Disable sntrup761x25519-sha512 in FIPS mode

Related: rhbz#2070628
2022-07-11 15:45:56 +02:00 · 2022-07-11 15:45:56 +02:00 · 32a82650cf
commit 32a82650cf
parent fd0d5a4f44
2 changed files with 93 additions and 18 deletions
--- a/openssh-7.7p1-fips.patch
+++ b/openssh-7.7p1-fips.patch
@ -1,16 +1,3 @@
 diff -up openssh-8.6p1/cipher-ctr.c.fips openssh-8.6p1/cipher-ctr.c
 --- openssh-8.6p1/cipher-ctr.c.fips	2021-05-06 12:08:36.423926297 +0200
 +++ openssh-8.6p1/cipher-ctr.c	2021-05-06 12:08:36.497926869 +0200
@@ -179,7 +179,8 @@ evp_aes_128_ctr(void)
 	aes_ctr.do_cipher = ssh_aes_ctr;
 #ifndef SSH_OLD_EVP
 	aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
 -	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
 +	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV |
 +	    EVP_CIPH_FLAG_FIPS;
 #endif
 	return (&aes_ctr);
 }
 diff -up openssh-8.6p1/dh.c.fips openssh-8.6p1/dh.c
 --- openssh-8.6p1/dh.c.fips	2021-04-16 05:55:25.000000000 +0200
 +++ openssh-8.6p1/dh.c	2021-05-06 12:12:10.107634472 +0200
@ -117,7 +104,7 @@ diff -up openssh-8.6p1/kexgexc.c.fips openssh-8.6p1/kexgexc.c
 diff -up openssh-8.6p1/myproposal.h.fips openssh-8.6p1/myproposal.h
 --- openssh-8.6p1/myproposal.h.fips	2021-04-16 05:55:25.000000000 +0200
 +++ openssh-8.6p1/myproposal.h	2021-05-06 12:08:36.498926877 +0200
-@@ -57,6 +57,20 @@
+@@ -57,6 +57,18 @@
 	"rsa-sha2-256," \
 	"ssh-rsa"
@ -127,13 +114,11 @@ diff -up openssh-8.6p1/myproposal.h.fips openssh-8.6p1/myproposal.h
 +	"ecdsa-sha2-nistp521-cert-v01@openssh.com," \
 +	"rsa-sha2-512-cert-v01@openssh.com," \
 +	"rsa-sha2-256-cert-v01@openssh.com," \
 +	"ssh-rsa-cert-v01@openssh.com," \
 +	"ecdsa-sha2-nistp256," \
 +	"ecdsa-sha2-nistp384," \
 +	"ecdsa-sha2-nistp521," \
 +	"rsa-sha2-512," \
-+	"rsa-sha2-256," \
+	"rsa-sha2-256"
 +	"ssh-rsa"
 +
 #define	KEX_SERVER_ENCRYPT \
 	"chacha20-poly1305@openssh.com," \
@ -452,3 +437,89 @@ diff -up openssh-8.6p1/ssh-keygen.c.fips openssh-8.6p1/ssh-keygen.c
 		if ((fd = mkstemp(prv_tmp)) == -1) {
 			error("Could not save your private key in %s: %s",
 			    prv_tmp, strerror(errno));
 diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
 --- openssh-8.7p1/kexgen.c.fips3	2022-07-11 16:11:21.973519913 +0200
 +++ openssh-8.7p1/kexgen.c	2022-07-11 16:25:31.172187365 +0200
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <signal.h>
 +#include <openssl/crypto.h>
 #include "sshkey.h"
 #include "kex.h"
@@ -115,10 +116,20 @@ kex_gen_client(struct ssh *ssh)
 		break;
 #endif
 	case KEX_C25519_SHA256:
 -		r = kex_c25519_keypair(kex);
 +		if (FIPS_mode()) {
 +		    logit("Key exchange type c25519 is not alowed in FIPS mode");
 +		    r = SSH_ERR_INVALID_ARGUMENT;
 +		} else {
 +		    r = kex_c25519_keypair(kex);
 +		}
 		break;
 	case KEX_KEM_SNTRUP761X25519_SHA512:
 -		r = kex_kem_sntrup761x25519_keypair(kex);
 +		if (FIPS_mode()) {
 +		    logit("Key exchange type sntrup761 is not alowed in FIPS mode");
 +		    r = SSH_ERR_INVALID_ARGUMENT;
 +		} else {
 +		    r = kex_kem_sntrup761x25519_keypair(kex);
 +		}
 		break;
 	default:
 		r = SSH_ERR_INVALID_ARGUMENT;
@@ -186,11 +197,21 @@ input_kex_gen_reply(int type, u_int32_t
 		break;
 #endif
 	case KEX_C25519_SHA256:
 -		r = kex_c25519_dec(kex, server_blob, &shared_secret);
 +		if (FIPS_mode()) {
 +		    logit("Key exchange type c25519 is not alowed in FIPS mode");
 +		    r = SSH_ERR_INVALID_ARGUMENT;
 +		} else {
 +		    r = kex_c25519_dec(kex, server_blob, &shared_secret);
 +		}
 		break;
 	case KEX_KEM_SNTRUP761X25519_SHA512:
 -		r = kex_kem_sntrup761x25519_dec(kex, server_blob,
 -		    &shared_secret);
 +		if (FIPS_mode()) {
 +		    logit("Key exchange type sntrup761 is not alowed in FIPS mode");
 +		    r = SSH_ERR_INVALID_ARGUMENT;
 +		} else {
 +		    r = kex_kem_sntrup761x25519_dec(kex, server_blob,
 +		        &shared_secret);
 +		}
 		break;
 	default:
 		r = SSH_ERR_INVALID_ARGUMENT;
@@ -285,12 +306,22 @@ input_kex_gen_init(int type, u_int32_t s
 		break;
 #endif
 	case KEX_C25519_SHA256:
 -		r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
 -		    &shared_secret);
 +		if (FIPS_mode()) {
 +		    logit("Key exchange type c25519 is not alowed in FIPS mode");
 +		    r = SSH_ERR_INVALID_ARGUMENT;
 +		} else {
 +		    r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
 +		        &shared_secret);
 +		}
 		break;
 	case KEX_KEM_SNTRUP761X25519_SHA512:
 -		r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
 -		    &server_pubkey, &shared_secret);
 +		if (FIPS_mode()) {
 +		    logit("Key exchange type sntrup761 is not alowed in FIPS mode");
 +		    r = SSH_ERR_INVALID_ARGUMENT;
 +		} else {
 +		    r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
 +		        &server_pubkey, &shared_secret);
 +		}
 		break;
 	default:
 		r = SSH_ERR_INVALID_ARGUMENT;
--- a/openssh.spec
+++ b/openssh.spec
@ -51,7 +51,7 @@
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 11
+%global openssh_rel 12
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 4
@ -720,6 +720,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 %changelog
 * Mon Jul 11 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-12
 - Disable sntrup761x25519-sha512 in FIPS mode
  Related: rhbz#2070628
 * Mon Jul 11 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-11
 - Fix scp clearing file when src and dest are the same
  Resolves: rhbz#2056884