Hi OpenSSH mailing list, I would like to announce the newly introduced patch in Fedora rawhide [0] for FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9 version. The patch targets OpenSSL support of OpenSSH, specifically the usage of old low level API. The new OpenSSL version 3.0 introduces a FIPS module (going through FIPS 140-2 validation and to be FIPS 140-3 validated) which can be used with the new EVP API to state OpenSSH being FIPS compliant (using OpenSSL). The problem is, the old API does not use the FIPS module, therefore the change is needed for the new API. What does this mean in practice? Critical cryptographic operations should be changed to the new EVP API to ensure FIPS compatibility. The affected operations are: key generation, signatures creation and Diffie-Hellman style shared secret calculation. To achieve that, the key structures needed to be changed from RSA, EC, DH to EVP_PKEY, but this change would be very costly as a lot of code should have been rewritten to align the function calls using these structures. Therefore a different approach was implemented: keep the old key structures and wrap the affected operations with EVP_PKEY API (importing the key to EVP_PKEY from old structures, execute the cryptographic operation and convert the output back to the old API if needed). This approach is not perfect, but a lot more maintainable as a downstream patch. If there would be any interest for rework the OpenSSL support to the 3.0 version in upstream, that would be much appreciated. The patch doesn’t cover the PKCS#11 OpenSSH implementation which is a separate issue blocked by support in OpenSSL 3.0. [0] - https://src.fedoraproject.org/rpms/openssh/c/b63272d9eb8efef881524b2fed0d658780b197a7?branch=rawhide Regards Norbert Pócs _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
