Re: OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



security veteran wrote:
Thanks Roumen.

Openssl os open source. The method FIPS_mode_set will call
FIPS_module_mode_set (located in FIPS module) . Please see its code.
You may review code of apps/openssl.c.

I meant, did your OpenSSH patch actually invoke these functions (FIPS_mode_set
and FIPS_selftest)? If that's the case, when were these functions invoked?
e.g. for client application such as ssh-keygen does it always call these
functions first?
Yes - see code of method ssh_OpenSSL_startup .
$ grep  -lw ssh_OpenSSL_startup *.c
ssh-add.c
ssh-agent.c
ssh.c
sshd.c
ssh-keygen.c
ssh-keysign.c

Roumen
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux