FIPS 140-2 patch for openssh 6.3.p1
Joseph, Binny Kallarackal (MCOU)
binny.joseph at hp.com
Fri Oct 25 00:12:17 EST 2013
Hi,
As per the FIPS patch http://www.openssl.com/export/openssh/openssh-6.0p1.fips-revised.patch
, the cipher_set_key_string() in cipher.c replaces MD5 calls with EVP_Digest() as given below:
"if (EVP_Digest(passphrase, strlen(passphrase), digest, NULL, EVP_md5(), NULL) <= 0)"
Since OpenSSL does not support EVP_md5() in FIPS mode, should this be replaced with EVP_sha1() or another FIPS compliant call inside the above EVP_Digest() ?
Thanks and Regards,
Binny.
More information about the openssh-unix-dev
mailing list