|
1 # |
|
2 # In order for OpenSSH to comply with Oracle Software Security Assurance |
|
3 # Standards (OSSA), completely remove support for unacceptable arcfour* ciphers |
|
4 # and hmac-md5 Messages Authentication Codes (MACs). Besides that, disable |
|
5 # deprecated 3des-cbc by default on client (already disabled on the server). |
|
6 # |
|
7 # Patch source: in-house |
|
8 # |
|
9 diff -pur old/cipher.c new/cipher.c |
|
10 --- old/cipher.c |
|
11 +++ new/cipher.c |
|
12 @@ -119,9 +119,11 @@ static const struct sshcipher ciphers[] |
|
13 { "cast128-cbc", |
|
14 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, |
|
15 #endif |
|
16 +#ifndef WITHOUT_ARCFOUR |
|
17 { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 }, |
|
18 { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 }, |
|
19 { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 }, |
|
20 +#endif |
|
21 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc }, |
|
22 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc }, |
|
23 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, |
|
24 diff -pur old/mac.c new/mac.c |
|
25 --- old/mac.c |
|
26 +++ new/mac.c |
|
27 @@ -87,8 +87,10 @@ static const struct macalg macs[] = { |
|
28 { "hmac-sha2-256", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 }, |
|
29 { "hmac-sha2-512", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 }, |
|
30 #endif |
|
31 +#ifndef WITHOUT_HMAC_MD5 |
|
32 { "hmac-md5", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 }, |
|
33 { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, |
|
34 +#endif |
|
35 { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, |
|
36 { "[email protected]", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, |
|
37 { "[email protected]", SSH_UMAC, 0, 0, 128, 64, 0 }, |
|
38 @@ -101,8 +103,10 @@ static const struct macalg macs[] = { |
|
39 { "[email protected]", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 }, |
|
40 { "[email protected]", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 }, |
|
41 #endif |
|
42 +#ifndef WITHOUT_HMAC_MD5 |
|
43 { "[email protected]", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, |
|
44 { "[email protected]", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, |
|
45 +#endif |
|
46 { "[email protected]", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, |
|
47 { "[email protected]", SSH_UMAC, 0, 0, 128, 64, 1 }, |
|
48 { "[email protected]", SSH_UMAC128, 0, 0, 128, 128, 1 }, |
|
49 diff -pur old/myproposal.h new/myproposal.h |
|
50 --- old/myproposal.h |
|
51 +++ new/myproposal.h |
|
52 @@ -133,14 +133,14 @@ |
|
53 AESGCM_CIPHER_MODES |
|
54 |
|
55 #define KEX_CLIENT_ENCRYPT_DFLT KEX_SERVER_ENCRYPT_DFLT "," \ |
|
56 - "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc" |
|
57 + "aes128-cbc,aes192-cbc,aes256-cbc" |
|
58 |
|
59 #define KEX_SERVER_ENCRYPT_FIPS \ |
|
60 "aes128-ctr,aes192-ctr,aes256-ctr" \ |
|
61 AESGCM_CIPHER_MODES |
|
62 |
|
63 #define KEX_CLIENT_ENCRYPT_FIPS KEX_SERVER_ENCRYPT_FIPS "," \ |
|
64 - "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc" |
|
65 + "aes128-cbc,aes192-cbc,aes256-cbc" |
|
66 |
|
67 #define KEX_SERVER_MAC_DFLT \ |
|
68 "[email protected]," \ |
|
69 diff -pur old/ssh_config.5 new/ssh_config.5 |
|
70 --- old/ssh_config.5 |
|
71 +++ new/ssh_config.5 |
|
72 @@ -470,12 +470,6 @@ [email protected] |
|
73 .It |
|
74 [email protected] |
|
75 .It |
|
76 -arcfour |
|
77 -.It |
|
78 -arcfour128 |
|
79 -.It |
|
80 -arcfour256 |
|
81 -.It |
|
82 blowfish-cbc |
|
83 .It |
|
84 [email protected] |
|
85 @@ -486,7 +480,7 @@ The default is: |
|
86 [email protected], |
|
87 aes128-ctr,aes192-ctr,aes256-ctr, |
|
88 [email protected],[email protected], |
|
89 -aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc |
|
90 +aes128-cbc,aes192-cbc,aes256-cbc |
|
91 .Ed |
|
92 .Pp |
|
93 The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode: |
|
94 diff -pur old/sshd_config.5 new/sshd_config.5 |
|
95 --- old/sshd_config.5 |
|
96 +++ new/sshd_config.5 |
|
97 @@ -464,12 +464,6 @@ [email protected] |
|
98 .It |
|
99 [email protected] |
|
100 .It |
|
101 -arcfour |
|
102 -.It |
|
103 -arcfour128 |
|
104 -.It |
|
105 -arcfour256 |
|
106 -.It |
|
107 blowfish-cbc |
|
108 .It |
|
109 [email protected] |
|
110 @@ -988,10 +982,6 @@ The supported MACs are: |
|
111 .Pp |
|
112 .Bl -item -compact -offset indent |
|
113 .It |
|
114 -hmac-md5 |
|
115 -.It |
|
116 -hmac-md5-96 |
|
117 -.It |
|
118 hmac-ripemd160 |
|
119 .It |
|
120 hmac-sha1 |
|
121 @@ -1006,10 +996,6 @@ [email protected] |
|
122 .It |
|
123 [email protected] |
|
124 .It |
|
125 [email protected] |
|
126 -.It |
|
127 [email protected] |
|
128 -.It |
|
129 [email protected] |
|
130 .It |
|
131 [email protected] |
|
132 diff -pur old/sshd.8 new/sshd.8 |
|
133 --- old/sshd.8 |
|
134 +++ new/sshd.8 |
|
135 @@ -310,12 +310,12 @@ For protocol 2, |
|
136 forward security is provided through a Diffie-Hellman key agreement. |
|
137 This key agreement results in a shared session key. |
|
138 The rest of the session is encrypted using a symmetric cipher, currently |
|
139 -128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES. |
|
140 +128-bit AES, Blowfish, 3DES, 192-bit AES, or 256-bit AES. |
|
141 The client selects the encryption algorithm |
|
142 to use from those offered by the server. |
|
143 Additionally, session integrity is provided |
|
144 through a cryptographic message authentication code |
|
145 -(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160, |
|
146 +(hmac-sha1, umac-64, umac-128, hmac-ripemd160, |
|
147 hmac-sha2-256 or hmac-sha2-512). |
|
148 .Pp |
|
149 Finally, the server and the client enter an authentication dialog. |