jonathan/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity

Disable ed25519 and ed25519-sk keys in FIPS mode

Browse Source 
Related: rhbz#2087915
This commit is contained in:
Dmitry Belyavskiy 2022-07-13 16:19:53 +02:00
parent 821045a148
commit 0d823b2f2a
2 changed files with 50 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
openssh-7.7p1-fips.patch
View File

@ -344,6 +344,20 @@ diff -up openssh-8.6p1/sshd.c.fips openssh-8.6p1/sshd.c
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac; saved_argc = ac;
rexec_argc = ac; rexec_argc = ac;
@@ -1931,6 +1931,13 @@ main(int ac, char **av)
&key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
do_log2_r(r, ll, "Unable to load host key \"%s\"",
options.host_key_files[i]);
+ if (FIPS_mode() && (sshkey_type_plain(key->type) == KEY_ED25519_SK
+ || sshkey_type_plain(key->type) == KEY_ED25519)) {
+ logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);
+ sshkey_free(key);
+ key = NULL;
+ continue;
+ }
if (sshkey_is_sk(key) &&
key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
debug("host key %s requires user presence, ignoring",
@@ -2110,6 +2113,10 @@ main(int ac, char **av) @@ -2110,6 +2113,10 @@ main(int ac, char **av)
/* Reinitialize the log (because of the fork above). */ /* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr); log_init(__progname, options.log_level, options.log_facility, log_stderr);
@ -393,6 +407,27 @@ diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
#include "ssh-sk.h" #include "ssh-sk.h"
#ifdef WITH_XMSS #ifdef WITH_XMSS
@@ -1503,6 +1503,20 @@ sshkey_read(struct sshkey *ret, char **c
return SSH_ERR_EC_CURVE_MISMATCH;
}
+ switch (type) {
+ case KEY_ED25519:
+ case KEY_ED25519_SK:
+ case KEY_ED25519_CERT:
+ case KEY_ED25519_SK_CERT:
+ if (FIPS_mode()) {
+ sshkey_free(k);
+ logit_f("Ed25519 keys are not allowed in FIPS mode");
+ return SSH_ERR_INVALID_ARGUMENT;
+ }
+ break;
+ default:
+ break;
+ }
/* Fill in ret from parsed key */
ret->type = type;
if (sshkey_is_cert(ret)) {
@@ -1705,6 +1707,8 @@ rsa_generate_private_key(u_int bits, RSA @@ -1705,6 +1707,8 @@ rsa_generate_private_key(u_int bits, RSA
goto out; goto out;
@ -407,7 +442,7 @@ diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
case KEY_ED25519_SK: case KEY_ED25519_SK:
case KEY_ED25519_SK_CERT: case KEY_ED25519_SK_CERT:
+ if (FIPS_mode()) { + if (FIPS_mode()) {
+ logit("Ed25519 keys are not alowed in FIPS mode"); + logit_f("Ed25519 keys are not allowed in FIPS mode");
+ return SSH_ERR_INVALID_ARGUMENT; + return SSH_ERR_INVALID_ARGUMENT;
+ } + }
+ /* Fallthrough */ + /* Fallthrough */
@ -419,7 +454,7 @@ diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
case KEY_ED25519_SK: case KEY_ED25519_SK:
case KEY_ED25519_SK_CERT: case KEY_ED25519_SK_CERT:
+ if (FIPS_mode()) { + if (FIPS_mode()) {
+ logit("Ed25519 keys are not alowed in FIPS mode"); + logit_f("Ed25519 keys are not allowed in FIPS mode");
+ return SSH_ERR_INVALID_ARGUMENT; + return SSH_ERR_INVALID_ARGUMENT;
+ } + }
return ssh_ed25519_sk_verify(key, sig, siglen, data, dlen, return ssh_ed25519_sk_verify(key, sig, siglen, data, dlen,
@ -477,7 +512,7 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
case KEX_C25519_SHA256: case KEX_C25519_SHA256:
- r = kex_c25519_keypair(kex); - r = kex_c25519_keypair(kex);
+ if (FIPS_mode()) { + if (FIPS_mode()) {
+ logit("Key exchange type c25519 is not alowed in FIPS mode"); + logit_f("Key exchange type c25519 is not allowed in FIPS mode");
+ r = SSH_ERR_INVALID_ARGUMENT; + r = SSH_ERR_INVALID_ARGUMENT;
+ } else { + } else {
+ r = kex_c25519_keypair(kex); + r = kex_c25519_keypair(kex);
@ -486,7 +521,7 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
case KEX_KEM_SNTRUP761X25519_SHA512: case KEX_KEM_SNTRUP761X25519_SHA512:
- r = kex_kem_sntrup761x25519_keypair(kex); - r = kex_kem_sntrup761x25519_keypair(kex);
+ if (FIPS_mode()) { + if (FIPS_mode()) {
+ logit("Key exchange type sntrup761 is not alowed in FIPS mode"); + logit_f("Key exchange type sntrup761 is not allowed in FIPS mode");
+ r = SSH_ERR_INVALID_ARGUMENT; + r = SSH_ERR_INVALID_ARGUMENT;
+ } else { + } else {
+ r = kex_kem_sntrup761x25519_keypair(kex); + r = kex_kem_sntrup761x25519_keypair(kex);
@ -500,7 +535,7 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
case KEX_C25519_SHA256: case KEX_C25519_SHA256:
- r = kex_c25519_dec(kex, server_blob, &shared_secret); - r = kex_c25519_dec(kex, server_blob, &shared_secret);
+ if (FIPS_mode()) { + if (FIPS_mode()) {
+ logit("Key exchange type c25519 is not alowed in FIPS mode"); + logit_f("Key exchange type c25519 is not allowed in FIPS mode");
+ r = SSH_ERR_INVALID_ARGUMENT; + r = SSH_ERR_INVALID_ARGUMENT;
+ } else { + } else {
+ r = kex_c25519_dec(kex, server_blob, &shared_secret); + r = kex_c25519_dec(kex, server_blob, &shared_secret);
@ -510,7 +545,7 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
- r = kex_kem_sntrup761x25519_dec(kex, server_blob, - r = kex_kem_sntrup761x25519_dec(kex, server_blob,
- &shared_secret); - &shared_secret);
+ if (FIPS_mode()) { + if (FIPS_mode()) {
+ logit("Key exchange type sntrup761 is not alowed in FIPS mode"); + logit_f("Key exchange type sntrup761 is not allowed in FIPS mode");
+ r = SSH_ERR_INVALID_ARGUMENT; + r = SSH_ERR_INVALID_ARGUMENT;
+ } else { + } else {
+ r = kex_kem_sntrup761x25519_dec(kex, server_blob, + r = kex_kem_sntrup761x25519_dec(kex, server_blob,
@ -526,7 +561,7 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
- r = kex_c25519_enc(kex, client_pubkey, &server_pubkey, - r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
- &shared_secret); - &shared_secret);
+ if (FIPS_mode()) { + if (FIPS_mode()) {
+ logit("Key exchange type c25519 is not alowed in FIPS mode"); + logit_f("Key exchange type c25519 is not allowed in FIPS mode");
+ r = SSH_ERR_INVALID_ARGUMENT; + r = SSH_ERR_INVALID_ARGUMENT;
+ } else { + } else {
+ r = kex_c25519_enc(kex, client_pubkey, &server_pubkey, + r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
@ -537,7 +572,7 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
- r = kex_kem_sntrup761x25519_enc(kex, client_pubkey, - r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
- &server_pubkey, &shared_secret); - &server_pubkey, &shared_secret);
+ if (FIPS_mode()) { + if (FIPS_mode()) {
+ logit("Key exchange type sntrup761 is not alowed in FIPS mode"); + logit_f("Key exchange type sntrup761 is not allowed in FIPS mode");
+ r = SSH_ERR_INVALID_ARGUMENT; + r = SSH_ERR_INVALID_ARGUMENT;
+ } else { + } else {
+ r = kex_kem_sntrup761x25519_enc(kex, client_pubkey, + r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
@ -562,7 +597,7 @@ diff -up openssh-8.7p1/ssh-ed25519.c.fips3 openssh-8.7p1/ssh-ed25519.c
datalen >= INT_MAX - crypto_sign_ed25519_BYTES) datalen >= INT_MAX - crypto_sign_ed25519_BYTES)
return SSH_ERR_INVALID_ARGUMENT; return SSH_ERR_INVALID_ARGUMENT;
+ if (FIPS_mode()) { + if (FIPS_mode()) {
+ logit("Ed25519 keys are not alowed in FIPS mode"); + logit_f("Ed25519 keys are not allowed in FIPS mode");
+ return SSH_ERR_INVALID_ARGUMENT; + return SSH_ERR_INVALID_ARGUMENT;
+ } + }
smlen = slen = datalen + crypto_sign_ed25519_BYTES; smlen = slen = datalen + crypto_sign_ed25519_BYTES;
@ -573,7 +608,7 @@ diff -up openssh-8.7p1/ssh-ed25519.c.fips3 openssh-8.7p1/ssh-ed25519.c
signature == NULL || signaturelen == 0) signature == NULL || signaturelen == 0)
return SSH_ERR_INVALID_ARGUMENT; return SSH_ERR_INVALID_ARGUMENT;
+ if (FIPS_mode()) { + if (FIPS_mode()) {
+ logit("Ed25519 keys are not alowed in FIPS mode"); + logit_f("Ed25519 keys are not allowed in FIPS mode");
+ return SSH_ERR_INVALID_ARGUMENT; + return SSH_ERR_INVALID_ARGUMENT;
+ } + }

6
openssh.spec
View File

@ -51,7 +51,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.7p1 %global openssh_ver 8.7p1
%global openssh_rel 13 %global openssh_rel 14
%global pam_ssh_agent_ver 0.10.4 %global pam_ssh_agent_ver 0.10.4
%global pam_ssh_agent_rel 4 %global pam_ssh_agent_rel 4
@ -720,6 +720,10 @@ test -f %{sysconfig_anaconda} && \
%endif %endif
%changelog %changelog
* Wed Jul 13 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-14
- Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
* Tue Jul 12 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-13 * Tue Jul 12 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-13
- Add reference for policy customization in ssh/sshd_config manpages - Add reference for policy customization in ssh/sshd_config manpages
Resolves: rhbz#1984575 Resolves: rhbz#1984575