Re: FIPS Compliance.
2014-07-30 10:46:12 GMT
On Tuesday, July 29, 2014 02:48:58 john gloster wrote: > Hi, > > From http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=9f6fd5a > > Did you mean that the following are not FIPS compliant? > > · EVP_aes_256_cbc > > · EVP_aes_192_cbc > > · EVP_aes_128_cbc I think the problem was that OpenSSL did not like that libssh2 implemented the CTR cipher mode on its own when FIPS mode was enabled. When I switched libssh2 back to use the OpenSSL-provided implementation of those ciphers, it started to work (after fixing the surrounding code to use correct block sizes via commit 5d567fa). Kamil > On Fri, Jul 25, 2014 at 1:59 PM, Kamil Dudka <kdudka <at> redhat.com> wrote: > > On Friday, July 25, 2014 10:08:02 Bert Huijben wrote: > > > If I remember correctly there is a compile time flag for libssh2 to > > > > enable a > > > > > strict fips mode. > > > > I do not think so. Did not you mean a compile time flag for OpenSSL?(Continue reading)