openssh/openssh-9.0p1-evp-fips-sign.patch
Norbert Pocs b63272d9eb Make the sign, dh, ecdh processes FIPS compliant
FIPS compliancy can be stated by using only compliant crypto
functions. This is achieved by using EVP API from openssl 3.0
version. The solution uses a non-intrusive approach - instead
of rewriting everything to use EVP API it converts the data
to it at the critical places.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-04-13 19:12:46 +02:00

469 lines
14 KiB
Diff

diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../../openssh-8.7p1/ssh-dss.c ./ssh-dss.c
--- ../../openssh-8.7p1/ssh-dss.c 2023-03-08 15:35:14.669943335 +0100
+++ ./ssh-dss.c 2023-03-08 15:34:33.508578129 +0100
@@ -32,6 +32,8 @@
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
#include <stdarg.h>
#include <string.h>
@@ -72,9 +74,8 @@
sshkey_type_plain(key->type) != KEY_DSA)
return SSH_ERR_INVALID_ARGUMENT;
- if ((pkey = EVP_PKEY_new()) == NULL ||
- EVP_PKEY_set1_DSA(pkey, key->dsa) != 1)
- return SSH_ERR_ALLOC_FAIL;
+ if ((ret = ssh_create_evp_dss(key, &pkey)) != 0)
+ return ret;
ret = sshkey_calculate_signature(pkey, SSH_DIGEST_SHA1, &sigb, &len,
data, datalen);
EVP_PKEY_free(pkey);
@@ -201,11 +202,8 @@
goto out;
}
- if ((pkey = EVP_PKEY_new()) == NULL ||
- EVP_PKEY_set1_DSA(pkey, key->dsa) != 1) {
- ret = SSH_ERR_ALLOC_FAIL;
+ if ((ret = ssh_create_evp_dss(key, &pkey)) != 0)
goto out;
- }
ret = sshkey_verify_signature(pkey, SSH_DIGEST_SHA1, data, datalen,
sigb, slen);
EVP_PKEY_free(pkey);
@@ -221,4 +219,63 @@
freezero(sigblob, len);
return ret;
}
+
+int
+ssh_create_evp_dss(const struct sshkey *k, EVP_PKEY **pkey)
+{
+ OSSL_PARAM_BLD *param_bld = NULL;
+ EVP_PKEY_CTX *ctx = NULL;
+ const BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
+ int ret = 0;
+
+ if (k == NULL)
+ return SSH_ERR_INVALID_ARGUMENT;
+ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) == NULL ||
+ (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
+ ret = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+
+ DSA_get0_pqg(k->dsa, &p, &q, &g);
+ DSA_get0_key(k->dsa, &pub, &priv);
+
+ if (p != NULL &&
+ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if (q != NULL &&
+ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if (g != NULL &&
+ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if (pub != NULL &&
+ OSSL_PARAM_BLD_push_BN(param_bld,
+ OSSL_PKEY_PARAM_PUB_KEY,
+ pub) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if (priv != NULL &&
+ OSSL_PARAM_BLD_push_BN(param_bld,
+ OSSL_PKEY_PARAM_PRIV_KEY,
+ priv) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+
+out:
+ OSSL_PARAM_BLD_free(param_bld);
+ EVP_PKEY_CTX_free(ctx);
+ return ret;
+}
#endif /* WITH_OPENSSL */
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../../openssh-8.7p1/ssh-ecdsa.c ./ssh-ecdsa.c
--- ../../openssh-8.7p1/ssh-ecdsa.c 2023-03-08 15:35:14.669943335 +0100
+++ ./ssh-ecdsa.c 2023-03-08 15:40:52.628201267 +0100
@@ -34,6 +34,8 @@
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include <openssl/evp.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
#include <string.h>
@@ -72,9 +74,8 @@
if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1)
return SSH_ERR_INTERNAL_ERROR;
- if ((pkey = EVP_PKEY_new()) == NULL ||
- EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1)
- return SSH_ERR_ALLOC_FAIL;
+ if ((ret = ssh_create_evp_ec(key->ecdsa, key->ecdsa_nid, &pkey)) != 0)
+ return ret;
ret = sshkey_calculate_signature(pkey, hash_alg, &sigb, &len, data,
datalen);
EVP_PKEY_free(pkey);
@@ -193,11 +194,8 @@
goto out;
}
- if ((pkey = EVP_PKEY_new()) == NULL ||
- EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1) {
- ret = SSH_ERR_ALLOC_FAIL;
+ if (ssh_create_evp_ec(key->ecdsa, key->ecdsa_nid, &pkey) != 0)
goto out;
- }
ret = sshkey_verify_signature(pkey, hash_alg, data, datalen, sigb, len);
EVP_PKEY_free(pkey);
@@ -212,4 +210,76 @@
return ret;
}
+int
+ssh_create_evp_ec(EC_KEY *k, int ecdsa_nid, EVP_PKEY **pkey)
+{
+ OSSL_PARAM_BLD *param_bld = NULL;
+ EVP_PKEY_CTX *ctx = NULL;
+ BN_CTX *bn_ctx = NULL;
+ uint8_t *pub_ser = NULL;
+ const char *group_name;
+ const EC_POINT *pub = NULL;
+ const BIGNUM *priv = NULL;
+ int ret = 0;
+
+ if (k == NULL)
+ return SSH_ERR_INVALID_ARGUMENT;
+ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL ||
+ (param_bld = OSSL_PARAM_BLD_new()) == NULL ||
+ (bn_ctx = BN_CTX_new()) == NULL) {
+ ret = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+
+ if ((group_name = OSSL_EC_curve_nid2name(ecdsa_nid)) == NULL ||
+ OSSL_PARAM_BLD_push_utf8_string(param_bld,
+ OSSL_PKEY_PARAM_GROUP_NAME,
+ group_name,
+ strlen(group_name)) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if ((pub = EC_KEY_get0_public_key(k)) != NULL) {
+ const EC_GROUP *group;
+ size_t len;
+
+ group = EC_KEY_get0_group(k);
+ len = EC_POINT_point2oct(group, pub,
+ POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
+ if ((pub_ser = malloc(len)) == NULL) {
+ ret = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+ EC_POINT_point2oct(group,
+ pub,
+ POINT_CONVERSION_UNCOMPRESSED,
+ pub_ser,
+ len,
+ bn_ctx);
+ if (OSSL_PARAM_BLD_push_octet_string(param_bld,
+ OSSL_PKEY_PARAM_PUB_KEY,
+ pub_ser,
+ len) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ }
+ if ((priv = EC_KEY_get0_private_key(k)) != NULL &&
+ OSSL_PARAM_BLD_push_BN(param_bld,
+ OSSL_PKEY_PARAM_PRIV_KEY, priv) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+
+out:
+ OSSL_PARAM_BLD_free(param_bld);
+ EVP_PKEY_CTX_free(ctx);
+ BN_CTX_free(bn_ctx);
+ free(pub_ser);
+ return ret;
+}
#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../../openssh-8.7p1/sshkey.c ./sshkey.c
--- ../../openssh-8.7p1/sshkey.c 2023-03-08 15:35:14.702943628 +0100
+++ ./sshkey.c 2023-03-08 15:39:03.354082015 +0100
@@ -35,6 +35,8 @@
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/fips.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
#endif
#include "crypto_api.h"
@@ -492,13 +494,14 @@
{
EVP_MD_CTX *ctx = NULL;
u_char *sig = NULL;
- int ret, slen, len;
+ int ret, slen;
+ size_t len;
if (sigp == NULL || lenp == NULL) {
return SSH_ERR_INVALID_ARGUMENT;
}
- slen = EVP_PKEY_size(pkey);
+ slen = EVP_PKEY_get_size(pkey);
if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
return SSH_ERR_INVALID_ARGUMENT;
@@ -511,9 +514,10 @@
ret = SSH_ERR_ALLOC_FAIL;
goto error;
}
- if (EVP_SignInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
- EVP_SignUpdate(ctx, data, datalen) <= 0 ||
- EVP_SignFinal(ctx, sig, &len, pkey) <= 0) {
+ if (EVP_DigestSignInit(ctx, NULL, ssh_digest_to_md(hash_alg),
+ NULL, pkey) != 1 ||
+ EVP_DigestSignUpdate(ctx, data, datalen) != 1 ||
+ EVP_DigestSignFinal(ctx, sig, &len) != 1) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto error;
}
@@ -540,12 +544,13 @@
if ((ctx = EVP_MD_CTX_new()) == NULL) {
return SSH_ERR_ALLOC_FAIL;
}
- if (EVP_VerifyInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
- EVP_VerifyUpdate(ctx, data, datalen) <= 0) {
+ if (EVP_DigestVerifyInit(ctx, NULL, ssh_digest_to_md(hash_alg),
+ NULL, pkey) != 1 ||
+ EVP_DigestVerifyUpdate(ctx, data, datalen) != 1) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto done;
}
- ret = EVP_VerifyFinal(ctx, sigbuf, siglen, pkey);
+ ret = EVP_DigestVerifyFinal(ctx, sigbuf, siglen);
switch (ret) {
case 1:
ret = 0;
@@ -5038,3 +5043,27 @@
return 0;
}
#endif /* WITH_XMSS */
+
+#ifdef WITH_OPENSSL
+EVP_PKEY *
+sshkey_create_evp(OSSL_PARAM_BLD *param_bld, EVP_PKEY_CTX *ctx)
+{
+ EVP_PKEY *ret = NULL;
+ OSSL_PARAM *params = NULL;
+ if (param_bld == NULL || ctx == NULL) {
+ debug2_f("param_bld or ctx is NULL");
+ return NULL;
+ }
+ if ((params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) {
+ debug2_f("Could not build param list");
+ return NULL;
+ }
+ if (EVP_PKEY_fromdata_init(ctx) != 1 ||
+ EVP_PKEY_fromdata(ctx, &ret, EVP_PKEY_KEYPAIR, params) != 1) {
+ debug2_f("EVP_PKEY_fromdata failed");
+ OSSL_PARAM_free(params);
+ return NULL;
+ }
+ return ret;
+}
+#endif /* WITH_OPENSSL */
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../../openssh-8.7p1/sshkey.h ./sshkey.h
--- ../../openssh-8.7p1/sshkey.h 2023-03-08 15:35:14.702943628 +0100
+++ ./sshkey.h 2023-03-08 15:34:33.509578138 +0100
@@ -31,6 +31,9 @@
#ifdef WITH_OPENSSL
#include <openssl/rsa.h>
#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include <openssl/param_build.h>
+#include <openssl/core_names.h>
# ifdef OPENSSL_HAS_ECC
# include <openssl/ec.h>
# include <openssl/ecdsa.h>
@@ -293,6 +295,13 @@
void sshkey_sig_details_free(struct sshkey_sig_details *);
+#ifdef WITH_OPENSSL
+EVP_PKEY *sshkey_create_evp(OSSL_PARAM_BLD *, EVP_PKEY_CTX *);
+int ssh_create_evp_dss(const struct sshkey *, EVP_PKEY **);
+int ssh_create_evp_rsa(const struct sshkey *, EVP_PKEY **);
+int ssh_create_evp_ec(EC_KEY *, int, EVP_PKEY **);
+#endif /* WITH_OPENSSL */
+
#ifdef SSHKEY_INTERNAL
int ssh_rsa_sign(const struct sshkey *key,
u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac ../../openssh-8.7p1/ssh-rsa.c ./ssh-rsa.c
--- ../../openssh-8.7p1/ssh-rsa.c 2023-03-08 15:35:14.669943335 +0100
+++ ./ssh-rsa.c 2023-03-08 15:34:33.509578138 +0100
@@ -23,6 +23,8 @@
#include <openssl/evp.h>
#include <openssl/err.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
#include <stdarg.h>
#include <string.h>
@@ -172,9 +174,8 @@
if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
return SSH_ERR_KEY_LENGTH;
- if ((pkey = EVP_PKEY_new()) == NULL ||
- EVP_PKEY_set1_RSA(pkey, key->rsa) != 1)
- return SSH_ERR_ALLOC_FAIL;
+ if ((ret = ssh_create_evp_rsa(key, &pkey)) != 0)
+ return ret;
ret = sshkey_calculate_signature(pkey, hash_alg, &sig, &len, data,
datalen);
EVP_PKEY_free(pkey);
@@ -285,11 +286,8 @@
len = modlen;
}
- if ((pkey = EVP_PKEY_new()) == NULL ||
- EVP_PKEY_set1_RSA(pkey, key->rsa) != 1) {
- ret = SSH_ERR_ALLOC_FAIL;
+ if ((ret = ssh_create_evp_rsa(key, &pkey)) != 0)
goto out;
- }
ret = openssh_RSA_verify(hash_alg, data, datalen, sigblob, len, pkey);
EVP_PKEY_free(pkey);
@@ -306,11 +304,9 @@
u_char *sigbuf, size_t siglen, EVP_PKEY *pkey)
{
size_t rsasize = 0;
- const RSA *rsa;
int ret;
- rsa = EVP_PKEY_get0_RSA(pkey);
- rsasize = RSA_size(rsa);
+ rsasize = EVP_PKEY_get_size(pkey);
if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM ||
siglen == 0 || siglen > rsasize) {
ret = SSH_ERR_INVALID_ARGUMENT;
@@ -323,4 +319,87 @@
done:
return ret;
}
+
+int
+ssh_create_evp_rsa(const struct sshkey *k, EVP_PKEY **pkey)
+{
+ OSSL_PARAM_BLD *param_bld = NULL;
+ EVP_PKEY_CTX *ctx = NULL;
+ int ret = 0;
+ const BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL;
+ const BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
+
+ if (k == NULL)
+ return SSH_ERR_INVALID_ARGUMENT;
+ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)) == NULL ||
+ (param_bld = OSSL_PARAM_BLD_new()) == NULL) {
+ ret = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+
+ RSA_get0_key(k->rsa, &n, &e, &d);
+ RSA_get0_factors(k->rsa, &p, &q);
+ RSA_get0_crt_params(k->rsa, &dmp1, &dmq1, &iqmp);
+
+ if (n != NULL &&
+ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if (e != NULL &&
+ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, e) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if (d != NULL &&
+ OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_D, d) != 1) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+
+ if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+
+ /* setting this to param_build makes the creation process fail */
+ if (p != NULL &&
+ EVP_PKEY_set_bn_param(*pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, p) != 1) {
+ debug2_f("failed to add 'p' param");
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if (q != NULL &&
+ EVP_PKEY_set_bn_param(*pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, q) != 1) {
+ debug2_f("failed to add 'q' param");
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if (dmp1 != NULL &&
+ EVP_PKEY_set_bn_param(*pkey,
+ OSSL_PKEY_PARAM_RSA_EXPONENT1, dmp1) != 1) {
+ debug2_f("failed to add 'dmp1' param");
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if (dmq1 != NULL &&
+ EVP_PKEY_set_bn_param(*pkey,
+ OSSL_PKEY_PARAM_RSA_EXPONENT2, dmq1) != 1) {
+ debug2_f("failed to add 'dmq1' param");
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ if (iqmp != NULL &&
+ EVP_PKEY_set_bn_param(*pkey,
+ OSSL_PKEY_PARAM_RSA_COEFFICIENT1, iqmp) != 1) {
+ debug2_f("failed to add 'iqmp' param");
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+
+out:
+ OSSL_PARAM_BLD_free(param_bld);
+ EVP_PKEY_CTX_free(ctx);
+ return ret;
+}
#endif /* WITH_OPENSSL */