rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

FIPS: Do not fail if FIPS-unsupported algorithm is provided in configuration or on command line

Browse Source 
This effectively allows to use some previously denied algorithms
in FIPS mode, but they are not enabled in default hardcoded configuration
and disabled by FIPS crypto policy.

Additionally, there is no guarantee they will work in underlying OpenSSL.

Resolves: rhbz#1625318
This commit is contained in:
Jakub Jelen 2019-05-07 11:42:15 +02:00
parent ec02bb9685
commit f660e11adc
1 changed files with 0 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

194
openssh-7.7p1-fips.patch
View File

@ -1,67 +1,3 @@
diff -up openssh-7.9p1/cipher.c.fips openssh-7.9p1/cipher.c
--- openssh-7.9p1/cipher.c.fips 2019-03-11 17:06:37.614877975 +0100
+++ openssh-7.9p1/cipher.c 2019-03-11 17:06:37.620878031 +0100
@@ -39,6 +39,8 @@
#include <sys/types.h>
+#include <openssl/crypto.h>
+
#include <string.h>
#include <stdarg.h>
#include <stdio.h>
@@ -92,6 +94,33 @@ static const struct sshcipher ciphers[]
{ NULL, 0, 0, 0, 0, 0, NULL }
};
+static const struct sshcipher fips_ciphers[] = {
+#ifdef WITH_OPENSSL
+ { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc },
+ { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },
+ { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },
+ { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
+ { "rijndael-cbc@lysator.liu.se",
+ 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
+ { "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr },
+ { "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr },
+ { "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr },
+# ifdef OPENSSL_HAVE_EVPGCM
+ { "aes128-gcm@openssh.com",
+ 16, 16, 12, 16, 0, EVP_aes_128_gcm },
+ { "aes256-gcm@openssh.com",
+ 16, 32, 12, 16, 0, EVP_aes_256_gcm },
+# endif /* OPENSSL_HAVE_EVPGCM */
+#else
+ { "aes128-ctr", 16, 16, 0, 0, CFLAG_AESCTR, NULL },
+ { "aes192-ctr", 16, 24, 0, 0, CFLAG_AESCTR, NULL },
+ { "aes256-ctr", 16, 32, 0, 0, CFLAG_AESCTR, NULL },
+#endif
+ { "none", 8, 0, 0, 0, CFLAG_NONE, NULL },
+
+ { NULL, 0, 0, 0, 0, 0, NULL }
+};
+
/*--*/
/* Returns a comma-separated list of supported ciphers. */
@@ -102,7 +131,7 @@ cipher_alg_list(char sep, int auth_only)
size_t nlen, rlen = 0;
const struct sshcipher *c;
- for (c = ciphers; c->name != NULL; c++) {
+ for (c = FIPS_mode() ? fips_ciphers : ciphers; c->name != NULL; c++) {
if ((c->flags & CFLAG_INTERNAL) != 0)
continue;
if (auth_only && c->auth_len == 0)
@@ -174,7 +203,7 @@ const struct sshcipher *
cipher_by_name(const char *name)
{
const struct sshcipher *c;
- for (c = ciphers; c->name != NULL; c++)
+ for (c = FIPS_mode() ? fips_ciphers : ciphers; c->name != NULL; c++)
if (strcmp(c->name, name) == 0)
return c;
return NULL;
diff -up openssh-7.9p1/cipher-ctr.c.fips openssh-7.9p1/cipher-ctr.c
--- openssh-7.9p1/cipher-ctr.c.fips 2019-03-11 17:06:37.519877082 +0100
+++ openssh-7.9p1/cipher-ctr.c 2019-03-11 17:06:37.620878031 +0100
@ -154,75 +90,9 @@ diff -up openssh-7.9p1/dh.h.fips openssh-7.9p1/dh.h
u_int dh_estimate(int);
diff -up openssh-7.9p1/entropy.c.fips openssh-7.9p1/entropy.c
--- openssh-7.9p1/entropy.c.fips 2018-10-17 02:01:20.000000000 +0200
+++ openssh-7.9p1/entropy.c 2019-03-11 17:06:37.621878041 +0100
@@ -223,6 +223,11 @@ seed_rng(void)
"have %lx", (u_long)OPENSSL_VERSION_NUMBER,
OpenSSL_version_num());
+ /* clean the PRNG status when exiting the program */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ atexit(RAND_cleanup);
+#endif
+
#ifndef OPENSSL_PRNG_ONLY
if (RAND_status() == 1)
debug3("RNG is ready, skipping seeding");
diff -up openssh-7.9p1/kex.c.fips openssh-7.9p1/kex.c
--- openssh-7.9p1/kex.c.fips 2019-03-11 17:06:37.614877975 +0100
+++ openssh-7.9p1/kex.c 2019-03-11 17:06:37.621878041 +0100
@@ -122,6 +123,26 @@ static const struct kexalg kexalgs[] = {
{ NULL, -1, -1, -1 },
};
+static const struct kexalg kexalgs_fips[] = {
+ { KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 },
+ { KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 },
+ { KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 },
+#ifdef HAVE_EVP_SHA256
+ { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
+#endif
+#ifdef OPENSSL_HAS_ECC
+ { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2,
+ NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
+ { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1,
+ SSH_DIGEST_SHA384 },
+# ifdef OPENSSL_HAS_NISTP521
+ { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1,
+ SSH_DIGEST_SHA512 },
+# endif
+#endif
+ { NULL, -1, -1, -1 },
+};
+
static char *
kex_alg_list_internal(char sep, const struct kexalg *algs)
{
@@ -129,7 +150,7 @@ kex_alg_list(char sep)
char *
kex_alg_list(char sep)
{
- return kex_alg_list_internal(sep, kexalgs);
+ return kex_alg_list_internal(sep, (FIPS_mode() ? kexalgs_fips : kexalgs));
}
char *
@@ -149,11 +170,11 @@ kex_alg_by_name(const char *name)
{
const struct kexalg *k;
- for (k = kexalgs; k->name != NULL; k++) {
+ for (k = (FIPS_mode() ? kexalgs_fips : kexalgs); k->name != NULL; k++) {
if (strcmp(k->name, name) == 0)
return k;
}
- for (k = gss_kexalgs; k->name != NULL; k++) {
+ for (k = (FIPS_mode() ? NULL : gss_kexalgs); k->name != NULL; k++) {
if (strncmp(k->name, name, strlen(k->name)) == 0)
return k;
}
return NULL;
@@ -175,7 +196,10 @@ kex_names_valid(const char *names)
for ((p = strsep(&cp, ",")); p && *p != '\0';
(p = strsep(&cp, ","))) {
@ -257,70 +127,6 @@ diff -up openssh-7.9p1/kexgexc.c.fips openssh-7.9p1/kexgexc.c
p = g = NULL; /* belong to kex->dh now */
/* generate and send 'e', client DH public key */
diff -up openssh-7.9p1/mac.c.fips openssh-7.9p1/mac.c
--- openssh-7.9p1/mac.c.fips 2019-03-11 17:06:37.614877975 +0100
+++ openssh-7.9p1/mac.c 2019-03-11 17:06:37.621878041 +0100
@@ -27,6 +27,8 @@
#include <sys/types.h>
+#include <openssl/crypto.h>
+
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
@@ -54,7 +56,7 @@ struct macalg {
int etm; /* Encrypt-then-MAC */
};
-static const struct macalg macs[] = {
+static const struct macalg all_macs[] = {
/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
{ "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 },
{ "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 },
@@ -82,6 +84,24 @@ static const struct macalg macs[] = {
{ NULL, 0, 0, 0, 0, 0, 0 }
};
+static const struct macalg fips_macs[] = {
+ /* Encrypt-and-MAC (encrypt-and-authenticate) variants */
+ { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 },
+#ifdef HAVE_EVP_SHA256
+ { "hmac-sha2-256", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 },
+ { "hmac-sha2-512", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 },
+#endif
+
+ /* Encrypt-then-MAC variants */
+ { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
+#ifdef HAVE_EVP_SHA256
+ { "hmac-sha2-256-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 },
+ { "hmac-sha2-512-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 },
+#endif
+
+ { NULL, 0, 0, 0, 0, 0, 0 }
+};
+
/* Returns a list of supported MACs separated by the specified char. */
char *
mac_alg_list(char sep)
@@ -90,7 +110,7 @@ mac_alg_list(char sep)
size_t nlen, rlen = 0;
const struct macalg *m;
- for (m = macs; m->name != NULL; m++) {
+ for (m = FIPS_mode() ? fips_macs : all_macs; m->name != NULL; m++) {
if (ret != NULL)
ret[rlen++] = sep;
nlen = strlen(m->name);
@@ -129,7 +149,7 @@ mac_setup(struct sshmac *mac, char *name
{
const struct macalg *m;
- for (m = macs; m->name != NULL; m++) {
+ for (m = FIPS_mode() ? fips_macs : all_macs; m->name != NULL; m++) {
if (strcmp(name, m->name) != 0)
continue;
if (mac != NULL)
diff -up openssh-7.9p1/Makefile.in.fips openssh-7.9p1/Makefile.in
--- openssh-7.9p1/Makefile.in.fips 2019-03-11 17:06:37.615877984 +0100
+++ openssh-7.9p1/Makefile.in 2019-03-11 17:06:37.621878041 +0100