Call for testing: OpenSSH-5.7
Steve Marquess
marquess at opensslfoundation.com
Fri Jan 21 00:30:05 EST 2011
Jan Chadima wrote:
>
> ...
>
> I'm attaching the red hat solution. It is not 100% nice code, but
> 100% functional. There are 2 main areas where the openssh have to be
> changed to be fips compatible 1) ciphers .... must be reduced in fips
> mode 2) md5 used generally in fingerprints have to be replaced....
This is pretty close to what I've been using in collaboration with Steve
Henson and Tim Hudson. Several comments:
1) We should really avoid CTR mode entirely, it's not FIPS approved and
the validated CBC can be used instead.
2) A visual indication of the FIPS mode of operation is very helpful in
surviving risk assessments in DoD, which vary from sloppily casual to
pointlessly anal but never involve deep technical proficiency on the
part of the reviewer. An indication on the sshd banner is an easy way
to quickly conclude the yes-we-really-are discussions; I append "FIPS"
to the banner.
3) Steve Henson suggested to me some time ago a technique of policing
cipher and mac selection. Instead of a hard coded list of supported
algorithms, check for FIPS mode compatibility on the fly. For instance,
in mac_setup:
#ifdef OPENSSL_FIPS
if (FIPS_mode() && (macs[i].type != SSH_EVP ||
!(macs[i].mdfunc()->flags &
EVP_MD_FLAG_FIPS))) {
debug2("mac_setup: %s disabled for
FIPS", name);
continue;
}
#endif
...which automatically handles any new ciphers added to the list and/or
new algorithms from a future validation.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marquess at opensslfoundation.com
More information about the openssh-unix-dev
mailing list