| changeset 5819 | c5f05bd2a9bc |
| parent 5310 | a06a01eef195 |
| child 6930 | 31ef2580c45d |
| 5818:5f0e7a0f17c2 | 5819:c5f05bd2a9bc |
|---|---|
133 + } |
133 + } |
134 +#endif |
134 +#endif |
135 gss_enc2oid[oidpos].oid = NULL; |
135 gss_enc2oid[oidpos].oid = NULL; |
136 gss_enc2oid[oidpos].encoded = NULL; |
136 gss_enc2oid[oidpos].encoded = NULL; |
137 |
137 |
138 diff -pur old/kex.c new/kex.c |
|
139 --- old/kex.c |
|
140 +++ new/kex.c |
|
141 @@ -89,7 +89,40 @@ struct kexalg { |
|
142 int ec_nid; |
|
143 int hash_alg; |
|
144 }; |
|
145 + |
|
146 +#ifdef ENABLE_OPENSSL_FIPS |
|
147 +/* in FIPS mode limit kexalgs to FIPS compliant only */ |
|
148 +#define kexalgs (ssh_FIPS_mode() ? kexalgs_fips : kexalgs_dflt) |
|
149 +static const struct kexalg kexalgs_fips[] = { |
|
150 +#ifdef WITH_OPENSSL |
|
151 + { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
|
152 + { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, |
|
153 + { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, |
|
154 +#ifdef HAVE_EVP_SHA256 |
|
155 + { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, |
|
156 +#endif /* HAVE_EVP_SHA256 */ |
|
157 +#ifdef OPENSSL_HAS_ECC |
|
158 + { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, |
|
159 + NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, |
|
160 + { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, |
|
161 + SSH_DIGEST_SHA384 }, |
|
162 +# ifdef OPENSSL_HAS_NISTP521 |
|
163 + { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, |
|
164 + SSH_DIGEST_SHA512 }, |
|
165 +# endif /* OPENSSL_HAS_NISTP521 */ |
|
166 +#endif /* OPENSSL_HAS_ECC */ |
|
167 +#endif /* WITH_OPENSSL */ |
|
168 +#ifdef GSSAPI |
|
169 + { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, |
|
170 + { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
|
171 + { KEX_GSS_GRP14_SHA1_ID, KEX_GSS_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, |
|
172 +#endif |
|
173 + { NULL, -1, -1, -1}, |
|
174 +}; |
|
175 +static const struct kexalg kexalgs_dflt[] = { |
|
176 +#else |
|
177 static const struct kexalg kexalgs[] = { |
|
178 +#endif |
|
179 #ifdef WITH_OPENSSL |
|
180 { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
|
181 { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, |
|
138 diff -pur old/mac.c new/mac.c |
182 diff -pur old/mac.c new/mac.c |
139 --- old/mac.c |
183 --- old/mac.c |
140 +++ new/mac.c |
184 +++ new/mac.c |
141 @@ -53,8 +53,33 @@ struct macalg { |
185 @@ -53,8 +53,33 @@ struct macalg { |
142 int len; /* just for UMAC */ |
186 int len; /* just for UMAC */ |
173 { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, |
217 { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, |
174 { "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 }, |
218 { "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 }, |
175 diff -pur old/misc.c new/misc.c |
219 diff -pur old/misc.c new/misc.c |
176 --- old/misc.c |
220 --- old/misc.c |
177 +++ new/misc.c |
221 +++ new/misc.c |
178 @@ -38,12 +38,15 @@ |
222 @@ -39,12 +39,15 @@ |
179 #include <string.h> |
223 #include <string.h> |
180 #include <time.h> |
224 #include <time.h> |
181 #include <unistd.h> |
225 #include <unistd.h> |
182 +#include <dlfcn.h> |
226 +#include <dlfcn.h> |
183 |
227 |
189 +#include <openssl/crypto.h> |
233 +#include <openssl/crypto.h> |
190 + |
234 + |
191 #include <ctype.h> |
235 #include <ctype.h> |
192 #include <errno.h> |
236 #include <errno.h> |
193 #include <fcntl.h> |
237 #include <fcntl.h> |
194 @@ -77,6 +80,60 @@ chop(char *s) |
238 @@ -78,6 +81,60 @@ chop(char *s) |
195 |
239 |
196 } |
240 } |
197 |
241 |
198 +#ifdef ENABLE_OPENSSL_FIPS |
242 +#ifdef ENABLE_OPENSSL_FIPS |
199 +/* is OpenSSL FIPS mode set? */ |
243 +/* is OpenSSL FIPS mode set? */ |
268 int unset_nonblock(int); |
312 int unset_nonblock(int); |
269 void set_nodelay(int); |
313 void set_nodelay(int); |
270 diff -pur old/myproposal.h new/myproposal.h |
314 diff -pur old/myproposal.h new/myproposal.h |
271 --- old/myproposal.h |
315 --- old/myproposal.h |
272 +++ new/myproposal.h |
316 +++ new/myproposal.h |
273 @@ -131,6 +131,15 @@ |
317 @@ -83,19 +83,31 @@ |
274 CAST128 \ |
318 # else |
275 "aes192-cbc,aes256-cbc,arcfour,[email protected]" |
319 # define KEX_CURVE25519_METHODS "" |
276 |
320 # endif |
277 +#ifdef ENABLE_OPENSSL_FIPS |
321 -#define KEX_COMMON_KEX \ |
278 +#define KEX_FIPS_SERVER_ENCRYPT \ |
322 + |
323 +#define KEX_COMMON_KEX_DFLT \ |
|
324 KEX_CURVE25519_METHODS \ |
|
325 KEX_ECDH_METHODS \ |
|
326 KEX_SHA256_METHODS |
|
327 |
|
328 -#define KEX_SERVER_KEX KEX_COMMON_KEX \ |
|
329 +#define KEX_SERVER_KEX_DFLT KEX_COMMON_KEX_DFLT \ |
|
330 "diffie-hellman-group14-sha1" \ |
|
331 |
|
332 -#define KEX_CLIENT_KEX KEX_COMMON_KEX \ |
|
333 +#define KEX_CLIENT_KEX_DFLT KEX_COMMON_KEX_DFLT \ |
|
334 "diffie-hellman-group-exchange-sha1," \ |
|
335 "diffie-hellman-group14-sha1" |
|
336 |
|
337 -#define KEX_DEFAULT_PK_ALG \ |
|
338 +#define KEX_COMMON_KEX_FIPS \ |
|
339 + KEX_ECDH_METHODS \ |
|
340 + KEX_SHA256_METHODS |
|
341 + |
|
342 +#define KEX_SERVER_KEX_FIPS KEX_COMMON_KEX_FIPS \ |
|
343 + "diffie-hellman-group14-sha1" \ |
|
344 + |
|
345 +#define KEX_CLIENT_KEX_FIPS KEX_COMMON_KEX_FIPS \ |
|
346 + "diffie-hellman-group-exchange-sha1," \ |
|
347 + "diffie-hellman-group14-sha1" |
|
348 + |
|
349 +#define KEX_DEFAULT_PK_ALG_DFLT \ |
|
350 HOSTKEY_ECDSA_CERT_METHODS \ |
|
351 "[email protected]," \ |
|
352 "[email protected]," \ |
|
353 @@ -105,17 +117,32 @@ |
|
354 "rsa-sha2-256," \ |
|
355 "ssh-rsa" |
|
356 |
|
357 +#define KEX_DEFAULT_PK_ALG_FIPS \ |
|
358 + HOSTKEY_ECDSA_CERT_METHODS \ |
|
359 + "[email protected]," \ |
|
360 + HOSTKEY_ECDSA_METHODS \ |
|
361 + "rsa-sha2-512," \ |
|
362 + "rsa-sha2-256," \ |
|
363 + "ssh-rsa" |
|
364 + |
|
365 /* the actual algorithms */ |
|
366 |
|
367 -#define KEX_SERVER_ENCRYPT \ |
|
368 +#define KEX_SERVER_ENCRYPT_DFLT \ |
|
369 "[email protected]," \ |
|
370 "aes128-ctr,aes192-ctr,aes256-ctr" \ |
|
371 AESGCM_CIPHER_MODES |
|
372 |
|
373 -#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ |
|
374 +#define KEX_CLIENT_ENCRYPT_DFLT KEX_SERVER_ENCRYPT_DFLT "," \ |
|
375 + "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc" |
|
376 + |
|
377 +#define KEX_SERVER_ENCRYPT_FIPS \ |
|
279 + "aes128-ctr,aes192-ctr,aes256-ctr" \ |
378 + "aes128-ctr,aes192-ctr,aes256-ctr" \ |
280 + AESGCM_CIPHER_MODES |
379 + AESGCM_CIPHER_MODES |
281 + |
380 + |
282 +#define KEX_FIPS_CLIENT_ENCRYPT KEX_FIPS_SERVER_ENCRYPT "," \ |
381 +#define KEX_CLIENT_ENCRYPT_FIPS KEX_SERVER_ENCRYPT_FIPS "," \ |
283 + "aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,[email protected]" |
382 "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc" |
284 +#endif /* ENABLE_OPENSSL_FIPS */ |
383 |
285 + |
384 -#define KEX_SERVER_MAC \ |
286 #define KEX_SERVER_MAC \ |
385 +#define KEX_SERVER_MAC_DFLT \ |
287 "[email protected]," \ |
386 "[email protected]," \ |
288 "[email protected]," \ |
387 "[email protected]," \ |
289 @@ -154,6 +163,20 @@ |
388 "[email protected]," \ |
290 "hmac-sha1-96," \ |
389 @@ -127,7 +154,42 @@ |
291 "hmac-md5-96" |
390 "hmac-sha2-512," \ |
292 |
391 "hmac-sha1" |
293 +#ifdef ENABLE_OPENSSL_FIPS |
392 |
294 +#define KEX_FIPS_SERVER_MAC \ |
393 -#define KEX_CLIENT_MAC KEX_SERVER_MAC |
394 +#define KEX_CLIENT_MAC_DFLT KEX_SERVER_MAC_DFLT |
|
395 + |
|
396 +#define KEX_SERVER_MAC_FIPS \ |
|
295 + "[email protected]," \ |
397 + "[email protected]," \ |
296 + "[email protected]," \ |
398 + "[email protected]," \ |
297 + "[email protected]," \ |
399 + "[email protected]," \ |
298 + "hmac-sha2-256," \ |
400 + "hmac-sha2-256," \ |
299 + "hmac-sha2-512," \ |
401 + "hmac-sha2-512," \ |
300 + "hmac-sha1" |
402 + "hmac-sha1" |
301 + |
403 + |
302 +#define KEX_FIPS_CLIENT_MAC KEX_FIPS_SERVER_MAC "," \ |
404 +#define KEX_CLIENT_MAC_FIPS KEX_SERVER_MAC_FIPS |
303 + "[email protected]," \ |
405 + |
304 + "hmac-sha1-96" |
406 +#ifdef ENABLE_OPENSSL_FIPS |
407 + #define KEX_SERVER_KEX \ |
|
408 + (ssh_FIPS_mode() ? (KEX_SERVER_KEX_FIPS) : (KEX_SERVER_KEX_DFLT) ) |
|
409 + #define KEX_CLIENT_KEX \ |
|
410 + (ssh_FIPS_mode() ? (KEX_CLIENT_KEX_FIPS) : (KEX_CLIENT_KEX_DFLT) ) |
|
411 + #define KEX_DEFAULT_PK_ALG \ |
|
412 + (ssh_FIPS_mode() ? (KEX_DEFAULT_PK_ALG_FIPS) : (KEX_DEFAULT_PK_ALG_DFLT) ) |
|
413 + #define KEX_SERVER_ENCRYPT \ |
|
414 + (ssh_FIPS_mode() ? (KEX_SERVER_ENCRYPT_FIPS) : (KEX_SERVER_ENCRYPT_DFLT)) |
|
415 + #define KEX_CLIENT_ENCRYPT \ |
|
416 + (ssh_FIPS_mode() ? (KEX_CLIENT_ENCRYPT_FIPS) : (KEX_CLIENT_ENCRYPT_DFLT)) |
|
417 + #define KEX_SERVER_MAC \ |
|
418 + (ssh_FIPS_mode() ? (KEX_SERVER_MAC_FIPS) : (KEX_SERVER_MAC_DFLT) ) |
|
419 + #define KEX_CLIENT_MAC \ |
|
420 + (ssh_FIPS_mode() ? (KEX_CLIENT_MAC_FIPS) : (KEX_CLIENT_MAC_DFLT) ) |
|
421 +#else /* ENABLE_OPENSSL_FIPS */ |
|
422 + #define KEX_SERVER_KEX KEX_SERVER_KEX_DFLT |
|
423 + #define KEX_CLIENT_KEX KEX_CLIENT_KEX_DFLT |
|
424 + #define KEX_DEFAULT_PK_ALG KEX_DEFAULT_PK_ALG_DFLT |
|
425 + #define KEX_SERVER_ENCRYPT KEX_SERVER_ENCRYPT_DFLT |
|
426 + #define KEX_CLIENT_ENCRYPT KEX_CLIENT_ENCRYPT_DFLT |
|
427 + #define KEX_SERVER_MAC KEX_SERVER_MAC_DFLT |
|
428 + #define KEX_CLIENT_MAC KEX_CLIENT_MAC_DFLT |
|
305 +#endif /* ENABLE_OPENSSL_FIPS */ |
429 +#endif /* ENABLE_OPENSSL_FIPS */ |
306 + |
430 |
307 #else |
431 #else /* WITH_OPENSSL */ |
308 |
432 |
309 #define KEX_SERVER_KEX \ |
|
310 diff -pur old/readconf.c new/readconf.c |
|
311 --- old/readconf.c |
|
312 +++ new/readconf.c |
|
313 @@ -1760,6 +1760,11 @@ fill_default_options_for_canonicalizatio |
|
314 void |
|
315 fill_default_options(Options * options) |
|
316 { |
|
317 +#ifdef ENABLE_OPENSSL_FIPS |
|
318 + char *encs; |
|
319 + char *macs; |
|
320 +#endif /* ENABLE_OPENSSL_FIPS */ |
|
321 + |
|
322 if (options->forward_agent == -1) |
|
323 options->forward_agent = 0; |
|
324 if (options->forward_x11 == -1) |
|
325 @@ -1934,8 +1939,15 @@ fill_default_options(Options * options) |
|
326 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; |
|
327 if (options->update_hostkeys == -1) |
|
328 options->update_hostkeys = 0; |
|
329 +#ifndef ENABLE_OPENSSL_FIPS |
|
330 if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 || |
|
331 kex_assemble_names(KEX_CLIENT_MAC, &options->macs) != 0 || |
|
332 +#else |
|
333 + encs = ssh_FIPS_mode() ? KEX_FIPS_CLIENT_ENCRYPT : KEX_CLIENT_ENCRYPT; |
|
334 + macs = ssh_FIPS_mode() ? KEX_FIPS_CLIENT_MAC : KEX_CLIENT_MAC; |
|
335 + if (kex_assemble_names(encs, &options->ciphers) != 0 || |
|
336 + kex_assemble_names(macs, &options->macs) != 0 || |
|
337 +#endif /* ENABLE_OPENSSL_FIPS */ |
|
338 kex_assemble_names(KEX_CLIENT_KEX, &options->kex_algorithms) != 0 || |
|
339 kex_assemble_names(KEX_DEFAULT_PK_ALG, |
|
340 &options->hostbased_key_types) != 0 || |
|
341 diff -pur old/servconf.c new/servconf.c |
|
342 --- old/servconf.c |
|
343 +++ new/servconf.c |
|
344 @@ -195,6 +195,10 @@ void |
|
345 fill_default_server_options(ServerOptions *options) |
|
346 { |
|
347 int i; |
|
348 +#ifdef ENABLE_OPENSSL_FIPS |
|
349 + char *encs; |
|
350 + char *macs; |
|
351 +#endif /* ENABLE_OPENSSL_FIPS */ |
|
352 |
|
353 /* Portable-specific options */ |
|
354 if (options->use_pam == -1) |
|
355 @@ -382,8 +386,15 @@ fill_default_server_options(ServerOption |
|
356 if (options->fingerprint_hash == -1) |
|
357 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; |
|
358 |
|
359 +#ifndef ENABLE_OPENSSL_FIPS |
|
360 if (kex_assemble_names(KEX_SERVER_ENCRYPT, &options->ciphers) != 0 || |
|
361 kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 || |
|
362 +#else |
|
363 + encs = ssh_FIPS_mode() ? KEX_FIPS_SERVER_ENCRYPT : KEX_SERVER_ENCRYPT; |
|
364 + macs = ssh_FIPS_mode() ? KEX_FIPS_SERVER_MAC : KEX_SERVER_MAC; |
|
365 + if (kex_assemble_names(encs, &options->ciphers) != 0 || |
|
366 + kex_assemble_names(macs, &options->macs) != 0 || |
|
367 +#endif /* ENABLE_OPENSSL_FIPS */ |
|
368 kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 || |
|
369 kex_assemble_names(KEX_DEFAULT_PK_ALG, |
|
370 &options->hostbased_key_types) != 0 || |
|
371 diff -pur old/ssh-add.1 new/ssh-add.1 |
433 diff -pur old/ssh-add.1 new/ssh-add.1 |
372 --- old/ssh-add.1 |
434 --- old/ssh-add.1 |
373 +++ new/ssh-add.1 |
435 +++ new/ssh-add.1 |
374 @@ -114,6 +114,8 @@ and |
436 @@ -116,6 +116,8 @@ and |
375 .Dq sha256 . |
437 .Dq sha256 . |
376 The default is |
438 The default is |
377 .Dq sha256 . |
439 .Dq sha256 . |
378 +If OpenSSL is running in FIPS-140 mode, the only supported option is |
440 +If OpenSSL is running in FIPS-140 mode, the only supported option is |
379 +.Dq sha256 . |
441 +.Dq sha256 . |
381 Remove keys provided by the PKCS#11 shared library |
443 Remove keys provided by the PKCS#11 shared library |
382 .Ar pkcs11 . |
444 .Ar pkcs11 . |
383 diff -pur old/ssh-add.c new/ssh-add.c |
445 diff -pur old/ssh-add.c new/ssh-add.c |
384 --- old/ssh-add.c |
446 --- old/ssh-add.c |
385 +++ new/ssh-add.c |
447 +++ new/ssh-add.c |
386 @@ -493,6 +493,12 @@ main(int argc, char **argv) |
448 @@ -488,6 +488,12 @@ main(int argc, char **argv) |
387 __progname = ssh_get_progname(argv[0]); |
449 __progname = ssh_get_progname(argv[0]); |
388 seed_rng(); |
450 seed_rng(); |
389 |
451 |
390 +#ifdef ENABLE_OPENSSL_FIPS |
452 +#ifdef ENABLE_OPENSSL_FIPS |
391 + if (ssh_FIPS_mode_set_if_capable()) { |
453 + if (ssh_FIPS_mode_set_if_capable()) { |
397 OpenSSL_add_all_algorithms(); |
459 OpenSSL_add_all_algorithms(); |
398 #endif |
460 #endif |
399 diff -pur old/ssh-agent.1 new/ssh-agent.1 |
461 diff -pur old/ssh-agent.1 new/ssh-agent.1 |
400 --- old/ssh-agent.1 |
462 --- old/ssh-agent.1 |
401 +++ new/ssh-agent.1 |
463 +++ new/ssh-agent.1 |
402 @@ -110,6 +110,8 @@ and |
464 @@ -117,6 +117,8 @@ and |
403 .Dq sha256 . |
465 .Dq sha256 . |
404 The default is |
466 The default is |
405 .Dq sha256 . |
467 .Dq sha256 . |
406 +If OpenSSL is running in FIPS-140 mode, the only supported option is |
468 +If OpenSSL is running in FIPS-140 mode, the only supported option is |
407 +.Dq sha256 . |
469 +.Dq sha256 . |
409 Kill the current agent (given by the |
471 Kill the current agent (given by the |
410 .Ev SSH_AGENT_PID |
472 .Ev SSH_AGENT_PID |
411 diff -pur old/ssh-agent.c new/ssh-agent.c |
473 diff -pur old/ssh-agent.c new/ssh-agent.c |
412 --- old/ssh-agent.c |
474 --- old/ssh-agent.c |
413 +++ new/ssh-agent.c |
475 +++ new/ssh-agent.c |
414 @@ -1187,6 +1187,7 @@ main(int ac, char **av) |
476 @@ -1199,6 +1199,7 @@ main(int ac, char **av) |
415 struct timeval *tvp = NULL; |
477 struct timeval *tvp = NULL; |
416 size_t len; |
478 size_t len; |
417 mode_t prev_mask; |
479 mode_t prev_mask; |
418 + int fips_err; |
480 + int fips_err; |
419 |
481 |
482 ssh_malloc_init(); /* must be called before any mallocs */ |
|
420 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
483 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
421 sanitise_stdfd(); |
484 @@ -1213,6 +1214,9 @@ main(int ac, char **av) |
422 @@ -1200,6 +1201,9 @@ main(int ac, char **av) |
|
423 prctl(PR_SET_DUMPABLE, 0); |
485 prctl(PR_SET_DUMPABLE, 0); |
424 #endif |
486 #endif |
425 |
487 |
426 +#ifdef ENABLE_OPENSSL_FIPS |
488 +#ifdef ENABLE_OPENSSL_FIPS |
427 + fips_err = ssh_FIPS_mode_set_if_capable(); |
489 + fips_err = ssh_FIPS_mode_set_if_capable(); |
428 +#endif |
490 +#endif |
429 #ifdef WITH_OPENSSL |
491 #ifdef WITH_OPENSSL |
430 OpenSSL_add_all_algorithms(); |
492 OpenSSL_add_all_algorithms(); |
431 #endif |
493 #endif |
432 @@ -1330,7 +1334,18 @@ main(int ac, char **av) |
494 @@ -1343,8 +1347,19 @@ main(int ac, char **av) |
433 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, |
495 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, |
434 SSH_AUTHSOCKET_ENV_NAME); |
496 SSH_AUTHSOCKET_ENV_NAME); |
435 printf("echo Agent pid %ld;\n", (long)parent_pid); |
497 printf("echo Agent pid %ld;\n", (long)parent_pid); |
436 +#ifdef ENABLE_OPENSSL_FIPS |
498 +#ifdef ENABLE_OPENSSL_FIPS |
437 + ssh_FIPS_check_status(); |
499 + ssh_FIPS_check_status(); |
438 +#endif |
500 +#endif |
501 fflush(stdout); |
|
439 goto skip; |
502 goto skip; |
440 +#ifdef ENABLE_OPENSSL_FIPS |
503 +#ifdef ENABLE_OPENSSL_FIPS |
441 + } else { |
504 + } else { |
442 + /* we still need to error out on FIPS_mode_set failure */ |
505 + /* we still need to error out on FIPS_mode_set failure */ |
443 + if (fips_err) { |
506 + if (fips_err) { |
449 pid = fork(); |
512 pid = fork(); |
450 if (pid == -1) { |
513 if (pid == -1) { |
451 diff -pur old/ssh-keygen.1 new/ssh-keygen.1 |
514 diff -pur old/ssh-keygen.1 new/ssh-keygen.1 |
452 --- old/ssh-keygen.1 |
515 --- old/ssh-keygen.1 |
453 +++ new/ssh-keygen.1 |
516 +++ new/ssh-keygen.1 |
454 @@ -268,6 +268,8 @@ and |
517 @@ -283,6 +283,8 @@ and |
455 .Dq sha256 . |
518 .Dq sha256 . |
456 The default is |
519 The default is |
457 .Dq sha256 . |
520 .Dq sha256 . |
458 +If OpenSSL is running in FIPS-140 mode, the only supported option is |
521 +If OpenSSL is running in FIPS-140 mode, the only supported option is |
459 +.Dq sha256 . |
522 +.Dq sha256 . |
461 This option will read a private or public OpenSSH key file and |
524 This option will read a private or public OpenSSH key file and |
462 print to stdout the key in one of the formats specified by the |
525 print to stdout the key in one of the formats specified by the |
463 diff -pur old/ssh-keygen.c new/ssh-keygen.c |
526 diff -pur old/ssh-keygen.c new/ssh-keygen.c |
464 --- old/ssh-keygen.c |
527 --- old/ssh-keygen.c |
465 +++ new/ssh-keygen.c |
528 +++ new/ssh-keygen.c |
466 @@ -2224,11 +2224,18 @@ main(int argc, char **argv) |
529 @@ -2267,11 +2267,18 @@ main(int argc, char **argv) |
467 |
530 |
468 __progname = ssh_get_progname(argv[0]); |
531 __progname = ssh_get_progname(argv[0]); |
469 |
532 |
470 +#ifdef ENABLE_OPENSSL_FIPS |
533 +#ifdef ENABLE_OPENSSL_FIPS |
471 + ssh_FIPS_mode_set_if_capable(); |
534 + ssh_FIPS_mode_set_if_capable(); |
483 |
546 |
484 /* we need this for the home * directory. */ |
547 /* we need this for the home * directory. */ |
485 diff -pur old/ssh-keysign.c new/ssh-keysign.c |
548 diff -pur old/ssh-keysign.c new/ssh-keysign.c |
486 --- old/ssh-keysign.c |
549 --- old/ssh-keysign.c |
487 +++ new/ssh-keysign.c |
550 +++ new/ssh-keysign.c |
488 @@ -175,6 +175,7 @@ main(int argc, char **argv) |
551 @@ -178,6 +178,7 @@ main(int argc, char **argv) |
489 u_char *signature, *data, rver; |
552 u_char *signature, *data, rver; |
490 char *host, *fp; |
553 char *host, *fp; |
491 size_t slen, dlen; |
554 size_t slen, dlen; |
492 + int fips_err; |
555 + int fips_err; |
493 #ifdef WITH_OPENSSL |
556 #ifdef WITH_OPENSSL |
494 u_int32_t rnd[256]; |
557 u_int32_t rnd[256]; |
495 #endif |
558 #endif |
496 @@ -223,6 +224,16 @@ main(int argc, char **argv) |
559 @@ -228,6 +229,16 @@ main(int argc, char **argv) |
497 if (found == 0) |
560 if (found == 0) |
498 fatal("could not open any host key"); |
561 fatal("could not open any host key"); |
499 |
562 |
500 +#ifdef ENABLE_OPENSSL_FIPS |
563 +#ifdef ENABLE_OPENSSL_FIPS |
501 + fips_err = ssh_FIPS_mode_set_if_capable(); |
564 + fips_err = ssh_FIPS_mode_set_if_capable(); |
511 OpenSSL_add_all_algorithms(); |
574 OpenSSL_add_all_algorithms(); |
512 arc4random_buf(rnd, sizeof(rnd)); |
575 arc4random_buf(rnd, sizeof(rnd)); |
513 diff -pur old/ssh.1 new/ssh.1 |
576 diff -pur old/ssh.1 new/ssh.1 |
514 --- old/ssh.1 |
577 --- old/ssh.1 |
515 +++ new/ssh.1 |
578 +++ new/ssh.1 |
516 @@ -92,6 +92,9 @@ If |
579 @@ -91,6 +91,9 @@ If |
517 is specified, |
580 is specified, |
518 it is executed on the remote host instead of a login shell. |
581 it is executed on the remote host instead of a login shell. |
519 .Pp |
582 .Pp |
520 +If ssh links with FIPS-capable OpenSSL, ssh runs in FIPS-140 mode. |
583 +If ssh links with FIPS-capable OpenSSL, ssh runs in FIPS-140 mode. |
521 +In FIPS-140 mode non-FIPS approved ciphers, MACs and digests are disabled. |
584 +In FIPS-140 mode non-FIPS approved ciphers, MACs and digests are disabled. |
524 .Pp |
587 .Pp |
525 .Bl -tag -width Ds -compact |
588 .Bl -tag -width Ds -compact |
526 diff -pur old/ssh.c new/ssh.c |
589 diff -pur old/ssh.c new/ssh.c |
527 --- old/ssh.c |
590 --- old/ssh.c |
528 +++ new/ssh.c |
591 +++ new/ssh.c |
529 @@ -588,6 +588,11 @@ main(int ac, char **av) |
592 @@ -606,6 +606,11 @@ main(int ac, char **av) |
530 */ |
593 */ |
531 initialize_options(&options); |
594 initialize_options(&options); |
532 |
595 |
533 +#ifdef ENABLE_OPENSSL_FIPS |
596 +#ifdef ENABLE_OPENSSL_FIPS |
534 + /* determine FIPS mode early to limit ciphers and macs */ |
597 + /* determine FIPS mode early to limit ciphers and macs */ |
536 +#endif |
599 +#endif |
537 + |
600 + |
538 /* Parse command-line arguments. */ |
601 /* Parse command-line arguments. */ |
539 host = NULL; |
602 host = NULL; |
540 use_syslog = 0; |
603 use_syslog = 0; |
541 @@ -997,6 +1002,10 @@ main(int ac, char **av) |
604 @@ -1016,6 +1021,10 @@ main(int ac, char **av) |
542 #endif |
605 #endif |
543 ); |
606 ); |
544 |
607 |
545 +#ifdef ENABLE_OPENSSL_FIPS |
608 +#ifdef ENABLE_OPENSSL_FIPS |
546 + ssh_FIPS_check_status(); |
609 + ssh_FIPS_check_status(); |
564 OpenSSL_add_all_algorithms(); |
627 OpenSSL_add_all_algorithms(); |
565 #endif /* WITH_OPENSSL */ |
628 #endif /* WITH_OPENSSL */ |
566 diff -pur old/ssh_config.5 new/ssh_config.5 |
629 diff -pur old/ssh_config.5 new/ssh_config.5 |
567 --- old/ssh_config.5 |
630 --- old/ssh_config.5 |
568 +++ new/ssh_config.5 |
631 +++ new/ssh_config.5 |
569 @@ -423,6 +423,13 @@ aes128-cbc,3des-cbc,blowfish-cbc,cast128 |
632 @@ -489,6 +489,13 @@ [email protected],aes256-gcm@openss |
570 aes192-cbc,aes256-cbc,arcfour |
633 aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc |
571 .Ed |
634 .Ed |
572 .Pp |
635 .Pp |
573 +The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode: |
636 +The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode: |
574 +.Bd -literal -offset indent |
637 +.Bd -literal -offset indent |
575 +aes128-ctr,aes192-ctr,aes256-ctr, |
638 +aes128-ctr,aes192-ctr,aes256-ctr, |
578 +.Ed |
641 +.Ed |
579 +.Pp |
642 +.Pp |
580 The list of available ciphers may also be obtained using the |
643 The list of available ciphers may also be obtained using the |
581 .Fl Q |
644 .Fl Q |
582 option of |
645 option of |
583 @@ -662,6 +669,8 @@ and |
646 @@ -738,6 +745,8 @@ and |
584 .Dq sha256 . |
647 .Dq sha256 . |
585 The default is |
648 The default is |
586 .Dq sha256 . |
649 .Dq sha256 . |
587 +In FIPS-140 mode the only supported option is |
650 +In FIPS-140 mode the only supported option is |
588 +.Dq sha256 . |
651 +.Dq sha256 . |
589 .It Cm ForwardAgent |
652 .It Cm ForwardAgent |
590 Specifies whether the connection to the authentication agent (if any) |
653 Specifies whether the connection to the authentication agent (if any) |
591 will be forwarded to the remote machine. |
654 will be forwarded to the remote machine. |
592 @@ -1110,6 +1119,16 @@ hmac-md5,hmac-sha1,hmac-ripemd160, |
655 @@ -1200,6 +1209,16 @@ [email protected],[email protected] |
593 hmac-sha1-96,hmac-md5-96 |
656 hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
594 .Ed |
657 .Ed |
595 .Pp |
658 .Pp |
596 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode: |
659 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode: |
597 +.Bd -literal -offset indent |
660 +.Bd -literal -offset indent |
598 [email protected], |
661 [email protected], |
607 .Fl Q |
670 .Fl Q |
608 option of |
671 option of |
609 diff -pur old/sshconnect.c new/sshconnect.c |
672 diff -pur old/sshconnect.c new/sshconnect.c |
610 --- old/sshconnect.c |
673 --- old/sshconnect.c |
611 +++ new/sshconnect.c |
674 +++ new/sshconnect.c |
612 @@ -523,8 +523,14 @@ send_client_banner(int connection_out, i |
675 @@ -530,8 +530,14 @@ send_client_banner(int connection_out, i |
613 { |
676 { |
614 /* Send our own protocol version identification. */ |
677 /* Send our own protocol version identification. */ |
615 if (compat20) { |
678 if (compat20) { |
616 +#ifdef ENABLE_OPENSSL_FIPS |
679 +#ifdef ENABLE_OPENSSL_FIPS |
617 + xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\r\n", |
680 + xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\r\n", |
638 .Bl -tag -width Ds |
701 .Bl -tag -width Ds |
639 .It Fl 4 |
702 .It Fl 4 |
640 diff -pur old/sshd.c new/sshd.c |
703 diff -pur old/sshd.c new/sshd.c |
641 --- old/sshd.c |
704 --- old/sshd.c |
642 +++ new/sshd.c |
705 +++ new/sshd.c |
643 @@ -431,10 +431,18 @@ sshd_exchange_identification(int sock_in |
706 @@ -430,10 +430,18 @@ sshd_exchange_identification(int sock_in |
644 minor = PROTOCOL_MINOR_1; |
707 minor = PROTOCOL_MINOR_1; |
645 } |
708 } |
646 |
709 |
647 +#ifdef ENABLE_OPENSSL_FIPS |
710 +#ifdef ENABLE_OPENSSL_FIPS |
648 + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", |
711 + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", |
656 *options.version_addendum == '\0' ? "" : " ", |
719 *options.version_addendum == '\0' ? "" : " ", |
657 options.version_addendum, newline); |
720 options.version_addendum, newline); |
658 +#endif |
721 +#endif |
659 |
722 |
660 /* Send our protocol version identification. */ |
723 /* Send our protocol version identification. */ |
661 if (roaming_atomicio(vwrite, sock_out, server_version_string, |
724 if (atomicio(vwrite, sock_out, server_version_string, |
662 @@ -1501,6 +1509,10 @@ main(int ac, char **av) |
725 @@ -1503,6 +1511,10 @@ main(int ac, char **av) |
663 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
726 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
664 sanitise_stdfd(); |
727 sanitise_stdfd(); |
665 |
728 |
666 +#ifdef ENABLE_OPENSSL_FIPS |
729 +#ifdef ENABLE_OPENSSL_FIPS |
667 + ssh_FIPS_mode_set_if_capable(); |
730 + ssh_FIPS_mode_set_if_capable(); |
682 * Unset KRB5CCNAME, otherwise the user's session may inherit it from |
745 * Unset KRB5CCNAME, otherwise the user's session may inherit it from |
683 * root's environment |
746 * root's environment |
684 diff -pur old/sshd_config.5 new/sshd_config.5 |
747 diff -pur old/sshd_config.5 new/sshd_config.5 |
685 --- old/sshd_config.5 |
748 --- old/sshd_config.5 |
686 +++ new/sshd_config.5 |
749 +++ new/sshd_config.5 |
687 @@ -481,6 +481,13 @@ aes128-ctr,aes192-ctr,aes256-ctr, |
750 @@ -482,6 +482,13 @@ aes128-ctr,aes192-ctr,aes256-ctr, |
688 [email protected],[email protected] |
751 [email protected],[email protected] |
689 .Ed |
752 .Ed |
690 .Pp |
753 .Pp |
691 +The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode: |
754 +The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode: |
692 +.Bd -literal -offset indent |
755 +.Bd -literal -offset indent |
696 +.Ed |
759 +.Ed |
697 +.Pp |
760 +.Pp |
698 The list of available ciphers may also be obtained using the |
761 The list of available ciphers may also be obtained using the |
699 .Fl Q |
762 .Fl Q |
700 option of |
763 option of |
701 @@ -577,6 +584,8 @@ and |
764 @@ -576,6 +583,8 @@ and |
702 .Dq sha256 . |
765 .Dq sha256 . |
703 The default is |
766 The default is |
704 .Dq sha256 . |
767 .Dq sha256 . |
705 +In FIPS-140 mode the only supported option is |
768 +In FIPS-140 mode the only supported option is |
706 +.Dq sha256 . |
769 +.Dq sha256 . |
707 .It Cm ForceCommand |
770 .It Cm ForceCommand |
708 Forces the execution of the command specified by |
771 Forces the execution of the command specified by |
709 .Cm ForceCommand , |
772 .Cm ForceCommand , |
710 @@ -1023,6 +1032,16 @@ [email protected],[email protected] |
773 @@ -1025,6 +1034,16 @@ [email protected],[email protected] |
711 hmac-sha2-256,hmac-sha2-512 |
774 hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
712 .Ed |
775 .Ed |
713 .Pp |
776 .Pp |
714 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode: |
777 +The following MACs are FIPS-140 approved and are supported in FIPS-140 mode: |
715 +.Bd -literal -offset indent |
778 +.Bd -literal -offset indent |
716 [email protected], |
779 [email protected], |
722 +.Ed |
785 +.Ed |
723 +.Pp |
786 +.Pp |
724 The list of available MAC algorithms may also be obtained using the |
787 The list of available MAC algorithms may also be obtained using the |
725 .Fl Q |
788 .Fl Q |
726 option of |
789 option of |
790 diff -pur old/sshkey.c new/sshkey.c |
|
791 --- old/sshkey.c |
|
792 +++ new/sshkey.c |
|
793 @@ -85,7 +85,46 @@ struct keytype { |
|
794 int cert; |
|
795 int sigonly; |
|
796 }; |
|
797 + |
|
798 +#ifdef ENABLE_OPENSSL_FIPS |
|
799 +/* in FIPS mode limit keytypes to FIPS compliant only */ |
|
800 +#define keytypes (ssh_FIPS_mode() ? keytypes_fips : keytypes_dflt) |
|
801 + |
|
802 +static const struct keytype keytypes_fips[] = { |
|
803 +#ifdef WITH_OPENSSL |
|
804 + { NULL, "RSA1", KEY_RSA1, 0, 0, 0 }, |
|
805 + { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, |
|
806 + { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, |
|
807 + { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, |
|
808 + { "ssh-dss", "DSA", KEY_DSA, 0, 0, 0 }, |
|
809 +# ifdef OPENSSL_HAS_ECC |
|
810 + { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 }, |
|
811 + { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0, 0 }, |
|
812 +# ifdef OPENSSL_HAS_NISTP521 |
|
813 + { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0, 0 }, |
|
814 +# endif /* OPENSSL_HAS_NISTP521 */ |
|
815 +# endif /* OPENSSL_HAS_ECC */ |
|
816 + { "[email protected]", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 }, |
|
817 + { "[email protected]", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 }, |
|
818 +# ifdef OPENSSL_HAS_ECC |
|
819 + { "[email protected]", "ECDSA-CERT", |
|
820 + KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 }, |
|
821 + { "[email protected]", "ECDSA-CERT", |
|
822 + KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, |
|
823 +# ifdef OPENSSL_HAS_NISTP521 |
|
824 + { "[email protected]", "ECDSA-CERT", |
|
825 + KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, |
|
826 +# endif /* OPENSSL_HAS_NISTP521 */ |
|
827 +# endif /* OPENSSL_HAS_ECC */ |
|
828 +#endif /* WITH_OPENSSL */ |
|
829 + { "null", "null", KEY_NULL, 0, 0 }, |
|
830 + { NULL, NULL, -1, -1, 0, 0 } |
|
831 +}; |
|
832 + |
|
833 +static const struct keytype keytypes_dflt[] = { |
|
834 +#else /* ENABLE_OPENSSL_FIPS */ |
|
835 static const struct keytype keytypes[] = { |
|
836 +#endif /* ENABLE_OPENSSL_FIPS */ |
|
837 { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0, 0 }, |
|
838 { "[email protected]", "ED25519-CERT", |
|
839 KEY_ED25519_CERT, 0, 1, 0 }, |