Displaying 20 results from an estimated 400 matches similar to: "[ DRAFT PATCH ] - FIPS 140-2 patch for OpenSSH 6.5p1"
2013 Oct 10
3
FIPS 140-2 patch for openssh 6.3.p1
Hi,
Is FIPS 140-2 patch for openssh 6.3.p1 available somewhere or do I have to
make one using
http://www.openssl.com/export/openssh/openssh-6.0p1.fips-revised.patch ?
Regards,
Manish
2014 Feb 17
0
[Bug 2202] New: [ DRAFT PATCH ] - FIPS 140-2 patch for OpenSSH 6.5p1
https://bugzilla.mindrot.org/show_bug.cgi?id=2202
Bug ID: 2202
Summary: [ DRAFT PATCH ] - FIPS 140-2 patch for OpenSSH 6.5p1
Product: Portable OpenSSH
Version: 6.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Miscellaneous
Assignee:
2005 Feb 18
0
OpenSSH and OpenSSL 0.9.7.e with FIPS
Michael Selvesteen wrote:
>I use OpenSSH 3.9 on HP-UX 11vi. I compiled OpenSSL 0.9.7e by enabling
>FIPS. I found in the FIPS document that OpenSSL now contains the
>FIPS 140 specific cryptographic API and algorithm implementations
>only; i.e. the API for low level algorithms (RSA, AES, 3DES, DSA,
>SHA-1). Does it have any functional impacts on SSH.
>
>Will all the
2004 Jun 04
2
Patch for FIPS 140 mode - take 3
Greetings.
(Third try at sending this, the first two seemed to disappear without a
trace.
Perhaps use of MS Outlook was the problem, even though in plain text...? Or
attachment too big (22Kb)? Would like to know...)
The final source code and documentation package for a FIPS 140 validated
mode
of OpenSSL was recently submitted. Once the final certification is
awarded by
NIST, in a month or
2013 Oct 31
0
Older ssh clients can't connect to sshd (6.3p1) built using FIPS object module 2.0.5
Hi,
ssh server: OpenSSH_6.3-FIPS, OpenSSL FIPS Object Module v2.0.5
ssh client: OpenSSH_5.3p1, OpenSSL FIPS Object Module v1.2
We have built and installed FIPS object module (v2.0.5) using
http://www.openssl.org/source/openssl-fips-2.0.5.tar.gz
Using this FIPS object module, we have build FIPS capable openssl as well.
Note that we have "not" used ecp version (with binary curve
2000 Jul 06
2
2.1.1p2 HP-UX 11 timing error
FYI in order to get 2.1.1p2 to work on my HP-UX 11.0 systems I had to patch
atomicio.c for EWOULDBLOCK (HP read() does not give the POSIX return code).
The new atomicio() is a clean fix for this timing problem; all it needs now
is this one little tweak.
Also had the "General Commercial Security" error (PAM_TERM_ERROR from
pam_acct_mgmt()) which I have very crudely addressed for now by
2004 Aug 06
2
[ANNOUNCE] PocketPC Port for speex-1.1.5 with sample code
Hi Jean-Marc,
Based on the wonderful Speex project, I've created SpeexOutLoud, essentially a Speex codec port for Windows Mobile 2003 devices.
I've included a sample project intended to show the usage of SpeexOutLoud codec in a Pocket PC application based on .NET Compact Framework.
I'd request you to please go through the attached build, and include it as a contribution to the
2013 Nov 29
2
nsd 4.0 EAGAIN loop in sendmmsg(2)
On NetBSD 6.99.28-CURRENT, nsd 3.2.16 works fine, however nsd 4.0.0 is
spinning chewing CPU. The logs show:
Nov 28 23:07:00 xxx nsd[466]: sendmmsg failed: Resource temporarily
unavailable
ktruss shows it getting EAGAIN from sendmmsg(2) over and over again.
According to the man page:
[EAGAIN|EWOULDBLOCK]
The socket is marked non-blocking and the requested
2011 May 18
3
XCP jumbo frames in vm
Hello all,
Not sure if I am completely missing something but here goes. I have
XCP 1.0 running without any issues. I have the mtu set on both the
storage network, the corresponding PIF, and the VIF to 9000 and when
displayed in ifconfig it shows that this is indeed true. I have
several CentOs 5.6 VMs running in HVM mode (i.e. no xen kernel) which
attach to the the storage network through these
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
On 12/04/2015 10:02 PM, security veteran wrote:
> Hi Jakub,
>
> Another question I have is, are there any changes in this patch RedHat
> Linux distribution specific? The reason I ask is, if I port the changes to
> other Linux distribution like Debian or Ubuntu, do you see any issues?
I don't think there is something distro-specific. Distro specific parts
are handled in other
2015 Dec 04
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Jakub.
How does this patch match the OpenSSH source version? Does the patch only
applicable to OpenSSH version 6.6.1, or does other version available as
well?
Thanks.
On Fri, Dec 4, 2015 at 4:26 AM, Jakub Jelen <jjelen at redhat.com> wrote:
>
> On 12/04/2015 03:26 AM, security veteran wrote:
>
>> 3. Is there a way to re-compile OpenSSH by turning on/off some flags
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
>Lets assume that application use OpenSSL FIPS validated module. FIPS mode
is activated in openssl command if environment variable OPENSSL_FIPS is
set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS
mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode.
Did you mean the FIPS patched OpenSSH server and client (such as
ssh-keygen) always
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
I have few more questions below:
1. What version of OpenSSH can the patch be applied to? What branch should
I check out the patch?
2.
>Impact is not only for source code. Build process has to be updated as
well. Red Hat is based on "fipscheck".
What build process should be changed? What is fipscheck?
3. My understanding any application (such as OpenSSH) which need
2010 May 27
33
Xen 4.0 - Support for Citrix WHQL-certified Windows PV drivers
Hi,
recently Ive installed Windows 2008 x64 HVM domain on Xen 4.0.
On xen wiki is info:
Support for Citrix WHQL-certified Windows PV drivers, included in XCP
(Xen Cloud Platform). Xen Cloud Platform:
So I installed them on Windows 2008 x64 domain and its not able to boot anymore:
File: \windows\system32\Drivers\xevtchn.sys
Status: 0xc0000428
Info: Windows cannot verify the digital
2010 May 27
33
Xen 4.0 - Support for Citrix WHQL-certified Windows PV drivers
Hi,
recently Ive installed Windows 2008 x64 HVM domain on Xen 4.0.
On xen wiki is info:
Support for Citrix WHQL-certified Windows PV drivers, included in XCP
(Xen Cloud Platform). Xen Cloud Platform:
So I installed them on Windows 2008 x64 domain and its not able to boot anymore:
File: \windows\system32\Drivers\xevtchn.sys
Status: 0xc0000428
Info: Windows cannot verify the digital
2008 Jun 03
0
FIPS 140-2 OpenSSL(2007) patches
Hi Oren,
I'd VERY MUCH appreciate if you could send me a unified patch file for
openssh with fips.
In the meanwhile I'll try to work with the ones you posted.
BTW, I'm CentOS-5.1 based. My native openssh is 4.3p2. Do you think
your patch may be valid for that baseline as well? Could you make one?
I know this is a lot to ask for. Are there any other alternatives?
Many
2010 Mar 15
1
5.4p1 and FIPS 140-2
My office is working with government contracts, and it appears that they
are wanting FIPS enabled OpenSSL and OpenSSH is coming in the next year.
We have been able to compile OpenSSL to create the container, but all
the diffs to enable FIPS 140-2 in OpenSSH are for 5.3p1. Will the diffs
from:
https://bugzilla.mindrot.org/attachment.cgi?id=1789&action=edit
build in 5.4p1 will a little
2011 Aug 03
0
OpenSSH and FIPS 140-2
Does anyone knows why in some OpenSSH patches for FIPS we have something like:
SSLeay_add_all_algorithms();
if (FIPS_mode() && !FIPSCHECK_verify(NULL, NULL)) {
fprintf(stderr,
"FIPS integrity verification test failed.\n");
exit(3);
}
This block of code is always in main() soon after starting
service/client. Why are they
2002 Sep 27
2
FIPS 140-2 certification
Hello everyone!
I work for a company that uses OpenSSH to remotely support systems we've
sold. Since some of our clients are US Dept. of Defense hospitals, our
access to these servers needs to comply with a whole range of
requirements and standards. At this point it's looking like the SSH
daemon needs to be FIPS 140-2 compliant, and the only package that is
certified is F-Secure.
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi,
I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with
FIPS 140-2 OpenSSL.
These are based on previously reported patches by Steve Marquess
<marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>,
for ver. OpenSSH 3.8.
Note that these patches are NOT OFFICIAL, and MAY be used freely by
anyone.
Issues [partially] handled:
SSL FIPS Self test.
RC4,