upstream/oracle/userland-gate: comparison components/openssh/patches/035-fips.patch

equal deleted inserted replaced

-:8206eb363f71
+:165bf092aa9c
 # This patch is unlikely to be accepted upstream.
 #
 diff -pur old/cipher.c new/cipher.c
 --- old/cipher.c
 +++ new/cipher.c
-@@ -77,7 +77,34 @@ struct sshcipher {
+@@ -86,7 +86,34 @@ struct sshcipher {
 #endif
 };
 +#ifdef ENABLE_OPENSSL_FIPS
 +/* in FIPS mode limit ciphers to FIPS compliant only */
 	for (alg = 0; digests[alg].id != -1; alg++) {
 diff -pur old/gss-genr.c new/gss-genr.c
 --- old/gss-genr.c
 +++ new/gss-genr.c
-@@ -44,6 +44,7 @@
+@@ -43,6 +43,7 @@
 #include "cipher.h"
 #include "key.h"
 #include "kex.h"
 +#include "misc.h"
 #include <openssl/evp.h>
 #include "ssh-gss.h"
-@@ -100,6 +101,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
+@@ -99,6 +100,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
 	char deroid[2];
 	const EVP_MD *evp_md = EVP_md5();
 	EVP_MD_CTX md;
 +	int fips_mode;
 	if (gss_enc2oid != NULL) {
 		for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
-@@ -112,6 +114,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
+@@ -111,6 +113,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
 	buffer_init(&buf);
 +#ifdef ENABLE_OPENSSL_FIPS
 +	fips_mode = ssh_FIPS_mode();
 +	}
 +#endif
 	oidpos = 0;
 	for (i = 0; i < gss_supported->count; i++) {
 		if (gss_supported->elements[i].length < 128 &&
-@@ -119,7 +129,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
+@@ -118,7 +128,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
 			deroid[0] = SSH_GSS_OIDTYPE;
 			deroid[1] = gss_supported->elements[i].length;
 -
 			EVP_DigestInit(&md, evp_md);
 			EVP_DigestUpdate(&md, deroid, 2);
 			EVP_DigestUpdate(&md,
-@@ -151,6 +160,12 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
+@@ -150,6 +159,12 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
 			oidpos++;
 		}
 	}
 +#ifdef ENABLE_OPENSSL_FIPS
 +	if (fips_mode) {
 	gss_enc2oid[oidpos].encoded = NULL;
 diff -pur old/kex.c new/kex.c
 --- old/kex.c
 +++ new/kex.c
-@@ -90,7 +90,43 @@ struct kexalg {
+@@ -89,7 +89,43 @@ struct kexalg {
 	int ec_nid;
 	int hash_alg;
 };
 +
 +#ifdef ENABLE_OPENSSL_FIPS
 int
 set_nonblock(int fd)
 diff -pur old/misc.h new/misc.h
 --- old/misc.h
 +++ new/misc.h
-@@ -40,6 +40,11 @@ struct ForwardOptions {
+@@ -44,6 +44,11 @@ struct ForwardOptions {
 char	*chop(char *);
 char	*strdelim(char **);
 +#ifdef ENABLE_OPENSSL_FIPS
 +int	 ssh_FIPS_mode();
 int	 unset_nonblock(int);
 void	 set_nodelay(int);
 diff -pur old/myproposal.h new/myproposal.h
 --- old/myproposal.h
 +++ new/myproposal.h
-@@ -88,21 +88,33 @@
+@@ -90,21 +90,33 @@
 # else
 #  define KEX_CURVE25519_METHODS ""
 # endif
 -#define KEX_COMMON_KEX \
 +
 +
 +#define	KEX_DEFAULT_PK_ALG_DFLT	\
 	HOSTKEY_ECDSA_CERT_METHODS \
 	"[email protected]," \
 	"[email protected]," \
-@@ -112,17 +124,32 @@
+@@ -114,17 +126,32 @@
 	"rsa-sha2-256," \
 	"ssh-rsa"
 +#define	KEX_DEFAULT_PK_ALG_FIPS	\
 +	HOSTKEY_ECDSA_CERT_METHODS \
 	"aes128-ctr,aes192-ctr,aes256-ctr" \
 	AESGCM_CIPHER_MODES
 -#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
 +#define KEX_CLIENT_ENCRYPT_DFLT KEX_SERVER_ENCRYPT_DFLT "," \
-+	"aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
++	"aes128-cbc,aes192-cbc,aes256-cbc"
 +
 +#define KEX_SERVER_ENCRYPT_FIPS \
 +	"aes128-ctr,aes192-ctr,aes256-ctr" \
 +	AESGCM_CIPHER_MODES
 +
 +#define KEX_CLIENT_ENCRYPT_FIPS KEX_SERVER_ENCRYPT_FIPS "," \
-	"aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
+	"aes128-cbc,aes192-cbc,aes256-cbc"
 -#define KEX_SERVER_MAC \
 +#define KEX_SERVER_MAC_DFLT \
 	"[email protected]," \
 	"[email protected]," \
 	"[email protected]," \
-@@ -134,7 +161,42 @@
+@@ -136,7 +163,42 @@
 	"hmac-sha2-512," \
 	"hmac-sha1"
 -#define KEX_CLIENT_MAC KEX_SERVER_MAC
 +#define KEX_CLIENT_MAC_DFLT KEX_SERVER_MAC_DFLT
 	OpenSSL_add_all_algorithms();
 #endif
 diff -pur old/ssh-agent.1 new/ssh-agent.1
 --- old/ssh-agent.1
 +++ new/ssh-agent.1
-@@ -117,6 +117,8 @@ and
+@@ -118,6 +118,8 @@ and
 .Dq sha256 .
 The default is
 .Dq sha256 .
 +If OpenSSL is running in FIPS-140 mode, the only supported option is
 +.Dq sha256 .
 Kill the current agent (given by the
 .Ev SSH_AGENT_PID
 diff -pur old/ssh-agent.c new/ssh-agent.c
 --- old/ssh-agent.c
 +++ new/ssh-agent.c
-@@ -1196,6 +1196,7 @@ main(int ac, char **av)
+@@ -1214,6 +1214,7 @@ main(int ac, char **av)
 	struct timeval *tvp = NULL;
 	size_t len;
 	mode_t prev_mask;
 +	int fips_err;
 	ssh_malloc_init();	/* must be called before any mallocs */
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
-@@ -1207,6 +1208,9 @@ main(int ac, char **av)
+@@ -1225,6 +1226,9 @@ main(int ac, char **av)
 	platform_disable_tracing(0);	/* strict=no */
 +#ifdef ENABLE_OPENSSL_FIPS
 +	fips_err = ssh_FIPS_mode_set_if_capable();
 +#endif
 #ifdef WITH_OPENSSL
 	OpenSSL_add_all_algorithms();
 #endif
-@@ -1337,8 +1341,19 @@ main(int ac, char **av)
+@@ -1363,8 +1367,19 @@ main(int ac, char **av)
 		printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
 		    SSH_AUTHSOCKET_ENV_NAME);
 		printf("echo Agent pid %ld;\n", (long)parent_pid);
 +#ifdef ENABLE_OPENSSL_FIPS
 +		ssh_FIPS_check_status();
 .Pp
 .Bl -tag -width Ds -compact
 diff -pur old/ssh.c new/ssh.c
 --- old/ssh.c
 +++ new/ssh.c
-@@ -609,6 +609,11 @@ main(int ac, char **av)
+@@ -606,6 +606,11 @@ main(int ac, char **av)
 	 */
 	initialize_options(&options);
 +#ifdef ENABLE_OPENSSL_FIPS
 +	/* determine FIPS mode early to limit ciphers and macs */
 +#endif
 +
 	/* Parse command-line arguments. */
 	host = NULL;
 	use_syslog = 0;
-@@ -1028,6 +1033,10 @@ main(int ac, char **av)
+@@ -1027,6 +1032,10 @@ main(int ac, char **av)
 #endif
 		);
 +#ifdef ENABLE_OPENSSL_FIPS
 +	ssh_FIPS_check_status();
 		OpenSSL_add_all_algorithms();
 #endif /* WITH_OPENSSL */
 diff -pur old/ssh_config.5 new/ssh_config.5
 --- old/ssh_config.5
 +++ new/ssh_config.5
-@@ -489,6 +489,13 @@ [email protected],aes256-gcm@openss
+@@ -442,6 +442,13 @@ [email protected],aes256-gcm@openss
-aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
+aes128-cbc,aes192-cbc,aes256-cbc
 .Ed
 .Pp
 +The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode:
 +.Bd -literal -offset indent
 +aes128-ctr,aes192-ctr,aes256-ctr,
 [email protected],[email protected],
 +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
 +.Ed
 +.Pp
-The list of available ciphers may also be obtained using the
+The list of available ciphers may also be obtained using
-.Fl Q
+.Qq ssh -Q cipher .
-option of
+.It Cm ClearAllForwardings
-@@ -738,6 +745,8 @@ and
+@@ -665,6 +672,8 @@ Valid options are:
-.Dq sha256 .
+and
-The default is
+.Cm sha256
-.Dq sha256 .
+(the default).
 +In FIPS-140 mode the only supported option is
 +.Dq sha256 .
 .It Cm ForwardAgent
 Specifies whether the connection to the authentication agent (if any)
 will be forwarded to the remote machine.
-@@ -1249,6 +1258,16 @@ [email protected],[email protected]
+@@ -1129,6 +1138,16 @@ [email protected],[email protected]
 hmac-sha2-256,hmac-sha2-512,hmac-sha1
 .Ed
 .Pp
 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode:
 +.Bd -literal -offset indent
 [email protected],
 [email protected]
 +hmac-sha1,hmac-sha1-96
 +.Ed
 +.Pp
-The list of available MAC algorithms may also be obtained using the
+The list of available MAC algorithms may also be obtained using
-.Fl Q
+.Qq ssh -Q mac .
-option of
+.It Cm NoHostAuthenticationForLocalhost
 diff -pur old/sshconnect.c new/sshconnect.c
 --- old/sshconnect.c
 +++ new/sshconnect.c
-@@ -530,8 +530,14 @@ send_client_banner(int connection_out, i
+@@ -529,8 +529,14 @@ send_client_banner(int connection_out, i
 {
 	/* Send our own protocol version identification. */
 	if (compat20) {
 +#ifdef ENABLE_OPENSSL_FIPS
 +		xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\r\n",
 		xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
 		    PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
 diff -pur old/sshd.8 new/sshd.8
 --- old/sshd.8
 +++ new/sshd.8
-@@ -86,6 +86,9 @@ rereads its configuration file when it r
+@@ -84,6 +84,9 @@ rereads its configuration file when it r
 by executing itself with the name and options it was started with, e.g.\&
 .Pa /usr/sbin/sshd .
 .Pp
 +If sshd links with FIPS-capable OpenSSL, sshd runs in FIPS-140 mode.
 +In FIPS-140 mode non-FIPS approved ciphers, MACs and digests are disabled.
 .Bl -tag -width Ds
 .It Fl 4
 diff -pur old/sshd.c new/sshd.c
 --- old/sshd.c
 +++ new/sshd.c
-@@ -431,10 +431,18 @@ sshd_exchange_identification(struct ssh
+@@ -366,10 +366,18 @@ sshd_exchange_identification(struct ssh
-		minor = PROTOCOL_MINOR_1;
+	char buf[256];			/* Must not be larger than remote_version. */
-	}
+	char remote_version[256];	/* Must be at least as big as buf. */
 +#ifdef ENABLE_OPENSSL_FIPS
 +	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
-+	    major, minor, SSH_VERSION,
++	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
 +	    ssh_FIPS_mode() ? " FIPS" : " ",
 +	    *options.version_addendum == '\0' ? "" : " ",
 +	    options.version_addendum, newline);
 +#else
 	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
-	    major, minor, SSH_VERSION,
+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
 	    *options.version_addendum == '\0' ? "" : " ",
 	    options.version_addendum, newline);
 +#endif
 	/* Send our protocol version identification. */
 	if (atomicio(vwrite, sock_out, server_version_string,
-@@ -1562,6 +1570,10 @@ main(int ac, char **av)
+@@ -1395,6 +1403,10 @@ main(int ac, char **av)
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 +#ifdef ENABLE_OPENSSL_FIPS
 +	ssh_FIPS_mode_set_if_capable();
 +#endif
 +
 	/* Initialize configuration options to their default values. */
 	initialize_server_options(&options);
-@@ -1712,6 +1724,10 @@ main(int ac, char **av)
+@@ -1541,6 +1553,10 @@ main(int ac, char **av)
 	    SYSLOG_FACILITY_AUTH : options.log_facility,
 	    log_stderr || !inetd_flag);
 +#ifdef ENABLE_OPENSSL_FIPS
 +	ssh_FIPS_check_status();
 	 * Unset KRB5CCNAME, otherwise the user's session may inherit it from
 	 * root's environment
 diff -pur old/sshd_config.5 new/sshd_config.5
 --- old/sshd_config.5
 +++ new/sshd_config.5
-@@ -489,6 +489,13 @@ aes128-ctr,aes192-ctr,aes256-ctr,
+@@ -478,6 +478,13 @@ aes128-ctr,aes192-ctr,aes256-ctr,
 [email protected],[email protected]
 .Ed
 .Pp
 +The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode:
 +.Bd -literal -offset indent
 +aes128-ctr,aes192-ctr,aes256-ctr,
 [email protected],[email protected],
 +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
 +.Ed
 +.Pp
-The list of available ciphers may also be obtained using the
+The list of available ciphers may also be obtained using
-.Fl Q
+.Qq ssh -Q cipher .
-option of
+.It Cm ClientAliveCountMax
-@@ -585,6 +592,8 @@ and
+@@ -576,6 +583,8 @@ and
-.Dq sha256 .
+.Cm sha256 .
 The default is
-.Dq sha256 .
+.Cm sha256 .
 +In FIPS-140 mode the only supported option is
 +.Dq sha256 .
 .It Cm ForceCommand
 Forces the execution of the command specified by
 .Cm ForceCommand ,
-@@ -1034,6 +1043,16 @@ [email protected],[email protected]
+@@ -1006,6 +1015,16 @@ [email protected],[email protected]
 hmac-sha2-256,hmac-sha2-512,hmac-sha1
 .Ed
 .Pp
 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode:
 +.Bd -literal -offset indent
 [email protected],
 [email protected]
 +hmac-sha1,hmac-sha1-96
 +.Ed
 +.Pp
-The list of available MAC algorithms may also be obtained using the
+The list of available MAC algorithms may also be obtained using
-.Fl Q
+.Qq ssh -Q mac .
-option of
+.It Cm Match
 diff -pur old/sshkey.c new/sshkey.c
 --- old/sshkey.c
 +++ new/sshkey.c
-@@ -85,7 +85,46 @@ struct keytype {
+@@ -84,7 +84,46 @@ struct keytype {
 	int cert;
 	int sigonly;
 };
 +
 +#ifdef ENABLE_OPENSSL_FIPS

branch	s11u3-sru
changeset 7946	165bf092aa9c
parent 7320	edeb951aa980