Re: which algorithms are enabled by default with fips?
Hi All, Will the Openssl community will release all the openssl with fips support ie next release of openssl will support fips capability? Thanks Joshi Chandran On Mon, Jan 12, 2009 at 7:23 PM, Steve Marquess marqu...@oss-institute.orgwrote: PGNet wrote: On Sun, Jan 11, 2009 at 3:42 PM, Steve Marquess marqu...@oss-institute.org wrote: Long story short, OpenSSH really needs some source mods to gracefully invoke and run in FIPS mode. Hrm ... I'd have thought that openssh would be amoong the 1st/best @ compliance. Me too. I embarked on this FIPS validation adventure some six years ago because my DoD client at the time wanted a FIPS validated OpenSSH. I wrote a patch several years ago but didn't push it at the time because the first OpenSSL FIPS Object Module validation was still pending, and encountering some significant opposition that took all my attention. Now the OpenSSH patch is not a priority for any of my clients and I don't have the spare time to pursue it. I'd love to see someone else follow it through. To my knowledge Stunnel is the first application to formally support the FIPS object Module. I've been told ProFTP has baselined support as well. I've heard privately from many people who have done local mods of various applications, but have been disappointed in how slowly this support is appearing publicly. Several people, myself included, have created patches to that end. Are those specific patches sourced in the openssl trees, the openssh trees, or somewhere else? I'll google, but if you have URLs ... I could point you to my original very dated patch but I know there are some more recent updates. Check the OpenSSH mail archives. Of course, if you don't plan to actually run in FIPS mode and just need buzzword compliance (often the case) then what you plan should work. We've gotten a heads-up that a gov't client will require in the next (soon, tho hasn't occurred just yet ...) contract that SSH/VPN/IPSec/etc comms will be required. Of course, detailed spec, verification, etc is not yet available. $10 says it's for _their_ buzzword compliance Very typical for DoD. The mandates for *procurement* of validated software are (increasingly) enforced, but there doesn't seem to be any effective push to actually *use* a runtime FIPS mode. That lack of pressure plus the interoperability issues that FIPS mode can cause means program managers have zero incentive to actually run anything in FIPS mode. It's a paper chase. My goal is to get an all-ssh-in-fips-mode setup demo'd locally, then hand it off to our tech folks so that we can then respond document when the demand occurs. Please consider posting your patches to the OpenSSH lists... -Steve M. -- Steve Marquess Open Source Software Institute marqu...@oss-institute.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Regards Joshi Chandran
Re: which algorithms are enabled by default with fips?
It has already been released. Pick up the openssl-fips-1.2.tar.gz distribution, and the openssl-0.9.8j.tar.gz distribution. Also be aware that you MUST configure the openssl-fips package *EXACTLY* as described in the Security Policy. I am not going to try to reiterate the rules here, nor the commands you have to type. http://openssl.org/docs/fips/SecurityPolicy-1.2.pdf There is also a User Guide available, but anything that it contains that conflicts with the Security Policy is wrong. http://openssl.org/docs/fips/UserGuide-1.2.pdf After you build and install the openssl-fips package, then you can configure openssl-0.9.8j. Use the 'fips' option to ./config. (If you're looking for absolutely every version of OpenSSL that's released to have FIPS validation, you're not going to get it. The process for validation is expensive, on the order of $200,000 for each validation; the OpenSSL team members are already donating their time to the project and most likely don't have the cash to donate to the cause. As well, the vendor (for validation purposes) is the Open Source Software Institute, which does not directly manage the OpenSSL programmers or development effort. As well, it's taken on average over a year for each validation. This is why there's a separate tarball just for the FIPS-validated module; when in FIPS mode, all cryptography done by the library is redirected to be performed by the code in the module.) -Kyle H On Mon, Jan 19, 2009 at 8:34 AM, joshi chandran joshichandran...@gmail.com wrote: Hi All, Will the Openssl community will release all the openssl with fips support ie next release of openssl will support fips capability? Thanks Joshi Chandran On Mon, Jan 12, 2009 at 7:23 PM, Steve Marquess marqu...@oss-institute.org wrote: PGNet wrote: On Sun, Jan 11, 2009 at 3:42 PM, Steve Marquess marqu...@oss-institute.org wrote: Long story short, OpenSSH really needs some source mods to gracefully invoke and run in FIPS mode. Hrm ... I'd have thought that openssh would be amoong the 1st/best @ compliance. Me too. I embarked on this FIPS validation adventure some six years ago because my DoD client at the time wanted a FIPS validated OpenSSH. I wrote a patch several years ago but didn't push it at the time because the first OpenSSL FIPS Object Module validation was still pending, and encountering some significant opposition that took all my attention. Now the OpenSSH patch is not a priority for any of my clients and I don't have the spare time to pursue it. I'd love to see someone else follow it through. To my knowledge Stunnel is the first application to formally support the FIPS object Module. I've been told ProFTP has baselined support as well. I've heard privately from many people who have done local mods of various applications, but have been disappointed in how slowly this support is appearing publicly. Several people, myself included, have created patches to that end. Are those specific patches sourced in the openssl trees, the openssh trees, or somewhere else? I'll google, but if you have URLs ... I could point you to my original very dated patch but I know there are some more recent updates. Check the OpenSSH mail archives. Of course, if you don't plan to actually run in FIPS mode and just need buzzword compliance (often the case) then what you plan should work. We've gotten a heads-up that a gov't client will require in the next (soon, tho hasn't occurred just yet ...) contract that SSH/VPN/IPSec/etc comms will be required. Of course, detailed spec, verification, etc is not yet available. $10 says it's for _their_ buzzword compliance Very typical for DoD. The mandates for *procurement* of validated software are (increasingly) enforced, but there doesn't seem to be any effective push to actually *use* a runtime FIPS mode. That lack of pressure plus the interoperability issues that FIPS mode can cause means program managers have zero incentive to actually run anything in FIPS mode. It's a paper chase. My goal is to get an all-ssh-in-fips-mode setup demo'd locally, then hand it off to our tech folks so that we can then respond document when the demand occurs. Please consider posting your patches to the OpenSSH lists... -Steve M. -- Steve Marquess Open Source Software Institute marqu...@oss-institute.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Regards Joshi Chandran __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager
Re: which algorithms are enabled by default with fips?
PGNet wrote: On Sun, Jan 11, 2009 at 3:42 PM, Steve Marquess marqu...@oss-institute.org wrote: Long story short, OpenSSH really needs some source mods to gracefully invoke and run in FIPS mode. Hrm ... I'd have thought that openssh would be amoong the 1st/best @ compliance. Me too. I embarked on this FIPS validation adventure some six years ago because my DoD client at the time wanted a FIPS validated OpenSSH. I wrote a patch several years ago but didn't push it at the time because the first OpenSSL FIPS Object Module validation was still pending, and encountering some significant opposition that took all my attention. Now the OpenSSH patch is not a priority for any of my clients and I don't have the spare time to pursue it. I'd love to see someone else follow it through. To my knowledge Stunnel is the first application to formally support the FIPS object Module. I've been told ProFTP has baselined support as well. I've heard privately from many people who have done local mods of various applications, but have been disappointed in how slowly this support is appearing publicly. Several people, myself included, have created patches to that end. Are those specific patches sourced in the openssl trees, the openssh trees, or somewhere else? I'll google, but if you have URLs ... I could point you to my original very dated patch but I know there are some more recent updates. Check the OpenSSH mail archives. Of course, if you don't plan to actually run in FIPS mode and just need buzzword compliance (often the case) then what you plan should work. We've gotten a heads-up that a gov't client will require in the next (soon, tho hasn't occurred just yet ...) contract that SSH/VPN/IPSec/etc comms will be required. Of course, detailed spec, verification, etc is not yet available. $10 says it's for _their_ buzzword compliance Very typical for DoD. The mandates for *procurement* of validated software are (increasingly) enforced, but there doesn't seem to be any effective push to actually *use* a runtime FIPS mode. That lack of pressure plus the interoperability issues that FIPS mode can cause means program managers have zero incentive to actually run anything in FIPS mode. It's a paper chase. My goal is to get an all-ssh-in-fips-mode setup demo'd locally, then hand it off to our tech folks so that we can then respond document when the demand occurs. Please consider posting your patches to the OpenSSH lists... -Steve M. -- Steve Marquess Open Source Software Institute marqu...@oss-institute.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
which algorithms are enabled by default with fips?
With the addition of fips object to the 'mix' of available build options, is openssl configure with ./Configure ... enable-rc5 enable-mdc2 fips (iiuc, CHANGES' stmt that 'idea' *is* enabled by default still holds?) sufficient to enable _all_ available algorithms, with the option to disable per-algorithm still as no-xxx? Reading SecuritPolicy-1.2.pdf @ 4.5 Cryptographic Algorithms, I note, The Module supports the following FIPS approved or allowed algorithms: ... but am unclear as to which (any? all? none?) algos are enabled by default, per specification. Is that specifically stated somewhere? Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: which algorithms are enabled by default with fips?
PGNet wrote: With the addition of fips object to the 'mix' of available build options, is openssl configure with ./Configure ... enable-rc5 enable-mdc2 fips (iiuc, CHANGES' stmt that 'idea' *is* enabled by default still holds?) sufficient to enable _all_ available algorithms, with the option to disable per-algorithm still as no-xxx? Here you are presumably using a FIPS compatible standard OpenSSL distribution, i.e. 0.9.8j. The fips option means find and reference the FIPS object module that has already been built and installed. The other options continue to mean what they always have. Note that if FIPS mode is *not* enabled at runtime (FIPS_mode_Set() function not called) then this FIPS compatible OpenSSL should continue to behave as it always has, so it still make sense to reference algorithms that are incompatible with FIPS 140-2. Our philosophy has been to allow generation and use of one set of OpenSSL dependent binaries for both normal use as before, and (when FPS mode is enabled) to satisfy FIPS 140-2 validation requirements. We do this by providing one relatively small specialized piece of code -- the FIPS Object Module -- that provides functionality specific to FIPS 140-2, and modifying the standard OpenSSL to enable or disable use of that module at runtime. When that module is not enabled OpenSSL behaves as always (even though the module is present it is dormant), when FIPS mode is enabled then OpenSSL disables non-allowed algorithms and references the module for the allowed ones. Note this means that a FIPS compatible OpenSSL subsumes two separate implementations of each FIPS allowed algorithm -- the standard implementation in OpenSSL and the FIPS validated one within the FIPS object module. Which one is used depends on the FIPS mode of operation. Reading SecuritPolicy-1.2.pdf @ 4.5 Cryptographic Algorithms, I note, The Module supports the following FIPS approved or allowed algorithms: ... but am unclear as to which (any? all? none?) algos are enabled by default, per specification. Is that specifically stated somewhere? The OpenSSL FIPS Object Module *itself* doesn't have the concept of enabling algorithms -- it supports only and exactly the algorithms mentioned in the Security Policy and validation. But, as noted above the FIPS Object Module typically isn't used by itself, usually it is used in conjunction with a FIPS compatible OpenSSL distribution which does have the concept of enabling or disabling algorithms. When FIPS mode is enabled at runtime that FIPS compatible distribution will automatically disable the use of non-allowed algorithms. -Steve M. -- Steve Marquess Open Source Software institute marqu...@oss-institute.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: which algorithms are enabled by default with fips?
Hi Steve, On Sun, Jan 11, 2009 at 10:14 AM, Steve Marquess marqu...@oss-institute.org wrote: Here you are presumably using a FIPS compatible standard OpenSSL distribution, i.e. 0.9.8j. yes, openssl version OpenSSL 0.9.8j-fips 07 Jan 2009 The fips option means find and reference the ... ... Clear thorough. Thanks. The OpenSSL FIPS Object Module *itself* doesn't have the concept of enabling algorithms ... When FIPS mode is enabled at runtime that FIPS compatible distribution will automatically disable the use of non-allowed algorithms. Ok. So , e.g. (reading the UserGuide now ...), to ensure that all ssh - ssh comms between boxes were limited correctly to fips-only algo usages, in openssl.cnf, I'd specifically add: # Openssh section openssh_conf = openssh_options ... [ openssh_options ] alg_section = algs ... [ algs ] fips_mode = yes yes? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: which algorithms are enabled by default with fips?
FIPS-capable builds are not subject to any restrictions as to the algorithms they can implement. The only restriction is that, while in FIPS mode (enabled by FIPS_mode_set()), the code within the fipscanister is used for all cryptographic operations (including encryption, decryption, hashing, and random number generation). When they're not in FIPS mode, they don't have to use the Module's code. This means that they can implement whatever they want. -Kyle H On Sun, Jan 11, 2009 at 9:28 AM, PGNet pgnet.trash+...@gmail.com wrote: With the addition of fips object to the 'mix' of available build options, is openssl configure with ./Configure ... enable-rc5 enable-mdc2 fips (iiuc, CHANGES' stmt that 'idea' *is* enabled by default still holds?) sufficient to enable _all_ available algorithms, with the option to disable per-algorithm still as no-xxx? Reading SecuritPolicy-1.2.pdf @ 4.5 Cryptographic Algorithms, I note, The Module supports the following FIPS approved or allowed algorithms: ... but am unclear as to which (any? all? none?) algos are enabled by default, per specification. Is that specifically stated somewhere? Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: which algorithms are enabled by default with fips?
PGNet wrote: ... Ok. So , e.g. (reading the UserGuide now ...), to ensure that all ssh - ssh comms between boxes were limited correctly to fips-only algo usages, in openssl.cnf, I'd specifically add: # Openssh section openssh_conf = openssh_options ... [ openssh_options ] alg_section = algs ... [ algs ] fips_mode = yes yes? Yes, though with a caveat: the application (OpenSSH in this instance) still begs for some source modifications to handle exceptions. For one thing the ssh_config and sshd_config files might contain illegal ciphersuite specifications at runtime. Stock OpenSSH doesn't even default to a FIPS compatible ciphersuite. The FIPS capable OpenSSL with FIPS mode enabled will reject attempts to use non-allowed algorithms, but that rejection will not necessarily occur at the appropriate place from the perspective of the end user. Worse, we (or at least I) do not know that OpenSSH correctly checks the return codes from all OpenSSL API calls; if not some very undesirable behavior could result. Long story short, OpenSSH really needs some source mods to gracefully invoke and run in FIPS mode. Several people, myself included, have created patches to that end. Note I also specifically discuss OpenSSH in the User Guide. Of course, if you don't plan to actually run in FIPS mode and just need buzzword compliance (often the case) then what you plan should work. -Steve M. -- Steve Marquess Open Source Software institute marqu...@oss-institute.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: which algorithms are enabled by default with fips?
On Sun, Jan 11, 2009 at 3:42 PM, Steve Marquess marqu...@oss-institute.org wrote: Long story short, OpenSSH really needs some source mods to gracefully invoke and run in FIPS mode. Hrm ... I'd have thought that openssh would be amoong the 1st/best @ compliance. Several people, myself included, have created patches to that end. Are those specific patches sourced in the openssl trees, the openssh trees, or somewhere else? I'll google, but if you have URLs ... Note I also specifically discuss OpenSSH in the User Guide. Yes. Found that. Still, to my read, the needs patches bit was a surpise. Of course, if you don't plan to actually run in FIPS mode and just need buzzword compliance (often the case) then what you plan should work. We've gotten a heads-up that a gov't client will require in the next (soon, tho hasn't occurred just yet ...) contract that SSH/VPN/IPSec/etc comms will be required. Of course, detailed spec, verification, etc is not yet available. $10 says it's for _their_ buzzword compliance My goal is to get an all-ssh-in-fips-mode setup demo'd locally, then hand it off to our tech folks so that we can then respond document when the demand occurs. Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org