97 |
97 |
98 for (alg = 0; digests[alg].id != -1; alg++) { |
98 for (alg = 0; digests[alg].id != -1; alg++) { |
99 diff -pur old/gss-genr.c new/gss-genr.c |
99 diff -pur old/gss-genr.c new/gss-genr.c |
100 --- old/gss-genr.c |
100 --- old/gss-genr.c |
101 +++ new/gss-genr.c |
101 +++ new/gss-genr.c |
102 @@ -44,6 +44,7 @@ |
102 @@ -43,6 +43,7 @@ |
103 #include "cipher.h" |
103 #include "cipher.h" |
104 #include "key.h" |
104 #include "key.h" |
105 #include "kex.h" |
105 #include "kex.h" |
106 +#include "misc.h" |
106 +#include "misc.h" |
107 #include <openssl/evp.h> |
107 #include <openssl/evp.h> |
108 |
108 |
109 #include "ssh-gss.h" |
109 #include "ssh-gss.h" |
110 @@ -100,6 +101,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
110 @@ -99,6 +100,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
111 char deroid[2]; |
111 char deroid[2]; |
112 const EVP_MD *evp_md = EVP_md5(); |
112 const EVP_MD *evp_md = EVP_md5(); |
113 EVP_MD_CTX md; |
113 EVP_MD_CTX md; |
114 + int fips_mode; |
114 + int fips_mode; |
115 |
115 |
116 if (gss_enc2oid != NULL) { |
116 if (gss_enc2oid != NULL) { |
117 for (i = 0; gss_enc2oid[i].encoded != NULL; i++) |
117 for (i = 0; gss_enc2oid[i].encoded != NULL; i++) |
118 @@ -112,6 +114,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
118 @@ -111,6 +113,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
119 |
119 |
120 buffer_init(&buf); |
120 buffer_init(&buf); |
121 |
121 |
122 +#ifdef ENABLE_OPENSSL_FIPS |
122 +#ifdef ENABLE_OPENSSL_FIPS |
123 + fips_mode = ssh_FIPS_mode(); |
123 + fips_mode = ssh_FIPS_mode(); |
128 + } |
128 + } |
129 +#endif |
129 +#endif |
130 oidpos = 0; |
130 oidpos = 0; |
131 for (i = 0; i < gss_supported->count; i++) { |
131 for (i = 0; i < gss_supported->count; i++) { |
132 if (gss_supported->elements[i].length < 128 && |
132 if (gss_supported->elements[i].length < 128 && |
133 @@ -119,7 +129,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
133 @@ -118,7 +128,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
134 |
134 |
135 deroid[0] = SSH_GSS_OIDTYPE; |
135 deroid[0] = SSH_GSS_OIDTYPE; |
136 deroid[1] = gss_supported->elements[i].length; |
136 deroid[1] = gss_supported->elements[i].length; |
137 - |
137 - |
138 EVP_DigestInit(&md, evp_md); |
138 EVP_DigestInit(&md, evp_md); |
139 EVP_DigestUpdate(&md, deroid, 2); |
139 EVP_DigestUpdate(&md, deroid, 2); |
140 EVP_DigestUpdate(&md, |
140 EVP_DigestUpdate(&md, |
141 @@ -151,6 +160,12 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
141 @@ -150,6 +159,12 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup |
142 oidpos++; |
142 oidpos++; |
143 } |
143 } |
144 } |
144 } |
145 +#ifdef ENABLE_OPENSSL_FIPS |
145 +#ifdef ENABLE_OPENSSL_FIPS |
146 + if (fips_mode) { |
146 + if (fips_mode) { |
392 "aes128-ctr,aes192-ctr,aes256-ctr" \ |
392 "aes128-ctr,aes192-ctr,aes256-ctr" \ |
393 AESGCM_CIPHER_MODES |
393 AESGCM_CIPHER_MODES |
394 |
394 |
395 -#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ |
395 -#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ |
396 +#define KEX_CLIENT_ENCRYPT_DFLT KEX_SERVER_ENCRYPT_DFLT "," \ |
396 +#define KEX_CLIENT_ENCRYPT_DFLT KEX_SERVER_ENCRYPT_DFLT "," \ |
397 + "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc" |
397 + "aes128-cbc,aes192-cbc,aes256-cbc" |
398 + |
398 + |
399 +#define KEX_SERVER_ENCRYPT_FIPS \ |
399 +#define KEX_SERVER_ENCRYPT_FIPS \ |
400 + "aes128-ctr,aes192-ctr,aes256-ctr" \ |
400 + "aes128-ctr,aes192-ctr,aes256-ctr" \ |
401 + AESGCM_CIPHER_MODES |
401 + AESGCM_CIPHER_MODES |
402 + |
402 + |
403 +#define KEX_CLIENT_ENCRYPT_FIPS KEX_SERVER_ENCRYPT_FIPS "," \ |
403 +#define KEX_CLIENT_ENCRYPT_FIPS KEX_SERVER_ENCRYPT_FIPS "," \ |
404 "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc" |
404 "aes128-cbc,aes192-cbc,aes256-cbc" |
405 |
405 |
406 -#define KEX_SERVER_MAC \ |
406 -#define KEX_SERVER_MAC \ |
407 +#define KEX_SERVER_MAC_DFLT \ |
407 +#define KEX_SERVER_MAC_DFLT \ |
408 "[email protected]," \ |
408 "[email protected]," \ |
409 "[email protected]," \ |
409 "[email protected]," \ |
410 "[email protected]," \ |
410 "[email protected]," \ |
411 @@ -134,7 +161,42 @@ |
411 @@ -136,7 +163,42 @@ |
412 "hmac-sha2-512," \ |
412 "hmac-sha2-512," \ |
413 "hmac-sha1" |
413 "hmac-sha1" |
414 |
414 |
415 -#define KEX_CLIENT_MAC KEX_SERVER_MAC |
415 -#define KEX_CLIENT_MAC KEX_SERVER_MAC |
416 +#define KEX_CLIENT_MAC_DFLT KEX_SERVER_MAC_DFLT |
416 +#define KEX_CLIENT_MAC_DFLT KEX_SERVER_MAC_DFLT |
493 Kill the current agent (given by the |
493 Kill the current agent (given by the |
494 .Ev SSH_AGENT_PID |
494 .Ev SSH_AGENT_PID |
495 diff -pur old/ssh-agent.c new/ssh-agent.c |
495 diff -pur old/ssh-agent.c new/ssh-agent.c |
496 --- old/ssh-agent.c |
496 --- old/ssh-agent.c |
497 +++ new/ssh-agent.c |
497 +++ new/ssh-agent.c |
498 @@ -1196,6 +1196,7 @@ main(int ac, char **av) |
498 @@ -1214,6 +1214,7 @@ main(int ac, char **av) |
499 struct timeval *tvp = NULL; |
499 struct timeval *tvp = NULL; |
500 size_t len; |
500 size_t len; |
501 mode_t prev_mask; |
501 mode_t prev_mask; |
502 + int fips_err; |
502 + int fips_err; |
503 |
503 |
504 ssh_malloc_init(); /* must be called before any mallocs */ |
504 ssh_malloc_init(); /* must be called before any mallocs */ |
505 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
505 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
506 @@ -1207,6 +1208,9 @@ main(int ac, char **av) |
506 @@ -1225,6 +1226,9 @@ main(int ac, char **av) |
507 |
507 |
508 platform_disable_tracing(0); /* strict=no */ |
508 platform_disable_tracing(0); /* strict=no */ |
509 |
509 |
510 +#ifdef ENABLE_OPENSSL_FIPS |
510 +#ifdef ENABLE_OPENSSL_FIPS |
511 + fips_err = ssh_FIPS_mode_set_if_capable(); |
511 + fips_err = ssh_FIPS_mode_set_if_capable(); |
512 +#endif |
512 +#endif |
513 #ifdef WITH_OPENSSL |
513 #ifdef WITH_OPENSSL |
514 OpenSSL_add_all_algorithms(); |
514 OpenSSL_add_all_algorithms(); |
515 #endif |
515 #endif |
516 @@ -1337,8 +1341,19 @@ main(int ac, char **av) |
516 @@ -1363,8 +1367,19 @@ main(int ac, char **av) |
517 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, |
517 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, |
518 SSH_AUTHSOCKET_ENV_NAME); |
518 SSH_AUTHSOCKET_ENV_NAME); |
519 printf("echo Agent pid %ld;\n", (long)parent_pid); |
519 printf("echo Agent pid %ld;\n", (long)parent_pid); |
520 +#ifdef ENABLE_OPENSSL_FIPS |
520 +#ifdef ENABLE_OPENSSL_FIPS |
521 + ssh_FIPS_check_status(); |
521 + ssh_FIPS_check_status(); |
649 OpenSSL_add_all_algorithms(); |
649 OpenSSL_add_all_algorithms(); |
650 #endif /* WITH_OPENSSL */ |
650 #endif /* WITH_OPENSSL */ |
651 diff -pur old/ssh_config.5 new/ssh_config.5 |
651 diff -pur old/ssh_config.5 new/ssh_config.5 |
652 --- old/ssh_config.5 |
652 --- old/ssh_config.5 |
653 +++ new/ssh_config.5 |
653 +++ new/ssh_config.5 |
654 @@ -489,6 +489,13 @@ [email protected],aes256-gcm@openss |
654 @@ -442,6 +442,13 @@ [email protected],aes256-gcm@openss |
655 aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc |
655 aes128-cbc,aes192-cbc,aes256-cbc |
656 .Ed |
656 .Ed |
657 .Pp |
657 .Pp |
658 +The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode: |
658 +The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode: |
659 +.Bd -literal -offset indent |
659 +.Bd -literal -offset indent |
660 +aes128-ctr,aes192-ctr,aes256-ctr, |
660 +aes128-ctr,aes192-ctr,aes256-ctr, |
661 [email protected],[email protected], |
661 [email protected],[email protected], |
662 +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc |
662 +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc |
663 +.Ed |
663 +.Ed |
664 +.Pp |
664 +.Pp |
665 The list of available ciphers may also be obtained using the |
665 The list of available ciphers may also be obtained using |
666 .Fl Q |
666 .Qq ssh -Q cipher . |
667 option of |
667 .It Cm ClearAllForwardings |
668 @@ -738,6 +745,8 @@ and |
668 @@ -665,6 +672,8 @@ Valid options are: |
669 .Dq sha256 . |
669 and |
670 The default is |
670 .Cm sha256 |
671 .Dq sha256 . |
671 (the default). |
672 +In FIPS-140 mode the only supported option is |
672 +In FIPS-140 mode the only supported option is |
673 +.Dq sha256 . |
673 +.Dq sha256 . |
674 .It Cm ForwardAgent |
674 .It Cm ForwardAgent |
675 Specifies whether the connection to the authentication agent (if any) |
675 Specifies whether the connection to the authentication agent (if any) |
676 will be forwarded to the remote machine. |
676 will be forwarded to the remote machine. |
677 @@ -1249,6 +1258,16 @@ [email protected],[email protected] |
677 @@ -1129,6 +1138,16 @@ [email protected],[email protected] |
678 hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
678 hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
679 .Ed |
679 .Ed |
680 .Pp |
680 .Pp |
681 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode: |
681 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode: |
682 +.Bd -literal -offset indent |
682 +.Bd -literal -offset indent |
686 [email protected], |
686 [email protected], |
687 [email protected] |
687 [email protected] |
688 +hmac-sha1,hmac-sha1-96 |
688 +hmac-sha1,hmac-sha1-96 |
689 +.Ed |
689 +.Ed |
690 +.Pp |
690 +.Pp |
691 The list of available MAC algorithms may also be obtained using the |
691 The list of available MAC algorithms may also be obtained using |
692 .Fl Q |
692 .Qq ssh -Q mac . |
693 option of |
693 .It Cm NoHostAuthenticationForLocalhost |
694 diff -pur old/sshconnect.c new/sshconnect.c |
694 diff -pur old/sshconnect.c new/sshconnect.c |
695 --- old/sshconnect.c |
695 --- old/sshconnect.c |
696 +++ new/sshconnect.c |
696 +++ new/sshconnect.c |
697 @@ -530,8 +530,14 @@ send_client_banner(int connection_out, i |
697 @@ -529,8 +529,14 @@ send_client_banner(int connection_out, i |
698 { |
698 { |
699 /* Send our own protocol version identification. */ |
699 /* Send our own protocol version identification. */ |
700 if (compat20) { |
700 if (compat20) { |
701 +#ifdef ENABLE_OPENSSL_FIPS |
701 +#ifdef ENABLE_OPENSSL_FIPS |
702 + xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\r\n", |
702 + xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\r\n", |
710 xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", |
710 xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", |
711 PROTOCOL_MAJOR_1, minor1, SSH_VERSION); |
711 PROTOCOL_MAJOR_1, minor1, SSH_VERSION); |
712 diff -pur old/sshd.8 new/sshd.8 |
712 diff -pur old/sshd.8 new/sshd.8 |
713 --- old/sshd.8 |
713 --- old/sshd.8 |
714 +++ new/sshd.8 |
714 +++ new/sshd.8 |
715 @@ -86,6 +86,9 @@ rereads its configuration file when it r |
715 @@ -84,6 +84,9 @@ rereads its configuration file when it r |
716 by executing itself with the name and options it was started with, e.g.\& |
716 by executing itself with the name and options it was started with, e.g.\& |
717 .Pa /usr/sbin/sshd . |
717 .Pa /usr/sbin/sshd . |
718 .Pp |
718 .Pp |
719 +If sshd links with FIPS-capable OpenSSL, sshd runs in FIPS-140 mode. |
719 +If sshd links with FIPS-capable OpenSSL, sshd runs in FIPS-140 mode. |
720 +In FIPS-140 mode non-FIPS approved ciphers, MACs and digests are disabled. |
720 +In FIPS-140 mode non-FIPS approved ciphers, MACs and digests are disabled. |
723 .Bl -tag -width Ds |
723 .Bl -tag -width Ds |
724 .It Fl 4 |
724 .It Fl 4 |
725 diff -pur old/sshd.c new/sshd.c |
725 diff -pur old/sshd.c new/sshd.c |
726 --- old/sshd.c |
726 --- old/sshd.c |
727 +++ new/sshd.c |
727 +++ new/sshd.c |
728 @@ -431,10 +431,18 @@ sshd_exchange_identification(struct ssh |
728 @@ -366,10 +366,18 @@ sshd_exchange_identification(struct ssh |
729 minor = PROTOCOL_MINOR_1; |
729 char buf[256]; /* Must not be larger than remote_version. */ |
730 } |
730 char remote_version[256]; /* Must be at least as big as buf. */ |
731 |
731 |
732 +#ifdef ENABLE_OPENSSL_FIPS |
732 +#ifdef ENABLE_OPENSSL_FIPS |
733 + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", |
733 + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", |
734 + major, minor, SSH_VERSION, |
734 + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, |
735 + ssh_FIPS_mode() ? " FIPS" : " ", |
735 + ssh_FIPS_mode() ? " FIPS" : " ", |
736 + *options.version_addendum == '\0' ? "" : " ", |
736 + *options.version_addendum == '\0' ? "" : " ", |
737 + options.version_addendum, newline); |
737 + options.version_addendum, newline); |
738 +#else |
738 +#else |
739 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", |
739 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", |
740 major, minor, SSH_VERSION, |
740 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, |
741 *options.version_addendum == '\0' ? "" : " ", |
741 *options.version_addendum == '\0' ? "" : " ", |
742 options.version_addendum, newline); |
742 options.version_addendum, newline); |
743 +#endif |
743 +#endif |
744 |
744 |
745 /* Send our protocol version identification. */ |
745 /* Send our protocol version identification. */ |
746 if (atomicio(vwrite, sock_out, server_version_string, |
746 if (atomicio(vwrite, sock_out, server_version_string, |
747 @@ -1562,6 +1570,10 @@ main(int ac, char **av) |
747 @@ -1395,6 +1403,10 @@ main(int ac, char **av) |
748 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
748 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
749 sanitise_stdfd(); |
749 sanitise_stdfd(); |
750 |
750 |
751 +#ifdef ENABLE_OPENSSL_FIPS |
751 +#ifdef ENABLE_OPENSSL_FIPS |
752 + ssh_FIPS_mode_set_if_capable(); |
752 + ssh_FIPS_mode_set_if_capable(); |
753 +#endif |
753 +#endif |
754 + |
754 + |
755 /* Initialize configuration options to their default values. */ |
755 /* Initialize configuration options to their default values. */ |
756 initialize_server_options(&options); |
756 initialize_server_options(&options); |
757 |
757 |
758 @@ -1712,6 +1724,10 @@ main(int ac, char **av) |
758 @@ -1541,6 +1553,10 @@ main(int ac, char **av) |
759 SYSLOG_FACILITY_AUTH : options.log_facility, |
759 SYSLOG_FACILITY_AUTH : options.log_facility, |
760 log_stderr || !inetd_flag); |
760 log_stderr || !inetd_flag); |
761 |
761 |
762 +#ifdef ENABLE_OPENSSL_FIPS |
762 +#ifdef ENABLE_OPENSSL_FIPS |
763 + ssh_FIPS_check_status(); |
763 + ssh_FIPS_check_status(); |
767 * Unset KRB5CCNAME, otherwise the user's session may inherit it from |
767 * Unset KRB5CCNAME, otherwise the user's session may inherit it from |
768 * root's environment |
768 * root's environment |
769 diff -pur old/sshd_config.5 new/sshd_config.5 |
769 diff -pur old/sshd_config.5 new/sshd_config.5 |
770 --- old/sshd_config.5 |
770 --- old/sshd_config.5 |
771 +++ new/sshd_config.5 |
771 +++ new/sshd_config.5 |
772 @@ -489,6 +489,13 @@ aes128-ctr,aes192-ctr,aes256-ctr, |
772 @@ -478,6 +478,13 @@ aes128-ctr,aes192-ctr,aes256-ctr, |
773 [email protected],[email protected] |
773 [email protected],[email protected] |
774 .Ed |
774 .Ed |
775 .Pp |
775 .Pp |
776 +The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode: |
776 +The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode: |
777 +.Bd -literal -offset indent |
777 +.Bd -literal -offset indent |
778 +aes128-ctr,aes192-ctr,aes256-ctr, |
778 +aes128-ctr,aes192-ctr,aes256-ctr, |
779 [email protected],[email protected], |
779 [email protected],[email protected], |
780 +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc |
780 +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc |
781 +.Ed |
781 +.Ed |
782 +.Pp |
782 +.Pp |
783 The list of available ciphers may also be obtained using the |
783 The list of available ciphers may also be obtained using |
784 .Fl Q |
784 .Qq ssh -Q cipher . |
785 option of |
785 .It Cm ClientAliveCountMax |
786 @@ -585,6 +592,8 @@ and |
786 @@ -576,6 +583,8 @@ and |
787 .Dq sha256 . |
787 .Cm sha256 . |
788 The default is |
788 The default is |
789 .Dq sha256 . |
789 .Cm sha256 . |
790 +In FIPS-140 mode the only supported option is |
790 +In FIPS-140 mode the only supported option is |
791 +.Dq sha256 . |
791 +.Dq sha256 . |
792 .It Cm ForceCommand |
792 .It Cm ForceCommand |
793 Forces the execution of the command specified by |
793 Forces the execution of the command specified by |
794 .Cm ForceCommand , |
794 .Cm ForceCommand , |
795 @@ -1034,6 +1043,16 @@ [email protected],[email protected] |
795 @@ -1006,6 +1015,16 @@ [email protected],[email protected] |
796 hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
796 hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
797 .Ed |
797 .Ed |
798 .Pp |
798 .Pp |
799 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode: |
799 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode: |
800 +.Bd -literal -offset indent |
800 +.Bd -literal -offset indent |