Update to OpenSSH 9.9p1
Resolves: RHEL-60564
This commit is contained in:
parent
d84f5f5164
commit
07172f36c4
2
.gitignore
vendored
2
.gitignore
vendored
@ -62,3 +62,5 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
|
|||||||
/openssh-9.6p1.tar.gz.asc
|
/openssh-9.6p1.tar.gz.asc
|
||||||
/openssh-9.8p1.tar.gz
|
/openssh-9.8p1.tar.gz
|
||||||
/openssh-9.8p1.tar.gz.asc
|
/openssh-9.8p1.tar.gz.asc
|
||||||
|
/openssh-9.9p1.tar.gz
|
||||||
|
/openssh-9.9p1.tar.gz.asc
|
||||||
|
@ -38,5 +38,5 @@ diff -up openssh/sshd.c.ip-opts openssh/sshd.c
|
|||||||
+ }
|
+ }
|
||||||
+ } while (i < option_size);
|
+ } while (i < option_size);
|
||||||
}
|
}
|
||||||
return;
|
|
||||||
#endif /* IP_OPTIONS */
|
#endif /* IP_OPTIONS */
|
||||||
|
}
|
||||||
|
@ -73,22 +73,6 @@ diff -up openssh-8.5p1/loginrec.c.coverity openssh-8.5p1/loginrec.c
|
|||||||
strncpy(ut->ut_host, li->hostname,
|
strncpy(ut->ut_host, li->hostname,
|
||||||
MIN_SIZEOF(ut->ut_host, li->hostname));
|
MIN_SIZEOF(ut->ut_host, li->hostname));
|
||||||
# endif
|
# endif
|
||||||
@@ -1690,6 +1692,7 @@ record_failed_login(struct ssh *ssh, con
|
|
||||||
|
|
||||||
memset(&ut, 0, sizeof(ut));
|
|
||||||
/* strncpy because we don't necessarily want nul termination */
|
|
||||||
+ /* coverity[buffer_size_warning : FALSE] */
|
|
||||||
strncpy(ut.ut_user, username, sizeof(ut.ut_user));
|
|
||||||
strlcpy(ut.ut_line, "ssh:notty", sizeof(ut.ut_line));
|
|
||||||
|
|
||||||
@@ -1699,6 +1702,7 @@ record_failed_login(struct ssh *ssh, con
|
|
||||||
ut.ut_pid = getpid();
|
|
||||||
|
|
||||||
/* strncpy because we don't necessarily want nul termination */
|
|
||||||
+ /* coverity[buffer_size_warning : FALSE] */
|
|
||||||
strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
|
|
||||||
|
|
||||||
if (ssh_packet_connection_is_on_socket(ssh) &&
|
|
||||||
diff -up openssh-8.5p1/misc.c.coverity openssh-8.5p1/misc.c
|
diff -up openssh-8.5p1/misc.c.coverity openssh-8.5p1/misc.c
|
||||||
--- openssh-8.5p1/misc.c.coverity 2021-03-24 12:03:33.745967902 +0100
|
--- openssh-8.5p1/misc.c.coverity 2021-03-24 12:03:33.745967902 +0100
|
||||||
+++ openssh-8.5p1/misc.c 2021-03-24 13:31:47.037079617 +0100
|
+++ openssh-8.5p1/misc.c 2021-03-24 13:31:47.037079617 +0100
|
||||||
|
@ -1086,7 +1086,7 @@ diff -up openssh-8.6p1/Makefile.in.audit openssh-8.6p1/Makefile.in
|
|||||||
--- openssh-8.6p1/Makefile.in.audit 2021-04-19 16:47:35.731061937 +0200
|
--- openssh-8.6p1/Makefile.in.audit 2021-04-19 16:47:35.731061937 +0200
|
||||||
+++ openssh-8.6p1/Makefile.in 2021-04-19 16:47:35.756062129 +0200
|
+++ openssh-8.6p1/Makefile.in 2021-04-19 16:47:35.756062129 +0200
|
||||||
@@ -112,7 +112,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
|
@@ -112,7 +112,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
|
||||||
kexsntrup761x25519.o sntrup761.o kexgen.o \
|
kexsntrup761x25519.o kexmlkem768x25519.o sntrup761.o kexgen.o \
|
||||||
kexgssc.o \
|
kexgssc.o \
|
||||||
sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
|
sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
|
||||||
- sshbuf-io.o
|
- sshbuf-io.o
|
||||||
@ -2056,7 +2056,7 @@ diff -up openssh-8.6p1/sshd-session.c.audit openssh-8.6p1/sshd-session.c
|
|||||||
#include "ssh-sandbox.h"
|
#include "ssh-sandbox.h"
|
||||||
#include "auth-options.h"
|
#include "auth-options.h"
|
||||||
#include "version.h"
|
#include "version.h"
|
||||||
@@ -260,8 +261,8 @@ struct sshbuf *loginmsg;
|
@@ -260,8 +261,44 @@ struct sshbuf *loginmsg;
|
||||||
struct sshbuf *loginmsg;
|
struct sshbuf *loginmsg;
|
||||||
|
|
||||||
/* Prototypes for various functions defined later in this file. */
|
/* Prototypes for various functions defined later in this file. */
|
||||||
@ -2064,6 +2064,42 @@ diff -up openssh-8.6p1/sshd-session.c.audit openssh-8.6p1/sshd-session.c
|
|||||||
-void demote_sensitive_data(void);
|
-void demote_sensitive_data(void);
|
||||||
+void destroy_sensitive_data(struct ssh *);
|
+void destroy_sensitive_data(struct ssh *);
|
||||||
+void demote_sensitive_data(struct ssh *);
|
+void demote_sensitive_data(struct ssh *);
|
||||||
|
+
|
||||||
|
+static int
|
||||||
|
+sshkey_is_private(const struct sshkey *k)
|
||||||
|
+{
|
||||||
|
+ switch (k->type) {
|
||||||
|
+#ifdef WITH_OPENSSL
|
||||||
|
+ case KEY_RSA_CERT:
|
||||||
|
+ case KEY_RSA: {
|
||||||
|
+ const BIGNUM *d;
|
||||||
|
+ const RSA *rsa = EVP_PKEY_get0_RSA(k->pkey);
|
||||||
|
+ RSA_get0_key(rsa, NULL, NULL, &d);
|
||||||
|
+ return d != NULL;
|
||||||
|
+ }
|
||||||
|
+ case KEY_DSA_CERT:
|
||||||
|
+ case KEY_DSA: {
|
||||||
|
+ const BIGNUM *priv_key;
|
||||||
|
+ DSA_get0_key(k->dsa, NULL, &priv_key);
|
||||||
|
+ return priv_key != NULL;
|
||||||
|
+ }
|
||||||
|
+#ifdef OPENSSL_HAS_ECC
|
||||||
|
+ case KEY_ECDSA_CERT:
|
||||||
|
+ case KEY_ECDSA: {
|
||||||
|
+ const EC_KEY * ecdsa = EVP_PKEY_get0_EC_KEY(k->pkey);
|
||||||
|
+ return EC_KEY_get0_private_key(ecdsa) != NULL;
|
||||||
|
+ }
|
||||||
|
+#endif /* OPENSSL_HAS_ECC */
|
||||||
|
+#endif /* WITH_OPENSSL */
|
||||||
|
+ case KEY_ED25519_CERT:
|
||||||
|
+ case KEY_ED25519:
|
||||||
|
+ return (k->ed25519_pk != NULL);
|
||||||
|
+ default:
|
||||||
|
+ /* fatal("key_is_private: bad key type %d", k->type); */
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
static void do_ssh2_kex(struct ssh *);
|
static void do_ssh2_kex(struct ssh *);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -2222,7 +2258,7 @@ diff -up openssh-8.6p1/sshd-session.c.audit openssh-8.6p1/sshd-session.c
|
|||||||
|
|
||||||
if (the_active_state != NULL && the_authctxt != NULL) {
|
if (the_active_state != NULL && the_authctxt != NULL) {
|
||||||
@@ -2525,7 +2593,9 @@ cleanup_exit(int i)
|
@@ -2525,7 +2593,9 @@ cleanup_exit(int i)
|
||||||
_exit(EXIT_AUTH_ATTEMPTED);
|
}
|
||||||
#ifdef SSH_AUDIT_EVENTS
|
#ifdef SSH_AUDIT_EVENTS
|
||||||
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
|
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
|
||||||
- if (the_active_state != NULL && mm_is_monitor())
|
- if (the_active_state != NULL && mm_is_monitor())
|
||||||
@ -2231,57 +2267,4 @@ diff -up openssh-8.6p1/sshd-session.c.audit openssh-8.6p1/sshd-session.c
|
|||||||
+ mm_is_monitor())
|
+ mm_is_monitor())
|
||||||
audit_event(the_active_state, SSH_CONNECTION_ABANDON);
|
audit_event(the_active_state, SSH_CONNECTION_ABANDON);
|
||||||
#endif
|
#endif
|
||||||
_exit(i);
|
/* Override default fatal exit value when auth was attempted */
|
||||||
diff -up openssh-8.6p1/sshkey.c.audit openssh-8.6p1/sshkey.c
|
|
||||||
--- openssh-8.6p1/sshkey.c.audit 2021-04-19 16:47:35.741062014 +0200
|
|
||||||
+++ openssh-8.6p1/sshkey.c 2021-04-19 16:47:35.759062152 +0200
|
|
||||||
@@ -371,6 +371,38 @@ sshkey_type_is_valid_ca(int type)
|
|
||||||
}
|
|
||||||
|
|
||||||
int
|
|
||||||
+sshkey_is_private(const struct sshkey *k)
|
|
||||||
+{
|
|
||||||
+ switch (k->type) {
|
|
||||||
+#ifdef WITH_OPENSSL
|
|
||||||
+ case KEY_RSA_CERT:
|
|
||||||
+ case KEY_RSA: {
|
|
||||||
+ const BIGNUM *d;
|
|
||||||
+ RSA_get0_key(k->rsa, NULL, NULL, &d);
|
|
||||||
+ return d != NULL;
|
|
||||||
+ }
|
|
||||||
+ case KEY_DSA_CERT:
|
|
||||||
+ case KEY_DSA: {
|
|
||||||
+ const BIGNUM *priv_key;
|
|
||||||
+ DSA_get0_key(k->dsa, NULL, &priv_key);
|
|
||||||
+ return priv_key != NULL;
|
|
||||||
+ }
|
|
||||||
+#ifdef OPENSSL_HAS_ECC
|
|
||||||
+ case KEY_ECDSA_CERT:
|
|
||||||
+ case KEY_ECDSA:
|
|
||||||
+ return EC_KEY_get0_private_key(k->ecdsa) != NULL;
|
|
||||||
+#endif /* OPENSSL_HAS_ECC */
|
|
||||||
+#endif /* WITH_OPENSSL */
|
|
||||||
+ case KEY_ED25519_CERT:
|
|
||||||
+ case KEY_ED25519:
|
|
||||||
+ return (k->ed25519_pk != NULL);
|
|
||||||
+ default:
|
|
||||||
+ /* fatal("key_is_private: bad key type %d", k->type); */
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int
|
|
||||||
sshkey_is_cert(const struct sshkey *k)
|
|
||||||
{
|
|
||||||
if (k == NULL)
|
|
||||||
diff -up openssh-8.6p1/sshkey.h.audit openssh-8.6p1/sshkey.h
|
|
||||||
--- openssh-8.6p1/sshkey.h.audit 2021-04-19 16:47:35.741062014 +0200
|
|
||||||
+++ openssh-8.6p1/sshkey.h 2021-04-19 16:47:35.759062152 +0200
|
|
||||||
@@ -189,6 +189,7 @@ int sshkey_shield_private(struct sshke
|
|
||||||
int sshkey_unshield_private(struct sshkey *);
|
|
||||||
|
|
||||||
int sshkey_type_from_name(const char *);
|
|
||||||
+int sshkey_is_private(const struct sshkey *);
|
|
||||||
int sshkey_is_cert(const struct sshkey *);
|
|
||||||
int sshkey_is_sk(const struct sshkey *);
|
|
||||||
int sshkey_type_is_cert(int);
|
|
||||||
|
@ -427,9 +427,9 @@ diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
|
|||||||
--- openssh-8.6p1/sshkey.c.fips 2021-05-06 12:08:36.493926838 +0200
|
--- openssh-8.6p1/sshkey.c.fips 2021-05-06 12:08:36.493926838 +0200
|
||||||
+++ openssh-8.6p1/sshkey.c 2021-05-06 12:08:36.502926908 +0200
|
+++ openssh-8.6p1/sshkey.c 2021-05-06 12:08:36.502926908 +0200
|
||||||
@@ -36,6 +36,7 @@
|
@@ -36,6 +36,7 @@
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
#include <openssl/core_names.h>
|
|
||||||
#include <openssl/param_build.h>
|
|
||||||
+#include <openssl/fips.h>
|
+#include <openssl/fips.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -544,13 +544,13 @@ diff -up openssh-8.6p1/ssh-keygen.c.fips openssh-8.6p1/ssh-keygen.c
|
|||||||
- name = _PATH_SSH_CLIENT_ID_ED25519;
|
- name = _PATH_SSH_CLIENT_ID_ED25519;
|
||||||
+ name = FIPS_mode() ? _PATH_SSH_CLIENT_ID_RSA : _PATH_SSH_CLIENT_ID_ED25519;
|
+ name = FIPS_mode() ? _PATH_SSH_CLIENT_ID_RSA : _PATH_SSH_CLIENT_ID_ED25519;
|
||||||
else {
|
else {
|
||||||
switch (sshkey_type_from_name(key_type_name)) {
|
switch (sshkey_type_from_shortname(key_type_name)) {
|
||||||
#ifdef WITH_DSA
|
#ifdef WITH_DSA
|
||||||
@@ -1098,9 +1104,17 @@ do_gen_all_hostkeys(struct passwd *pw)
|
@@ -1098,9 +1104,17 @@ do_gen_all_hostkeys(struct passwd *pw)
|
||||||
first = 1;
|
first = 1;
|
||||||
printf("%s: generating new host keys: ", __progname);
|
printf("%s: generating new host keys: ", __progname);
|
||||||
}
|
}
|
||||||
+ type = sshkey_type_from_name(key_types[i].key_type);
|
+ type = sshkey_type_from_shortname(key_types[i].key_type);
|
||||||
+
|
+
|
||||||
+ /* Skip the keys that are not supported in FIPS mode */
|
+ /* Skip the keys that are not supported in FIPS mode */
|
||||||
+ if (FIPS_mode() && (type == KEY_DSA || type == KEY_ED25519)) {
|
+ if (FIPS_mode() && (type == KEY_DSA || type == KEY_ED25519)) {
|
||||||
@ -561,7 +561,7 @@ diff -up openssh-8.6p1/ssh-keygen.c.fips openssh-8.6p1/ssh-keygen.c
|
|||||||
+
|
+
|
||||||
printf("%s ", key_types[i].key_type_display);
|
printf("%s ", key_types[i].key_type_display);
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
- type = sshkey_type_from_name(key_types[i].key_type);
|
- type = sshkey_type_from_shortname(key_types[i].key_type);
|
||||||
if ((fd = mkstemp(prv_tmp)) == -1) {
|
if ((fd = mkstemp(prv_tmp)) == -1) {
|
||||||
error("Could not save your private key in %s: %s",
|
error("Could not save your private key in %s: %s",
|
||||||
prv_tmp, strerror(errno));
|
prv_tmp, strerror(errno));
|
||||||
@ -572,31 +572,31 @@ diff -up openssh-8.6p1/ssh-keygen.c.fips openssh-8.6p1/ssh-keygen.c
|
|||||||
- key_type_name = DEFAULT_KEY_TYPE_NAME;
|
- key_type_name = DEFAULT_KEY_TYPE_NAME;
|
||||||
+ key_type_name = FIPS_mode() ? FIPS_DEFAULT_KEY_TYPE_NAME : DEFAULT_KEY_TYPE_NAME;
|
+ key_type_name = FIPS_mode() ? FIPS_DEFAULT_KEY_TYPE_NAME : DEFAULT_KEY_TYPE_NAME;
|
||||||
|
|
||||||
type = sshkey_type_from_name(key_type_name);
|
type = sshkey_type_from_shortname(key_type_name);
|
||||||
type_bits_valid(type, key_type_name, &bits);
|
type_bits_valid(type, key_type_name, &bits);
|
||||||
diff -up openssh-9.3p1/ssh-rsa.c.evpgenrsa openssh-9.3p1/ssh-rsa.c
|
diff -up openssh-9.3p1/ssh-rsa.c.evpgenrsa openssh-9.3p1/ssh-rsa.c
|
||||||
--- openssh-9.3p1/ssh-rsa.c.evpgenrsa 2022-06-30 15:14:58.200518353 +0200
|
--- openssh-9.3p1/ssh-rsa.c.evpgenrsa 2022-06-30 15:14:58.200518353 +0200
|
||||||
+++ openssh-9.3p1/ssh-rsa.c 2022-06-30 15:24:31.499641196 +0200
|
+++ openssh-9.3p1/ssh-rsa.c 2022-06-30 15:24:31.499641196 +0200
|
||||||
@@ -33,6 +33,7 @@
|
@@ -33,6 +33,7 @@
|
||||||
|
|
||||||
|
#include <openssl/evp.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/core_names.h>
|
|
||||||
#include <openssl/param_build.h>
|
|
||||||
+#include <openssl/fips.h>
|
+#include <openssl/fips.h>
|
||||||
|
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
@@ -1705,6 +1707,8 @@ ssh_rsa_generate(u_int bits, RSA
|
@@ -1705,6 +1707,8 @@ ssh_rsa_generate(u_int bits, RSA
|
||||||
goto out;
|
goto out;
|
||||||
|
}
|
||||||
if (EVP_PKEY_keygen(ctx, &res) <= 0) {
|
if (EVP_PKEY_keygen(ctx, &res) <= 0 || res == NULL) {
|
||||||
+ if (FIPS_mode())
|
+ if (FIPS_mode())
|
||||||
+ logit_f("the key length might be unsupported by FIPS mode approved key generation method");
|
+ logit_f("the key length might be unsupported by FIPS mode approved key generation method");
|
||||||
ret = SSH_ERR_LIBCRYPTO_ERROR;
|
ret = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
|
diff -up openssh-9.9p1/kexgen.c.xxx openssh-9.9p1/kexgen.c
|
||||||
--- openssh-8.7p1/kexgen.c.fips3 2022-07-11 16:11:21.973519913 +0200
|
--- openssh-9.9p1/kexgen.c.xxx 2024-10-09 10:35:56.285946080 +0200
|
||||||
+++ openssh-8.7p1/kexgen.c 2022-07-11 16:25:31.172187365 +0200
|
+++ openssh-9.9p1/kexgen.c 2024-10-09 10:41:52.792597194 +0200
|
||||||
@@ -31,6 +31,7 @@
|
@@ -31,6 +31,7 @@
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
@ -605,7 +605,7 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
|
|||||||
|
|
||||||
#include "sshkey.h"
|
#include "sshkey.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
@@ -115,10 +116,20 @@ kex_gen_client(struct ssh *ssh)
|
@@ -115,13 +116,28 @@ kex_gen_client(struct ssh *ssh)
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
case KEX_C25519_SHA256:
|
case KEX_C25519_SHA256:
|
||||||
@ -624,11 +624,20 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
|
|||||||
+ r = SSH_ERR_INVALID_ARGUMENT;
|
+ r = SSH_ERR_INVALID_ARGUMENT;
|
||||||
+ } else {
|
+ } else {
|
||||||
+ r = kex_kem_sntrup761x25519_keypair(kex);
|
+ r = kex_kem_sntrup761x25519_keypair(kex);
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
case KEX_KEM_MLKEM768X25519_SHA256:
|
||||||
|
- r = kex_kem_mlkem768x25519_keypair(kex);
|
||||||
|
+ if (FIPS_mode()) {
|
||||||
|
+ logit_f("Key exchange type mlkem768x25519 is not allowed in FIPS mode");
|
||||||
|
+ r = SSH_ERR_INVALID_ARGUMENT;
|
||||||
|
+ } else {
|
||||||
|
+ r = kex_kem_mlkem768x25519_keypair(kex);
|
||||||
+ }
|
+ }
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
r = SSH_ERR_INVALID_ARGUMENT;
|
r = SSH_ERR_INVALID_ARGUMENT;
|
||||||
@@ -186,11 +197,21 @@ input_kex_gen_reply(int type, u_int32_t
|
@@ -189,15 +205,30 @@ input_kex_gen_reply(int type, u_int32_t
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
case KEX_C25519_SHA256:
|
case KEX_C25519_SHA256:
|
||||||
@ -649,11 +658,22 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
|
|||||||
+ } else {
|
+ } else {
|
||||||
+ r = kex_kem_sntrup761x25519_dec(kex, server_blob,
|
+ r = kex_kem_sntrup761x25519_dec(kex, server_blob,
|
||||||
+ &shared_secret);
|
+ &shared_secret);
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
case KEX_KEM_MLKEM768X25519_SHA256:
|
||||||
|
- r = kex_kem_mlkem768x25519_dec(kex, server_blob,
|
||||||
|
- &shared_secret);
|
||||||
|
+ if (FIPS_mode()) {
|
||||||
|
+ logit_f("Key exchange type mlkem768x25519 is not allowed in FIPS mode");
|
||||||
|
+ r = SSH_ERR_INVALID_ARGUMENT;
|
||||||
|
+ } else {
|
||||||
|
+ r = kex_kem_mlkem768x25519_dec(kex, server_blob,
|
||||||
|
+ &shared_secret);
|
||||||
+ }
|
+ }
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
r = SSH_ERR_INVALID_ARGUMENT;
|
r = SSH_ERR_INVALID_ARGUMENT;
|
||||||
@@ -285,12 +306,22 @@ input_kex_gen_init(int type, u_int32_t s
|
@@ -312,16 +343,31 @@ input_kex_gen_init(int type, u_int32_t s
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
case KEX_C25519_SHA256:
|
case KEX_C25519_SHA256:
|
||||||
@ -676,6 +696,17 @@ diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
|
|||||||
+ } else {
|
+ } else {
|
||||||
+ r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
|
+ r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
|
||||||
+ &server_pubkey, &shared_secret);
|
+ &server_pubkey, &shared_secret);
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
case KEX_KEM_MLKEM768X25519_SHA256:
|
||||||
|
- r = kex_kem_mlkem768x25519_enc(kex, client_pubkey,
|
||||||
|
- &server_pubkey, &shared_secret);
|
||||||
|
+ if (FIPS_mode()) {
|
||||||
|
+ logit_f("Key exchange type mlkem768x25519 is not allowed in FIPS mode");
|
||||||
|
+ r = SSH_ERR_INVALID_ARGUMENT;
|
||||||
|
+ } else {
|
||||||
|
+ r = kex_kem_mlkem768x25519_enc(kex, client_pubkey,
|
||||||
|
+ &server_pubkey, &shared_secret);
|
||||||
+ }
|
+ }
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
@ -166,8 +166,8 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
|
|||||||
+.Pp
|
+.Pp
|
||||||
Specifies the permitted KEX (Key Exchange) algorithms that will be used and
|
Specifies the permitted KEX (Key Exchange) algorithms that will be used and
|
||||||
their preference order.
|
their preference order.
|
||||||
The selected algorithm will the the first algorithm in this list that
|
The selected algorithm will be the first algorithm in this list that
|
||||||
@@ -1338,28 +1343,17 @@ Multiple algorithms must be comma-separa
|
@@ -1338,29 +1343,17 @@ Multiple algorithms must be comma-separa
|
||||||
.Pp
|
.Pp
|
||||||
If the specified list begins with a
|
If the specified list begins with a
|
||||||
.Sq +
|
.Sq +
|
||||||
@ -187,7 +187,8 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
|
|||||||
-.Pp
|
-.Pp
|
||||||
-The default is:
|
-The default is:
|
||||||
-.Bd -literal -offset indent
|
-.Bd -literal -offset indent
|
||||||
-sntrup761x25519-sha512@openssh.com,
|
-sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,
|
||||||
|
-mlkem768x25519-sha256,
|
||||||
-curve25519-sha256,curve25519-sha256@libssh.org,
|
-curve25519-sha256,curve25519-sha256@libssh.org,
|
||||||
-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
|
-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
|
||||||
-diffie-hellman-group-exchange-sha256,
|
-diffie-hellman-group-exchange-sha256,
|
||||||
@ -517,13 +518,14 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
|
|||||||
.Pp
|
.Pp
|
||||||
The supported algorithms are:
|
The supported algorithms are:
|
||||||
.Pp
|
.Pp
|
||||||
@@ -1075,16 +1080,6 @@ ecdh-sha2-nistp521
|
@@ -1075,17 +1080,6 @@ ecdh-sha2-nistp521
|
||||||
sntrup761x25519-sha512@openssh.com
|
sntrup761x25519-sha512@openssh.com
|
||||||
.El
|
.El
|
||||||
.Pp
|
.Pp
|
||||||
-The default is:
|
-The default is:
|
||||||
-.Bd -literal -offset indent
|
-.Bd -literal -offset indent
|
||||||
-sntrup761x25519-sha512@openssh.com,
|
-sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,
|
||||||
|
-mlkem768x25519-sha256,
|
||||||
-curve25519-sha256,curve25519-sha256@libssh.org,
|
-curve25519-sha256,curve25519-sha256@libssh.org,
|
||||||
-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
|
-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
|
||||||
-diffie-hellman-group-exchange-sha256,
|
-diffie-hellman-group-exchange-sha256,
|
||||||
|
@ -1353,9 +1353,17 @@ diff -up openssh-9.6p1/ssh-pkcs11-client.c.pkcs11-uri openssh-9.6p1/ssh-pkcs11-c
|
|||||||
for (i = 0; i < nkeys; i++) {
|
for (i = 0; i < nkeys; i++) {
|
||||||
/* XXX clean up properly instead of fatal() */
|
/* XXX clean up properly instead of fatal() */
|
||||||
if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 ||
|
if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 ||
|
||||||
diff -up openssh-9.6p1/ssh-pkcs11.c.pkcs11-uri openssh-9.6p1/ssh-pkcs11.c
|
diff -up openssh-9.9p1/ssh-pkcs11.c.xxx openssh-9.9p1/ssh-pkcs11.c
|
||||||
--- openssh-9.6p1/ssh-pkcs11.c.pkcs11-uri 2023-12-18 15:59:50.000000000 +0100
|
--- openssh-9.9p1/ssh-pkcs11.c.xxx 2024-10-09 11:56:35.890126144 +0200
|
||||||
+++ openssh-9.6p1/ssh-pkcs11.c 2024-01-12 14:28:09.170975480 +0100
|
+++ openssh-9.9p1/ssh-pkcs11.c 2024-10-09 11:56:48.528459585 +0200
|
||||||
|
@@ -38,6 +38,7 @@
|
||||||
|
#include <openssl/ecdsa.h>
|
||||||
|
#include <openssl/x509.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
|
+#include <openssl/evp.h>
|
||||||
|
|
||||||
|
#define CRYPTOKI_COMPAT
|
||||||
|
#include "pkcs11.h"
|
||||||
@@ -55,8 +55,8 @@ struct pkcs11_slotinfo {
|
@@ -55,8 +55,8 @@ struct pkcs11_slotinfo {
|
||||||
int logged_in;
|
int logged_in;
|
||||||
};
|
};
|
||||||
@ -1556,7 +1564,7 @@ diff -up openssh-9.6p1/ssh-pkcs11.c.pkcs11-uri openssh-9.6p1/ssh-pkcs11.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
static RSA_METHOD *rsa_method;
|
static RSA_METHOD *rsa_method;
|
||||||
@@ -195,6 +286,56 @@ static EC_KEY_METHOD *ec_key_method;
|
@@ -195,6 +286,60 @@ static EC_KEY_METHOD *ec_key_method;
|
||||||
static int ec_key_idx = 0;
|
static int ec_key_idx = 0;
|
||||||
#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
|
#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
|
||||||
|
|
||||||
@ -1573,13 +1581,17 @@ diff -up openssh-9.6p1/ssh-pkcs11.c.pkcs11-uri openssh-9.6p1/ssh-pkcs11.c
|
|||||||
+
|
+
|
||||||
+ /* sanity - is it a RSA key with associated app_data? */
|
+ /* sanity - is it a RSA key with associated app_data? */
|
||||||
+ switch (key->type) {
|
+ switch (key->type) {
|
||||||
+ case KEY_RSA:
|
+ case KEY_RSA: {
|
||||||
+ k11 = RSA_get_ex_data(key->rsa, rsa_idx);
|
+ const RSA *rsa = EVP_PKEY_get0_RSA(key->pkey);
|
||||||
|
+ k11 = RSA_get_ex_data(rsa, rsa_idx);
|
||||||
+ break;
|
+ break;
|
||||||
|
+ }
|
||||||
+#ifdef HAVE_EC_KEY_METHOD_NEW
|
+#ifdef HAVE_EC_KEY_METHOD_NEW
|
||||||
+ case KEY_ECDSA:
|
+ case KEY_ECDSA: {
|
||||||
+ k11 = EC_KEY_get_ex_data(key->ecdsa, ec_key_idx);
|
+ const EC_KEY * ecdsa = EVP_PKEY_get0_EC_KEY(key->pkey);
|
||||||
|
+ k11 = EC_KEY_get_ex_data(ecdsa, ec_key_idx);
|
||||||
+ break;
|
+ break;
|
||||||
|
+ }
|
||||||
+#endif
|
+#endif
|
||||||
+ default:
|
+ default:
|
||||||
+ error("Unknown key type %d", key->type);
|
+ error("Unknown key type %d", key->type);
|
||||||
@ -1733,9 +1745,9 @@ diff -up openssh-9.6p1/ssh-pkcs11.c.pkcs11-uri openssh-9.6p1/ssh-pkcs11.c
|
|||||||
+ k11->label[label_attrib->ulValueLen] = 0;
|
+ k11->label[label_attrib->ulValueLen] = 0;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
RSA_set_method(rsa, rsa_method);
|
if (RSA_set_method(rsa, rsa_method) != 1)
|
||||||
RSA_set_ex_data(rsa, rsa_idx, k11);
|
fatal_f("RSA_set_method failed");
|
||||||
return (0);
|
if (RSA_set_ex_data(rsa, rsa_idx, k11) != 1)
|
||||||
@@ -532,8 +683,8 @@ ecdsa_do_sign(const unsigned char *dgst,
|
@@ -532,8 +683,8 @@ ecdsa_do_sign(const unsigned char *dgst,
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
@ -1766,9 +1778,9 @@ diff -up openssh-9.6p1/ssh-pkcs11.c.pkcs11-uri openssh-9.6p1/ssh-pkcs11.c
|
|||||||
+ k11->label[label_attrib->ulValueLen] = 0;
|
+ k11->label[label_attrib->ulValueLen] = 0;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
EC_KEY_set_method(ec, ec_key_method);
|
if (EC_KEY_set_method(ec, ec_key_method) != 1)
|
||||||
EC_KEY_set_ex_data(ec, ec_key_idx, k11);
|
fatal_f("EC_KEY_set_method failed");
|
||||||
|
if (EC_KEY_set_ex_data(ec, ec_key_idx, k11) != 1)
|
||||||
@@ -622,7 +779,8 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider
|
@@ -622,7 +779,8 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
|
#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
|
||||||
@ -1895,7 +1907,7 @@ diff -up openssh-9.6p1/ssh-pkcs11.c.pkcs11-uri openssh-9.6p1/ssh-pkcs11.c
|
|||||||
|
|
||||||
key = sshkey_new(KEY_UNSPEC);
|
key = sshkey_new(KEY_UNSPEC);
|
||||||
@@ -810,7 +970,7 @@ pkcs11_fetch_ecdsa_pubkey(struct pkcs11_
|
@@ -810,7 +970,7 @@ pkcs11_fetch_ecdsa_pubkey(struct pkcs11_
|
||||||
ec = NULL; /* now owned by key */
|
key->flags |= SSHKEY_FLAG_EXT;
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
- for (i = 0; i < 3; i++)
|
- for (i = 0; i < 3; i++)
|
||||||
@ -1979,7 +1991,7 @@ diff -up openssh-9.6p1/ssh-pkcs11.c.pkcs11-uri openssh-9.6p1/ssh-pkcs11.c
|
|||||||
|
|
||||||
key = sshkey_new(KEY_UNSPEC);
|
key = sshkey_new(KEY_UNSPEC);
|
||||||
@@ -905,7 +1067,7 @@ pkcs11_fetch_rsa_pubkey(struct pkcs11_pr
|
@@ -905,7 +1067,7 @@ pkcs11_fetch_rsa_pubkey(struct pkcs11_pr
|
||||||
rsa = NULL; /* now owned by key */
|
key->flags |= SSHKEY_FLAG_EXT;
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
- for (i = 0; i < 3; i++)
|
- for (i = 0; i < 3; i++)
|
||||||
|
@ -94,47 +94,6 @@ diff -up openssh-8.7p1/monitor.c.sshrsacheck openssh-8.7p1/monitor.c
|
|||||||
is_proof ? "hostkey proof" : "KEX", siglen);
|
is_proof ? "hostkey proof" : "KEX", siglen);
|
||||||
|
|
||||||
sshbuf_reset(m);
|
sshbuf_reset(m);
|
||||||
diff -up openssh-8.7p1/regress/cert-userkey.sh.sshrsacheck openssh-8.7p1/regress/cert-userkey.sh
|
|
||||||
--- openssh-8.7p1/regress/cert-userkey.sh.sshrsacheck 2023-01-25 14:26:52.885963113 +0100
|
|
||||||
+++ openssh-8.7p1/regress/cert-userkey.sh 2023-01-25 14:27:25.757219800 +0100
|
|
||||||
@@ -7,7 +7,8 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/us
|
|
||||||
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
|
|
||||||
cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
|
|
||||||
|
|
||||||
-PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
|
|
||||||
+#ssh-dss keys are incompatible with DEFAULT crypto policy
|
|
||||||
+PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | grep -v 'ssh-dss' | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
|
|
||||||
EXTRA_TYPES=""
|
|
||||||
rsa=""
|
|
||||||
|
|
||||||
diff -up openssh-8.7p1/regress/Makefile.sshrsacheck openssh-8.7p1/regress/Makefile
|
|
||||||
--- openssh-8.7p1/regress/Makefile.sshrsacheck 2023-01-20 13:07:54.169676051 +0100
|
|
||||||
+++ openssh-8.7p1/regress/Makefile 2023-01-20 13:07:54.290677074 +0100
|
|
||||||
@@ -2,7 +2,8 @@
|
|
||||||
|
|
||||||
tests: prep file-tests t-exec unit
|
|
||||||
|
|
||||||
-REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12
|
|
||||||
+#ssh-dss tests will not pass on DEFAULT crypto-policy because of SHA1, skipping
|
|
||||||
+REGRESS_TARGETS= t1 t2 t3 t4 t5 t7 t8 t9 t10 t11 t12
|
|
||||||
|
|
||||||
# File based tests
|
|
||||||
file-tests: $(REGRESS_TARGETS)
|
|
||||||
diff -up openssh-8.7p1/regress/test-exec.sh.sshrsacheck openssh-8.7p1/regress/test-exec.sh
|
|
||||||
--- openssh-8.7p1/regress/test-exec.sh.sshrsacheck 2023-01-25 14:24:54.778040819 +0100
|
|
||||||
+++ openssh-8.7p1/regress/test-exec.sh 2023-01-25 14:26:39.500858590 +0100
|
|
||||||
@@ -581,8 +581,9 @@ maybe_filter_sk() {
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
-SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk`
|
|
||||||
-SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk`
|
|
||||||
+#ssh-dss keys are incompatible with DEFAULT crypto policy
|
|
||||||
+SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk | grep -v 'ssh-dss'`
|
|
||||||
+SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk | grep -v 'ssh-dss'`
|
|
||||||
|
|
||||||
for t in ${SSH_KEYTYPES}; do
|
|
||||||
# generate user key
|
|
||||||
diff -up openssh-8.7p1/regress/unittests/kex/test_kex.c.sshrsacheck openssh-8.7p1/regress/unittests/kex/test_kex.c
|
diff -up openssh-8.7p1/regress/unittests/kex/test_kex.c.sshrsacheck openssh-8.7p1/regress/unittests/kex/test_kex.c
|
||||||
--- openssh-8.7p1/regress/unittests/kex/test_kex.c.sshrsacheck 2023-01-26 13:34:52.645743677 +0100
|
--- openssh-8.7p1/regress/unittests/kex/test_kex.c.sshrsacheck 2023-01-26 13:34:52.645743677 +0100
|
||||||
+++ openssh-8.7p1/regress/unittests/kex/test_kex.c 2023-01-26 13:36:56.220745823 +0100
|
+++ openssh-8.7p1/regress/unittests/kex/test_kex.c 2023-01-26 13:36:56.220745823 +0100
|
||||||
|
@ -1,207 +0,0 @@
|
|||||||
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../openssh-8.7p1/kexecdh.c ./kexecdh.c
|
|
||||||
--- ../openssh-8.7p1/kexecdh.c 2021-08-20 06:03:49.000000000 +0200
|
|
||||||
+++ ./kexecdh.c 2023-04-13 14:30:14.882449593 +0200
|
|
||||||
@@ -35,17 +35,57 @@
|
|
||||||
#include <signal.h>
|
|
||||||
|
|
||||||
#include <openssl/ecdh.h>
|
|
||||||
+#include <openssl/evp.h>
|
|
||||||
+#include <openssl/core_names.h>
|
|
||||||
+#include <openssl/param_build.h>
|
|
||||||
+#include <openssl/err.h>
|
|
||||||
|
|
||||||
#include "sshkey.h"
|
|
||||||
#include "kex.h"
|
|
||||||
#include "sshbuf.h"
|
|
||||||
#include "digest.h"
|
|
||||||
#include "ssherr.h"
|
|
||||||
+#include "log.h"
|
|
||||||
|
|
||||||
static int
|
|
||||||
kex_ecdh_dec_key_group(struct kex *, const struct sshbuf *, EC_KEY *key,
|
|
||||||
const EC_GROUP *, struct sshbuf **);
|
|
||||||
|
|
||||||
+static EC_KEY *
|
|
||||||
+generate_ec_keys(int ec_nid)
|
|
||||||
+{
|
|
||||||
+ EC_KEY *client_key = NULL;
|
|
||||||
+ EVP_PKEY *pkey = NULL;
|
|
||||||
+ EVP_PKEY_CTX *ctx = NULL;
|
|
||||||
+ OSSL_PARAM_BLD *param_bld = NULL;
|
|
||||||
+ OSSL_PARAM *params = NULL;
|
|
||||||
+ const char *group_name;
|
|
||||||
+
|
|
||||||
+ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL ||
|
|
||||||
+ (param_bld = OSSL_PARAM_BLD_new()) == NULL)
|
|
||||||
+ goto out;
|
|
||||||
+ if ((group_name = OSSL_EC_curve_nid2name(ec_nid)) == NULL ||
|
|
||||||
+ OSSL_PARAM_BLD_push_utf8_string(param_bld,
|
|
||||||
+ OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0) != 1 ||
|
|
||||||
+ (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
|
|
||||||
+ error_f("Could not create OSSL_PARAM");
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ if (EVP_PKEY_keygen_init(ctx) != 1 ||
|
|
||||||
+ EVP_PKEY_CTX_set_params(ctx, params) != 1 ||
|
|
||||||
+ EVP_PKEY_generate(ctx, &pkey) != 1 ||
|
|
||||||
+ (client_key = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) {
|
|
||||||
+ error_f("Could not generate ec keys");
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+out:
|
|
||||||
+ EVP_PKEY_free(pkey);
|
|
||||||
+ EVP_PKEY_CTX_free(ctx);
|
|
||||||
+ OSSL_PARAM_BLD_free(param_bld);
|
|
||||||
+ OSSL_PARAM_free(params);
|
|
||||||
+ return client_key;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int
|
|
||||||
kex_ecdh_keypair(struct kex *kex)
|
|
||||||
{
|
|
||||||
@@ -55,11 +95,7 @@
|
|
||||||
struct sshbuf *buf = NULL;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
- if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
|
|
||||||
- r = SSH_ERR_ALLOC_FAIL;
|
|
||||||
- goto out;
|
|
||||||
- }
|
|
||||||
- if (EC_KEY_generate_key(client_key) != 1) {
|
|
||||||
+ if ((client_key = generate_ec_keys(kex->ec_nid)) == NULL) {
|
|
||||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
@@ -101,11 +137,7 @@
|
|
||||||
*server_blobp = NULL;
|
|
||||||
*shared_secretp = NULL;
|
|
||||||
|
|
||||||
- if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
|
|
||||||
- r = SSH_ERR_ALLOC_FAIL;
|
|
||||||
- goto out;
|
|
||||||
- }
|
|
||||||
- if (EC_KEY_generate_key(server_key) != 1) {
|
|
||||||
+ if ((server_key = generate_ec_keys(kex->ec_nid)) == NULL) {
|
|
||||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
@@ -140,11 +172,21 @@
|
|
||||||
{
|
|
||||||
struct sshbuf *buf = NULL;
|
|
||||||
BIGNUM *shared_secret = NULL;
|
|
||||||
- EC_POINT *dh_pub = NULL;
|
|
||||||
- u_char *kbuf = NULL;
|
|
||||||
- size_t klen = 0;
|
|
||||||
+ EVP_PKEY_CTX *ctx = NULL;
|
|
||||||
+ EVP_PKEY *pkey = NULL, *dh_pkey = NULL;
|
|
||||||
+ OSSL_PARAM_BLD *param_bld = NULL;
|
|
||||||
+ OSSL_PARAM *params = NULL;
|
|
||||||
+ u_char *kbuf = NULL, *pub = NULL;
|
|
||||||
+ size_t klen = 0, publen;
|
|
||||||
+ const char *group_name;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
+ /* import EC_KEY to EVP_PKEY */
|
|
||||||
+ if ((r = ssh_create_evp_ec(key, kex->ec_nid, &pkey)) != 0) {
|
|
||||||
+ error_f("Could not create EVP_PKEY");
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
*shared_secretp = NULL;
|
|
||||||
|
|
||||||
if ((buf = sshbuf_new()) == NULL) {
|
|
||||||
@@ -153,45 +195,82 @@
|
|
||||||
}
|
|
||||||
if ((r = sshbuf_put_stringb(buf, ec_blob)) != 0)
|
|
||||||
goto out;
|
|
||||||
- if ((dh_pub = EC_POINT_new(group)) == NULL) {
|
|
||||||
+
|
|
||||||
+ /* the public key is in the buffer in octet string UNCOMPRESSED
|
|
||||||
+ * format. See sshbuf_put_ec */
|
|
||||||
+ if ((r = sshbuf_get_string(buf, &pub, &publen)) != 0)
|
|
||||||
+ goto out;
|
|
||||||
+ sshbuf_reset(buf);
|
|
||||||
+ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL ||
|
|
||||||
+ (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
|
|
||||||
r = SSH_ERR_ALLOC_FAIL;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
- if ((r = sshbuf_get_ec(buf, dh_pub, group)) != 0) {
|
|
||||||
+ if ((group_name = OSSL_EC_curve_nid2name(kex->ec_nid)) == NULL) {
|
|
||||||
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ if (OSSL_PARAM_BLD_push_octet_string(param_bld,
|
|
||||||
+ OSSL_PKEY_PARAM_PUB_KEY, pub, publen) != 1 ||
|
|
||||||
+ OSSL_PARAM_BLD_push_utf8_string(param_bld,
|
|
||||||
+ OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0) != 1 ||
|
|
||||||
+ (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
|
|
||||||
+ error_f("Failed to set params for dh_pkey");
|
|
||||||
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ if (EVP_PKEY_fromdata_init(ctx) != 1 ||
|
|
||||||
+ EVP_PKEY_fromdata(ctx, &dh_pkey,
|
|
||||||
+ EVP_PKEY_PUBLIC_KEY, params) != 1 ||
|
|
||||||
+ EVP_PKEY_public_check(ctx) != 1) {
|
|
||||||
+ error_f("Peer public key import failed");
|
|
||||||
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
- sshbuf_reset(buf);
|
|
||||||
|
|
||||||
#ifdef DEBUG_KEXECDH
|
|
||||||
fputs("public key:\n", stderr);
|
|
||||||
- sshkey_dump_ec_point(group, dh_pub);
|
|
||||||
+ EVP_PKEY_print_public_fp(stderr, dh_pkey, 0, NULL);
|
|
||||||
#endif
|
|
||||||
- if (sshkey_ec_validate_public(group, dh_pub) != 0) {
|
|
||||||
- r = SSH_ERR_MESSAGE_INCOMPLETE;
|
|
||||||
+ EVP_PKEY_CTX_free(ctx);
|
|
||||||
+ ctx = NULL;
|
|
||||||
+ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL ||
|
|
||||||
+ EVP_PKEY_derive_init(ctx) != 1 ||
|
|
||||||
+ EVP_PKEY_derive_set_peer(ctx, dh_pkey) != 1 ||
|
|
||||||
+ EVP_PKEY_derive(ctx, NULL, &klen) != 1) {
|
|
||||||
+ error_f("Failed to get derive information");
|
|
||||||
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
- klen = (EC_GROUP_get_degree(group) + 7) / 8;
|
|
||||||
- if ((kbuf = malloc(klen)) == NULL ||
|
|
||||||
- (shared_secret = BN_new()) == NULL) {
|
|
||||||
+ if ((kbuf = malloc(klen)) == NULL) {
|
|
||||||
r = SSH_ERR_ALLOC_FAIL;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
- if (ECDH_compute_key(kbuf, klen, dh_pub, key, NULL) != (int)klen ||
|
|
||||||
- BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
|
|
||||||
+ if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1) {
|
|
||||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
#ifdef DEBUG_KEXECDH
|
|
||||||
dump_digest("shared secret", kbuf, klen);
|
|
||||||
#endif
|
|
||||||
+ if ((shared_secret = BN_new()) == NULL ||
|
|
||||||
+ (BN_bin2bn(kbuf, klen, shared_secret) == NULL)) {
|
|
||||||
+ r = SSH_ERR_ALLOC_FAIL;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
if ((r = sshbuf_put_bignum2(buf, shared_secret)) != 0)
|
|
||||||
goto out;
|
|
||||||
*shared_secretp = buf;
|
|
||||||
buf = NULL;
|
|
||||||
out:
|
|
||||||
- EC_POINT_clear_free(dh_pub);
|
|
||||||
+ EVP_PKEY_CTX_free(ctx);
|
|
||||||
+ EVP_PKEY_free(pkey);
|
|
||||||
+ EVP_PKEY_free(dh_pkey);
|
|
||||||
+ OSSL_PARAM_BLD_free(param_bld);
|
|
||||||
+ OSSL_PARAM_free(params);
|
|
||||||
BN_clear_free(shared_secret);
|
|
||||||
freezero(kbuf, klen);
|
|
||||||
+ freezero(pub, publen);
|
|
||||||
sshbuf_free(buf);
|
|
||||||
return r;
|
|
||||||
}
|
|
@ -128,7 +128,7 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
|
|||||||
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-9.0p1/kex.c openssh-9.0p1-patched/kex.c
|
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-9.0p1/kex.c openssh-9.0p1-patched/kex.c
|
||||||
--- openssh-9.0p1/kex.c 2023-05-25 09:24:28.731868327 +0200
|
--- openssh-9.0p1/kex.c 2023-05-25 09:24:28.731868327 +0200
|
||||||
+++ openssh-9.0p1-patched/kex.c 2023-05-25 09:23:44.841379532 +0200
|
+++ openssh-9.0p1-patched/kex.c 2023-05-25 09:23:44.841379532 +0200
|
||||||
@@ -1623,3 +1623,47 @@
|
@@ -1623,3 +1623,142 @@
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -137,6 +137,101 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
|
|||||||
+ * Creates an EVP_PKEY from the given parameters and keys.
|
+ * Creates an EVP_PKEY from the given parameters and keys.
|
||||||
+ * The private key can be omitted.
|
+ * The private key can be omitted.
|
||||||
+ */
|
+ */
|
||||||
|
+EVP_PKEY *
|
||||||
|
+sshkey_create_evp(OSSL_PARAM_BLD *param_bld, EVP_PKEY_CTX *ctx)
|
||||||
|
+{
|
||||||
|
+ EVP_PKEY *ret = NULL;
|
||||||
|
+ OSSL_PARAM *params = NULL;
|
||||||
|
+ if (param_bld == NULL || ctx == NULL) {
|
||||||
|
+ debug2_f("param_bld or ctx is NULL");
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ if ((params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
|
||||||
|
+ debug2_f("Could not build param list");
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_PKEY_fromdata_init(ctx) != 1 ||
|
||||||
|
+ EVP_PKEY_fromdata(ctx, &ret, EVP_PKEY_KEYPAIR, params) != 1) {
|
||||||
|
+ debug2_f("EVP_PKEY_fromdata failed");
|
||||||
|
+ OSSL_PARAM_free(params);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int
|
||||||
|
+kex_create_evp_ec(EC_KEY *k, int ecdsa_nid, EVP_PKEY **pkey)
|
||||||
|
+{
|
||||||
|
+ OSSL_PARAM_BLD *param_bld = NULL;
|
||||||
|
+ EVP_PKEY_CTX *ctx = NULL;
|
||||||
|
+ BN_CTX *bn_ctx = NULL;
|
||||||
|
+ uint8_t *pub_ser = NULL;
|
||||||
|
+ const char *group_name;
|
||||||
|
+ const EC_POINT *pub = NULL;
|
||||||
|
+ const BIGNUM *priv = NULL;
|
||||||
|
+ int ret = 0;
|
||||||
|
+
|
||||||
|
+ if (k == NULL)
|
||||||
|
+ return SSH_ERR_INVALID_ARGUMENT;
|
||||||
|
+ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL ||
|
||||||
|
+ (param_bld = OSSL_PARAM_BLD_new()) == NULL ||
|
||||||
|
+ (bn_ctx = BN_CTX_new()) == NULL) {
|
||||||
|
+ ret = SSH_ERR_ALLOC_FAIL;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if ((group_name = OSSL_EC_curve_nid2name(ecdsa_nid)) == NULL ||
|
||||||
|
+ OSSL_PARAM_BLD_push_utf8_string(param_bld,
|
||||||
|
+ OSSL_PKEY_PARAM_GROUP_NAME,
|
||||||
|
+ group_name,
|
||||||
|
+ strlen(group_name)) != 1) {
|
||||||
|
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ if ((pub = EC_KEY_get0_public_key(k)) != NULL) {
|
||||||
|
+ const EC_GROUP *group;
|
||||||
|
+ size_t len;
|
||||||
|
+
|
||||||
|
+ group = EC_KEY_get0_group(k);
|
||||||
|
+ len = EC_POINT_point2oct(group, pub,
|
||||||
|
+ POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
|
||||||
|
+ if ((pub_ser = malloc(len)) == NULL) {
|
||||||
|
+ ret = SSH_ERR_ALLOC_FAIL;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ EC_POINT_point2oct(group,
|
||||||
|
+ pub,
|
||||||
|
+ POINT_CONVERSION_UNCOMPRESSED,
|
||||||
|
+ pub_ser,
|
||||||
|
+ len,
|
||||||
|
+ bn_ctx);
|
||||||
|
+ if (OSSL_PARAM_BLD_push_octet_string(param_bld,
|
||||||
|
+ OSSL_PKEY_PARAM_PUB_KEY,
|
||||||
|
+ pub_ser,
|
||||||
|
+ len) != 1) {
|
||||||
|
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if ((priv = EC_KEY_get0_private_key(k)) != NULL &&
|
||||||
|
+ OSSL_PARAM_BLD_push_BN(param_bld,
|
||||||
|
+ OSSL_PKEY_PARAM_PRIV_KEY, priv) != 1) {
|
||||||
|
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) {
|
||||||
|
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+out:
|
||||||
|
+ OSSL_PARAM_BLD_free(param_bld);
|
||||||
|
+ EVP_PKEY_CTX_free(ctx);
|
||||||
|
+ BN_CTX_free(bn_ctx);
|
||||||
|
+ free(pub_ser);
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
+int
|
+int
|
||||||
+kex_create_evp_dh(EVP_PKEY **pkey, const BIGNUM *p, const BIGNUM *q,
|
+kex_create_evp_dh(EVP_PKEY **pkey, const BIGNUM *p, const BIGNUM *q,
|
||||||
+ const BIGNUM *g, const BIGNUM *pub, const BIGNUM *priv)
|
+ const BIGNUM *g, const BIGNUM *pub, const BIGNUM *priv)
|
||||||
@ -281,12 +376,220 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
|
|||||||
# ifdef OPENSSL_HAS_ECC
|
# ifdef OPENSSL_HAS_ECC
|
||||||
# include <openssl/ec.h>
|
# include <openssl/ec.h>
|
||||||
# else /* OPENSSL_HAS_ECC */
|
# else /* OPENSSL_HAS_ECC */
|
||||||
@@ -283,6 +286,8 @@
|
@@ -283,6 +286,9@@
|
||||||
const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int)
|
const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int)
|
||||||
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
|
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
|
||||||
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
|
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
|
||||||
+int kex_create_evp_dh(EVP_PKEY **, const BIGNUM *, const BIGNUM *,
|
+int kex_create_evp_dh(EVP_PKEY **, const BIGNUM *, const BIGNUM *,
|
||||||
+ const BIGNUM *, const BIGNUM *, const BIGNUM *);
|
+ const BIGNUM *, const BIGNUM *, const BIGNUM *);
|
||||||
|
+int kex_create_evp_ec(EC_KEY *k, int ecdsa_nid, EVP_PKEY **pkey);
|
||||||
|
|
||||||
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
|
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
|
||||||
void dump_digest(const char *, const u_char *, int);
|
void dump_digest(const char *, const u_char *, int);
|
||||||
|
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../openssh-8.7p1/kexecdh.c ./kexecdh.c
|
||||||
|
--- ../openssh-8.7p1/kexecdh.c 2021-08-20 06:03:49.000000000 +0200
|
||||||
|
+++ ./kexecdh.c 2023-04-13 14:30:14.882449593 +0200
|
||||||
|
@@ -35,17 +35,57 @@
|
||||||
|
#include <signal.h>
|
||||||
|
|
||||||
|
#include <openssl/ecdh.h>
|
||||||
|
+#include <openssl/evp.h>
|
||||||
|
+#include <openssl/core_names.h>
|
||||||
|
+#include <openssl/param_build.h>
|
||||||
|
+#include <openssl/err.h>
|
||||||
|
|
||||||
|
#include "sshkey.h"
|
||||||
|
#include "kex.h"
|
||||||
|
#include "sshbuf.h"
|
||||||
|
#include "digest.h"
|
||||||
|
#include "ssherr.h"
|
||||||
|
+#include "log.h"
|
||||||
|
|
||||||
|
static int
|
||||||
|
kex_ecdh_dec_key_group(struct kex *, const struct sshbuf *, EC_KEY *key,
|
||||||
|
const EC_GROUP *, struct sshbuf **);
|
||||||
|
|
||||||
|
+static EC_KEY *
|
||||||
|
+generate_ec_keys(int ec_nid)
|
||||||
|
+{
|
||||||
|
+ EC_KEY *client_key = NULL;
|
||||||
|
+ EVP_PKEY *pkey = NULL;
|
||||||
|
+ EVP_PKEY_CTX *ctx = NULL;
|
||||||
|
+ OSSL_PARAM_BLD *param_bld = NULL;
|
||||||
|
+ OSSL_PARAM *params = NULL;
|
||||||
|
+ const char *group_name;
|
||||||
|
+
|
||||||
|
+ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL ||
|
||||||
|
+ (param_bld = OSSL_PARAM_BLD_new()) == NULL)
|
||||||
|
+ goto out;
|
||||||
|
+ if ((group_name = OSSL_EC_curve_nid2name(ec_nid)) == NULL ||
|
||||||
|
+ OSSL_PARAM_BLD_push_utf8_string(param_bld,
|
||||||
|
+ OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0) != 1 ||
|
||||||
|
+ (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
|
||||||
|
+ error_f("Could not create OSSL_PARAM");
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_PKEY_keygen_init(ctx) != 1 ||
|
||||||
|
+ EVP_PKEY_CTX_set_params(ctx, params) != 1 ||
|
||||||
|
+ EVP_PKEY_generate(ctx, &pkey) != 1 ||
|
||||||
|
+ (client_key = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) {
|
||||||
|
+ error_f("Could not generate ec keys");
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+out:
|
||||||
|
+ EVP_PKEY_free(pkey);
|
||||||
|
+ EVP_PKEY_CTX_free(ctx);
|
||||||
|
+ OSSL_PARAM_BLD_free(param_bld);
|
||||||
|
+ OSSL_PARAM_free(params);
|
||||||
|
+ return client_key;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int
|
||||||
|
kex_ecdh_keypair(struct kex *kex)
|
||||||
|
{
|
||||||
|
@@ -55,11 +95,7 @@
|
||||||
|
struct sshbuf *buf = NULL;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
- if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
|
||||||
|
- r = SSH_ERR_ALLOC_FAIL;
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- if (EC_KEY_generate_key(client_key) != 1) {
|
||||||
|
+ if ((client_key = generate_ec_keys(kex->ec_nid)) == NULL) {
|
||||||
|
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
@@ -101,11 +137,7 @@
|
||||||
|
*server_blobp = NULL;
|
||||||
|
*shared_secretp = NULL;
|
||||||
|
|
||||||
|
- if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
|
||||||
|
- r = SSH_ERR_ALLOC_FAIL;
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- if (EC_KEY_generate_key(server_key) != 1) {
|
||||||
|
+ if ((server_key = generate_ec_keys(kex->ec_nid)) == NULL) {
|
||||||
|
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
@@ -140,11 +172,21 @@
|
||||||
|
{
|
||||||
|
struct sshbuf *buf = NULL;
|
||||||
|
BIGNUM *shared_secret = NULL;
|
||||||
|
- EC_POINT *dh_pub = NULL;
|
||||||
|
- u_char *kbuf = NULL;
|
||||||
|
- size_t klen = 0;
|
||||||
|
+ EVP_PKEY_CTX *ctx = NULL;
|
||||||
|
+ EVP_PKEY *pkey = NULL, *dh_pkey = NULL;
|
||||||
|
+ OSSL_PARAM_BLD *param_bld = NULL;
|
||||||
|
+ OSSL_PARAM *params = NULL;
|
||||||
|
+ u_char *kbuf = NULL, *pub = NULL;
|
||||||
|
+ size_t klen = 0, publen;
|
||||||
|
+ const char *group_name;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
+ /* import EC_KEY to EVP_PKEY */
|
||||||
|
+ if ((r = kex_create_evp_ec(key, kex->ec_nid, &pkey)) != 0) {
|
||||||
|
+ error_f("Could not create EVP_PKEY");
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
*shared_secretp = NULL;
|
||||||
|
|
||||||
|
if ((buf = sshbuf_new()) == NULL) {
|
||||||
|
@@ -153,45 +195,82 @@
|
||||||
|
}
|
||||||
|
if ((r = sshbuf_put_stringb(buf, ec_blob)) != 0)
|
||||||
|
goto out;
|
||||||
|
- if ((dh_pub = EC_POINT_new(group)) == NULL) {
|
||||||
|
+
|
||||||
|
+ /* the public key is in the buffer in octet string UNCOMPRESSED
|
||||||
|
+ * format. See sshbuf_put_ec */
|
||||||
|
+ if ((r = sshbuf_get_string(buf, &pub, &publen)) != 0)
|
||||||
|
+ goto out;
|
||||||
|
+ sshbuf_reset(buf);
|
||||||
|
+ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL ||
|
||||||
|
+ (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
|
||||||
|
r = SSH_ERR_ALLOC_FAIL;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
- if ((r = sshbuf_get_ec(buf, dh_pub, group)) != 0) {
|
||||||
|
+ if ((group_name = OSSL_EC_curve_nid2name(kex->ec_nid)) == NULL) {
|
||||||
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ if (OSSL_PARAM_BLD_push_octet_string(param_bld,
|
||||||
|
+ OSSL_PKEY_PARAM_PUB_KEY, pub, publen) != 1 ||
|
||||||
|
+ OSSL_PARAM_BLD_push_utf8_string(param_bld,
|
||||||
|
+ OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0) != 1 ||
|
||||||
|
+ (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
|
||||||
|
+ error_f("Failed to set params for dh_pkey");
|
||||||
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_PKEY_fromdata_init(ctx) != 1 ||
|
||||||
|
+ EVP_PKEY_fromdata(ctx, &dh_pkey,
|
||||||
|
+ EVP_PKEY_PUBLIC_KEY, params) != 1 ||
|
||||||
|
+ EVP_PKEY_public_check(ctx) != 1) {
|
||||||
|
+ error_f("Peer public key import failed");
|
||||||
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
- sshbuf_reset(buf);
|
||||||
|
|
||||||
|
#ifdef DEBUG_KEXECDH
|
||||||
|
fputs("public key:\n", stderr);
|
||||||
|
- sshkey_dump_ec_point(group, dh_pub);
|
||||||
|
+ EVP_PKEY_print_public_fp(stderr, dh_pkey, 0, NULL);
|
||||||
|
#endif
|
||||||
|
- if (sshkey_ec_validate_public(group, dh_pub) != 0) {
|
||||||
|
- r = SSH_ERR_MESSAGE_INCOMPLETE;
|
||||||
|
+ EVP_PKEY_CTX_free(ctx);
|
||||||
|
+ ctx = NULL;
|
||||||
|
+ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL ||
|
||||||
|
+ EVP_PKEY_derive_init(ctx) != 1 ||
|
||||||
|
+ EVP_PKEY_derive_set_peer(ctx, dh_pkey) != 1 ||
|
||||||
|
+ EVP_PKEY_derive(ctx, NULL, &klen) != 1) {
|
||||||
|
+ error_f("Failed to get derive information");
|
||||||
|
+ r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
- klen = (EC_GROUP_get_degree(group) + 7) / 8;
|
||||||
|
- if ((kbuf = malloc(klen)) == NULL ||
|
||||||
|
- (shared_secret = BN_new()) == NULL) {
|
||||||
|
+ if ((kbuf = malloc(klen)) == NULL) {
|
||||||
|
r = SSH_ERR_ALLOC_FAIL;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
- if (ECDH_compute_key(kbuf, klen, dh_pub, key, NULL) != (int)klen ||
|
||||||
|
- BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
|
||||||
|
+ if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1) {
|
||||||
|
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
#ifdef DEBUG_KEXECDH
|
||||||
|
dump_digest("shared secret", kbuf, klen);
|
||||||
|
#endif
|
||||||
|
+ if ((shared_secret = BN_new()) == NULL ||
|
||||||
|
+ (BN_bin2bn(kbuf, klen, shared_secret) == NULL)) {
|
||||||
|
+ r = SSH_ERR_ALLOC_FAIL;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
if ((r = sshbuf_put_bignum2(buf, shared_secret)) != 0)
|
||||||
|
goto out;
|
||||||
|
*shared_secretp = buf;
|
||||||
|
buf = NULL;
|
||||||
|
out:
|
||||||
|
- EC_POINT_clear_free(dh_pub);
|
||||||
|
+ EVP_PKEY_CTX_free(ctx);
|
||||||
|
+ EVP_PKEY_free(pkey);
|
||||||
|
+ EVP_PKEY_free(dh_pkey);
|
||||||
|
+ OSSL_PARAM_BLD_free(param_bld);
|
||||||
|
+ OSSL_PARAM_free(params);
|
||||||
|
BN_clear_free(shared_secret);
|
||||||
|
freezero(kbuf, klen);
|
||||||
|
+ freezero(pub, publen);
|
||||||
|
sshbuf_free(buf);
|
||||||
|
return r;
|
||||||
|
}
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
23
openssh.spec
23
openssh.spec
@ -38,8 +38,8 @@
|
|||||||
# rpm -ba|--rebuild --define "static_openssl 1"
|
# rpm -ba|--rebuild --define "static_openssl 1"
|
||||||
%{?static_openssl:%global static_libcrypto 1}
|
%{?static_openssl:%global static_libcrypto 1}
|
||||||
|
|
||||||
%global openssh_ver 9.8p1
|
%global openssh_ver 9.9p1
|
||||||
%global openssh_rel 6
|
%global openssh_rel 1
|
||||||
|
|
||||||
Summary: An open source implementation of SSH protocol version 2
|
Summary: An open source implementation of SSH protocol version 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
@ -113,7 +113,7 @@ Patch711: openssh-7.8p1-UsePAM-warning.patch
|
|||||||
# Reenable MONITOR_REQ_GSSCHECKMIC after gssapi-with-mic failures
|
# Reenable MONITOR_REQ_GSSCHECKMIC after gssapi-with-mic failures
|
||||||
# upstream MR:
|
# upstream MR:
|
||||||
# https://github.com/openssh-gsskex/openssh-gsskex/pull/21
|
# https://github.com/openssh-gsskex/openssh-gsskex/pull/21
|
||||||
Patch800: openssh-8.0p1-gssapi-keyex.patch
|
Patch800: openssh-9.6p1-gssapi-keyex.patch
|
||||||
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
|
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
|
||||||
Patch801: openssh-6.6p1-force_krb.patch
|
Patch801: openssh-6.6p1-force_krb.patch
|
||||||
# add new option GSSAPIEnablek5users and disable using ~/.k5users by default (#1169843)
|
# add new option GSSAPIEnablek5users and disable using ~/.k5users by default (#1169843)
|
||||||
@ -124,8 +124,6 @@ Patch802: openssh-6.6p1-GSSAPIEnablek5users.patch
|
|||||||
Patch804: openssh-7.7p1-gssapi-new-unique.patch
|
Patch804: openssh-7.7p1-gssapi-new-unique.patch
|
||||||
# Respect k5login_directory option in krk5.conf (#1328243)
|
# Respect k5login_directory option in krk5.conf (#1328243)
|
||||||
Patch805: openssh-7.2p2-k5login_directory.patch
|
Patch805: openssh-7.2p2-k5login_directory.patch
|
||||||
# Rewriting OpenSSH GSS KEX to use new packet API
|
|
||||||
Patch806: openssh-9.6p1-gsskex-new-api.patch
|
|
||||||
|
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
|
||||||
Patch901: openssh-6.6p1-kuserok.patch
|
Patch901: openssh-6.6p1-kuserok.patch
|
||||||
@ -158,9 +156,6 @@ Patch953: openssh-7.8p1-scp-ipv6.patch
|
|||||||
# Mention crypto-policies in manual pages (#1668325)
|
# Mention crypto-policies in manual pages (#1668325)
|
||||||
# clarify rhbz#2068423 on the man page of ssh_config
|
# clarify rhbz#2068423 on the man page of ssh_config
|
||||||
Patch962: openssh-8.0p1-crypto-policies.patch
|
Patch962: openssh-8.0p1-crypto-policies.patch
|
||||||
# Use OpenSSL high-level API to produce and verify signatures (#1707485)
|
|
||||||
# TODO fix the comment above ^
|
|
||||||
Patch963: openssh-9.3p1-merged-openssl-evp.patch
|
|
||||||
# Use OpenSSL KDF (#1631761)
|
# Use OpenSSL KDF (#1631761)
|
||||||
Patch964: openssh-8.0p1-openssl-kdf.patch
|
Patch964: openssh-8.0p1-openssl-kdf.patch
|
||||||
# sk-dummy.so built with -fvisibility=hidden does not work
|
# sk-dummy.so built with -fvisibility=hidden does not work
|
||||||
@ -196,8 +191,7 @@ Patch1002: openssh-8.7p1-ssh-manpage.patch
|
|||||||
# https://github.com/openssh/openssh-portable/pull/323
|
# https://github.com/openssh/openssh-portable/pull/323
|
||||||
Patch1006: openssh-8.7p1-negotiate-supported-algs.patch
|
Patch1006: openssh-8.7p1-negotiate-supported-algs.patch
|
||||||
|
|
||||||
Patch1012: openssh-9.0p1-evp-fips-dh.patch
|
Patch1012: openssh-9.0p1-evp-fips-kex.patch
|
||||||
Patch1013: openssh-9.0p1-evp-fips-ecdh.patch
|
|
||||||
Patch1014: openssh-8.7p1-nohostsha1proof.patch
|
Patch1014: openssh-8.7p1-nohostsha1proof.patch
|
||||||
|
|
||||||
Patch1015: openssh-9.6p1-pam-rhost.patch
|
Patch1015: openssh-9.6p1-pam-rhost.patch
|
||||||
@ -332,7 +326,6 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
|
|||||||
%patch -P 801 -p1 -b .force_krb
|
%patch -P 801 -p1 -b .force_krb
|
||||||
%patch -P 804 -p1 -b .ccache_name
|
%patch -P 804 -p1 -b .ccache_name
|
||||||
%patch -P 805 -p1 -b .k5login
|
%patch -P 805 -p1 -b .k5login
|
||||||
%patch -P 806 -p1 -b .gsskex-new-api
|
|
||||||
#
|
#
|
||||||
%patch -P 901 -p1 -b .kuserok
|
%patch -P 901 -p1 -b .kuserok
|
||||||
%patch -P 906 -p1 -b .fromto-remote
|
%patch -P 906 -p1 -b .fromto-remote
|
||||||
@ -349,7 +342,6 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
|
|||||||
%patch -P 951 -p1 -b .pkcs11-uri
|
%patch -P 951 -p1 -b .pkcs11-uri
|
||||||
%patch -P 953 -p1 -b .scp-ipv6
|
%patch -P 953 -p1 -b .scp-ipv6
|
||||||
%patch -P 962 -p1 -b .crypto-policies
|
%patch -P 962 -p1 -b .crypto-policies
|
||||||
%patch -P 963 -p1 -b .openssl-evp
|
|
||||||
%patch -P 964 -p1 -b .openssl-kdf
|
%patch -P 964 -p1 -b .openssl-kdf
|
||||||
%patch -P 965 -p1 -b .visibility
|
%patch -P 965 -p1 -b .visibility
|
||||||
%patch -P 966 -p1 -b .x11-ipv6
|
%patch -P 966 -p1 -b .x11-ipv6
|
||||||
@ -373,7 +365,6 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
|
|||||||
%patch -P 1006 -p1 -b .negotiate-supported-algs
|
%patch -P 1006 -p1 -b .negotiate-supported-algs
|
||||||
|
|
||||||
%patch -P 1012 -p1 -b .evp-fips-dh
|
%patch -P 1012 -p1 -b .evp-fips-dh
|
||||||
%patch -P 1013 -p1 -b .evp-fips-ecdh
|
|
||||||
%patch -P 1014 -p1 -b .nosha1hostproof
|
%patch -P 1014 -p1 -b .nosha1hostproof
|
||||||
%patch -P 1015 -p1 -b .pam-rhost
|
%patch -P 1015 -p1 -b .pam-rhost
|
||||||
|
|
||||||
@ -474,7 +465,7 @@ popd
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%check
|
%check
|
||||||
%{SOURCE22} %{SOURCE23} # ./parallel_tests.sh parallel_tests.Makefile
|
OPENSSL_CONF=/dev/null %{SOURCE22} %{SOURCE23} # ./parallel_tests.sh parallel_tests.Makefile
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
@ -653,6 +644,10 @@ test -f %{sysconfig_anaconda} && \
|
|||||||
%attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so
|
%attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Oct 10 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-1
|
||||||
|
- Update to OpenSSH 9.9p1
|
||||||
|
Resolves: RHEL-60564
|
||||||
|
|
||||||
* Mon Sep 16 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-6
|
* Mon Sep 16 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-6
|
||||||
- rebuilt
|
- rebuilt
|
||||||
Related: RHEL-59024
|
Related: RHEL-59024
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (openssh-9.8p1.tar.gz) = 95dec2f18e58eb47994f3de4430253e0665e185564b65088ca5f4108870e05feddef8cda8d3c0a4b75f18b98cc2c024df0e27de53b48c1a16da8da483cb8292a
|
SHA512 (openssh-9.9p1.tar.gz) = 3cc0ed97f3e29ecbd882eca79239f02eb5a1606fce4f3119ddc3c5e86128aa3ff12dc85000879fccc87b60e7d651cfe37376607ac66075fede2118deaa685d6d
|
||||||
SHA512 (openssh-9.8p1.tar.gz.asc) = 4df1f1be2c6ab7f3aebaedd0a773b0e8c8929abb30cd3415873ad55d012cfa113f792e888e5e772dd468c394aeb7e35d62893a514dbc0ab1a03acd79918657f7
|
SHA512 (openssh-9.9p1.tar.gz.asc) = 916e975c54eb68c0b2f0b0006522b241cbe54c4caa88d31537a6278490c93d9d732c2ab3a080ac084bf75cbdd5402901ec68583cbe7c7cde4a8e40e7a8b78c28
|
||||||
SHA512 (gpgkey-736060BA.gpg) = df44f3fdbcd1d596705348c7f5aed3f738c5f626a55955e0642f7c6c082995cf36a1b1891bb41b8715cb2aff34fef1c877e0eff0d3507dd00a055ba695757a21
|
SHA512 (gpgkey-736060BA.gpg) = df44f3fdbcd1d596705348c7f5aed3f738c5f626a55955e0642f7c6c082995cf36a1b1891bb41b8715cb2aff34fef1c877e0eff0d3507dd00a055ba695757a21
|
||||||
|
Loading…
Reference in New Issue
Block a user