[ssh_x509] pkix-ssh release 8.1

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Tue Sep 30 00:33:35 EEST 2014


Thanks Roumen,

When you will deliver SSH with SmartCard ?

Rgeards,
Mudassir

On Tue, Sep 30, 2014 at 1:49 AM, <ssh_x509 at roumenpetrov.info> wrote:

> Hello All,
>
> I would like to announce availability of PKIX-SSH release 8.1. This
> version correct and enhance support of crypto library in FIPS mode.
>
> Main updates:
> - remove EVP_dss1raw as does not work with OpenSSL 1.0.2 in FIPS mode
>     OpenSSL 1.0.2 does not export any more FIPS EVP structures. This
> impact custom implemenation of EVP_dss1 with signature encoding according
> SSH norms. In version 8.1 EVP_MD struture dss1raw is replaced with wraper
> for OpenSSL methods EVP_SignFinal and EVP_VerifyFinal that recode signature
> according SSH norms.
>
> - support fipscheck library
>     Red Hat-and Red Hat based distribution like CentOS use own FIPS
> validated OpenSSL implementation and own process for verification if FIPS
> mode based of fipscheck library.
>
> - restore arc4random in FIPS mode
>     Unfortunately replacement of of RC4 based arc4random* functions in
> version 7.8 based on OpenSSH 6.5p1 does not follow previous rules.
> Regression is corrected in this version 8.1 based on OpenSSH 6.5p1.
>
> - ssh-keysign avoid dependency from "X.509 store" objects
>     Now dependencies of ssh-keysign to external libraries are minimized.
>
> - search know host file by key subtype
>     Search for host keys in know host file is enhanced to take into
> account curve used for EC keys.
>
>
> Regards,
> Roumen Petrov
>
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>



More information about the ssh_x509 mailing list