Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Dev

OpenSSH and FIPS 140-2

 

 

OpenSSH dev RSS feed   Index | Next | Previous | View Threaded


christian.perone at gmail

Aug 3, 2011, 9:31 AM

Post #1 of 1 (617 views)
Permalink
OpenSSH and FIPS 140-2

Does anyone knows why in some OpenSSH patches for FIPS we have something like:

SSLeay_add_all_algorithms();
if (FIPS_mode() && !FIPSCHECK_verify(NULL, NULL)) {
fprintf(stderr,
"FIPS integrity verification test failed.\n");
exit(3);
}

This block of code is always in main() soon after starting
service/client. Why are they checking FIPS_mode() if the
FIPS_mode_set() wasn't even called before that ? The
SSLeay_add_all_algorithms() is supposed call FIPS_mode_set() ?
Another question I have is why are they using FIPSCHECK_verify() from
libfipscheck if the FIPS_mode_set() already check the incore
fingerprint when called. Is this another requirement from FIPS 140-2 ?

Great thanks !
--
"Forgive, O Lord, my little jokes on Thee, and I'll forgive Thy great
big joke on me."
http://pyevolve.sourceforge.net/wordpress/
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

OpenSSH dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.