[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libssh FIPS support

Subject: Re: libssh FIPS support
From: Jakub Jelen <jjelen@xxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Mon, 11 May 2020 09:37:03 +0200
To: libssh@xxxxxxxxxx

On Fri, 2020-05-08 at 16:33 +0530, jijo thomas wrote:
> Hi,
> 
> 1) Is the libssh 0.9.4 FIPS compliance valid if I use libssh +
> openssl?

FIPS is more complicated than saying that particular version is or is
not FIPS compliant. Libssh 0.9.4 has all the bits to be FIPS compliant
if it is built and used against openssl FIPS module with openssh KDF
[1] (for example as part of RHEL8). In these conditions, libssh does
not do any restricted cryptographic operations.

[1] https://github.com/openssl/openssl/pull/7290

Regards,
-- 
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.

Follow-Ups:
Re: libssh FIPS support	jijo thomas <jijo7thomas@xxxxxxxxx>

References:
libssh FIPS support	jijo thomas <jijo7thomas@xxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org