43 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, |
43 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, |
44 { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, |
44 { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, |
45 diff -pur old/digest-openssl.c new/digest-openssl.c |
45 diff -pur old/digest-openssl.c new/digest-openssl.c |
46 --- old/digest-openssl.c |
46 --- old/digest-openssl.c |
47 +++ new/digest-openssl.c |
47 +++ new/digest-openssl.c |
48 @@ -53,8 +53,22 @@ struct ssh_digest { |
48 @@ -31,6 +31,7 @@ |
|
49 #include "sshbuf.h" |
|
50 #include "digest.h" |
|
51 #include "ssherr.h" |
|
52 +#include "misc.h" |
|
53 |
|
54 #ifndef HAVE_EVP_RIPEMD160 |
|
55 # define EVP_ripemd160 NULL |
|
56 @@ -53,8 +54,22 @@ struct ssh_digest { |
49 const EVP_MD *(*mdfunc)(void); |
57 const EVP_MD *(*mdfunc)(void); |
50 }; |
58 }; |
51 |
59 |
52 +#ifdef ENABLE_OPENSSL_FIPS |
60 +#ifdef ENABLE_OPENSSL_FIPS |
53 /* NB. Indexed directly by algorithm number */ |
61 /* NB. Indexed directly by algorithm number */ |
66 const struct ssh_digest digests[] = { |
74 const struct ssh_digest digests[] = { |
67 +#endif /* ENABLE_OPENSSL_FIPS */ |
75 +#endif /* ENABLE_OPENSSL_FIPS */ |
68 { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, |
76 { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, |
69 { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 }, |
77 { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 }, |
70 { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, |
78 { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, |
71 @@ -67,6 +81,9 @@ const struct ssh_digest digests[] = { |
79 @@ -67,6 +82,9 @@ const struct ssh_digest digests[] = { |
72 static const struct ssh_digest * |
80 static const struct ssh_digest * |
73 ssh_digest_by_alg(int alg) |
81 ssh_digest_by_alg(int alg) |
74 { |
82 { |
75 +#ifdef ENABLE_OPENSSL_FIPS |
83 +#ifdef ENABLE_OPENSSL_FIPS |
76 + struct ssh_digest *digests = ssh_FIPS_mode() ? digests_fips : digests_dflt; |
84 + struct ssh_digest *digests = ssh_FIPS_mode() ? digests_fips : digests_dflt; |
77 +#endif |
85 +#endif |
78 if (alg < 0 || alg >= SSH_DIGEST_MAX) |
86 if (alg < 0 || alg >= SSH_DIGEST_MAX) |
79 return NULL; |
87 return NULL; |
80 if (digests[alg].id != alg) /* sanity */ |
88 if (digests[alg].id != alg) /* sanity */ |
81 @@ -79,6 +96,9 @@ ssh_digest_by_alg(int alg) |
89 @@ -79,6 +97,9 @@ ssh_digest_by_alg(int alg) |
82 int |
90 int |
83 ssh_digest_alg_by_name(const char *name) |
91 ssh_digest_alg_by_name(const char *name) |
84 { |
92 { |
85 +#ifdef ENABLE_OPENSSL_FIPS |
93 +#ifdef ENABLE_OPENSSL_FIPS |
86 + struct ssh_digest *digests = ssh_FIPS_mode() ? digests_fips : digests_dflt; |
94 + struct ssh_digest *digests = ssh_FIPS_mode() ? digests_fips : digests_dflt; |
89 |
97 |
90 for (alg = 0; digests[alg].id != -1; alg++) { |
98 for (alg = 0; digests[alg].id != -1; alg++) { |
91 diff -pur old/gss-genr.c new/gss-genr.c |
99 diff -pur old/gss-genr.c new/gss-genr.c |
92 --- old/gss-genr.c |
100 --- old/gss-genr.c |
93 +++ new/gss-genr.c |
101 +++ new/gss-genr.c |
94 @@ -100,6 +100,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
102 @@ -44,6 +44,7 @@ |
|
103 #include "cipher.h" |
|
104 #include "key.h" |
|
105 #include "kex.h" |
|
106 +#include "misc.h" |
|
107 #include <openssl/evp.h> |
|
108 |
|
109 #include "ssh-gss.h" |
|
110 @@ -100,6 +101,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
95 char deroid[2]; |
111 char deroid[2]; |
96 const EVP_MD *evp_md = EVP_md5(); |
112 const EVP_MD *evp_md = EVP_md5(); |
97 EVP_MD_CTX md; |
113 EVP_MD_CTX md; |
98 + int fips_mode; |
114 + int fips_mode; |
99 |
115 |
100 if (gss_enc2oid != NULL) { |
116 if (gss_enc2oid != NULL) { |
101 for (i = 0; gss_enc2oid[i].encoded != NULL; i++) |
117 for (i = 0; gss_enc2oid[i].encoded != NULL; i++) |
102 @@ -112,6 +113,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
118 @@ -112,6 +114,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
103 |
119 |
104 buffer_init(&buf); |
120 buffer_init(&buf); |
105 |
121 |
106 +#ifdef ENABLE_OPENSSL_FIPS |
122 +#ifdef ENABLE_OPENSSL_FIPS |
107 + fips_mode = ssh_FIPS_mode(); |
123 + fips_mode = ssh_FIPS_mode(); |
112 + } |
128 + } |
113 +#endif |
129 +#endif |
114 oidpos = 0; |
130 oidpos = 0; |
115 for (i = 0; i < gss_supported->count; i++) { |
131 for (i = 0; i < gss_supported->count; i++) { |
116 if (gss_supported->elements[i].length < 128 && |
132 if (gss_supported->elements[i].length < 128 && |
117 @@ -119,7 +128,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
133 @@ -119,7 +129,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
118 |
134 |
119 deroid[0] = SSH_GSS_OIDTYPE; |
135 deroid[0] = SSH_GSS_OIDTYPE; |
120 deroid[1] = gss_supported->elements[i].length; |
136 deroid[1] = gss_supported->elements[i].length; |
121 - |
137 - |
122 EVP_DigestInit(&md, evp_md); |
138 EVP_DigestInit(&md, evp_md); |
123 EVP_DigestUpdate(&md, deroid, 2); |
139 EVP_DigestUpdate(&md, deroid, 2); |
124 EVP_DigestUpdate(&md, |
140 EVP_DigestUpdate(&md, |
125 @@ -151,6 +159,12 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
141 @@ -151,6 +160,12 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
126 oidpos++; |
142 oidpos++; |
127 } |
143 } |
128 } |
144 } |
129 +#ifdef ENABLE_OPENSSL_FIPS |
145 +#ifdef ENABLE_OPENSSL_FIPS |
130 + if (fips_mode) { |
146 + if (fips_mode) { |
136 gss_enc2oid[oidpos].encoded = NULL; |
152 gss_enc2oid[oidpos].encoded = NULL; |
137 |
153 |
138 diff -pur old/kex.c new/kex.c |
154 diff -pur old/kex.c new/kex.c |
139 --- old/kex.c |
155 --- old/kex.c |
140 +++ new/kex.c |
156 +++ new/kex.c |
141 @@ -89,7 +89,40 @@ struct kexalg { |
157 @@ -90,7 +90,43 @@ struct kexalg { |
142 int ec_nid; |
158 int ec_nid; |
143 int hash_alg; |
159 int hash_alg; |
144 }; |
160 }; |
145 + |
161 + |
146 +#ifdef ENABLE_OPENSSL_FIPS |
162 +#ifdef ENABLE_OPENSSL_FIPS |
147 +/* in FIPS mode limit kexalgs to FIPS compliant only */ |
163 +/* in FIPS mode limit kexalgs to FIPS compliant only */ |
148 +#define kexalgs (ssh_FIPS_mode() ? kexalgs_fips : kexalgs_dflt) |
164 +#define kexalgs (ssh_FIPS_mode() ? kexalgs_fips : kexalgs_dflt) |
149 +static const struct kexalg kexalgs_fips[] = { |
165 +static const struct kexalg kexalgs_fips[] = { |
150 +#ifdef WITH_OPENSSL |
166 +#ifdef WITH_OPENSSL |
151 + { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
167 + { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
152 + { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, |
168 + { KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, |
|
169 + { KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 }, |
|
170 + { KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 }, |
|
171 + { KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 }, |
153 + { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, |
172 + { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, |
154 +#ifdef HAVE_EVP_SHA256 |
173 +#ifdef HAVE_EVP_SHA256 |
155 + { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, |
174 + { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, |
156 +#endif /* HAVE_EVP_SHA256 */ |
175 +#endif /* HAVE_EVP_SHA256 */ |
157 +#ifdef OPENSSL_HAS_ECC |
176 +#ifdef OPENSSL_HAS_ECC |
176 +#else |
195 +#else |
177 static const struct kexalg kexalgs[] = { |
196 static const struct kexalg kexalgs[] = { |
178 +#endif |
197 +#endif |
179 #ifdef WITH_OPENSSL |
198 #ifdef WITH_OPENSSL |
180 { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
199 { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
181 { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, |
200 { KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, |
182 diff -pur old/mac.c new/mac.c |
201 diff -pur old/mac.c new/mac.c |
183 --- old/mac.c |
202 --- old/mac.c |
184 +++ new/mac.c |
203 +++ new/mac.c |
185 @@ -53,8 +53,33 @@ struct macalg { |
204 @@ -53,8 +53,33 @@ struct macalg { |
186 int len; /* just for UMAC */ |
205 int len; /* just for UMAC */ |
217 { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, |
236 { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, |
218 { "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 }, |
237 { "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 }, |
219 diff -pur old/misc.c new/misc.c |
238 diff -pur old/misc.c new/misc.c |
220 --- old/misc.c |
239 --- old/misc.c |
221 +++ new/misc.c |
240 +++ new/misc.c |
222 @@ -39,12 +39,15 @@ |
241 @@ -39,12 +39,16 @@ |
223 #include <string.h> |
242 #include <string.h> |
224 #include <time.h> |
243 #include <time.h> |
225 #include <unistd.h> |
244 #include <unistd.h> |
226 +#include <dlfcn.h> |
245 +#include <dlfcn.h> |
227 |
246 |
229 #include <netinet/in_systm.h> |
248 #include <netinet/in_systm.h> |
230 #include <netinet/ip.h> |
249 #include <netinet/ip.h> |
231 #include <netinet/tcp.h> |
250 #include <netinet/tcp.h> |
232 |
251 |
233 +#include <openssl/crypto.h> |
252 +#include <openssl/crypto.h> |
|
253 +#include <openssl/err.h> |
234 + |
254 + |
235 #include <ctype.h> |
255 #include <ctype.h> |
236 #include <errno.h> |
256 #include <errno.h> |
237 #include <fcntl.h> |
257 #include <fcntl.h> |
238 @@ -78,6 +81,60 @@ chop(char *s) |
258 @@ -78,6 +82,60 @@ chop(char *s) |
239 |
259 |
240 } |
260 } |
241 |
261 |
242 +#ifdef ENABLE_OPENSSL_FIPS |
262 +#ifdef ENABLE_OPENSSL_FIPS |
243 +/* is OpenSSL FIPS mode set? */ |
263 +/* is OpenSSL FIPS mode set? */ |
297 int |
317 int |
298 set_nonblock(int fd) |
318 set_nonblock(int fd) |
299 diff -pur old/misc.h new/misc.h |
319 diff -pur old/misc.h new/misc.h |
300 --- old/misc.h |
320 --- old/misc.h |
301 +++ new/misc.h |
321 +++ new/misc.h |
302 @@ -38,6 +38,11 @@ struct ForwardOptions { |
322 @@ -40,6 +40,11 @@ struct ForwardOptions { |
303 |
323 |
304 char *chop(char *); |
324 char *chop(char *); |
305 char *strdelim(char **); |
325 char *strdelim(char **); |
306 +#ifdef ENABLE_OPENSSL_FIPS |
326 +#ifdef ENABLE_OPENSSL_FIPS |
307 +int ssh_FIPS_mode(); |
327 +int ssh_FIPS_mode(); |
312 int unset_nonblock(int); |
332 int unset_nonblock(int); |
313 void set_nodelay(int); |
333 void set_nodelay(int); |
314 diff -pur old/myproposal.h new/myproposal.h |
334 diff -pur old/myproposal.h new/myproposal.h |
315 --- old/myproposal.h |
335 --- old/myproposal.h |
316 +++ new/myproposal.h |
336 +++ new/myproposal.h |
317 @@ -83,19 +83,31 @@ |
337 @@ -88,21 +88,33 @@ |
318 # else |
338 # else |
319 # define KEX_CURVE25519_METHODS "" |
339 # define KEX_CURVE25519_METHODS "" |
320 # endif |
340 # endif |
321 -#define KEX_COMMON_KEX \ |
341 -#define KEX_COMMON_KEX \ |
322 + |
342 + |
323 +#define KEX_COMMON_KEX_DFLT \ |
343 +#define KEX_COMMON_KEX_DFLT \ |
324 KEX_CURVE25519_METHODS \ |
344 KEX_CURVE25519_METHODS \ |
325 KEX_ECDH_METHODS \ |
345 KEX_ECDH_METHODS \ |
326 KEX_SHA256_METHODS |
346 KEX_SHA2_METHODS |
327 |
347 |
328 -#define KEX_SERVER_KEX KEX_COMMON_KEX \ |
348 -#define KEX_SERVER_KEX KEX_COMMON_KEX \ |
329 +#define KEX_SERVER_KEX_DFLT KEX_COMMON_KEX_DFLT \ |
349 +#define KEX_SERVER_KEX_DFLT KEX_COMMON_KEX_DFLT \ |
|
350 KEX_SHA2_GROUP14 \ |
330 "diffie-hellman-group14-sha1" \ |
351 "diffie-hellman-group14-sha1" \ |
331 |
352 |
332 -#define KEX_CLIENT_KEX KEX_COMMON_KEX \ |
353 -#define KEX_CLIENT_KEX KEX_COMMON_KEX \ |
333 +#define KEX_CLIENT_KEX_DFLT KEX_COMMON_KEX_DFLT \ |
354 +#define KEX_CLIENT_KEX_DFLT KEX_COMMON_KEX_DFLT \ |
334 "diffie-hellman-group-exchange-sha1," \ |
355 "diffie-hellman-group-exchange-sha1," \ |
|
356 KEX_SHA2_GROUP14 \ |
335 "diffie-hellman-group14-sha1" |
357 "diffie-hellman-group14-sha1" |
336 |
358 |
337 -#define KEX_DEFAULT_PK_ALG \ |
359 -#define KEX_DEFAULT_PK_ALG \ |
338 +#define KEX_COMMON_KEX_FIPS \ |
360 +#define KEX_COMMON_KEX_FIPS \ |
339 + KEX_ECDH_METHODS \ |
361 + KEX_ECDH_METHODS \ |
340 + KEX_SHA256_METHODS |
362 + KEX_SHA2_METHODS |
341 + |
363 + |
342 +#define KEX_SERVER_KEX_FIPS KEX_COMMON_KEX_FIPS \ |
364 +#define KEX_SERVER_KEX_FIPS KEX_COMMON_KEX_FIPS \ |
343 + "diffie-hellman-group14-sha1" \ |
365 + "diffie-hellman-group14-sha1" \ |
344 + |
366 + |
345 +#define KEX_CLIENT_KEX_FIPS KEX_COMMON_KEX_FIPS \ |
367 +#define KEX_CLIENT_KEX_FIPS KEX_COMMON_KEX_FIPS \ |
348 + |
370 + |
349 +#define KEX_DEFAULT_PK_ALG_DFLT \ |
371 +#define KEX_DEFAULT_PK_ALG_DFLT \ |
350 HOSTKEY_ECDSA_CERT_METHODS \ |
372 HOSTKEY_ECDSA_CERT_METHODS \ |
351 "[email protected]," \ |
373 "[email protected]," \ |
352 "[email protected]," \ |
374 "[email protected]," \ |
353 @@ -105,17 +117,32 @@ |
375 @@ -112,17 +124,32 @@ |
354 "rsa-sha2-256," \ |
376 "rsa-sha2-256," \ |
355 "ssh-rsa" |
377 "ssh-rsa" |
356 |
378 |
357 +#define KEX_DEFAULT_PK_ALG_FIPS \ |
379 +#define KEX_DEFAULT_PK_ALG_FIPS \ |
358 + HOSTKEY_ECDSA_CERT_METHODS \ |
380 + HOSTKEY_ECDSA_CERT_METHODS \ |
384 -#define KEX_SERVER_MAC \ |
406 -#define KEX_SERVER_MAC \ |
385 +#define KEX_SERVER_MAC_DFLT \ |
407 +#define KEX_SERVER_MAC_DFLT \ |
386 "[email protected]," \ |
408 "[email protected]," \ |
387 "[email protected]," \ |
409 "[email protected]," \ |
388 "[email protected]," \ |
410 "[email protected]," \ |
389 @@ -127,7 +154,42 @@ |
411 @@ -134,7 +161,42 @@ |
390 "hmac-sha2-512," \ |
412 "hmac-sha2-512," \ |
391 "hmac-sha1" |
413 "hmac-sha1" |
392 |
414 |
393 -#define KEX_CLIENT_MAC KEX_SERVER_MAC |
415 -#define KEX_CLIENT_MAC KEX_SERVER_MAC |
394 +#define KEX_CLIENT_MAC_DFLT KEX_SERVER_MAC_DFLT |
416 +#define KEX_CLIENT_MAC_DFLT KEX_SERVER_MAC_DFLT |
471 Kill the current agent (given by the |
493 Kill the current agent (given by the |
472 .Ev SSH_AGENT_PID |
494 .Ev SSH_AGENT_PID |
473 diff -pur old/ssh-agent.c new/ssh-agent.c |
495 diff -pur old/ssh-agent.c new/ssh-agent.c |
474 --- old/ssh-agent.c |
496 --- old/ssh-agent.c |
475 +++ new/ssh-agent.c |
497 +++ new/ssh-agent.c |
476 @@ -1199,6 +1199,7 @@ main(int ac, char **av) |
498 @@ -1196,6 +1196,7 @@ main(int ac, char **av) |
477 struct timeval *tvp = NULL; |
499 struct timeval *tvp = NULL; |
478 size_t len; |
500 size_t len; |
479 mode_t prev_mask; |
501 mode_t prev_mask; |
480 + int fips_err; |
502 + int fips_err; |
481 |
503 |
482 ssh_malloc_init(); /* must be called before any mallocs */ |
504 ssh_malloc_init(); /* must be called before any mallocs */ |
483 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
505 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
484 @@ -1213,6 +1214,9 @@ main(int ac, char **av) |
506 @@ -1207,6 +1208,9 @@ main(int ac, char **av) |
485 prctl(PR_SET_DUMPABLE, 0); |
507 |
486 #endif |
508 platform_disable_tracing(0); /* strict=no */ |
487 |
509 |
488 +#ifdef ENABLE_OPENSSL_FIPS |
510 +#ifdef ENABLE_OPENSSL_FIPS |
489 + fips_err = ssh_FIPS_mode_set_if_capable(); |
511 + fips_err = ssh_FIPS_mode_set_if_capable(); |
490 +#endif |
512 +#endif |
491 #ifdef WITH_OPENSSL |
513 #ifdef WITH_OPENSSL |
492 OpenSSL_add_all_algorithms(); |
514 OpenSSL_add_all_algorithms(); |
493 #endif |
515 #endif |
494 @@ -1343,8 +1347,19 @@ main(int ac, char **av) |
516 @@ -1337,8 +1341,19 @@ main(int ac, char **av) |
495 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, |
517 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, |
496 SSH_AUTHSOCKET_ENV_NAME); |
518 SSH_AUTHSOCKET_ENV_NAME); |
497 printf("echo Agent pid %ld;\n", (long)parent_pid); |
519 printf("echo Agent pid %ld;\n", (long)parent_pid); |
498 +#ifdef ENABLE_OPENSSL_FIPS |
520 +#ifdef ENABLE_OPENSSL_FIPS |
499 + ssh_FIPS_check_status(); |
521 + ssh_FIPS_check_status(); |
524 This option will read a private or public OpenSSH key file and |
546 This option will read a private or public OpenSSH key file and |
525 print to stdout the key in one of the formats specified by the |
547 print to stdout the key in one of the formats specified by the |
526 diff -pur old/ssh-keygen.c new/ssh-keygen.c |
548 diff -pur old/ssh-keygen.c new/ssh-keygen.c |
527 --- old/ssh-keygen.c |
549 --- old/ssh-keygen.c |
528 +++ new/ssh-keygen.c |
550 +++ new/ssh-keygen.c |
529 @@ -2267,11 +2267,18 @@ main(int argc, char **argv) |
551 @@ -2273,11 +2273,18 @@ main(int argc, char **argv) |
530 |
552 |
531 __progname = ssh_get_progname(argv[0]); |
553 __progname = ssh_get_progname(argv[0]); |
532 |
554 |
533 +#ifdef ENABLE_OPENSSL_FIPS |
555 +#ifdef ENABLE_OPENSSL_FIPS |
534 + ssh_FIPS_mode_set_if_capable(); |
556 + ssh_FIPS_mode_set_if_capable(); |
574 OpenSSL_add_all_algorithms(); |
596 OpenSSL_add_all_algorithms(); |
575 arc4random_buf(rnd, sizeof(rnd)); |
597 arc4random_buf(rnd, sizeof(rnd)); |
576 diff -pur old/ssh.1 new/ssh.1 |
598 diff -pur old/ssh.1 new/ssh.1 |
577 --- old/ssh.1 |
599 --- old/ssh.1 |
578 +++ new/ssh.1 |
600 +++ new/ssh.1 |
579 @@ -91,6 +91,9 @@ If |
601 @@ -92,6 +92,9 @@ If |
580 is specified, |
602 is specified, |
581 it is executed on the remote host instead of a login shell. |
603 it is executed on the remote host instead of a login shell. |
582 .Pp |
604 .Pp |
583 +If ssh links with FIPS-capable OpenSSL, ssh runs in FIPS-140 mode. |
605 +If ssh links with FIPS-capable OpenSSL, ssh runs in FIPS-140 mode. |
584 +In FIPS-140 mode non-FIPS approved ciphers, MACs and digests are disabled. |
606 +In FIPS-140 mode non-FIPS approved ciphers, MACs and digests are disabled. |
587 .Pp |
609 .Pp |
588 .Bl -tag -width Ds -compact |
610 .Bl -tag -width Ds -compact |
589 diff -pur old/ssh.c new/ssh.c |
611 diff -pur old/ssh.c new/ssh.c |
590 --- old/ssh.c |
612 --- old/ssh.c |
591 +++ new/ssh.c |
613 +++ new/ssh.c |
592 @@ -606,6 +606,11 @@ main(int ac, char **av) |
614 @@ -609,6 +609,11 @@ main(int ac, char **av) |
593 */ |
615 */ |
594 initialize_options(&options); |
616 initialize_options(&options); |
595 |
617 |
596 +#ifdef ENABLE_OPENSSL_FIPS |
618 +#ifdef ENABLE_OPENSSL_FIPS |
597 + /* determine FIPS mode early to limit ciphers and macs */ |
619 + /* determine FIPS mode early to limit ciphers and macs */ |
613 process_config_files(host_arg, pw, 0); |
635 process_config_files(host_arg, pw, 0); |
614 |
636 |
615 diff -pur old/ssh_api.c new/ssh_api.c |
637 diff -pur old/ssh_api.c new/ssh_api.c |
616 --- old/ssh_api.c |
638 --- old/ssh_api.c |
617 +++ new/ssh_api.c |
639 +++ new/ssh_api.c |
618 @@ -81,6 +81,10 @@ ssh_init(struct ssh **sshp, int is_serve |
640 @@ -79,6 +79,10 @@ ssh_init(struct ssh **sshp, int is_serve |
619 int r; |
641 int r; |
620 |
642 |
621 if (!called) { |
643 if (!called) { |
622 +#ifdef ENABLE_OPENSSL_FIPS |
644 +#ifdef ENABLE_OPENSSL_FIPS |
623 + ssh_FIPS_mode_set_if_capable(); |
645 + ssh_FIPS_mode_set_if_capable(); |
650 +In FIPS-140 mode the only supported option is |
672 +In FIPS-140 mode the only supported option is |
651 +.Dq sha256 . |
673 +.Dq sha256 . |
652 .It Cm ForwardAgent |
674 .It Cm ForwardAgent |
653 Specifies whether the connection to the authentication agent (if any) |
675 Specifies whether the connection to the authentication agent (if any) |
654 will be forwarded to the remote machine. |
676 will be forwarded to the remote machine. |
655 @@ -1200,6 +1209,16 @@ [email protected],[email protected] |
677 @@ -1249,6 +1258,16 @@ [email protected],[email protected] |
656 hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
678 hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
657 .Ed |
679 .Ed |
658 .Pp |
680 .Pp |
659 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode: |
681 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode: |
660 +.Bd -literal -offset indent |
682 +.Bd -literal -offset indent |
701 .Bl -tag -width Ds |
723 .Bl -tag -width Ds |
702 .It Fl 4 |
724 .It Fl 4 |
703 diff -pur old/sshd.c new/sshd.c |
725 diff -pur old/sshd.c new/sshd.c |
704 --- old/sshd.c |
726 --- old/sshd.c |
705 +++ new/sshd.c |
727 +++ new/sshd.c |
706 @@ -430,10 +430,18 @@ sshd_exchange_identification(int sock_in |
728 @@ -431,10 +431,18 @@ sshd_exchange_identification(struct ssh |
707 minor = PROTOCOL_MINOR_1; |
729 minor = PROTOCOL_MINOR_1; |
708 } |
730 } |
709 |
731 |
710 +#ifdef ENABLE_OPENSSL_FIPS |
732 +#ifdef ENABLE_OPENSSL_FIPS |
711 + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", |
733 + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", |
720 options.version_addendum, newline); |
742 options.version_addendum, newline); |
721 +#endif |
743 +#endif |
722 |
744 |
723 /* Send our protocol version identification. */ |
745 /* Send our protocol version identification. */ |
724 if (atomicio(vwrite, sock_out, server_version_string, |
746 if (atomicio(vwrite, sock_out, server_version_string, |
725 @@ -1503,6 +1511,10 @@ main(int ac, char **av) |
747 @@ -1562,6 +1570,10 @@ main(int ac, char **av) |
726 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
748 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
727 sanitise_stdfd(); |
749 sanitise_stdfd(); |
728 |
750 |
729 +#ifdef ENABLE_OPENSSL_FIPS |
751 +#ifdef ENABLE_OPENSSL_FIPS |
730 + ssh_FIPS_mode_set_if_capable(); |
752 + ssh_FIPS_mode_set_if_capable(); |
731 +#endif |
753 +#endif |
732 + |
754 + |
733 /* Initialize configuration options to their default values. */ |
755 /* Initialize configuration options to their default values. */ |
734 initialize_server_options(&options); |
756 initialize_server_options(&options); |
735 |
757 |
736 @@ -1653,6 +1665,10 @@ main(int ac, char **av) |
758 @@ -1712,6 +1724,10 @@ main(int ac, char **av) |
737 SYSLOG_FACILITY_AUTH : options.log_facility, |
759 SYSLOG_FACILITY_AUTH : options.log_facility, |
738 log_stderr || !inetd_flag); |
760 log_stderr || !inetd_flag); |
739 |
761 |
740 +#ifdef ENABLE_OPENSSL_FIPS |
762 +#ifdef ENABLE_OPENSSL_FIPS |
741 + ssh_FIPS_check_status(); |
763 + ssh_FIPS_check_status(); |
745 * Unset KRB5CCNAME, otherwise the user's session may inherit it from |
767 * Unset KRB5CCNAME, otherwise the user's session may inherit it from |
746 * root's environment |
768 * root's environment |
747 diff -pur old/sshd_config.5 new/sshd_config.5 |
769 diff -pur old/sshd_config.5 new/sshd_config.5 |
748 --- old/sshd_config.5 |
770 --- old/sshd_config.5 |
749 +++ new/sshd_config.5 |
771 +++ new/sshd_config.5 |
750 @@ -482,6 +482,13 @@ aes128-ctr,aes192-ctr,aes256-ctr, |
772 @@ -489,6 +489,13 @@ aes128-ctr,aes192-ctr,aes256-ctr, |
751 [email protected],[email protected] |
773 [email protected],[email protected] |
752 .Ed |
774 .Ed |
753 .Pp |
775 .Pp |
754 +The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode: |
776 +The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode: |
755 +.Bd -literal -offset indent |
777 +.Bd -literal -offset indent |
759 +.Ed |
781 +.Ed |
760 +.Pp |
782 +.Pp |
761 The list of available ciphers may also be obtained using the |
783 The list of available ciphers may also be obtained using the |
762 .Fl Q |
784 .Fl Q |
763 option of |
785 option of |
764 @@ -576,6 +583,8 @@ and |
786 @@ -585,6 +592,8 @@ and |
765 .Dq sha256 . |
787 .Dq sha256 . |
766 The default is |
788 The default is |
767 .Dq sha256 . |
789 .Dq sha256 . |
768 +In FIPS-140 mode the only supported option is |
790 +In FIPS-140 mode the only supported option is |
769 +.Dq sha256 . |
791 +.Dq sha256 . |
770 .It Cm ForceCommand |
792 .It Cm ForceCommand |
771 Forces the execution of the command specified by |
793 Forces the execution of the command specified by |
772 .Cm ForceCommand , |
794 .Cm ForceCommand , |
773 @@ -1025,6 +1034,16 @@ [email protected],[email protected] |
795 @@ -1034,6 +1043,16 @@ [email protected],[email protected] |
774 hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
796 hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
775 .Ed |
797 .Ed |
776 .Pp |
798 .Pp |
777 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode: |
799 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode: |
778 +.Bd -literal -offset indent |
800 +.Bd -literal -offset indent |