[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libssh FIPS support


Latest available openssl FIPS module is 2.0.16 which is compatible with
openssl 1.0.2
But libssh 0.9.4 require openssl 1.1.1

I don't think openssl 1.1.1g could be compiled with openssl-fips-2.0.16 (at
least I was not able to do that)

What am I missing here, to compile libssh with FIPS support in windows?

--
Jijo

On Mon, May 11, 2020 at 1:07 PM Jakub Jelen <jjelen@xxxxxxxxxx> wrote:

> On Fri, 2020-05-08 at 16:33 +0530, jijo thomas wrote:
> > Hi,
> >
> > 1) Is the libssh 0.9.4 FIPS compliance valid if I use libssh +
> > openssl?
>
> FIPS is more complicated than saying that particular version is or is
> not FIPS compliant. Libssh 0.9.4 has all the bits to be FIPS compliant
> if it is built and used against openssl FIPS module with openssh KDF
> [1] (for example as part of RHEL8). In these conditions, libssh does
> not do any restricted cryptographic operations.
>
> [1] https://github.com/openssl/openssl/pull/7290
>
> Regards,
> --
> Jakub Jelen
> Senior Software Engineer
> Security Technologies
> Red Hat, Inc.
>
>
>

Follow-Ups:
Re: libssh FIPS supportAnderson Sasaki <ansasaki@xxxxxxxxxx>
References:
libssh FIPS supportjijo thomas <jijo7thomas@xxxxxxxxx>
Re: libssh FIPS supportJakub Jelen <jjelen@xxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org