PSARC/2016/441 Remove unacceptable arcfour* ciphers and hmac-md5* MACs from OpenSSH
authorTomas Kuthan <tomas.kuthan@oracle.com>
Wed, 03 Aug 2016 10:59:43 -0700
changeset 6543 b5c03b086e6d
parent 6542 8af6b6d966a0
child 6544 f3ddf1d33382
PSARC/2016/441 Remove unacceptable arcfour* ciphers and hmac-md5* MACs from OpenSSH 23639214 Remove unacceptable arcfour* ciphers from OpenSSH 23639232 Remove unacceptable hmac-md5* MACs from OpenSSH 23856800 Disable deprecated 3des-cbc cipher by default on the client
components/openssh/Makefile
components/openssh/network-ssh.p5m
components/openssh/patches/045-remove_unacceptable_algs.patch
components/openssh/service-network-ssh.p5m
--- a/components/openssh/Makefile	Wed Aug 03 09:12:12 2016 -0700
+++ b/components/openssh/Makefile	Wed Aug 03 10:59:43 2016 -0700
@@ -66,6 +66,8 @@
 CFLAGS += -DPER_SESSION_XAUTHFILE
 CFLAGS += -DWITHOUT_CAST128
 CFLAGS += -DENABLE_OPENSSL_FIPS
+CFLAGS += -DWITHOUT_ARCFOUR
+CFLAGS += -DWITHOUT_HMAC_MD5
 
 # We need to disable lazyloading of dynamic dependent libraries. During the
 # pre-authentication phase, sshd will chroot to /var/empty which doesn't
--- a/components/openssh/network-ssh.p5m	Wed Aug 03 09:12:12 2016 -0700
+++ b/components/openssh/network-ssh.p5m	Wed Aug 03 10:59:43 2016 -0700
@@ -32,7 +32,8 @@
     value=org.opensolaris.category.2008:System/Security
 set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
 set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
-set name=org.opensolaris.arc-caseid value=PSARC/2012/335 value=PSARC/2016/216
+set name=org.opensolaris.arc-caseid value=PSARC/2012/335 value=PSARC/2016/216 \
+    value=PSARC/2016/441
 set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
 file path=etc/ssh/ssh_config group=sys mode=0644 \
     original_name=SUNWssh:etc/ssh/ssh_config overlay=allow preserve=renamenew
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/045-remove_unacceptable_algs.patch	Wed Aug 03 10:59:43 2016 -0700
@@ -0,0 +1,149 @@
+#
+# In order for OpenSSH to comply with Oracle Software Security Assurance
+# Standards (OSSA), completely remove support for unacceptable arcfour* ciphers
+# and hmac-md5 Messages Authentication Codes (MACs). Besides that, disable
+# deprecated 3des-cbc by default on client (already disabled on the server).
+#
+# Patch source: in-house
+#
+diff -pur old/cipher.c new/cipher.c
+--- old/cipher.c
++++ new/cipher.c
[email protected]@ -119,9 +119,11 @@ static const struct sshcipher ciphers[]
+ 	{ "cast128-cbc",
+ 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
+ #endif
++#ifndef WITHOUT_ARCFOUR
+ 	{ "arcfour",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
+ 	{ "arcfour128",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
+ 	{ "arcfour256",	SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
++#endif
+ 	{ "aes128-cbc",	SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc },
+ 	{ "aes192-cbc",	SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc },
+ 	{ "aes256-cbc",	SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
+diff -pur old/mac.c new/mac.c
+--- old/mac.c
++++ new/mac.c
[email protected]@ -87,8 +87,10 @@ static const struct macalg macs[] = {
+ 	{ "hmac-sha2-256",			SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 },
+ 	{ "hmac-sha2-512",			SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 },
+ #endif
++#ifndef WITHOUT_HMAC_MD5
+ 	{ "hmac-md5",				SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 },
+ 	{ "hmac-md5-96",			SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
++#endif
+ 	{ "hmac-ripemd160",			SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
+ 	{ "[email protected]",		SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
+ 	{ "[email protected]",		SSH_UMAC, 0, 0, 128, 64, 0 },
[email protected]@ -101,8 +103,10 @@ static const struct macalg macs[] = {
+ 	{ "[email protected]",	SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 },
+ 	{ "[email protected]",	SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 },
+ #endif
++#ifndef WITHOUT_HMAC_MD5
+ 	{ "[email protected]",		SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
+ 	{ "[email protected]",	SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
++#endif
+ 	{ "[email protected]",	SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 },
+ 	{ "[email protected]",		SSH_UMAC, 0, 0, 128, 64, 1 },
+ 	{ "[email protected]",		SSH_UMAC128, 0, 0, 128, 128, 1 },
+diff -pur old/myproposal.h new/myproposal.h
+--- old/myproposal.h
++++ new/myproposal.h
[email protected]@ -133,14 +133,14 @@
+ 	AESGCM_CIPHER_MODES
+ 
+ #define KEX_CLIENT_ENCRYPT_DFLT KEX_SERVER_ENCRYPT_DFLT "," \
+-	"aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
++	"aes128-cbc,aes192-cbc,aes256-cbc"
+ 
+ #define KEX_SERVER_ENCRYPT_FIPS \
+ 	"aes128-ctr,aes192-ctr,aes256-ctr" \
+ 	AESGCM_CIPHER_MODES
+ 
+ #define KEX_CLIENT_ENCRYPT_FIPS KEX_SERVER_ENCRYPT_FIPS "," \
+-	"aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
++	"aes128-cbc,aes192-cbc,aes256-cbc"
+ 
+ #define KEX_SERVER_MAC_DFLT \
+ 	"[email protected]," \
+diff -pur old/ssh_config.5 new/ssh_config.5
+--- old/ssh_config.5
++++ new/ssh_config.5
[email protected]@ -470,12 +470,6 @@ [email protected]
+ .It
+ [email protected]
+ .It
+-arcfour
+-.It
+-arcfour128
+-.It
+-arcfour256
+-.It
+ blowfish-cbc
+ .It
+ [email protected]
[email protected]@ -486,7 +480,7 @@ The default is:
+ [email protected],
+ aes128-ctr,aes192-ctr,aes256-ctr,
+ [email protected],[email protected],
+-aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
++aes128-cbc,aes192-cbc,aes256-cbc
+ .Ed
+ .Pp
+ The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode:
+diff -pur old/sshd_config.5 new/sshd_config.5
+--- old/sshd_config.5
++++ new/sshd_config.5
[email protected]@ -464,12 +464,6 @@ [email protected]
+ .It
+ [email protected]
+ .It
+-arcfour
+-.It
+-arcfour128
+-.It
+-arcfour256
+-.It
+ blowfish-cbc
+ .It
+ [email protected]
[email protected]@ -988,10 +982,6 @@ The supported MACs are:
+ .Pp
+ .Bl -item -compact -offset indent
+ .It
+-hmac-md5
+-.It
+-hmac-md5-96
+-.It
+ hmac-ripemd160
+ .It
+ hmac-sha1
[email protected]@ -1006,10 +996,6 @@ [email protected]
+ .It
+ [email protected]
+ .It
[email protected]
+-.It
[email protected]
+-.It
+ [email protected]
+ .It
+ [email protected]
+diff -pur old/sshd.8 new/sshd.8
+--- old/sshd.8
++++ new/sshd.8
[email protected]@ -310,12 +310,12 @@ For protocol 2,
+ forward security is provided through a Diffie-Hellman key agreement.
+ This key agreement results in a shared session key.
+ The rest of the session is encrypted using a symmetric cipher, currently
+-128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES.
++128-bit AES, Blowfish, 3DES, 192-bit AES, or 256-bit AES.
+ The client selects the encryption algorithm
+ to use from those offered by the server.
+ Additionally, session integrity is provided
+ through a cryptographic message authentication code
+-(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160,
++(hmac-sha1, umac-64, umac-128, hmac-ripemd160,
+ hmac-sha2-256 or hmac-sha2-512).
+ .Pp
+ Finally, the server and the client enter an authentication dialog.
--- a/components/openssh/service-network-ssh.p5m	Wed Aug 03 09:12:12 2016 -0700
+++ b/components/openssh/service-network-ssh.p5m	Wed Aug 03 10:59:43 2016 -0700
@@ -33,7 +33,7 @@
 set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
 set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
 set name=org.opensolaris.arc-caseid value=PSARC/2015/227 value=PSARC/2016/216 \
-    value=PSARC/2016/348
+    value=PSARC/2016/348 value=PSARC/2016/441
 set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
 file sources/sshd-gssapi path=etc/pam.d/sshd-gssapi group=sys mode=0644 \
     overlay=allow preserve=renamenew