Call for testing: OpenSSH-5.7

Jan Pechanec jan.pechanec at oracle.com
Fri Jan 21 02:32:40 EST 2011 

On Thu, 20 Jan 2011, Steve Marquess wrote:

> Jan Chadima wrote:
>>
>> ...
>>
>> I'm attaching the red hat solution. It is not 100% nice code, but
>> 100% functional. There are 2 main areas where the openssh have to be
>> changed to be fips compatible 1) ciphers .... must be reduced in fips
>> mode 2) md5 used generally in fingerprints have to be replaced....
>
> This is pretty close to what I've been using in collaboration with Steve Henson
> and Tim Hudson.  Several comments:
>
> 1) We should really avoid CTR mode entirely, it's not FIPS approved and the
> validated CBC can be used instead.

	hi Steve, are you talking about FIPS certified OpenSSL or about 
the mode as such? I know that OpenSSL does not support AES CTR in EVP 
(not until 1.0.1, I saw a commit there) but FIPS-140-2 Annex A 
references 800-38A which lists CTR mode as one of the allowed modes. So, 
I assumed AES CTR was allowed in FIPS-140-2 and that it just can't be 
used in FIPS-140-2 mode in OpenSSH since OpenSSH partially implements 
the mode by itself.

	thanks, Jan.

http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf
http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf

 >
> 2) A visual indication of the FIPS mode of operation is very helpful in
> surviving risk assessments in DoD, which vary from sloppily casual to
> pointlessly anal but never involve deep technical proficiency on the part of
> the reviewer.  An indication on the sshd banner is an easy way to quickly
> conclude the yes-we-really-are discussions;  I append "FIPS" to the banner.
>
> 3) Steve Henson suggested to me some time ago a technique of policing cipher
> and mac selection.  Instead of a hard coded list of supported algorithms, check
> for FIPS mode compatibility on the fly.  For instance, in mac_setup:
>
> #ifdef OPENSSL_FIPS
>                       if (FIPS_mode() && (macs[i].type != SSH_EVP ||
>                           !(macs[i].mdfunc()->flags & EVP_MD_FLAG_FIPS))) {
>                               debug2("mac_setup: %s disabled for FIPS", name);
>                               continue;
>                       }
> #endif
>
> ...which automatically handles any new ciphers added to the list and/or new
> algorithms from a future validation.
>
> -Steve M.
>
>

-- 
Jan Pechanec
http://blogs.sun.com/janp

More information about the openssh-unix-dev mailing list