Call for testing: OpenSSH-5.7

[Steve Marquess]

Iain Morgan wrote:
> ...
>> Anyone interested in taking working code that FIPS enables OpenSSH and
>> transforming it into something suitable for direct inclusion?  The
>> result will be very much noticed in the U.S. DoD where OpenSSH is widely
>> used in violation of the FIPS 140-2 validation mandate.
>>
>> -Steve M.
>>
>>     
>
> Hi Steve,
>
> I'm interested in seeing that happen, but alas can't commit any time to
> it. I would, however, like to take this opportunity to make a few
> comments.
>
> I have never taken a close look at the various patches that have been
> posted on this mailing list to enable FIPS support, but as I understand
> it they are fairly invasive. As we all know, the more invasive the
> changes are, the longer it will take for them to be included.

Yes, the modifications in total are ugly because FIPS 140-2 imposes a
number of restrictions.   For one thing many types of cryptography are
disallowed in the FIPS mode of operation.  The "FIPS capable" OpenSSL
library (OpenSSL built with the FIPS module to present one seamless
external API) will automagically fail on attempts to use disallowed
crypto, but not gracefully.  Much of the complexity of the patches comes
from graceful exception handling.

>  Also,
> there may be some reluctance to include changes required for FIPS-mode
> support in the OpenBSD version of OpenSSH, since the FIPS Object Module
> is not validated for that platform.
>   

Actually, the OpenSSL FIPS Object Module v1.2.2 *is* usable on the
OpenBSD platform, by virtue of what is called "vendor affirmation" (CMVP
Implementation Guidance document, section G.5).  In brief, if the same
source code validated for one or more test platforms is "merely
recompiled" for another platform (no source code hacks), then the
resulting module may be "vendor affirmed" as validated.  This is
discussed in more detail in section 5 of the User Guide
(http://www.openssl.org/docs/fips/UserGuide.pdf).  The OpenBSD platform
is sufficiently similar to other tested platforms to allow vendor
affirmation.

Incidentally, a new validation effort has just been launched and should
an OpenBSD benefactor desire it, the OpenBSD platform could  be added as
a formal test platform for only a few thousand dollars.

> Is there any realistic way to take an incremental approach to adding
> FIPS support? For example, replacing arc4random() with an acceptable
> CSPRNG. Doing that would bring us a step closer to compliance.
>   
Certainly, there are a number of tweaks required for FIPS mode that
would not be inappropriate to apply unconditionally.  That would at
least make life easier for those of us who hack OpenSSH to add FIPS
support.  At the moment I'm in the same situation of not having spare
time to invest in that effort, though.

-Steve M.

-- 
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877-673-6775
marquess at opensslfoundation.com