[Bug 2995] Use SSH KDF from OpenSSL

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Oct 24 00:21:26 AEDT 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=2995

Francois <flamoureux at rsa.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |flamoureux at rsa.com

--- Comment #2 from Francois <flamoureux at rsa.com> ---
One big advantage to having the option to offload SSH KDF to OpenSSL is
potential easier FIPS compliance.

Assuming OpenSSL goes through FIPS validation where its SSH KDF
implementation is FIPS validated, then if OpenSSH was to offloads its
KDF to OpenSSL one could claim "FIPS Inside" for OpenSSH.

As of today this is not possible because key derivation is done by
OpenSSH, not by OpenSSL.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list