Call for testing: OpenSSH-5.7

Fri Jan 21 00:30:05 EST 2011

Jan Chadima wrote:
>
>  ...
>
>  I'm attaching the red hat solution. It is not 100% nice code, but
>  100% functional. There are 2 main areas where the openssh have to be
>  changed to be fips compatible 1) ciphers .... must be reduced in fips
>  mode 2) md5 used generally in fingerprints have to be replaced....

This is pretty close to what I've been using in collaboration with Steve 
Henson and Tim Hudson.  Several comments:

1) We should really avoid CTR mode entirely, it's not FIPS approved and 
the validated CBC can be used instead.

2) A visual indication of the FIPS mode of operation is very helpful in 
surviving risk assessments in DoD, which vary from sloppily casual to 
pointlessly anal but never involve deep technical proficiency on the 
part of the reviewer.  An indication on the sshd banner is an easy way 
to quickly conclude the yes-we-really-are discussions;  I append "FIPS" 
to the banner.

3) Steve Henson suggested to me some time ago a technique of policing 
cipher and mac selection.  Instead of a hard coded list of supported 
algorithms, check for FIPS mode compatibility on the fly.  For instance, 
in mac_setup:

#ifdef OPENSSL_FIPS
                        if (FIPS_mode() && (macs[i].type != SSH_EVP ||
                            !(macs[i].mdfunc()->flags & 
EVP_MD_FLAG_FIPS))) {
                                debug2("mac_setup: %s disabled for 
FIPS", name);
                                continue;
                        }
#endif

...which automatically handles any new ciphers added to the list and/or 
new algorithms from a future validation.

-Steve M.

-- 
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877-673-6775
marquess at opensslfoundation.com