About the OpenSSL V3 APIs to support FIPS mode
Dmitry Belyavskiy
dbelyavs at redhat.com
Tue Jun 17 17:59:33 AEST 2025
Dear Joel,
We (Red Hat) have proposed this approach and several patches. They were
partially integrated upstream, but to a limited extent.
I understand upstream reasons to not integrate these patches fully but it's
a pain.
On Tue, Jun 17, 2025 at 9:54 AM Joel GUITTET via openssh-unix-dev <
openssh-unix-dev at mindrot.org> wrote:
> Hello,
>
> We are working on a project with OpenSSH built-in with Yocto and we need
> to set FIPS mode on the target. This mainly means OpenSSL V3 APIs. We would
> like to propose a patch to the community so that the support is integrated
> in the mainline OpenSSH source code. Limitation could be we are not able to
> provide full patch but only a partial one depending of the feature we built
> in the project (sshd, sftp).
>
> Could it be interesting by the way? Is there such initiative somewhere
> that we can join to help? If we submit such patch what will be the response
> of OpenSSH project? Useful or not? What is migration status to OpenSSL V3
> APIs, if such status exists?
>
> Thanks for the feedback.
> Joel
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
--
Dmitry Belyavskiy
More information about the openssh-unix-dev
mailing list