FIPS compliance efforts in Fedora and RHEL

Philip Prindeville philipp_subx at redfish-solutions.com
Tue Apr 25 03:20:22 AEST 2023


I think the better approach would have been the EVP native rewrite.  It's cleaner and inevitable.

I had to do a similar rewrite for Asterisk recently.

Probably less painful, but took me about 16 man hours to write and test (including adding bundled tests).



> On Apr 18, 2023, at 3:05 AM, Norbert Pocs <npocs at redhat.com> wrote:
> 
> Hi OpenSSH mailing list,
> 
> I would like to announce the newly introduced patch in Fedora rawhide [0]
> for
> 
> FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
> 
> version.
> 
> The patch targets OpenSSL support of OpenSSH, specifically the usage of
> 
> old low level API. The new OpenSSL version 3.0 introduces a FIPS
> 
> module (going through FIPS 140-2 validation and to be FIPS 140-3 validated)
> 
> which can be used with the new EVP API to state OpenSSH being FIPS
> 
> compliant (using OpenSSL). The problem is, the old API does not use the FIPS
> 
> module, therefore the change is needed for the new API.
> 
> What does this mean in practice? Critical cryptographic operations should
> 
> be changed to the new EVP API to ensure FIPS compatibility. The affected
> 
> operations are: key generation, signatures creation and Diffie-Hellman style
> 
> shared secret calculation.
> 
> To achieve that, the key structures needed to be changed from RSA, EC, DH to
> 
> EVP_PKEY, but this change would be very costly as a lot of code should
> 
> have been rewritten to align the function calls using these structures.
> 
> Therefore a different approach was implemented: keep the old key structures
> 
> and wrap the affected operations with EVP_PKEY API (importing the
> 
> key to EVP_PKEY from old structures, execute the cryptographic operation and
> 
> convert the output back to the old API if needed). This approach is not
> 
> perfect, but a lot more maintainable as a downstream patch. If there would
> 
> be any interest for rework the OpenSSL support to the 3.0 version in
> upstream,
> 
> that would be much appreciated.
> 
> The patch doesn’t cover the PKCS#11 OpenSSH implementation which is a
> 
> separate issue blocked by support in OpenSSL 3.0.
> 
> [0] -
> https://src.fedoraproject.org/rpms/openssh/c/b63272d9eb8efef881524b2fed0d658780b197a7?branch=rawhide
> 
> Regards
> Norbert Pócs
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



More information about the openssh-unix-dev mailing list