import openssh-8.0p1-5.el8

This commit is contained in:
CentOS Sources 2020-07-28 08:06:13 -04:00 committed by Stepan Oksanichenko
parent b40f69fe2a
commit 75ca0870c6
17 changed files with 970 additions and 224 deletions

View File

@ -20,10 +20,10 @@ diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in
ssh-xmss.o \ ssh-xmss.o \
@@ -194,6 +195,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l @@ -194,6 +195,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS) $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS)
+ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o +ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
+ $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS) + $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ +
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)

View File

@ -62,10 +62,10 @@ diff -up openssh/Makefile.in.keycat openssh/Makefile.in
ssh-xmss.o \ ssh-xmss.o \
@@ -190,6 +191,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) @@ -190,6 +191,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS) $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LDAPLIBS)
+ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o +ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
+ $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS) + $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS)
+ +
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)

View File

@ -20,7 +20,7 @@ diff -up openssh-6.8p1/Makefile.in.kdf-cavs openssh-6.8p1/Makefile.in
ssh-xmss.o \ ssh-xmss.o \
@@ -198,6 +199,9 @@ ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHD @@ -198,6 +199,9 @@ ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHD
ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS) $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-cavs.o +ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-cavs.o
+ $(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)

View File

@ -171,7 +171,7 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o +ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
+ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS) + $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LDAPLIBS)
+ +
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)

View File

@ -127,50 +127,6 @@ diff -up openssh-7.9p1/kexgexc.c.fips openssh-7.9p1/kexgexc.c
p = g = NULL; /* belong to kex->dh now */ p = g = NULL; /* belong to kex->dh now */
/* generate and send 'e', client DH public key */ /* generate and send 'e', client DH public key */
diff -up openssh-7.9p1/Makefile.in.fips openssh-7.9p1/Makefile.in
--- openssh-7.9p1/Makefile.in.fips 2019-03-11 17:06:37.615877984 +0100
+++ openssh-7.9p1/Makefile.in 2019-03-11 17:06:37.621878041 +0100
@@ -179,25 +179,25 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS) $(GSSLIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
- $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
- $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
- $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o
- $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
@@ -215,7 +215,7 @@ ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a
$(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
- $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
diff -up openssh-7.9p1/myproposal.h.fips openssh-7.9p1/myproposal.h diff -up openssh-7.9p1/myproposal.h.fips openssh-7.9p1/myproposal.h
--- openssh-7.9p1/myproposal.h.fips 2018-10-17 02:01:20.000000000 +0200 --- openssh-7.9p1/myproposal.h.fips 2018-10-17 02:01:20.000000000 +0200
+++ openssh-7.9p1/myproposal.h 2019-03-11 17:06:37.621878041 +0100 +++ openssh-7.9p1/myproposal.h 2019-03-11 17:06:37.621878041 +0100
@ -309,43 +265,25 @@ diff -up openssh-7.9p1/servconf.c.fips openssh-7.9p1/servconf.c
diff -up openssh-7.9p1/ssh.c.fips openssh-7.9p1/ssh.c diff -up openssh-7.9p1/ssh.c.fips openssh-7.9p1/ssh.c
--- openssh-7.9p1/ssh.c.fips 2019-03-11 17:06:37.602877862 +0100 --- openssh-7.9p1/ssh.c.fips 2019-03-11 17:06:37.602877862 +0100
+++ openssh-7.9p1/ssh.c 2019-03-11 17:06:37.623878060 +0100 +++ openssh-7.9p1/ssh.c 2019-03-11 17:06:37.623878060 +0100
@@ -76,6 +76,8 @@ @@ -76,6 +76,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/err.h> #include <openssl/err.h>
#endif #endif
+#include <openssl/crypto.h> +#include <openssl/crypto.h>
+#include <fipscheck.h>
#include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/openssl-compat.h"
#include "openbsd-compat/sys-queue.h" #include "openbsd-compat/sys-queue.h"
@@ -600,6 +602,16 @@ main(int ac, char **av)
sanitise_stdfd();
__progname = ssh_get_progname(av[0]);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ SSLeay_add_all_algorithms();
+#endif
+ if (access("/etc/system-fips", F_OK) == 0)
+ if (! FIPSCHECK_verify(NULL, NULL)){
+ if (FIPS_mode())
+ fatal("FIPS integrity verification test failed.");
+ else
+ logit("FIPS integrity verification test failed.");
+ }
#ifndef HAVE_SETPROCTITLE
/* Prepare for later setproctitle emulation */
@@ -1283,6 +1294,10 @@ main(int ac, char **av) @@ -1283,6 +1294,10 @@ main(int ac, char **av)
dump_client_config(&options, host);
seed_rng(); exit(0);
}
+ if (FIPS_mode()) {
+ logit("FIPS mode initialized");
+ }
+ +
/* + if (FIPS_mode()) {
* Discard other fds that are hanging around. These can cause problem + debug("FIPS mode initialized");
* with backgrounded ssh processes started by ControlPersist. + }
if (muxclient_command != 0 && options.control_path == NULL)
fatal("No ControlPath specified for \"-O\" command");
diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
--- openssh-7.9p1/sshconnect2.c.fips 2019-03-11 17:06:37.580877655 +0100 --- openssh-7.9p1/sshconnect2.c.fips 2019-03-11 17:06:37.580877655 +0100
+++ openssh-7.9p1/sshconnect2.c 2019-03-11 17:06:37.623878060 +0100 +++ openssh-7.9p1/sshconnect2.c 2019-03-11 17:06:37.623878060 +0100
@ -387,7 +325,7 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
/* Prefer algorithms that we already have keys for */ /* Prefer algorithms that we already have keys for */
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
compat_pkalg_proposal( compat_pkalg_proposal(
@@ -201,29 +201,34 @@ ssh_kex2(char *host, struct sockaddr *ho @@ -201,35 +201,40 @@ ssh_kex2(char *host, struct sockaddr *ho
#if defined(GSSAPI) && defined(WITH_OPENSSL) #if defined(GSSAPI) && defined(WITH_OPENSSL)
if (options.gss_keyex) { if (options.gss_keyex) {
@ -395,12 +333,18 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
- * client to the key exchange algorithm proposal */ - * client to the key exchange algorithm proposal */
- orig = myproposal[PROPOSAL_KEX_ALGS]; - orig = myproposal[PROPOSAL_KEX_ALGS];
- -
- if (options.gss_server_identity) - if (options.gss_server_identity) {
- gss_host = xstrdup(options.gss_server_identity); - gss_host = xstrdup(options.gss_server_identity);
- else if (options.gss_trust_dns) - } else if (options.gss_trust_dns) {
- gss_host = remote_hostname(ssh); - gss_host = remote_hostname(ssh);
- else - /* Fall back to specified host if we are using proxy command
- * and can not use DNS on that socket */
- if (strcmp(gss_host, "UNKNOWN") == 0) {
- gss_host = xstrdup(host);
- }
- } else {
- gss_host = xstrdup(host); - gss_host = xstrdup(host);
- }
- -
- gss = ssh_gssapi_client_mechanisms(gss_host, - gss = ssh_gssapi_client_mechanisms(gss_host,
- options.gss_client_identity, options.gss_kex_algorithms); - options.gss_client_identity, options.gss_kex_algorithms);
@ -422,12 +366,18 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
+ * client to the key exchange algorithm proposal */ + * client to the key exchange algorithm proposal */
+ orig = myproposal[PROPOSAL_KEX_ALGS]; + orig = myproposal[PROPOSAL_KEX_ALGS];
+ +
+ if (options.gss_server_identity) + if (options.gss_server_identity) {
+ gss_host = xstrdup(options.gss_server_identity); + gss_host = xstrdup(options.gss_server_identity);
+ else if (options.gss_trust_dns) + } else if (options.gss_trust_dns) {
+ gss_host = remote_hostname(ssh); + gss_host = remote_hostname(ssh);
+ else + /* Fall back to specified host if we are using proxy command
+ * and can not use DNS on that socket */
+ if (strcmp(gss_host, "UNKNOWN") == 0) {
+ gss_host = xstrdup(host);
+ }
+ } else {
+ gss_host = xstrdup(host); + gss_host = xstrdup(host);
+ }
+ +
+ gss = ssh_gssapi_client_mechanisms(gss_host, + gss = ssh_gssapi_client_mechanisms(gss_host,
+ options.gss_client_identity, options.gss_kex_algorithms); + options.gss_client_identity, options.gss_kex_algorithms);
@ -456,31 +406,19 @@ diff -up openssh-7.9p1/sshd.c.fips openssh-7.9p1/sshd.c
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@@ -77,6 +78,8 @@ @@ -77,6 +78,7 @@
#include <openssl/dh.h> #include <openssl/dh.h>
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/rand.h> #include <openssl/rand.h>
+#include <openssl/crypto.h> +#include <openssl/crypto.h>
+#include <fipscheck.h>
#include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/openssl-compat.h"
#endif #endif
@@ -1581,6 +1584,18 @@ main(int ac, char **av) @@ -1581,6 +1584,7 @@ main(int ac, char **av)
#endif #endif
__progname = ssh_get_progname(av[0]); __progname = ssh_get_progname(av[0]);
+ OpenSSL_add_all_algorithms(); + OpenSSL_add_all_algorithms();
+ if (access("/etc/system-fips", F_OK) == 0)
+ if (! FIPSCHECK_verify(NULL, NULL)) {
+ openlog(__progname, LOG_PID, LOG_AUTHPRIV);
+ if (FIPS_mode()) {
+ syslog(LOG_CRIT, "FIPS integrity verification test failed.");
+ cleanup_exit(255);
+ }
+ else
+ syslog(LOG_INFO, "FIPS integrity verification test failed.");
+ closelog();
+ }
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac; saved_argc = ac;
rexec_argc = ac; rexec_argc = ac;
@ -489,7 +427,7 @@ diff -up openssh-7.9p1/sshd.c.fips openssh-7.9p1/sshd.c
log_init(__progname, options.log_level, options.log_facility, log_stderr); log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ if (FIPS_mode()) { + if (FIPS_mode()) {
+ logit("FIPS mode initialized"); + debug("FIPS mode initialized");
+ } + }
+ +
/* Chdir to the root directory so that the current disk can be /* Chdir to the root directory so that the current disk can be

View File

@ -1,11 +1,12 @@
diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config
--- openssh-7.7p1/ssh_config.redhat 2018-04-02 07:38:28.000000000 +0200 --- openssh-7.7p1/ssh_config.redhat 2018-04-02 07:38:28.000000000 +0200
+++ openssh-7.7p1/ssh_config 2018-07-03 10:44:06.522245125 +0200 +++ openssh-7.7p1/ssh_config 2018-07-03 10:44:06.522245125 +0200
@@ -44,3 +44,7 @@ @@ -44,3 +44,8 @@
# VisualHostKey no # VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com # ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h # RekeyLimit 1G 1h
+# +#
+# This system is following system-wide crypto policy.
+# To modify the system-wide ssh configuration, create a *.conf file under +# To modify the system-wide ssh configuration, create a *.conf file under
+# /etc/ssh/ssh_config.d/ which will be automatically included below +# /etc/ssh/ssh_config.d/ which will be automatically included below
+Include /etc/ssh/ssh_config.d/*.conf +Include /etc/ssh/ssh_config.d/*.conf
@ -66,7 +67,7 @@ diff -up openssh-7.7p1/sshd_config.5.redhat openssh-7.7p1/sshd_config.5
diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
--- openssh-7.7p1/sshd_config.redhat 2018-04-02 07:38:28.000000000 +0200 --- openssh-7.7p1/sshd_config.redhat 2018-04-02 07:38:28.000000000 +0200
+++ openssh-7.7p1/sshd_config 2018-07-03 10:45:16.950782466 +0200 +++ openssh-7.7p1/sshd_config 2018-07-03 10:45:16.950782466 +0200
@@ -10,20 +10,34 @@ @@ -10,20 +10,31 @@
# possible, but leave them commented. Uncommented options override the # possible, but leave them commented. Uncommented options override the
# default value. # default value.
@ -89,14 +90,11 @@ diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
# Ciphers and keying # Ciphers and keying
#RekeyLimit default none #RekeyLimit default none
+# System-wide Crypto policy:
+# This system is following system-wide crypto policy. The changes to +# This system is following system-wide crypto policy. The changes to
+# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any +# crypto properties (Ciphers, MACs, ...) will not have any effect here.
+# effect here. They will be overridden by command-line options passed on +# They will be overridden by command-line options passed to the server
+# the server start up. +# on command line.
+# To opt out, uncomment a line with redefinition of CRYPTO_POLICY= +# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).
+# variable in /etc/sysconfig/sshd to overwrite the policy.
+# For more information, see manual page for update-crypto-policies(8).
+ +
# Logging # Logging
#SyslogFacility AUTH #SyslogFacility AUTH

View File

@ -1,7 +1,55 @@
diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5 diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
--- openssh-8.0p1/ssh_config.5.crypto-policies 2019-05-13 14:04:01.999099570 +0200 --- openssh-8.0p1/ssh_config.5.crypto-policies 2020-03-24 17:32:54.821789205 +0100
+++ openssh-8.0p1/ssh_config.5 2019-05-13 14:12:36.343923071 +0200 +++ openssh-8.0p1/ssh_config.5 2020-03-24 17:59:58.174122920 +0100
@@ -445,12 +445,10 @@ aes256-gcm@openssh.com @@ -357,17 +357,17 @@ or
.Qq *.c.example.com
domains.
.It Cm CASignatureAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
Specifies which algorithms are allowed for signing of certificates
by certificate authorities (CAs).
-The default is:
-.Bd -literal -offset indent
-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed
-.Pp
.Xr ssh 1
will not accept host certificates signed using algorithms other than those
specified.
+.Pp
.It Cm CertificateFile
Specifies a file from which the user's certificate is read.
A corresponding private key must be provided separately in order
@@ -420,16 +420,21 @@ If the option is set to
.Cm no ,
the check will not be executed.
.It Cm Ciphers
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
Specifies the ciphers allowed and their order of preference.
Multiple ciphers must be comma-separated.
If the specified value begins with a
.Sq +
-character, then the specified ciphers will be appended to the default set
+character, then the specified ciphers will be appended to the built-in default set
instead of replacing them.
If the specified value begins with a
.Sq -
character, then the specified ciphers (including wildcards) will be removed
-from the default set instead of replacing them.
+from the built-in default set instead of replacing them.
.Pp
The supported ciphers are:
.Bd -literal -offset indent
@@ -445,13 +450,6 @@ aes256-gcm@openssh.com
chacha20-poly1305@openssh.com chacha20-poly1305@openssh.com
.Ed .Ed
.Pp .Pp
@ -11,30 +59,53 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
-aes128-ctr,aes192-ctr,aes256-ctr, -aes128-ctr,aes192-ctr,aes256-ctr,
-aes128-gcm@openssh.com,aes256-gcm@openssh.com -aes128-gcm@openssh.com,aes256-gcm@openssh.com
-.Ed -.Ed
+The default is handled system-wide by -.Pp
+.Xr crypto-policies 7 .
+To see the defaults and how to modify this default, see manual page
+.Xr update-crypto-policies 8 .
.Pp
The list of available ciphers may also be obtained using The list of available ciphers may also be obtained using
.Qq ssh -Q cipher . .Qq ssh -Q cipher .
@@ -812,8 +810,10 @@ gss-nistp256-sha256-, .It Cm ClearAllForwardings
@@ -800,6 +798,11 @@ command line will be passed untouched to
The default is
.Dq no .
.It Cm GSSAPIKexAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
The list of key exchange algorithms that are offered for GSSAPI
key exchange. Possible values are
.Bd -literal -offset 3n
@@ -812,9 +815,8 @@ gss-nistp256-sha256-,
gss-curve25519-sha256- gss-curve25519-sha256-
.Ed .Ed
.Pp .Pp
-The default is -The default is
-.Dq gss-gex-sha1-,gss-group14-sha1- . -.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
+The default is handled system-wide by This option only applies to connections using GSSAPI.
+.Xr crypto-policies 7 . +.Pp
+To see the defaults and how to modify this default, see manual page
+.Xr update-crypto-policies 8 .
This option only applies to protocol version 2 connections using GSSAPI.
.It Cm HashKnownHosts .It Cm HashKnownHosts
Indicates that Indicates that
@@ -1123,16 +1123,10 @@ If the specified value begins with a .Xr ssh 1
@@ -1114,26 +1115,21 @@ it may be zero or more of:
and
.Cm pam .
.It Cm KexAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
Specifies the available KEX (Key Exchange) algorithms.
Multiple algorithms must be comma-separated.
Alternately if the specified value begins with a
.Sq +
-character, then the specified methods will be appended to the default set
+character, then the specified methods will be appended to the built-in default set
instead of replacing them.
If the specified value begins with a
.Sq - .Sq -
character, then the specified methods (including wildcards) will be removed character, then the specified methods (including wildcards) will be removed
from the default set instead of replacing them. -from the default set instead of replacing them.
-The default is: -The default is:
-.Bd -literal -offset indent -.Bd -literal -offset indent
-curve25519-sha256,curve25519-sha256@libssh.org, -curve25519-sha256,curve25519-sha256@libssh.org,
@ -45,14 +116,36 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
-diffie-hellman-group14-sha256, -diffie-hellman-group14-sha256,
-diffie-hellman-group14-sha1 -diffie-hellman-group14-sha1
-.Ed -.Ed
+The default is handled system-wide by +from the built-in default set instead of replacing them.
+.Xr crypto-policies 7 .
+To see the defaults and how to modify this default, see manual page
+.Xr update-crypto-policies 8 .
.Pp .Pp
The list of available key exchange algorithms may also be obtained using The list of available key exchange algorithms may also be obtained using
.Qq ssh -Q kex . .Qq ssh -Q kex .
@@ -1210,14 +1204,10 @@ The algorithms that contain @@ -1193,33 +1189,29 @@ The default is INFO.
DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of verbose output.
.It Cm MACs
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
Specifies the MAC (message authentication code) algorithms
in order of preference.
The MAC algorithm is used for data integrity protection.
Multiple algorithms must be comma-separated.
If the specified value begins with a
.Sq +
-character, then the specified algorithms will be appended to the default set
+character, then the specified algorithms will be appended to the built-in default set
instead of replacing them.
If the specified value begins with a
.Sq -
character, then the specified algorithms (including wildcards) will be removed
-from the default set instead of replacing them.
+from the built-in default set instead of replacing them.
.Pp
The algorithms that contain
.Qq -etm
calculate the MAC after encryption (encrypt-then-mac). calculate the MAC after encryption (encrypt-then-mac).
These are considered safer and their use recommended. These are considered safer and their use recommended.
.Pp .Pp
@ -64,17 +157,30 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
-umac-64@openssh.com,umac-128@openssh.com, -umac-64@openssh.com,umac-128@openssh.com,
-hmac-sha2-256,hmac-sha2-512,hmac-sha1 -hmac-sha2-256,hmac-sha2-512,hmac-sha1
-.Ed -.Ed
+The default is handled system-wide by -.Pp
+.Xr crypto-policies 7 .
+To see the defaults and how to modify this default, see manual page
+.Xr update-crypto-policies 8 .
.Pp
The list of available MAC algorithms may also be obtained using The list of available MAC algorithms may also be obtained using
.Qq ssh -Q mac . .Qq ssh -Q mac .
@@ -1361,17 +1351,10 @@ If the specified value begins with a .It Cm NoHostAuthenticationForLocalhost
@@ -1352,27 +1344,21 @@ instead of continuing to execute and pas
The default is
.Cm no .
.It Cm PubkeyAcceptedKeyTypes
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
Specifies the key types that will be used for public key authentication
as a comma-separated list of patterns.
Alternately if the specified value begins with a
.Sq +
-character, then the key types after it will be appended to the default
+character, then the key types after it will be appended to the built-in default
instead of replacing it.
If the specified value begins with a
.Sq - .Sq -
character, then the specified key types (including wildcards) will be removed character, then the specified key types (including wildcards) will be removed
from the default set instead of replacing them. -from the default set instead of replacing them.
-The default for this option is: -The default for this option is:
-.Bd -literal -offset 3n -.Bd -literal -offset 3n
-ecdsa-sha2-nistp256-cert-v01@openssh.com, -ecdsa-sha2-nistp256-cert-v01@openssh.com,
@ -86,17 +192,61 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed -.Ed
+The default is handled system-wide by +from the built-in default set instead of replacing them.
+.Xr crypto-policies 7 .
+To see the defaults and how to modify this default, see manual page
+.Xr update-crypto-policies 8 .
.Pp .Pp
The list of available key types may also be obtained using The list of available key types may also be obtained using
.Qq ssh -Q key . .Qq ssh -Q key .
diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5 diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
--- openssh-8.0p1/sshd_config.5.crypto-policies 2019-05-13 14:12:41.226968863 +0200 --- openssh-8.0p1/sshd_config.5.crypto-policies 2020-03-24 17:32:54.802788908 +0100
+++ openssh-8.0p1/sshd_config.5 2019-05-13 14:15:14.581406997 +0200 +++ openssh-8.0p1/sshd_config.5 2020-03-24 17:54:13.347740176 +0100
@@ -490,12 +490,10 @@ aes256-gcm@openssh.com @@ -383,16 +383,16 @@ If the argument is
then no banner is displayed.
By default, no banner is displayed.
.It Cm CASignatureAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
Specifies which algorithms are allowed for signing of certificates
by certificate authorities (CAs).
-The default is:
-.Bd -literal -offset indent
-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed
-.Pp
Certificates signed using other algorithms will not be accepted for
public key or host-based authentication.
+.Pp
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or through authentication styles supported in
@@ -454,16 +454,21 @@ The default is
indicating not to
.Xr chroot 2 .
.It Cm Ciphers
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
Specifies the ciphers allowed.
Multiple ciphers must be comma-separated.
If the specified value begins with a
.Sq +
-character, then the specified ciphers will be appended to the default set
+character, then the specified ciphers will be appended to the built-in default set
instead of replacing them.
If the specified value begins with a
.Sq -
character, then the specified ciphers (including wildcards) will be removed
-from the default set instead of replacing them.
+from the built-in default set instead of replacing them.
.Pp
The supported ciphers are:
.Pp
@@ -490,13 +495,6 @@ aes256-gcm@openssh.com
chacha20-poly1305@openssh.com chacha20-poly1305@openssh.com
.El .El
.Pp .Pp
@ -106,28 +256,40 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
-aes128-ctr,aes192-ctr,aes256-ctr, -aes128-ctr,aes192-ctr,aes256-ctr,
-aes128-gcm@openssh.com,aes256-gcm@openssh.com -aes128-gcm@openssh.com,aes256-gcm@openssh.com
-.Ed -.Ed
+The default is handled system-wide by -.Pp
+.Xr crypto-policies 7 .
+To see the defaults and how to modify this default, see manual page
+.Xr update-crypto-policies 8 .
.Pp
The list of available ciphers may also be obtained using The list of available ciphers may also be obtained using
.Qq ssh -Q cipher . .Qq ssh -Q cipher .
@@ -700,8 +698,10 @@ gss-nistp256-sha256-, .It Cm ClientAliveCountMax
@@ -688,6 +686,11 @@ For this to work
.Cm GSSAPIKeyExchange
needs to be enabled in the server and also used by the client.
.It Cm GSSAPIKexAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
The list of key exchange algorithms that are accepted by GSSAPI
key exchange. Possible values are
.Bd -literal -offset 3n
@@ -700,8 +703,6 @@ gss-nistp256-sha256-,
gss-curve25519-sha256- gss-curve25519-sha256-
.Ed .Ed
.Pp .Pp
-The default is -The default is
-.Dq gss-gex-sha1-,gss-group14-sha1- . -.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
+The default is handled system-wide by This option only applies to connections using GSSAPI.
+.Xr crypto-policies 7 .
+To see the defaults and how to modify this default, see manual page
+.Xr update-crypto-policies 8 .
This option only applies to protocol version 2 connections using GSSAPI.
.It Cm HostbasedAcceptedKeyTypes .It Cm HostbasedAcceptedKeyTypes
Specifies the key types that will be accepted for hostbased authentication Specifies the key types that will be accepted for hostbased authentication
@@ -792,17 +792,10 @@ environment variable. @@ -791,19 +791,13 @@ is specified, the location of the socket
.Ev SSH_AUTH_SOCK
environment variable.
.It Cm HostKeyAlgorithms .It Cm HostKeyAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
Specifies the host key algorithms Specifies the host key algorithms
that the server offers. that the server offers.
-The default for this option is: -The default for this option is:
@ -141,14 +303,34 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed -.Ed
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the defaults and how to modify this default, see manual page
+.Xr update-crypto-policies 8 .
.Pp .Pp
The list of available key types may also be obtained using The list of available key types may also be obtained using
.Qq ssh -Q key . .Qq ssh -Q key .
@@ -960,14 +953,10 @@ ecdh-sha2-nistp384 @@ -922,16 +916,21 @@ Specifies whether to look at .k5login fi
The default is
.Cm yes .
.It Cm KexAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
Specifies the available KEX (Key Exchange) algorithms.
Multiple algorithms must be comma-separated.
Alternately if the specified value begins with a
.Sq +
-character, then the specified methods will be appended to the default set
+character, then the specified methods will be appended to the built-in default set
instead of replacing them.
If the specified value begins with a
.Sq -
character, then the specified methods (including wildcards) will be removed
-from the default set instead of replacing them.
+from the built-in default set instead of replacing them.
The supported algorithms are:
.Pp
.Bl -item -compact -offset indent
@@ -961,15 +960,6 @@ ecdh-sha2-nistp384
ecdh-sha2-nistp521 ecdh-sha2-nistp521
.El .El
.Pp .Pp
@ -160,14 +342,36 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
-diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, -diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
-diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 -diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
-.Ed -.Ed
+The default is handled system-wide by -.Pp
+.Xr crypto-policies 7 .
+To see the defaults and how to modify this default, see manual page
+.Xr update-crypto-policies 8 .
.Pp
The list of available key exchange algorithms may also be obtained using The list of available key exchange algorithms may also be obtained using
.Qq ssh -Q kex . .Qq ssh -Q kex .
@@ -1090,14 +1079,10 @@ umac-64-etm@openssh.com .It Cm ListenAddress
@@ -1038,17 +1028,22 @@ DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
Logging with a DEBUG level violates the privacy of users and is not recommended.
.It Cm MACs
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
Specifies the available MAC (message authentication code) algorithms.
The MAC algorithm is used for data integrity protection.
Multiple algorithms must be comma-separated.
If the specified value begins with a
.Sq +
-character, then the specified algorithms will be appended to the default set
+character, then the specified algorithms will be appended to the built-in default set
instead of replacing them.
If the specified value begins with a
.Sq -
character, then the specified algorithms (including wildcards) will be removed
-from the default set instead of replacing them.
+from the built-in default set instead of replacing them.
.Pp
The algorithms that contain
.Qq -etm
@@ -1091,15 +1086,6 @@ umac-64-etm@openssh.com
umac-128-etm@openssh.com umac-128-etm@openssh.com
.El .El
.Pp .Pp
@ -179,17 +383,30 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
-umac-64@openssh.com,umac-128@openssh.com, -umac-64@openssh.com,umac-128@openssh.com,
-hmac-sha2-256,hmac-sha2-512,hmac-sha1 -hmac-sha2-256,hmac-sha2-512,hmac-sha1
-.Ed -.Ed
+The default is handled system-wide by -.Pp
+.Xr crypto-policies 7 .
+To see the defaults and how to modify this default, see manual page
+.Xr update-crypto-policies 8 .
.Pp
The list of available MAC algorithms may also be obtained using The list of available MAC algorithms may also be obtained using
.Qq ssh -Q mac . .Qq ssh -Q mac .
@@ -1455,17 +1440,10 @@ If the specified value begins with a .It Cm Match
@@ -1446,27 +1432,21 @@ or equivalent.)
The default is
.Cm yes .
.It Cm PubkeyAcceptedKeyTypes
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
Specifies the key types that will be accepted for public key authentication
as a list of comma-separated patterns.
Alternately if the specified value begins with a
.Sq +
-character, then the specified key types will be appended to the default set
+character, then the specified key types will be appended to the built-in default set
instead of replacing them.
If the specified value begins with a
.Sq - .Sq -
character, then the specified key types (including wildcards) will be removed character, then the specified key types (including wildcards) will be removed
from the default set instead of replacing them. -from the default set instead of replacing them.
-The default for this option is: -The default for this option is:
-.Bd -literal -offset 3n -.Bd -literal -offset 3n
-ecdsa-sha2-nistp256-cert-v01@openssh.com, -ecdsa-sha2-nistp256-cert-v01@openssh.com,
@ -201,10 +418,7 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed -.Ed
+The default is handled system-wide by +from the built-in default set instead of replacing them.
+.Xr crypto-policies 7 .
+To see the defaults and how to modify this default, see manual page
+.Xr update-crypto-policies 8 .
.Pp .Pp
The list of available key types may also be obtained using The list of available key types may also be obtained using
.Qq ssh -Q key . .Qq ssh -Q key .

View File

@ -0,0 +1,302 @@
diff --git a/entropy.c b/entropy.c
index 2d483b3..b361a04 100644
--- a/entropy.c
+++ b/entropy.c
@@ -234,6 +234,9 @@ seed_rng(void)
}
#endif /* OPENSSL_PRNG_ONLY */
+#ifdef __linux__
+ linux_seed();
+#endif /* __linux__ */
if (RAND_status() != 1)
fatal("PRNG is not seeded");
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index b912dbe..9206337 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -20,6 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di
port-solaris.o \
port-net.o \
port-uw.o \
+ port-linux-prng.o \
port-linux-sshd.o
.c.o:
diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h
--- openssh-7.4p1/openbsd-compat/port-linux.h.entropy 2016-12-23 18:34:27.747753563 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 18:34:27.769753570 +0100
@@ -34,4 +34,6 @@ void oom_adjust_restore(void);
void oom_adjust_setup(void);
#endif
+void linux_seed(void);
+
#endif /* ! _PORT_LINUX_H */
diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c
new file mode 100644
index 0000000..92a617c
--- /dev/null
+++ b/openbsd-compat/port-linux-prng.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2011 - 2020 Red Hat, Inc.
+ *
+ * Authors:
+ * Jan F. Chadima <jchadima@redhat.com>
+ * Jakub Jelen <jjelen@redhat.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Linux-specific portability code - prng support
+ */
+
+#include "includes.h"
+
+#include <errno.h>
+#include <string.h>
+#include <openssl/rand.h>
+#include <sys/random.h>
+
+#include "log.h"
+
+void
+linux_seed(void)
+{
+ char *env = NULL;
+ size_t randlen = 14, left;
+ unsigned int flags = 0;
+ unsigned char buf[256], *p;
+
+ env = getenv("SSH_USE_STRONG_RNG");
+ if (env && strcmp(env, "0") != 0) {
+ size_t ienv = atoi(env);
+
+ /* Max on buffer length */
+ if (ienv > sizeof(buf))
+ ienv = sizeof(buf);
+ /* Minimum is always 14 B */
+ if (ienv > randlen)
+ randlen = ienv;
+ flags = GRND_RANDOM;
+ }
+
+ errno = 0;
+ left = randlen;
+ p = buf;
+ do {
+ ssize_t len = getrandom(p, left, flags);
+ if (len == -1) {
+ if (errno != EINTR) {
+ if (flags) {
+ /* With the variable present, this is fatal error */
+ fatal("Failed to seed from getrandom: %s", strerror(errno));
+ } else {
+ /* Otherwise we log the issue drop out from here */
+ debug("Failed to seed from getrandom: %s", strerror(errno));
+ return;
+ }
+ }
+ } else if (len > 0) {
+ left -= len;
+ p += len;
+ }
+ } while (left > 0);
+
+ RAND_seed(buf, randlen);
+}
diff --git a/ssh-add.1 b/ssh-add.1
index 4812448..16305bf 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -161,6 +161,22 @@ to make this work.)
Identifies the path of a
.Ux Ns -domain
socket used to communicate with the agent.
+.It Ev SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm getrandom(1)
+without any specific flags.
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm getrandom(1)
+with GRND_RANDOM flag specified.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
.El
.Sh FILES
.Bl -tag -width Ds
diff --git a/ssh-agent.1 b/ssh-agent.1
index 281ecbd..1a9a635 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -201,6 +201,26 @@ sockets used to contain the connection to the authentication agent.
These sockets should only be readable by the owner.
The sockets should get automatically removed when the agent exits.
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm getrandom(1)
+without any specific flags.
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm getrandom(1)
+with GRND_RANDOM flag specified.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 12e00d4..1b51a4a 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -832,6 +832,26 @@ Contains Diffie-Hellman groups used for DH-GEX.
The file format is described in
.Xr moduli 5 .
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm getrandom(1)
+without any specific flags.
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm getrandom(1)
+with GRND_RANDOM flag specified.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
diff --git a/ssh-keysign.8 b/ssh-keysign.8
index 69d0829..02d79f8 100644
--- a/ssh-keysign.8
+++ b/ssh-keysign.8
@@ -80,6 +80,26 @@ must be set-uid root if host-based authentication is used.
If these files exist they are assumed to contain public certificate
information corresponding with the private keys above.
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm getrandom(1)
+without any specific flags.
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm getrandom(1)
+with GRND_RANDOM flag specified.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-keygen 1 ,
diff --git a/ssh.1 b/ssh.1
index 929904b..f65e42f 100644
--- a/ssh.1
+++ b/ssh.1
@@ -1309,6 +1309,25 @@ For more information, see the
.Cm PermitUserEnvironment
option in
.Xr sshd_config 5 .
+.Bl -tag -width "SSH_ORIGINAL_COMMAND"
+.Pp
+.It Ev SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm getrandom(1)
+without any specific flags.
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm getrandom(1)
+with GRND_RANDOM flag specified.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.rhosts
diff --git a/sshd.8 b/sshd.8
index c2c237f..058d37a 100644
--- a/sshd.8
+++ b/sshd.8
@@ -951,6 +951,26 @@ concurrently for different ports, this contains the process ID of the one
started last).
The content of this file is not sensitive; it can be world-readable.
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Ev SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm getrandom(1)
+without any specific flags.
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm getrandom(1)
+with GRND_RANDOM flag specified.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh IPV6
IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
.Sh SEE ALSO

View File

@ -3265,7 +3265,7 @@ index 36180d07..70dd3665 100644
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -61,10 +61,30 @@ @@ -61,10 +61,34 @@
#define SSH_GSS_OIDTYPE 0x06 #define SSH_GSS_OIDTYPE 0x06
@ -3285,8 +3285,12 @@ index 36180d07..70dd3665 100644
+#define KEX_GSS_C25519_SHA256_ID "gss-curve25519-sha256-" +#define KEX_GSS_C25519_SHA256_ID "gss-curve25519-sha256-"
+ +
+#define GSS_KEX_DEFAULT_KEX \ +#define GSS_KEX_DEFAULT_KEX \
+ KEX_GSS_GEX_SHA1_ID "," \ + KEX_GSS_GRP14_SHA256_ID "," \
+ KEX_GSS_GRP14_SHA1_ID + KEX_GSS_GRP16_SHA512_ID "," \
+ KEX_GSS_NISTP256_SHA256_ID "," \
+ KEX_GSS_C25519_SHA256_ID "," \
+ KEX_GSS_GRP14_SHA1_ID "," \
+ KEX_GSS_GEX_SHA1_ID
+ +
typedef struct { typedef struct {
char *filename; char *filename;
@ -3492,18 +3496,18 @@ index 41262963..c3c8b274 100644
+The list of key exchange algorithms that are offered for GSSAPI +The list of key exchange algorithms that are offered for GSSAPI
+key exchange. Possible values are +key exchange. Possible values are
+.Bd -literal -offset 3n +.Bd -literal -offset 3n
+gss-gex-sha1-, +gss-gex-sha1-
+gss-group1-sha1-, +gss-group1-sha1-
+gss-group14-sha1-, +gss-group14-sha1-
+gss-group14-sha256-, +gss-group14-sha256-
+gss-group16-sha512-, +gss-group16-sha512-
+gss-nistp256-sha256-, +gss-nistp256-sha256-
+gss-curve25519-sha256- +gss-curve25519-sha256-
+.Ed +.Ed
+.Pp +.Pp
+The default is +The default is
+.Dq gss-gex-sha1-,gss-group14-sha1- . +.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
+This option only applies to protocol version 2 connections using GSSAPI. +This option only applies to connections using GSSAPI.
.It Cm HashKnownHosts .It Cm HashKnownHosts
Indicates that Indicates that
.Xr ssh 1 .Xr ssh 1
@ -3532,7 +3536,7 @@ index dffee90b..0d0a6cb8 100644
xxx_host = host; xxx_host = host;
xxx_hostaddr = hostaddr; xxx_hostaddr = hostaddr;
@@ -193,6 +196,35 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) @@ -193,6 +196,41 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
order_hostkeyalgs(host, hostaddr, port)); order_hostkeyalgs(host, hostaddr, port));
} }
@ -3542,12 +3546,18 @@ index dffee90b..0d0a6cb8 100644
+ * client to the key exchange algorithm proposal */ + * client to the key exchange algorithm proposal */
+ orig = myproposal[PROPOSAL_KEX_ALGS]; + orig = myproposal[PROPOSAL_KEX_ALGS];
+ +
+ if (options.gss_server_identity) + if (options.gss_server_identity) {
+ gss_host = xstrdup(options.gss_server_identity); + gss_host = xstrdup(options.gss_server_identity);
+ else if (options.gss_trust_dns) + } else if (options.gss_trust_dns) {
+ gss_host = remote_hostname(ssh); + gss_host = remote_hostname(ssh);
+ else + /* Fall back to specified host if we are using proxy command
+ * and can not use DNS on that socket */
+ if (strcmp(gss_host, "UNKNOWN") == 0) {
+ gss_host = xstrdup(host);
+ }
+ } else {
+ gss_host = xstrdup(host); + gss_host = xstrdup(host);
+ }
+ +
+ gss = ssh_gssapi_client_mechanisms(gss_host, + gss = ssh_gssapi_client_mechanisms(gss_host,
+ options.gss_client_identity, options.gss_kex_algorithms); + options.gss_client_identity, options.gss_kex_algorithms);
@ -3636,18 +3646,24 @@ index dffee90b..0d0a6cb8 100644
{"gssapi-with-mic", {"gssapi-with-mic",
userauth_gssapi, userauth_gssapi,
userauth_gssapi_cleanup, userauth_gssapi_cleanup,
@@ -698,12 +766,23 @@ userauth_gssapi(struct ssh *ssh) @@ -698,12 +766,29 @@ userauth_gssapi(struct ssh *ssh)
OM_uint32 min; OM_uint32 min;
int r, ok = 0; int r, ok = 0;
gss_OID mech = NULL; gss_OID mech = NULL;
+ char *gss_host; + char *gss_host = NULL;
+ +
+ if (options.gss_server_identity) + if (options.gss_server_identity) {
+ gss_host = xstrdup(options.gss_server_identity); + gss_host = xstrdup(options.gss_server_identity);
+ else if (options.gss_trust_dns) + } else if (options.gss_trust_dns) {
+ gss_host = remote_hostname(ssh); + gss_host = remote_hostname(ssh);
+ else + /* Fall back to specified host if we are using proxy command
+ * and can not use DNS on that socket */
+ if (strcmp(gss_host, "UNKNOWN") == 0) {
+ gss_host = xstrdup(authctxt->host);
+ }
+ } else {
+ gss_host = xstrdup(authctxt->host); + gss_host = xstrdup(authctxt->host);
+ }
/* Try one GSSAPI method at a time, rather than sending them all at /* Try one GSSAPI method at a time, rather than sending them all at
* once. */ * once. */
@ -3874,18 +3890,18 @@ index b224f292..2baa6622 100644
+The list of key exchange algorithms that are accepted by GSSAPI +The list of key exchange algorithms that are accepted by GSSAPI
+key exchange. Possible values are +key exchange. Possible values are
+.Bd -literal -offset 3n +.Bd -literal -offset 3n
+gss-gex-sha1-, +gss-gex-sha1-
+gss-group1-sha1-, +gss-group1-sha1-
+gss-group14-sha1-, +gss-group14-sha1-
+gss-group14-sha256-, +gss-group14-sha256-
+gss-group16-sha512-, +gss-group16-sha512-
+gss-nistp256-sha256-, +gss-nistp256-sha256-
+gss-curve25519-sha256- +gss-curve25519-sha256-
+.Ed +.Ed
+.Pp +.Pp
+The default is +The default is
+.Dq gss-gex-sha1-,gss-group14-sha1- . +.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
+This option only applies to protocol version 2 connections using GSSAPI. +This option only applies to connections using GSSAPI.
.It Cm HostbasedAcceptedKeyTypes .It Cm HostbasedAcceptedKeyTypes
Specifies the key types that will be accepted for hostbased authentication Specifies the key types that will be accepted for hostbased authentication
as a list of comma-separated patterns. as a list of comma-separated patterns.

View File

@ -0,0 +1,107 @@
From 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 24 Jan 2020 00:27:04 +0000
Subject: [PATCH] upstream: when signing a certificate with an RSA key, default
to
a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
the user; ok markus@
OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9
---
ssh-keygen.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 564c3c481..f2192edb9 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1788,10 +1788,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
}
free(tmp);
- if (key_type_name != NULL &&
- sshkey_type_from_name(key_type_name) != ca->type) {
- fatal("CA key type %s doesn't match specified %s",
- sshkey_ssh_name(ca), key_type_name);
+ if (key_type_name != NULL) {
+ if (sshkey_type_from_name(key_type_name) != ca->type) {
+ fatal("CA key type %s doesn't match specified %s",
+ sshkey_ssh_name(ca), key_type_name);
+ }
+ } else if (ca->type == KEY_RSA) {
+ /* Default to a good signature algorithm */
+ key_type_name = "rsa-sha2-512";
}
for (i = 0; i < argc; i++) {
From 476e3551b2952ef73acc43d995e832539bf9bc4d Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 20 May 2019 00:20:35 +0000
Subject: [PATCH] upstream: When signing certificates with an RSA key, default
to
using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
will therefore be incompatible with OpenSSH < 7.2 unless the default is
overridden.
Document the ability of the ssh-keygen -t flag to override the
signature algorithm when signing certificates, and the new default.
ok deraadt@
OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
---
ssh-keygen.1 | 13 +++++++++++--
sshkey.c | 9 ++++++++-
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index f29774249..673bf6e2f 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: March 5 2019 $
+.Dd $Mdocdate: May 20 2019 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -577,6 +577,15 @@ The possible values are
.Dq ed25519 ,
or
.Dq rsa .
+.Pp
+This flag may also be used to specify the desired signature type when
+signing certificates using a RSA CA key.
+The available RSA signature variants are
+.Dq ssh-rsa
+(SHA1 signatures, not recommended),
+.Dq rsa-sha2-256
+.Dq rsa-sha2-512
+(the default).
.It Fl U
When used in combination with
.Fl s ,
diff --git a/sshkey.c b/sshkey.c
index 9849cb237..379a579cf 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
strcmp(alg, k->cert->signature_type) != 0)
return SSH_ERR_INVALID_ARGUMENT;
+ /*
+ * If no signing algorithm or signature_type was specified and we're
+ * using a RSA key, then default to a good signature algorithm.
+ */
+ if (alg == NULL && ca->type == KEY_RSA)
+ alg = "rsa-sha2-512";
+
if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;

View File

@ -0,0 +1,33 @@
From 7250879c72d28275a53f2f220e49646c3e42ef18 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 12 Jul 2019 04:08:39 +0000
Subject: [PATCH] upstream: include SHA2-variant RSA key algorithms in KEX
proposal;
allows ssh-keyscan to harvest keys from servers that disable olde SHA1
ssh-rsa. bz#3029 from Jakub Jelen
OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
---
ssh-keyscan.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index d95ba1b37..d383b57b9 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -233,7 +233,12 @@ keygrab_ssh2(con *c)
break;
case KT_RSA:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
- "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa";
+ "rsa-sha2-512-cert-v01@openssh.com,"
+ "rsa-sha2-256-cert-v01@openssh.com,"
+ "ssh-rsa-cert-v01@openssh.com" :
+ "rsa-sha2-512,"
+ "rsa-sha2-256,"
+ "ssh-rsa";
break;
case KT_ED25519:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?

View File

@ -2583,7 +2583,8 @@ index 70f06bff..59332945 100644
} }
- if (p->nslots == 0) { - if (p->nslots == 0) {
+ if (m->nslots == 0) { + if (m->nslots == 0) {
error("%s: provider %s returned no slots", __func__, - error("%s: provider %s returned no slots", __func__,
+ debug("%s: provider %s returned no slots", __func__,
- provider_id); - provider_id);
+ provider_module); + provider_module);
ret = -SSH_PKCS11_ERR_NO_SLOTS; ret = -SSH_PKCS11_ERR_NO_SLOTS;

View File

@ -0,0 +1,33 @@
From de1f3564cd85915b3002859873a37cb8d31ac9ce Mon Sep 17 00:00:00 2001
From: "dtucker@openbsd.org" <dtucker@openbsd.org>
Date: Tue, 18 Feb 2020 08:49:49 +0000
Subject: [PATCH] upstream: Detect and prevent simple configuration loops when
using
ProxyJump. bz#3057, ok djm@
OpenBSD-Commit-ID: 077d21c564c886c98309d871ed6f8ef267b9f037
---
ssh.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/ssh.c b/ssh.c
index 15aee569e..a983a108b 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1208,6 +1208,14 @@ main(int ac, char **av)
if (options.jump_host != NULL) {
char port_s[8];
const char *sshbin = argv0;
+ int port = options.port, jumpport = options.jump_port;
+
+ if (port <= 0)
+ port = default_ssh_port();
+ if (jumpport <= 0)
+ jumpport = default_ssh_port();
+ if (strcmp(options.jump_host, host) == 0 && port == jumpport)
+ fatal("jumphost loop via %s", options.jump_host);
/*
* Try to use SSH indicated by argv[0], but fall back to

View File

@ -0,0 +1,44 @@
commit 5481d0b4036b33b92c372ee36258ed11bff57d5d
Author: Jakub Jelen <jjelen@redhat.com>
Date: Thu Feb 27 10:07:33 2020 +0100
Mark the RDomain configuration option unsupported on non-openbsd builds
diff --git a/servconf.c b/servconf.c
index db80e943..153d2525 100644
--- a/servconf.c
+++ b/servconf.c
@@ -698,7 +698,11 @@ static struct {
{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
+#if defined(__OpenBSD__)
{ "rdomain", sRDomain, SSHCFG_ALL },
+#else
+ { "rdomain", sUnsupported, SSHCFG_ALL },
+#endif
{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
@@ -2841,7 +2845,9 @@ dump_config(ServerOptions *o)
o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
+#if defined(__OpenBSD__)
dump_cfg_string(sRDomain, o->routing_domain);
+#endif
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff --git a/sshd_config.5 b/sshd_config.5
index 5dca8981..766e9b90 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -1542,6 +1542,7 @@ will be bound to this
If the routing domain is set to
.Cm \&%D ,
then the domain in which the incoming connection was received will be applied.
+This feature is available on OpenBSD only.
.It Cm SetEnv
Specifies one or more environment variables to set in child sessions started
by

View File

@ -0,0 +1,30 @@
diff --git a/channels.c b/channels.c
--- a/channels.c
+++ b/channels.c
@@ -3933,16 +3933,26 @@ x11_create_display_inet(int x11_display_
if (ai->ai_family == AF_INET6)
sock_set_v6only(sock);
if (x11_use_localhost)
set_reuseaddr(sock);
if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
debug2("%s: bind port %d: %.100s", __func__,
port, strerror(errno));
close(sock);
+
+ /* do not remove successfully opened
+ * sockets if the request failed because
+ * the protocol IPv4/6 is not available
+ * (e.g. IPv6 may be disabled while being
+ * supported)
+ */
+ if (EADDRNOTAVAIL == errno)
+ continue;
+
for (n = 0; n < num_socks; n++)
close(socks[n]);
num_socks = 0;
break;
}
socks[num_socks++] = sock;
if (num_socks == NUM_SOCKS)
break;

View File

@ -6,6 +6,12 @@
# of DSA key or systemctl mask sshd-keygen@rsa.service to disable RSA key # of DSA key or systemctl mask sshd-keygen@rsa.service to disable RSA key
# creation. # creation.
# Do not change this option unless you have hardware random
# generator and you REALLY know what you are doing
SSH_USE_STRONG_RNG=0
# SSH_USE_STRONG_RNG=1
# System-wide crypto policy: # System-wide crypto policy:
# To opt-out, uncomment the following line # To opt-out, uncomment the following line
# CRYPTO_POLICY= # CRYPTO_POLICY=

View File

@ -66,7 +66,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.0p1 %global openssh_ver 8.0p1
%global openssh_rel 3 %global openssh_rel 5
%global pam_ssh_agent_ver 0.10.3 %global pam_ssh_agent_ver 0.10.3
%global pam_ssh_agent_rel 7 %global pam_ssh_agent_rel 7
@ -216,6 +216,20 @@ Patch963: openssh-8.0p1-openssl-evp.patch
Patch964: openssh-8.0p1-openssl-kdf.patch Patch964: openssh-8.0p1-openssl-kdf.patch
# Use new OpenSSL for PEM export to avoid MD5 dependency (#1712436) # Use new OpenSSL for PEM export to avoid MD5 dependency (#1712436)
Patch965: openssh-8.0p1-openssl-pem.patch Patch965: openssh-8.0p1-openssl-pem.patch
# Seed from dev/random if requested (#1785655)
Patch966: openssh-8.0p1-entropy.patch
# Unbreak ssh-keyscan RSA keys without SHA1 (#1744108)
Patch967: openssh-8.0p1-keyscan-rsa-sha2.patch
# Detect proxyJump loops in configuration files (#1804099)
Patch968: openssh-8.0p1-proxyjump-loops.patch
# ssh-keygen should default to SHA2-based signature algorithm (#1790610)
Patch969: openssh-8.0p1-keygen-sha2.patch
# RDomain is not suported on non-OpenBSD (#1807686)
# https://bugzilla.mindrot.org/show_bug.cgi?id=3126
Patch970: openssh-8.0p1-rdomain.patch
# Do not fail X11 forwarding if IPv6 is disabled (#1662189)
# https://bugzilla.mindrot.org/show_bug.cgi?id=2143
Patch971: openssh-8.0p1-x11-without-ipv6.patch
License: BSD License: BSD
Group: Applications/Internet Group: Applications/Internet
@ -239,7 +253,6 @@ BuildRequires: autoconf, automake, perl-interpreter, perl-generators, zlib-devel
BuildRequires: audit-libs-devel >= 2.0.5 BuildRequires: audit-libs-devel >= 2.0.5
BuildRequires: util-linux, groff BuildRequires: util-linux, groff
BuildRequires: pam-devel BuildRequires: pam-devel
BuildRequires: fipscheck-devel >= 1.3.0
BuildRequires: openssl-devel >= 0.9.8j BuildRequires: openssl-devel >= 0.9.8j
BuildRequires: perl-podlators BuildRequires: perl-podlators
BuildRequires: systemd-devel BuildRequires: systemd-devel
@ -270,7 +283,6 @@ BuildRequires: gnupg2
Summary: An open source SSH client applications Summary: An open source SSH client applications
Group: Applications/Internet Group: Applications/Internet
Requires: openssh = %{version}-%{release} Requires: openssh = %{version}-%{release}
Requires: fipscheck-lib%{_isa} >= 1.3.0
Requires: crypto-policies >= 20180306-1 Requires: crypto-policies >= 20180306-1
%package server %package server
@ -279,7 +291,6 @@ Group: System Environment/Daemons
Requires: openssh = %{version}-%{release} Requires: openssh = %{version}-%{release}
Requires(pre): /usr/sbin/useradd Requires(pre): /usr/sbin/useradd
Requires: pam >= 1.0.1-3 Requires: pam >= 1.0.1-3
Requires: fipscheck-lib%{_isa} >= 1.3.0
Requires: crypto-policies >= 20180306-1 Requires: crypto-policies >= 20180306-1
%{?systemd_requires} %{?systemd_requires}
@ -431,6 +442,12 @@ popd
%patch963 -p1 -b .openssl-evp %patch963 -p1 -b .openssl-evp
%patch964 -p1 -b .openssl-kdf %patch964 -p1 -b .openssl-kdf
%patch965 -p1 -b .openssl-pem %patch965 -p1 -b .openssl-pem
%patch966 -p1 -b .entropy
%patch967 -p1 -b .keyscan
%patch968 -p1 -b .proxyjump-loops
%patch969 -p1 -b .keygen-sha2
%patch970 -p1 -b .rdomain
%patch971 -p1 -b .x11-ipv6
%patch200 -p1 -b .audit %patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race %patch201 -p1 -b .audit-race
@ -556,14 +573,6 @@ make
popd popd
%endif %endif
# Add generation of HMAC checksums of the final stripped binaries
%global __spec_install_post \
%%{?__debug_package:%%{__debug_install_post}} \
%%{__arch_install_post} \
%%{__os_install_post} \
fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/ssh $RPM_BUILD_ROOT%{_sbindir}/sshd \
%{nil}
%check %check
#to run tests use "--with check" #to run tests use "--with check"
%if %{?_with_check:1}%{!?_with_check:0} %if %{?_with_check:1}%{!?_with_check:0}
@ -582,7 +591,6 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ldap.conf
install -d $RPM_BUILD_ROOT/etc/pam.d/ install -d $RPM_BUILD_ROOT/etc/pam.d/
install -d $RPM_BUILD_ROOT/etc/sysconfig/ install -d $RPM_BUILD_ROOT/etc/sysconfig/
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck
install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
@ -653,7 +661,6 @@ getent passwd sshd >/dev/null || \
%files clients %files clients
%attr(0755,root,root) %{_bindir}/ssh %attr(0755,root,root) %{_bindir}/ssh
%attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac
%attr(0644,root,root) %{_mandir}/man1/ssh.1* %attr(0644,root,root) %{_mandir}/man1/ssh.1*
%attr(0755,root,root) %{_bindir}/scp %attr(0755,root,root) %{_bindir}/scp
%attr(0644,root,root) %{_mandir}/man1/scp.1* %attr(0644,root,root) %{_mandir}/man1/scp.1*
@ -680,7 +687,6 @@ getent passwd sshd >/dev/null || \
%files server %files server
%dir %attr(0711,root,root) %{_var}/empty/sshd %dir %attr(0711,root,root) %{_var}/empty/sshd
%attr(0755,root,root) %{_sbindir}/sshd %attr(0755,root,root) %{_sbindir}/sshd
%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
%attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen %attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5* %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
@ -733,6 +739,24 @@ getent passwd sshd >/dev/null || \
%endif %endif
%changelog %changelog
* Tue Mar 24 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-5 + 0.10.3-7
- Do not print "no slots" warning by default (#1744220)
- Unbreak connecting using gssapi through proxy commands (#1749862)
- Document in manual pages that CASignatureAlgorithms are handled by crypto policies (#1790604)
- Use SHA2-based signature algorithms by default for signing certificates (#1790610)
- Prevent simple ProxyJump loops in configuration files (#1804099)
- Teach ssh-keyscan to use SHA2 RSA variants (#1744108)
- Do not fail hard if getrandom() is not available and no SSH_USE_STRONG_RNG is specified (#1812120)
- Improve wording of crypto policies references in manual pages (#1812854)
- Do not break X11 forwarding if IPv6 is disabled (#1662189)
- Enable SHA2-based GSSAPI key exchange algorithms by default (#1816226)
- Mark RDomain server configuration option unsupported in RHEL (#1807686)
- Clarify crypto policies defaults in manual pages (#1724195)
- Mention RSA SHA2 variants in ssh-keygen manual page (#1665900)
* Wed Jan 08 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-4 + 0.10.3-7
- Restore entropy patch for CC certification (#1785655)
* Tue Jul 23 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-3 + 0.10.3-7 * Tue Jul 23 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-3 + 0.10.3-7
- Fix typos in manual pages (#1668325) - Fix typos in manual pages (#1668325)
- Use the upstream support for PKCS#8 PEM files alongside with the legacy PEM files (#1712436) - Use the upstream support for PKCS#8 PEM files alongside with the legacy PEM files (#1712436)