Mailing List Archive

OpenSSH FIPS support
Hi,
We currently work on a project that require SSH server with FIPS and using OpenSSL v3.
Patching OpenSSH for this looks to be a massive job. Is it something that is considered on your side?
Is it currently a work in progress by somebody else as far as you know? Or something that has been partially done and aborded in the past, that could be relevant?
We just started considering making this and send the patch, but we are speaking of thousands of lines probably, what will be the perception of this on your side?
Thanks,
Joel


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSH FIPS support [ In reply to ]
I know that the fedora package for OpenSSH enables FIPS support. If you
get the source code for the rpm you'll see openssh-7.7p1-fips.patch in
the rpmbuild/SOURCE directory.

Also, you may want to look at hpnssh (That's my fork of OpenSSH so I am
biased but I think it's pretty good). https://psc.edu/hpn-ssh-home/ and
https://github.com/rapier1/openssh-portable. The latest version uses
OSSL3 and there is a fedora package which is based on the fedora OpenSSH
package. So it includes all of their patches as well.

You can find that at
https://copr.fedorainfracloud.org/coprs/rapier1/hpnssh/ or you can add
it to your package repo with 'sudo dnf copr enable rapier1/hpnssh' and
then download the source or binary via DNF. You can review the FIPS
compliance there and see what you thing.

If you are on debian I don't have a debian package that include FIPS
support but it may be possible to use the fedora package and compile it
under debian. I've never tried though.

Chris

On 3/10/23 10:22 AM, Joel GUITTET wrote:
> Hi,
> We currently work on a project that require SSH server with FIPS and using OpenSSL v3.
> Patching OpenSSH for this looks to be a massive job. Is it something that is considered on your side?
> Is it currently a work in progress by somebody else as far as you know? Or something that has been partially done and aborded in the past, that could be relevant?
> We just started considering making this and send the patch, but we are speaking of thousands of lines probably, what will be the perception of this on your side?
> Thanks,
> Joel
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSH FIPS support [ In reply to ]
Hi Joel,
Joel GUITTET wrote:
> Hi,
> We currently work on a project that require SSH server with FIPS and using OpenSSL v3.

There is no way to work with OpenSSL v3 due to many reasons.

If you like to get FIPS capable secsh implementation compatible with OpenSSL FIPS validated modules 1.2 and 2.0 , RedHat ES, or Oracle Solaris you could use PKIX-SSH.


Regards,
Roumen Petrov

--
Advanced secure shell implementation with X.509 certificate support
http://roumenpetrov.info/secsh/


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSH FIPS support [ In reply to ]
When I search at NIST for products validated for FIPS that mention
"ssh",
<https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&ModuleName=ssh&CertificateStatus=Active&ValidationYear=0>
only 6 products are returned (3 vendors).

On 3/10/23 11:55 AM, Roumen Petrov wrote:
> Hi Joel,
> Joel GUITTET wrote:
>> Hi,
>> We currently work on a project that require SSH server with FIPS and
>> using OpenSSL v3.
>
> There is no way to work with OpenSSL v3 due to many reasons.
>
> If you like to get FIPS capable secsh implementation compatible with
> OpenSSL FIPS validated modules 1.2 and 2.0 , RedHat ES, or Oracle
> Solaris you could use PKIX-SSH.
>
>
> Regards,
> Roumen Petrov
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSH FIPS support [ In reply to ]
On Fri, Mar 10, 2023 at 10:27?AM Joel GUITTET
<jguittet.opensource@witekio.com> wrote:

> We currently work on a project that require SSH server with FIPS and
> using OpenSSL v3.

Gently: this is meaningless. You probably mean one of the following:

1. The SSH server implementation is required to use only cryptographic
algorithms that are FIPS-approved.

2. The SSH server implementation is required to be FIPS-validated.

If you mean #1, you don’t have to patch anything: it is trivial to
configure the various sshd options to permit only FIPS-approved
cryptographic algorithms.

If you mean #2, then patches aren’t going to help you: being
FIPS-validated means that you have submitted your cryptographic module
to the NIST CMVP (Cryptographic Module Validation Program), paid the
requisite fee, passed, and received a certificate number that others
can verify:

https://csrc.nist.gov/Projects/cryptographic-module-validation-program/validated-modules/Search

If your SSH server must be FIPS-validated, then use the CMVP search
page (above) to find an OS vendor that submits their OS cryptographic
components to the CMVP, run sshd on that OS, and make sure the OS is
configured to enforce FIPS validation. (E.g., on a Linux host, pass
the “fips=1” parameter to the kernel via grub, and run
“update-crypto-policies --set FIPS” within the OS to configure the
various cryptography libraries to permit only FIPS-approved
algorithms.)

> Patching OpenSSH for this looks to be a massive job. Is it something
> that is considered on your side?

No patching of OpenSSH is required.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSH FIPS support [ In reply to ]
A third possibility: if what you meant was:

3. We have a project where we are running sshd on a server that
uses OpenSSL 3.0 but we are required to run the server in
FIPS-enforcing mode and use only FIPS-validated algorithms.

…then the answer might be “that’s not possible at this time.”

Not many OS vendors are shipping OpenSSL 3.0 yet. Red Hat Enterprise
Linux 9 uses OpenSSL 3.0, and Red Hat has submitted the RHEL9
cryptographic modules to the CMVP for validation, but they have not
yet been granted a certificate:

https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&ModuleName=red+hat&CertificateStatus=Active&ValidationYear=0

Note that in theory it should be easier to perform CMVP validation of
OpenSSL 3.0, because only the fips.so provider needs to be submitted
for validation:

https://www.redhat.com/en/blog/experience-bringing-openssl-30-rhel-and-fedora

But apparently it is more onerous to achieve validation under the
FIPS-140-3 program than the (discontinued) FIPS-140-2 program.

I do not know if any other Linux/Unix distributions both 1) are
shipping OpenSSL 3.0, and 2) have achieved CMVP validation for it.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSH FIPS support [ In reply to ]
On Fri, 10 Mar 2023, Joel GUITTET wrote:

> Hi,
> We currently work on a project that require SSH server with FIPS and using OpenSSL v3.
> Patching OpenSSH for this looks to be a massive job. Is it something that is considered on your side?

Patching OpenSSH for what exactly? OpenSSH builds just fine using OpenSSL 3.x
and indeed it is tested constantly via our github test infrasructure (e.g.
https://github.com/openssh/openssh-portable/actions/runs/4381500619/jobs/7669643412)

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSH FIPS support [ In reply to ]
On Sun, Mar 12, 2023 at 2:48?AM Damien Miller <djm@mindrot.org> wrote:
>
>
>
> On Fri, 10 Mar 2023, Joel GUITTET wrote:
>
> > Hi,
> > We currently work on a project that require SSH server with FIPS and using OpenSSL v3.
> > Patching OpenSSH for this looks to be a massive job. Is it something that is considered on your side?
>
> Patching OpenSSH for what exactly? OpenSSH builds just fine using OpenSSL 3.x
> and indeed it is tested constantly via our github test infrasructure (e.g.
> https://github.com/openssh/openssh-portable/actions/runs/4381500619/jobs/7669643412)

If OpenSSH doesn't rely on OpenSSL deprecated functions in crypto
operations, it will be fips-compatible
when used with properly configured OpenSSL. We in Red Hat are working
on the minimal patch to provide it.

Also it's necessary to use combined methods for Digest + Signature/Verification.

--
Dmitry Belyavskiy

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSH FIPS support [ In reply to ]
Hi,

James Ralston wrote:
> On Fri, Mar 10, 2023 at 10:27?AM Joel GUITTET
> <jguittet.opensource@witekio.com> wrote:
>
> [SNIP]
>
>> Patching OpenSSH for this looks to be a massive job. Is it something
>> that is considered on your side?
> No patching of OpenSSH is required.

Reality is different .

1.) Some FIPS validated modules limit API use.
Program code must use only allowed API for cryptographic operations.

2.) Some PIPS validated modules do not include FIPS allowed algorithms.
Program code could inform cryptographic library that "custom" algorithm is allowed n FIPS mode.

3) User friendly program does not require manual configurations.
Program must detect that cryptographic module runs in FIPS mode and do not offer or to refuse use of non-FIPS allowed algorithms.
Optionally program may force cryptographic module to run in FIPS mode.


For protocol all above is part or PKIX-SSH.

Regards,
Roumen Petrov

--
Advanced secure shell implementation with X.509 certificate support
http://roumenpetrov.info/secsh/


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev