From f660e11adccff8d292166368a3e9607a669f0164 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: May 07 2019 09:57:30 +0000 Subject: FIPS: Do not fail if FIPS-unsupported algorithm is provided in configuration or on command line This effectively allows to use some previously denied algorithms in FIPS mode, but they are not enabled in default hardcoded configuration and disabled by FIPS crypto policy. Additionally, there is no guarantee they will work in underlying OpenSSL. Resolves: rhbz#1625318 --- diff --git a/openssh-7.7p1-fips.patch b/openssh-7.7p1-fips.patch index 14cf5c3..f28b943 100644 --- a/openssh-7.7p1-fips.patch +++ b/openssh-7.7p1-fips.patch @@ -1,67 +1,3 @@ -diff -up openssh-7.9p1/cipher.c.fips openssh-7.9p1/cipher.c ---- openssh-7.9p1/cipher.c.fips 2019-03-11 17:06:37.614877975 +0100 -+++ openssh-7.9p1/cipher.c 2019-03-11 17:06:37.620878031 +0100 -@@ -39,6 +39,8 @@ - - #include - -+#include -+ - #include - #include - #include -@@ -92,6 +94,33 @@ static const struct sshcipher ciphers[] - { NULL, 0, 0, 0, 0, 0, NULL } - }; - -+static const struct sshcipher fips_ciphers[] = { -+#ifdef WITH_OPENSSL -+ { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, -+ { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc }, -+ { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc }, -+ { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc }, -+ { "rijndael-cbc@lysator.liu.se", -+ 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc }, -+ { "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr }, -+ { "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr }, -+ { "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr }, -+# ifdef OPENSSL_HAVE_EVPGCM -+ { "aes128-gcm@openssh.com", -+ 16, 16, 12, 16, 0, EVP_aes_128_gcm }, -+ { "aes256-gcm@openssh.com", -+ 16, 32, 12, 16, 0, EVP_aes_256_gcm }, -+# endif /* OPENSSL_HAVE_EVPGCM */ -+#else -+ { "aes128-ctr", 16, 16, 0, 0, CFLAG_AESCTR, NULL }, -+ { "aes192-ctr", 16, 24, 0, 0, CFLAG_AESCTR, NULL }, -+ { "aes256-ctr", 16, 32, 0, 0, CFLAG_AESCTR, NULL }, -+#endif -+ { "none", 8, 0, 0, 0, CFLAG_NONE, NULL }, -+ -+ { NULL, 0, 0, 0, 0, 0, NULL } -+}; -+ - /*--*/ - - /* Returns a comma-separated list of supported ciphers. */ -@@ -102,7 +131,7 @@ cipher_alg_list(char sep, int auth_only) - size_t nlen, rlen = 0; - const struct sshcipher *c; - -- for (c = ciphers; c->name != NULL; c++) { -+ for (c = FIPS_mode() ? fips_ciphers : ciphers; c->name != NULL; c++) { - if ((c->flags & CFLAG_INTERNAL) != 0) - continue; - if (auth_only && c->auth_len == 0) -@@ -174,7 +203,7 @@ const struct sshcipher * - cipher_by_name(const char *name) - { - const struct sshcipher *c; -- for (c = ciphers; c->name != NULL; c++) -+ for (c = FIPS_mode() ? fips_ciphers : ciphers; c->name != NULL; c++) - if (strcmp(c->name, name) == 0) - return c; - return NULL; diff -up openssh-7.9p1/cipher-ctr.c.fips openssh-7.9p1/cipher-ctr.c --- openssh-7.9p1/cipher-ctr.c.fips 2019-03-11 17:06:37.519877082 +0100 +++ openssh-7.9p1/cipher-ctr.c 2019-03-11 17:06:37.620878031 +0100 @@ -154,75 +90,9 @@ diff -up openssh-7.9p1/dh.h.fips openssh-7.9p1/dh.h u_int dh_estimate(int); -diff -up openssh-7.9p1/entropy.c.fips openssh-7.9p1/entropy.c ---- openssh-7.9p1/entropy.c.fips 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/entropy.c 2019-03-11 17:06:37.621878041 +0100 -@@ -223,6 +223,11 @@ seed_rng(void) - "have %lx", (u_long)OPENSSL_VERSION_NUMBER, - OpenSSL_version_num()); - -+ /* clean the PRNG status when exiting the program */ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ atexit(RAND_cleanup); -+#endif -+ - #ifndef OPENSSL_PRNG_ONLY - if (RAND_status() == 1) - debug3("RNG is ready, skipping seeding"); diff -up openssh-7.9p1/kex.c.fips openssh-7.9p1/kex.c --- openssh-7.9p1/kex.c.fips 2019-03-11 17:06:37.614877975 +0100 +++ openssh-7.9p1/kex.c 2019-03-11 17:06:37.621878041 +0100 -@@ -122,6 +123,26 @@ static const struct kexalg kexalgs[] = { - { NULL, -1, -1, -1 }, - }; - -+static const struct kexalg kexalgs_fips[] = { -+ { KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 }, -+ { KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 }, -+ { KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 }, -+#ifdef HAVE_EVP_SHA256 -+ { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, -+#endif -+#ifdef OPENSSL_HAS_ECC -+ { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, -+ NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, -+ { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, -+ SSH_DIGEST_SHA384 }, -+# ifdef OPENSSL_HAS_NISTP521 -+ { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, -+ SSH_DIGEST_SHA512 }, -+# endif -+#endif -+ { NULL, -1, -1, -1 }, -+}; -+ - static char * - kex_alg_list_internal(char sep, const struct kexalg *algs) - { -@@ -129,7 +150,7 @@ kex_alg_list(char sep) - char * - kex_alg_list(char sep) - { -- return kex_alg_list_internal(sep, kexalgs); -+ return kex_alg_list_internal(sep, (FIPS_mode() ? kexalgs_fips : kexalgs)); - } - - char * -@@ -149,11 +170,11 @@ kex_alg_by_name(const char *name) - { - const struct kexalg *k; - -- for (k = kexalgs; k->name != NULL; k++) { -+ for (k = (FIPS_mode() ? kexalgs_fips : kexalgs); k->name != NULL; k++) { - if (strcmp(k->name, name) == 0) - return k; - } -- for (k = gss_kexalgs; k->name != NULL; k++) { -+ for (k = (FIPS_mode() ? NULL : gss_kexalgs); k->name != NULL; k++) { - if (strncmp(k->name, name, strlen(k->name)) == 0) - return k; - } - return NULL; @@ -175,7 +196,10 @@ kex_names_valid(const char *names) for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { @@ -257,70 +127,6 @@ diff -up openssh-7.9p1/kexgexc.c.fips openssh-7.9p1/kexgexc.c p = g = NULL; /* belong to kex->dh now */ /* generate and send 'e', client DH public key */ -diff -up openssh-7.9p1/mac.c.fips openssh-7.9p1/mac.c ---- openssh-7.9p1/mac.c.fips 2019-03-11 17:06:37.614877975 +0100 -+++ openssh-7.9p1/mac.c 2019-03-11 17:06:37.621878041 +0100 -@@ -27,6 +27,8 @@ - - #include - -+#include -+ - #include - #include - #include -@@ -54,7 +56,7 @@ struct macalg { - int etm; /* Encrypt-then-MAC */ - }; - --static const struct macalg macs[] = { -+static const struct macalg all_macs[] = { - /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ - { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, - { "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 }, -@@ -82,6 +84,24 @@ static const struct macalg macs[] = { - { NULL, 0, 0, 0, 0, 0, 0 } - }; - -+static const struct macalg fips_macs[] = { -+ /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ -+ { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, -+#ifdef HAVE_EVP_SHA256 -+ { "hmac-sha2-256", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 }, -+ { "hmac-sha2-512", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 }, -+#endif -+ -+ /* Encrypt-then-MAC variants */ -+ { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, -+#ifdef HAVE_EVP_SHA256 -+ { "hmac-sha2-256-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 }, -+ { "hmac-sha2-512-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 }, -+#endif -+ -+ { NULL, 0, 0, 0, 0, 0, 0 } -+}; -+ - /* Returns a list of supported MACs separated by the specified char. */ - char * - mac_alg_list(char sep) -@@ -90,7 +110,7 @@ mac_alg_list(char sep) - size_t nlen, rlen = 0; - const struct macalg *m; - -- for (m = macs; m->name != NULL; m++) { -+ for (m = FIPS_mode() ? fips_macs : all_macs; m->name != NULL; m++) { - if (ret != NULL) - ret[rlen++] = sep; - nlen = strlen(m->name); -@@ -129,7 +149,7 @@ mac_setup(struct sshmac *mac, char *name - { - const struct macalg *m; - -- for (m = macs; m->name != NULL; m++) { -+ for (m = FIPS_mode() ? fips_macs : all_macs; m->name != NULL; m++) { - if (strcmp(name, m->name) != 0) - continue; - if (mac != NULL) diff -up openssh-7.9p1/Makefile.in.fips openssh-7.9p1/Makefile.in --- openssh-7.9p1/Makefile.in.fips 2019-03-11 17:06:37.615877984 +0100 +++ openssh-7.9p1/Makefile.in 2019-03-11 17:06:37.621878041 +0100