similar to: [FIPS] FIPS_selftest failing in Centos 7

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

Does anyone knows why in some OpenSSH patches for FIPS we have something like: SSLeay_add_all_algorithms(); if (FIPS_mode() && !FIPSCHECK_verify(NULL, NULL)) { fprintf(stderr, "FIPS integrity verification test failed.\n"); exit(3); } This block of code is always in main() soon after starting service/client. Why are they

The patch to enable FIPS mode for openssh 6.0p1 missed two instances of the ssh client trying to use MD5. It causes pubkey-based authentication to fail in FIPS mode. I have copied the missing changes from auth2-pubkey.c into sshconnect2.c. Here is a patch: diff -cr openssh-6.0p1/sshconnect2.c openssh-6.0p1-patched/sshconnect2.c *** openssh-6.0p1/sshconnect2.c Sun May 29 07:42:34 2011 ---

I am trying to install dotnet20 in 0.9.58 with sh winetricks dotnet20 It hangs after extracting a file with sh winetricks dotnet20 Using system libcrypto, version 90709F DLSYM: Failed to resolve FIPS_mode_set: 127 DLSYM: Failed to resolve FIPS_mode: 127 DLSYM: Failed to resolve SHA256: 127 DLSYM: Failed to resolve SHA512: 127 DLSYM: Failed to resolve EVP_sha224: 127 DLSYM: Failed to

Hello, I am using the latest Tinc 1.1 from git (tinc version 1.1pre14-17-g2784a17 (built Jul 14 2016 14:18:09, protocol 17.7) on a CentOS 7.2 64bit with both test servers set it FIPS mode (cat /proc/sys/crypto/fips_enabled to verify or add fips=1 to your grub2 command line ). We need our test servers running in FIPS mode due to a minimum requirement for our project. OpenSSL in CentOS/RHEL has

http://bugzilla.mindrot.org/show_bug.cgi?id=186 Summary: Build failure against openssl-0.9.5a Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

Hi, I've encrypted some database dumps with openssl bf -d -in dumpfile.bf -out dumpfile -k mykey bad decrypt 14142:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:325: The weird thing is if I do the same with smaller files it can decrypt with no problem. I use openssl-0.9.8e-12.el5 on Centos 5.4. Please could you tell me what I am doing wrong? Thanks in

Thanks Roumen. >Lets assume that application use OpenSSL FIPS validated module. FIPS mode is activated in openssl command if environment variable OPENSSL_FIPS is set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode. Did you mean the FIPS patched OpenSSH server and client (such as ssh-keygen) always

Greetings. (Third try at sending this, the first two seemed to disappear without a trace. Perhaps use of MS Outlook was the problem, even though in plain text...? Or attachment too big (22Kb)? Would like to know...) The final source code and documentation package for a FIPS 140 validated mode of OpenSSL was recently submitted. Once the final certification is awarded by NIST, in a month or

https://bugzilla.mindrot.org/show_bug.cgi?id=1197 halsteaw at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |halsteaw at yahoo.com --- Comment #1 from halsteaw at yahoo.com 2010-01-22 03:35:09 EST --- Patches were provided in the mailing list

https://bugzilla.mindrot.org/show_bug.cgi?id=1991 Bug #: 1991 Summary: openssl version checking needs updating Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous