Disable ed25519 and ed25519-sk keys in FIPS mode

Related: rhbz#2087915
2022-07-11 17:26:00 +02:00 · 2022-07-11 17:26:00 +02:00 · 3990967629
commit 3990967629
parent 32a82650cf
2 changed files with 61 additions and 3 deletions
--- a/openssh-7.7p1-fips.patch
+++ b/openssh-7.7p1-fips.patch
@ -397,11 +397,34 @@ diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
 		goto out;

 	if (EVP_PKEY_keygen(ctx, &res) <= 0) {
-+			if (FIPS_mode())
-+				logit_f("the key length might be unsupported by FIPS mode approved key generation method");
+		if (FIPS_mode())
+			logit_f("the key length might be unsupported by FIPS mode approved key generation method");
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
+@@ -2916,6 +2916,11 @@ sshkey_sign(struct sshkey *key,
+ 		break;
+ 	case KEY_ED25519_SK:
+ 	case KEY_ED25519_SK_CERT:
+		if (FIPS_mode()) {
+		    logit("Ed25519 keys are not alowed in FIPS mode");
+		    return SSH_ERR_INVALID_ARGUMENT;
+		}
+		/* Fallthrough */
+ 	case KEY_ECDSA_SK_CERT:
+ 	case KEY_ECDSA_SK:
+ 		r = sshsk_sign(sk_provider, key, sigp, lenp, data,
+@@ -2973,6 +2978,10 @@ sshkey_verify(const struct sshkey *key,
+ 		return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat);
+ 	case KEY_ED25519_SK:
+ 	case KEY_ED25519_SK_CERT:
+		if (FIPS_mode()) {
+		    logit("Ed25519 keys are not alowed in FIPS mode");
+		    return SSH_ERR_INVALID_ARGUMENT;
+		}
+ 		return ssh_ed25519_sk_verify(key, sig, siglen, data, dlen,
+ 		    compat, detailsp);
+ #ifdef WITH_XMSS
 diff -up openssh-8.6p1/ssh-keygen.c.fips openssh-8.6p1/ssh-keygen.c
 --- openssh-8.6p1/ssh-keygen.c.fips	2021-05-06 12:08:36.467926637 +0200
 +++ openssh-8.6p1/ssh-keygen.c	2021-05-06 12:08:36.503926916 +0200
@ -412,7 +435,7 @@ diff -up openssh-8.6p1/ssh-keygen.c.fips openssh-8.6p1/ssh-keygen.c
 +	if (FIPS_mode()) {
 +		if (type == KEY_DSA)
 +			fatal("DSA keys are not allowed in FIPS mode");
-+		if (type == KEY_ED25519)
+		if (type == KEY_ED25519 || type == KEY_ED25519_SK)
 +			fatal("ED25519 keys are not allowed in FIPS mode");
 +	}
 	switch (type) {
@ -523,3 +546,36 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
 		break;
 	default:
 		r = SSH_ERR_INVALID_ARGUMENT;
+diff -up openssh-8.7p1/ssh-ed25519.c.fips3 openssh-8.7p1/ssh-ed25519.c
+--- openssh-8.7p1/ssh-ed25519.c.fips3	2022-07-11 16:53:41.428343304 +0200
+++ openssh-8.7p1/ssh-ed25519.c	2022-07-11 16:56:09.284663661 +0200
+@@ -24,6 +24,7 @@
+ 
+ #include <string.h>
+ #include <stdarg.h>
+#include <openssl/crypto.h>
+ 
+ #include "log.h"
+ #include "sshbuf.h"
+@@ -52,6 +53,10 @@ ssh_ed25519_sign(const struct sshkey *ke
+ 	    key->ed25519_sk == NULL ||
+ 	    datalen >= INT_MAX - crypto_sign_ed25519_BYTES)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+	if (FIPS_mode()) {
+	    logit("Ed25519 keys are not alowed in FIPS mode");
+	    return SSH_ERR_INVALID_ARGUMENT;
+	}
+ 	smlen = slen = datalen + crypto_sign_ed25519_BYTES;
+ 	if ((sig = malloc(slen)) == NULL)
+ 		return SSH_ERR_ALLOC_FAIL;
+@@ -108,6 +113,10 @@ ssh_ed25519_verify(const struct sshkey *
+ 	    datalen >= INT_MAX - crypto_sign_ed25519_BYTES ||
+ 	    signature == NULL || signaturelen == 0)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+	if (FIPS_mode()) {
+	    logit("Ed25519 keys are not alowed in FIPS mode");
+	    return SSH_ERR_INVALID_ARGUMENT;
+	}
+ 
+ 	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
+ 		return SSH_ERR_ALLOC_FAIL;
--- a/openssh.spec
+++ b/openssh.spec
@ -723,6 +723,8 @@ test -f %{sysconfig_anaconda} && \
 * Mon Jul 11 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-12
 - Disable sntrup761x25519-sha512 in FIPS mode
  Related: rhbz#2070628
+- Disable ed25519 and ed25519-sk keys in FIPS mode
+  Related: rhbz#2087915

 * Mon Jul 11 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-11
 - Fix scp clearing file when src and dest are the same