On Friday, 31 December 2021 14:54:49 CET Daniel Stenberg wrote: > On Fri, 31 Dec 2021, Andreas Schneider wrote: > > * Use only crypto from a FIPS certified library (e.g. OpenSSL). > > > > libssh2 doesn't do that yet. > > When libssh2 uses OpenSSL for crypto, what else does libssh2 use for crypto > then that makes it not adhere?
You need to use *all* security relevant functionality from a fips certified security module or you're not FIPS compliant. Example: https://www.openssl.org/docs/manmaster/man3/DH_get0_p.html > > * Zero sensitive data before freeing it > > I don't think that's a FIPS requirement? I was just trying to help. Better read it yourself https://csrc.nist.gov/publications/fips Best regards Andreas -- libssh2-devel mailing list libssh2-devel@lists.haxx.se https://lists.haxx.se/listinfo/libssh2-devel
