daemon needs to be FIPS 140-2 compliant, and the only package that is certified is F-Secure.