security veteran wrote:
Thanks Roumen.
Openssl os open source. The method FIPS_mode_set will call
FIPS_module_mode_set (located in FIPS module) . Please see its code.
You may review code of apps/openssl.c.
I meant, did your OpenSSH patch actually invoke these functions (FIPS_mode_set
and FIPS_selftest)? If that's the case, when were these functions invoked?
e.g. for client application such as ssh-keygen does it always call these
functions first?
Yes - see code of method ssh_OpenSSL_startup .
$ grep -lw ssh_OpenSSL_startup *.c
ssh-add.c
ssh-agent.c
ssh.c
sshd.c
ssh-keygen.c
ssh-keysign.c
Roumen
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev