Disable sntrup761x25519-sha512 in FIPS mode

Related: rhbz#2070628
2022-07-11 15:45:56 +02:00 · 2022-07-11 15:45:56 +02:00 · 32a82650cf
parent fd0d5a4f44
commit 32a82650cf
2 changed files with 93 additions and 18 deletions
--- a/openssh-7.7p1-fips.patch
+++ b/openssh-7.7p1-fips.patch
@ -1,16 +1,3 @@
-diff -up openssh-8.6p1/cipher-ctr.c.fips openssh-8.6p1/cipher-ctr.c
--- openssh-8.6p1/cipher-ctr.c.fips	2021-05-06 12:08:36.423926297 +0200
-+++ openssh-8.6p1/cipher-ctr.c	2021-05-06 12:08:36.497926869 +0200
-@@ -179,7 +179,8 @@ evp_aes_128_ctr(void)
- 	aes_ctr.do_cipher = ssh_aes_ctr;
- #ifndef SSH_OLD_EVP
- 	aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
-	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
-+	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV |
-+	    EVP_CIPH_FLAG_FIPS;
- #endif
- 	return (&aes_ctr);
- }
 diff -up openssh-8.6p1/dh.c.fips openssh-8.6p1/dh.c
 --- openssh-8.6p1/dh.c.fips	2021-04-16 05:55:25.000000000 +0200
 +++ openssh-8.6p1/dh.c	2021-05-06 12:12:10.107634472 +0200
@ -117,7 +104,7 @@ diff -up openssh-8.6p1/kexgexc.c.fips openssh-8.6p1/kexgexc.c
 diff -up openssh-8.6p1/myproposal.h.fips openssh-8.6p1/myproposal.h
 --- openssh-8.6p1/myproposal.h.fips	2021-04-16 05:55:25.000000000 +0200
 +++ openssh-8.6p1/myproposal.h	2021-05-06 12:08:36.498926877 +0200
-@@ -57,6 +57,20 @@
+@@ -57,6 +57,18 @@
 	"rsa-sha2-256," \
 	"ssh-rsa"
 
@ -127,13 +114,11 @@ diff -up openssh-8.6p1/myproposal.h.fips openssh-8.6p1/myproposal.h
 +	"ecdsa-sha2-nistp521-cert-v01@openssh.com," \
 +	"rsa-sha2-512-cert-v01@openssh.com," \
 +	"rsa-sha2-256-cert-v01@openssh.com," \
-+	"ssh-rsa-cert-v01@openssh.com," \
 +	"ecdsa-sha2-nistp256," \
 +	"ecdsa-sha2-nistp384," \
 +	"ecdsa-sha2-nistp521," \
 +	"rsa-sha2-512," \
-+	"rsa-sha2-256," \
-+	"ssh-rsa"
+	"rsa-sha2-256"
 +
 #define	KEX_SERVER_ENCRYPT \
 	"chacha20-poly1305@openssh.com," \
@ -452,3 +437,89 @@ diff -up openssh-8.6p1/ssh-keygen.c.fips openssh-8.6p1/ssh-keygen.c
 		if ((fd = mkstemp(prv_tmp)) == -1) {
 			error("Could not save your private key in %s: %s",
 			    prv_tmp, strerror(errno));
+diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
+--- openssh-8.7p1/kexgen.c.fips3	2022-07-11 16:11:21.973519913 +0200
+++ openssh-8.7p1/kexgen.c	2022-07-11 16:25:31.172187365 +0200
+@@ -31,6 +31,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <signal.h>
+#include <openssl/crypto.h>
+ 
+ #include "sshkey.h"
+ #include "kex.h"
+@@ -115,10 +116,20 @@ kex_gen_client(struct ssh *ssh)
+ 		break;
+ #endif
+ 	case KEX_C25519_SHA256:
+-		r = kex_c25519_keypair(kex);
+		if (FIPS_mode()) {
+		    logit("Key exchange type c25519 is not alowed in FIPS mode");
+		    r = SSH_ERR_INVALID_ARGUMENT;
+		} else {
+		    r = kex_c25519_keypair(kex);
+		}
+ 		break;
+ 	case KEX_KEM_SNTRUP761X25519_SHA512:
+-		r = kex_kem_sntrup761x25519_keypair(kex);
+		if (FIPS_mode()) {
+		    logit("Key exchange type sntrup761 is not alowed in FIPS mode");
+		    r = SSH_ERR_INVALID_ARGUMENT;
+		} else {
+		    r = kex_kem_sntrup761x25519_keypair(kex);
+		}
+ 		break;
+ 	default:
+ 		r = SSH_ERR_INVALID_ARGUMENT;
+@@ -186,11 +197,21 @@ input_kex_gen_reply(int type, u_int32_t
+ 		break;
+ #endif
+ 	case KEX_C25519_SHA256:
+-		r = kex_c25519_dec(kex, server_blob, &shared_secret);
+		if (FIPS_mode()) {
+		    logit("Key exchange type c25519 is not alowed in FIPS mode");
+		    r = SSH_ERR_INVALID_ARGUMENT;
+		} else {
+		    r = kex_c25519_dec(kex, server_blob, &shared_secret);
+		}
+ 		break;
+ 	case KEX_KEM_SNTRUP761X25519_SHA512:
+-		r = kex_kem_sntrup761x25519_dec(kex, server_blob,
+-		    &shared_secret);
+		if (FIPS_mode()) {
+		    logit("Key exchange type sntrup761 is not alowed in FIPS mode");
+		    r = SSH_ERR_INVALID_ARGUMENT;
+		} else {
+		    r = kex_kem_sntrup761x25519_dec(kex, server_blob,
+		        &shared_secret);
+		}
+ 		break;
+ 	default:
+ 		r = SSH_ERR_INVALID_ARGUMENT;
+@@ -285,12 +306,22 @@ input_kex_gen_init(int type, u_int32_t s
+ 		break;
+ #endif
+ 	case KEX_C25519_SHA256:
+-		r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
+-		    &shared_secret);
+		if (FIPS_mode()) {
+		    logit("Key exchange type c25519 is not alowed in FIPS mode");
+		    r = SSH_ERR_INVALID_ARGUMENT;
+		} else {
+		    r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
+		        &shared_secret);
+		}
+ 		break;
+ 	case KEX_KEM_SNTRUP761X25519_SHA512:
+-		r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
+-		    &server_pubkey, &shared_secret);
+		if (FIPS_mode()) {
+		    logit("Key exchange type sntrup761 is not alowed in FIPS mode");
+		    r = SSH_ERR_INVALID_ARGUMENT;
+		} else {
+		    r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
+		        &server_pubkey, &shared_secret);
+		}
+ 		break;
+ 	default:
+ 		r = SSH_ERR_INVALID_ARGUMENT;
--- a/openssh.spec
+++ b/openssh.spec
@ -51,7 +51,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 11
+%global openssh_rel 12
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 4

@ -720,6 +720,10 @@ test -f %{sysconfig_anaconda} && \
 %endif

 %changelog
+* Mon Jul 11 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-12
+- Disable sntrup761x25519-sha512 in FIPS mode
+  Related: rhbz#2070628
+
 * Mon Jul 11 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-11
 - Fix scp clearing file when src and dest are the same
  Resolves: rhbz#2056884