www icon indicating copy to clipboard operation
www copied to clipboard

Published 20 hours ago verified publisher icon libssh2

FIPS 140-2 compatibility?

Open bagder opened this issue 1 year ago • 4 comments

libssh is said to have this in the comparison table.

But FIPS is a property of the crypto library mostly, isn't it? Ie: in what way is libssh more FIPS ready than libssh2?

bagder avatar Aug 25 '23 06:08 bagder

Libssh2 supports FIPS mode as well. IIRC, it's mainly not blowing up if MD5 is disabled in OpenSSL.

willco007 avatar Aug 25 '23 16:08 willco007

Could not figure how to build OpenSSL (3.1.2) without MD5. The no-md5 ./Configure option no longer exists. Building with -DOPENSSL_NO_MD5 breaks the OpenSSL build, due to missing MD5 bits in legacy code, even with the no-legacy option. Building with no-deprecated works, still includes MD5, but these builds don't work with libssh2, due to reliance on deprecated APIs.

Then tried enable-fips which also included MD5 functions, and this one built correctly with libssh2.

libssh2 is building fine with LIBSSH2_NO_MD5 (also tested in CI). This will NOT actually strip all MD5-related code, remaining one(s) are blocked by a runtime check for FIPS_mode() with OpenSSL (no such thing with other backends).

It'd be better IMO if MD5 would be completely stripped when building with LIBSSH2_NO_MD5. This is pending a FIXME in pem.c, after which it would be possible to drop MD5 primitives at compile-time.

UPDATE: enable-fips doesn't seem to do anything in my tests (in curl-for-win). Also FIPS_mode() requires OpenSSL 1.x or older, meaning it's not used with OpenSSL 3, leaving the MD5 low-level API enabled.

vszakats avatar Aug 26 '23 14:08 vszakats

The remaining MD5 use (marked with the FIXME) is necessary to accept old-style encryped private keys. PR to add an build-time option to disable it, and all MD5 uses with it: https://github.com/libssh2/libssh2/pull/1181

vszakats avatar Aug 27 '23 11:08 vszakats

Merged https://github.com/libssh2/libssh2/pull/1181. Now possible to build libssh2 with no MD5 at all, via -DLIBSSH2_NO_MD5_PEM -DLIBSSH2_NO_MD5.

FIPS aside, IMO it'd still be a step in the right direction to disable all or some of these algos by default: LIBSSH2_NO_MD5 LIBSSH2_NO_MD5_PEM LIBSSH2_NO_HMAC_RIPEMD LIBSSH2_NO_DSA LIBSSH2_NO_BLOWFISH LIBSSH2_NO_RC4 LIBSSH2_NO_CAST LIBSSH2_NO_3DES.

Most had been disabled by OpenSSH throughout 2015–2017.

vszakats avatar Aug 28 '23 23:08 vszakats