You might want to start by reading the OpenSSL FIPS Users Guide. Then go read FIPS 140-2, and then read the user’s guide again. In this case “FIPS” is short for “Federal Information Processing Standard Publication 140-2”, and that standard is the controlling document (for now, 140-3 should be released “soon”). You can find the official document here: http://csrc.nist.gov/publications/PubsFIPS.html Please note there have been some updates since its original release, that in particular affect which algorithms are allowed. Additionally, other NIST publications can affect if you can sell your software to US government agencies, as some algorithms, while approved for FIPS 140-2, are only approved based on key size, and some algorithms have been disallowed depending on why you use it.
This is a complex space with several documents that affect what you can and cannot do, and depending on your target audience, you might get away with more or less, as exception letters are still sometimes granted (or pretended to be indefinite). But for “how does the call to FIPS_mode_set() make an application FIPS compliant?” It doesn’t. You certify that your application uses a FIPS 140-2 compliant security module, and that you use the module according to its security policy. Part of following the security policy is to call FIPS_mode_set() appropriately; it’s just one little piece, and probably the easiest piece of it. :) If you’re curious what parts of FIPS 140-2 are addressed by the call, well, the self-tests are performed, and some state is set such that all crypto will happen using the code in the FIPS module, instead of the main OpenSSL code*, along with ensuring that certain algorithms are recognized but disabled. TOM * There’s a bug in some versions of OpenSSL that mean if you link a FIPS capable OpenSSL, you’re always using the routines from the FIPS module, even if FIPS mode was not enabled; I don’t recall which versions or if this has been fixed. On Jul 16, 2014, at 1:25 PM, Sadhana <sadhana...@gmail.com> wrote: > Along, with this, I am also curious to know, how the call FIPS_mode_set make > an application FIPS compliant. > I have gone through the below link, > http://wiki.openssl.org/index.php/FIPS_mode_set() > But I am seeking a little more information regarding this. > > > On Wed, Jul 16, 2014 at 7:11 PM, Sadhana <[hidden email]> wrote: > Thanks Steve. > Is there a standard documentation, which says these are FIPS compliant > ciphers / macs / kex algorithms. > > Meaning I would need to know, if aes128-cbc is FIPS compliant/ aes128-ctr is > FIPS compliant. > Similarly for macs, kex algorithms as well. > > > > On Wed, Jul 16, 2014 at 4:47 PM, Steve Marquess-3 [via OpenSSL] <[hidden > email]> wrote: > On 07/15/2014 09:38 AM, Sadhana wrote: > > > Hello All, > > > > I have a requirement to make Openssh FIPS compliant. It would be really > > helpful, if you could answer the > > below question and correct me if I am wrong. > > > > I also understand there is a module called as fipscanister.o is introduced > > in Openssl. > > This ensures, FIPS compliancy. This also, exposes the API FIPS_mode and > > FIPS_set_mode. > > We have already integrated openssl with fipscanister.o. > > > > Is there any way by which, Openssh can make use of fipscanister module > > directly? > > > > I understand, Openssh needs to call FIPS_mode, FIPS_set_mode to ensure it > > operates in FIPS mode. > > I understand, few of the ciphers, MACs, kex algorithms are fips compliant > > and few others are not. > > Hence, openssh code has to be modified to allow only those which are fips > > compliant. > > > > Are there any more stuff which needs to be done? > Yes. Converting an application to use the "FIPS capable" OpenSSL and > qualify as using a FIPS 140-2 validated crypto module *can* be as simple > as adding a FIPS_mode_set() call. However, modifying OpenSSH for FIPS > 140-2 compliance is non-trivial as OpenSSH implements a number of > cryptographic operations outside of OpenSSL. It's not enough that only > cryptographic algorithms allowed by FIPS 140-2 are used, those crypto > operations must be performed *within* a validated module. > > Or in other words, an application which hopes to claim to satisfy the > USG/DoD requirements for FIPS 140-2 validated cryptography must use > validated module(s) for all relevant cryptography. The "FIPS capable" > OpenSSL libraries satisfy that requirement but only if OpenSSL is used > exclusively. > > You can find a patch at > > > http://opensslfoundation.com/export/openssh/openssh-6.0p1.fips-revised.patch > > which adapts a now obsolete version of OpenSSH to use the FIPS capable > OpenSSL. New inlined cryptography has been added since then so I suspect > additional non-trivial work will be necessary. I haven't been keeping > track but other newer patches may be available elsewhere. > > Also note than in a U.S. DoD context you'll probably need x.509 support > as well (this is available in patches from Roumen Petrov). > > -Steve M. > > -- > Steve Marquess > OpenSSL Software Foundation, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > USA > +1 877 673 6775 s/b > +1 301 874 2571 direct > [hidden email] > [hidden email] > gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [hidden email] > Automated List Manager [hidden email] > > > If you reply to this email, your message will be added to the discussion > below: > http://openssl.6102.n7.nabble.com/Making-Open-SSH-FIPS-compliant-tp52064p52085.html > To unsubscribe from Making Open SSH FIPS compliant, click here. > NAML > > > > View this message in context: Re: Making Open SSH FIPS compliant > Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
