[ssh_x509] PKIX-SSH release 8.9

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Mar 10 23:36:55 EET 2016


Hi Roumen ,                   
                Thanks a-lot for the detailed clarification. Thanks,
Regards,Mofassir 

    On Monday, 8 February 2016 5:24 PM, "ssh_x509 at roumenpetrov.info" <ssh_x509 at roumenpetrov.info> wrote:
 

 Hi Roumen ,                   Thanks a-lot for the detailed clarification. Thanks,Regards,Mofassir
 

    On Saturday, 6 February 2016 10:48 PM, "ssh_x509 at roumenpetrov.info" <ssh_x509 at roumenpetrov.info> wrote:
 

 Hello,
ssh_x509 at roumenpetrov.info wrote:
> Hi Roumen ,                I have a question about running OpenSSH under OpenSSL build with FIPS module. When OpenSSH is build to run under OpenSSL then does OpenSSH starts using OpenSSL's  DRNG / RNG or do I need to make changes in code to ensure that OpenSSH uses OpenSSL DRNG / RNG ?  Thanks,
> Regards,
> -Mofassir

Method FIPS_mode_set always assign "FIPS random method"(SP800-90 DRBG) 
if argument is true, i.e. switch cryptographic module in FIPS mode.
PKIX-SSH calls FIPS_mode_set in all SSH binaries during openssl 
initialization. Initialization is performed before other operations.  
SSH code does not try to change RAND method.
So call of FIPS_mode_set shoudl be sufficient.


Roumen


_______________________________________________
ssh_x509 mailing list
ssh_x509 at roumenpetrov.info
http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info


  
_______________________________________________
ssh_x509 mailing list
ssh_x509 at roumenpetrov.info
http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info


  


More information about the ssh_x509 mailing list