Based on the feedback from several of you, Steve Henson in particular,
I've had another try at a mechanism for disabling non-FIPS algorithms
in FIPS mode. Flag bits in the EVP_CIPHER and EVP_MD structures
indicate the suitability of the algorithm in FIPS mode, and are
checked in a number of the EVP routines (EVP*Init_ex, EVP_add_*,
EVP_get_*). There is an assert failure in EVP*Update.
I have built OpenSSH with these mods and it fails fairly gracefully:
$ ./ssh -c blowfish localhost
FIPS-140 compliance mode enabled
cipher_init: EVP_CipherInit failed for blowfish-cbc
$
Feedback on whether this approach is basically sound and acceptable
will be greatly appreciated. If it's not acceptable I'll try again.
If it is more or less sound as a foundation I'd love to see it added
to OpenSSL_0_9_7-stable; it should have no effect except when
compiling in FIPS mode, and that won't be usable anyway until we
get some such mechanism implemented. I know there will be rough
edges to smooth off but it would be a start.
Two related patches I posted earlier are for a FIPS specific default
ciphersuite (ssl_ciph.c) and SHA1 instead of MD5 for PEM passphrases
(pem_lib.c). Any additional feedback on those would also be greatly
appreciated; so far I've heard no objections to either. If there is
a reason they can't be incorporated please let me know.
Thanks,
-Steve M.
Steve Marquess
DMLSS Technical Manager
JMLFDC, 623 Porter Street, Ft. Detrick, MD 21702
DSN 343-3933, COM 301-619-3933, FAX 301-619-7831
[EMAIL PROTECTED]
evp-fips.patch
Description: Binary data
ssl_ciph.c.patch
Description: Binary data
pem_lib.c.patch
Description: Binary data
