security veteran
2015-Dec-04 02:26 UTC
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Hi All: I tried to rebuild openssl with the FIPS modules, and then install the new openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box. After that I noticed it seemed to break OpenSSH: I couldn't login to the box using ssh, and couldn't run the client command like ssh-keygen either. My questions are: 1. Does OpenSSH support FIPS mode? 2. Or does OpenSSH support with OpenSSL FIPS modules? 3. Is there a way to re-compile OpenSSH by turning on/off some flags to make it FIPS complaint? 4. Does the RedHat OpenSSH FIPS modules ( http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) also open sourced to the OpenSSH community? Thanks.
On 12/ 4/15 03:26 AM, security veteran wrote:> Hi All: > > I tried to rebuild openssl with the FIPS modules, and then install the new > openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box. > > After that I noticed it seemed to break OpenSSH: I couldn't login to the > box using ssh, and couldn't run the client command like ssh-keygen either. > > My questions are: > > 1. Does OpenSSH support FIPS mode? > > 2. Or does OpenSSH support with OpenSSL FIPS modules? > > 3. Is there a way to re-compile OpenSSH by turning on/off some flags to > make it FIPS complaint? > > 4. Does the RedHat OpenSSH FIPS modules ( > http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) > also open sourced to the OpenSSH community?Hi security veteran, vanilla OpenSSH doesn't support running OpenSSL in FIPS-140 mode. Some downstream providers patch OpenSSH they deliver with their distributions with changes to enable FIPS-140 mode. In general, an application that wants to run a FIPS-140 capable OpenSSL library in FIPS-140 mode, needs to call FIPS_mode_set() first. Otherwise it runs OpenSSL in default mode with non-FIPS algorithms available. From my experience this works, but is not FIPS-140 compliant. User Guide for the OpenSSL FIPS Object Module v2.0 [1]:> 2.6 > FIPS Mode of Operation > Applications that utilize FIPS mode must call the FIPS_mode_set() function. After successful > FIPS mode initialization, the non-FIPS algorithms will be disabled by default. > The FIPS Object Module together with a compatible version of the OpenSSL product can be used > in the generation of both FIPS mode and conventional applications. In this sense, the combination > of the FIPS Object Module and the usual OpenSSL libraries constitutes a ?FIPS capable API?, and > provide both FIP approved algorithms and non-FIPS algorithms.Vanilla OpenSSH obviously doesn't call FIPS_mode_set(). If switching underlying OpenSSL libcrypto to FIPS-140 capable instance precludes you from running ssh, most probably there is something wrong with the FIPS-140 capable OpenSSL you built. Tomas [1] https://openssl.org/docs/fips/UserGuide-2.0.pdf
On 12/04/2015 03:26 AM, security veteran wrote:> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to > make it FIPS complaint? > > 4. Does the RedHat OpenSSH FIPS modules ( > http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) > also open sourced to the OpenSSH community?Yes, what we ship in RHEL is open-source. You can pick up sources that are actually used in RHEL version in CentOS repository: https://git.centos.org/summary/?r=rpms/openssh So as said before, upstream openssh is not FIPS-140 ready and we carry the patches downstream. I am not sure if there was initiative to provide patches upstream or if there would be some interest in them here, since it is quite special use case. -- Jakub Jelen Security Technologies Red Hat
security veteran
2015-Dec-04 15:38 UTC
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Hi Tomas, Thanks for your answers! So based on your answers: 1. Since Vanilla OpenSSH doesn't call FIPS_mode_set() function, it should work just fine even if the OpenSSL libcrypto.so library has already been changed to the FIPS version. Is that correct? 2. Looks like there is no such a flag in OpenSSH source to allow you rebuild it and turn it into FIPS compliant mode, is that correct? In that case is there a way to re-build OpenSSH server and client (somehow in both the RedHat and Ubuntu, the OpenSSH is split into two (openssh-server and openssl-client) packages, so that the non-FIPS compliant functions can be disabled? Thanks. On Fri, Dec 4, 2015 at 12:39 AM, Tomas Kuthan <tomas.kuthan at oracle.com> wrote:> On 12/ 4/15 03:26 AM, security veteran wrote: > >> Hi All: >> >> I tried to rebuild openssl with the FIPS modules, and then install the new >> openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box. >> >> After that I noticed it seemed to break OpenSSH: I couldn't login to the >> box using ssh, and couldn't run the client command like ssh-keygen either. >> >> My questions are: >> >> 1. Does OpenSSH support FIPS mode? >> >> 2. Or does OpenSSH support with OpenSSL FIPS modules? >> >> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to >> make it FIPS complaint? >> >> 4. Does the RedHat OpenSSH FIPS modules ( >> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) >> also open sourced to the OpenSSH community? >> > > Hi security veteran, > > vanilla OpenSSH doesn't support running OpenSSL in FIPS-140 mode. Some > downstream providers patch OpenSSH they deliver with their distributions > with changes to enable FIPS-140 mode. > > In general, an application that wants to run a FIPS-140 capable OpenSSL > library in FIPS-140 mode, needs to call FIPS_mode_set() first. Otherwise it > runs OpenSSL in default mode with non-FIPS algorithms available. From my > experience this works, but is not FIPS-140 compliant. > > User Guide for the OpenSSL FIPS Object Module v2.0 [1]: > >> 2.6 >> FIPS Mode of Operation >> Applications that utilize FIPS mode must call the FIPS_mode_set() >> function. After successful >> FIPS mode initialization, the non-FIPS algorithms will be disabled by >> default. >> The FIPS Object Module together with a compatible version of the OpenSSL >> product can be used >> in the generation of both FIPS mode and conventional applications. In >> this sense, the combination >> of the FIPS Object Module and the usual OpenSSL libraries constitutes a >> ?FIPS capable API?, and >> provide both FIP approved algorithms and non-FIPS algorithms. >> > > Vanilla OpenSSH obviously doesn't call FIPS_mode_set(). If switching > underlying OpenSSL libcrypto to FIPS-140 capable instance precludes you > from running ssh, most probably there is something wrong with the FIPS-140 > capable OpenSSL you built. > > Tomas > > [1] https://openssl.org/docs/fips/UserGuide-2.0.pdf > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
security veteran
2015-Dec-04 20:58 UTC
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Jakub. How does this patch match the OpenSSH source version? Does the patch only applicable to OpenSSH version 6.6.1, or does other version available as well? Thanks. On Fri, Dec 4, 2015 at 4:26 AM, Jakub Jelen <jjelen at redhat.com> wrote:> > On 12/04/2015 03:26 AM, security veteran wrote: > >> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to >> make it FIPS complaint? >> >> 4. Does the RedHat OpenSSH FIPS modules ( >> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) >> also open sourced to the OpenSSH community? >> > Yes, what we ship in RHEL is open-source. You can pick up sources that are > actually used in RHEL version in CentOS repository: > https://git.centos.org/summary/?r=rpms/openssh > > So as said before, upstream openssh is not FIPS-140 ready and we carry the > patches downstream. I am not sure if there was initiative to provide > patches upstream or if there would be some interest in them here, since it > is quite special use case. > > -- > Jakub Jelen > Security Technologies > Red Hat > >
Roumen Petrov
2015-Dec-06 09:30 UTC
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
security veteran wrote:> Hi All: > > I tried to rebuild openssl with the FIPS modules, and then install the new > openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box. > > After that I noticed it seemed to break OpenSSH: I couldn't login to the > box using ssh, and couldn't run the client command like ssh-keygen either. > > My questions are: > > 1. Does OpenSSH support FIPS mode? > > 2. Or does OpenSSH support with OpenSSL FIPS modules? > > 3. Is there a way to re-compile OpenSSH by turning on/off some flags to > make it FIPS complaint? > > 4. Does the RedHat OpenSSH FIPS modules ( > http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) > also open sourced to the OpenSSH community? >Redhat use different FIPS validation process for OpenSSL. You could extract fips patch from source package. Impact is not only for source code. Build process has to be updated as well. Red Hat is based on "fipscheck". You could try with my version of secure shell. It include OpenSSH but adds support for public keys algorithms based on X.509 certificates support and works with FIPS enabled openssl. It should work with OpenSSL build with FIPS module , RedHat or Solaris openssl fips enabled library either in fips mode or not. Regards, Roumen Petrov -- Get SSH with X.509 certificate support http://roumenpetrov.info/openssh/
security veteran
2015-Dec-07 15:44 UTC
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen. I have few more questions below: 1. What version of OpenSSH can the patch be applied to? What branch should I check out the patch? 2.>Impact is not only for source code. Build process has to be updated aswell. Red Hat is based on "fipscheck". What build process should be changed? What is fipscheck? 3. My understanding any application (such as OpenSSH) which need to use the OpenSSL FIPS module will need to invoke the "FIPS_mode_set()" function first, otherwise the OpenSSL library will be operating as the non-FIPS version. My question is, how and when does OpenSSH server invoke the FIPS function? Thanks. On Sun, Dec 6, 2015 at 1:30 AM, Roumen Petrov <openssh at roumenpetrov.info> wrote:> security veteran wrote: > >> Hi All: >> >> I tried to rebuild openssl with the FIPS modules, and then install the new >> openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box. >> >> After that I noticed it seemed to break OpenSSH: I couldn't login to the >> box using ssh, and couldn't run the client command like ssh-keygen either. >> >> My questions are: >> >> 1. Does OpenSSH support FIPS mode? >> >> 2. Or does OpenSSH support with OpenSSL FIPS modules? >> >> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to >> make it FIPS complaint? >> >> 4. Does the RedHat OpenSSH FIPS modules ( >> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) >> also open sourced to the OpenSSH community? >> >> Redhat use different FIPS validation process for OpenSSL. You could > extract fips patch from source package. > Impact is not only for source code. Build process has to be updated as > well. Red Hat is based on "fipscheck". > > You could try with my version of secure shell. It include OpenSSH but adds > support for public keys algorithms based on X.509 certificates support and > works with FIPS enabled openssl. > It should work with OpenSSL build with FIPS module , RedHat or Solaris > openssl fips enabled library either in fips mode or not. > > Regards, > Roumen Petrov > > -- > Get SSH with X.509 certificate support > http://roumenpetrov.info/openssh/ > >