[ssh_x509] OpenSSH Running Under OpenSSL Build with FIPS Module

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon Feb 8 06:24:11 EET 2016

Hi Roumen ,                   Thanks a-lot for the detailed clarification. Thanks,Regards,Mofassir

    On Saturday, 6 February 2016 10:48 PM, "ssh_x509 at roumenpetrov.info" <ssh_x509 at roumenpetrov.info> wrote:

ssh_x509 at roumenpetrov.info wrote:
> Hi Roumen ,                I have a question about running OpenSSH under OpenSSL build with FIPS module. When OpenSSH is build to run under OpenSSL then does OpenSSH starts using OpenSSL's  DRNG / RNG or do I need to make changes in code to ensure that OpenSSH uses OpenSSL DRNG / RNG ?  Thanks,
> Regards,
> -Mofassir

Method FIPS_mode_set always assign "FIPS random method"(SP800-90 DRBG) 
if argument is true, i.e. switch cryptographic module in FIPS mode.
PKIX-SSH calls FIPS_mode_set in all SSH binaries during openssl 
initialization. Initialization is performed before other operations.  
SSH code does not try to change RAND method.
So call of FIPS_mode_set shoudl be sufficient.


ssh_x509 mailing list
ssh_x509 at roumenpetrov.info


More information about the ssh_x509 mailing list