[yocto] [meta-openssl102-fips][PATCH 2/15] openssh_8.%.bbappend: support fips 140-2
Hongxu Jia
hongxu.jia at windriver.com
Sun Sep 22 07:56:55 PDT 2019
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
.../openssh/openssh/0001-openssh-8.0p1-fips.patch | 528 +++++++++++++++++++++
recipes-connectivity/openssh/openssh_8.%.bbappend | 4 +
recipes-connectivity/openssh/openssh_fips.inc | 8 +
3 files changed, 540 insertions(+)
create mode 100644 recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
create mode 100644 recipes-connectivity/openssh/openssh_8.%.bbappend
create mode 100644 recipes-connectivity/openssh/openssh_fips.inc
diff --git a/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
new file mode 100644
index 0000000..fd0a411
--- /dev/null
+++ b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
@@ -0,0 +1,528 @@
+From 255e5dcdec36df7222f69b253dfc05be63927ed2 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia at windriver.com>
+Date: Fri, 20 Sep 2019 17:59:00 +0800
+Subject: [PATCH] openssh 8.0p1 fips
+
+Port openssh-7.7p1-fips.patch from Fedora
+https://src.fedoraproject.org/rpms/openssh.git
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
+---
+ Makefile.in | 14 +++++++-------
+ cipher-ctr.c | 3 ++-
+ clientloop.c | 3 ++-
+ dh.c | 40 ++++++++++++++++++++++++++++++++++++++++
+ dh.h | 1 +
+ kex.c | 5 ++++-
+ kexgexc.c | 5 +++++
+ myproposal.h | 40 ++++++++++++++++++++++++++++++++++++++++
+ readconf.c | 17 +++++++++--------
+ sandbox-seccomp-filter.c | 3 +++
+ servconf.c | 19 ++++++++++---------
+ ssh-keygen.c | 6 ++++++
+ ssh.c | 16 ++++++++++++++++
+ sshconnect2.c | 11 ++++++++---
+ sshd.c | 19 +++++++++++++++++++
+ sshkey.c | 4 ++++
+ 16 files changed, 176 insertions(+), 30 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 6f001bb..ddd1804 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -170,31 +170,31 @@ libssh.a: $(LIBSSH_OBJS)
+ $(RANLIB) $@
+
+ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
+- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
++ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS) $(GSSLIBS)
+
+ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
+- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
++ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
+
+ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
+ $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
+- $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++ $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+
+ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
+- $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++ $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+
+ ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
+- $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++ $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+
+ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o
+- $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++ $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+
+ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
+ $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+- $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
++ $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
+
+ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
+ $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+diff --git a/cipher-ctr.c b/cipher-ctr.c
+index 32771f2..74fac3b 100644
+--- a/cipher-ctr.c
++++ b/cipher-ctr.c
+@@ -138,7 +138,8 @@ evp_aes_128_ctr(void)
+ aes_ctr.do_cipher = ssh_aes_ctr;
+ #ifndef SSH_OLD_EVP
+ aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
+- EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
++ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV |
++ EVP_CIPH_FLAG_FIPS;
+ #endif
+ return (&aes_ctr);
+ }
+diff --git a/clientloop.c b/clientloop.c
+index 086c0df..0b308d4 100644
+--- a/clientloop.c
++++ b/clientloop.c
+@@ -2036,7 +2036,8 @@ key_accepted_by_hostkeyalgs(const struct sshkey *key)
+ {
+ const char *ktype = sshkey_ssh_name(key);
+ const char *hostkeyalgs = options.hostkeyalgorithms != NULL ?
+- options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG;
++ options.hostkeyalgorithms : (FIPS_mode() ?
++ KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG);
+
+ if (key == NULL || key->type == KEY_UNSPEC)
+ return 0;
+diff --git a/dh.c b/dh.c
+index a98d39e..92e800a 100644
+--- a/dh.c
++++ b/dh.c
+@@ -152,6 +152,12 @@ choose_dh(int min, int wantbits, int max)
+ int best, bestcount, which, linenum;
+ struct dhgroup dhg;
+
++ if (FIPS_mode()) {
++ logit("Using arbitrary primes is not allowed in FIPS mode."
++ " Falling back to known groups.");
++ return (dh_new_group_fallback(max));
++ }
++
+ if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
+ logit("WARNING: could not open %s (%s), using fixed modulus",
+ _PATH_DH_MODULI, strerror(errno));
+@@ -489,4 +495,38 @@ dh_estimate(int bits)
+ return 8192;
+ }
+
++/*
++ * Compares the received DH parameters with known-good groups,
++ * which might be either from group14, group16 or group18.
++ */
++int
++dh_is_known_group(const DH *dh)
++{
++ const BIGNUM *p, *g;
++ const BIGNUM *known_p, *known_g;
++ DH *known = NULL;
++ int bits = 0, rv = 0;
++
++ DH_get0_pqg(dh, &p, NULL, &g);
++ bits = BN_num_bits(p);
++
++ if (bits <= 3072) {
++ known = dh_new_group14();
++ } else if (bits <= 6144) {
++ known = dh_new_group16();
++ } else {
++ known = dh_new_group18();
++ }
++
++ DH_get0_pqg(known, &known_p, NULL, &known_g);
++
++ if (BN_cmp(g, known_g) == 0 &&
++ BN_cmp(p, known_p) == 0) {
++ rv = 1;
++ }
++
++ DH_free(known);
++ return rv;
++}
++
+ #endif /* WITH_OPENSSL */
+diff --git a/dh.h b/dh.h
+index adb643a..5d1cad5 100644
+--- a/dh.h
++++ b/dh.h
+@@ -43,6 +43,7 @@ DH *dh_new_group_fallback(int);
+
+ int dh_gen_key(DH *, int);
+ int dh_pub_is_valid(const DH *, const BIGNUM *);
++int dh_is_known_group(const DH *);
+
+ u_int dh_estimate(int);
+
+diff --git a/kex.c b/kex.c
+index 34808b5..b356a26 100644
+--- a/kex.c
++++ b/kex.c
+@@ -161,7 +161,10 @@ kex_names_valid(const char *names)
+ for ((p = strsep(&cp, ",")); p && *p != '\0';
+ (p = strsep(&cp, ","))) {
+ if (kex_alg_by_name(p) == NULL) {
+- error("Unsupported KEX algorithm \"%.100s\"", p);
++ if (FIPS_mode())
++ error("\"%.100s\" is not allowed in FIPS mode", p);
++ else
++ error("Unsupported KEX algorithm \"%.100s\"", p);
+ free(s);
+ return 0;
+ }
+diff --git a/kexgexc.c b/kexgexc.c
+index 1c65b8a..b6b25bf 100644
+--- a/kexgexc.c
++++ b/kexgexc.c
+@@ -28,6 +28,7 @@
+
+ #ifdef WITH_OPENSSL
+
++#include <openssl/crypto.h>
+ #include <sys/types.h>
+
+ #include <openssl/dh.h>
+@@ -113,6 +114,10 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
+ r = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
++ if (FIPS_mode() && dh_is_known_group(kex->dh) == 0) {
++ r = SSH_ERR_INVALID_ARGUMENT;
++ goto out;
++ }
+ p = g = NULL; /* belong to kex->dh now */
+
+ /* generate and send 'e', client DH public key */
+diff --git a/myproposal.h b/myproposal.h
+index f167298..812d9a2 100644
+--- a/myproposal.h
++++ b/myproposal.h
+@@ -111,6 +111,14 @@
+ "rsa-sha2-256," \
+ "ssh-rsa"
+
++#define KEX_FIPS_PK_ALG \
++ HOSTKEY_ECDSA_CERT_METHODS \
++ "ssh-rsa-cert-v01 at openssh.com," \
++ HOSTKEY_ECDSA_METHODS \
++ "rsa-sha2-512," \
++ "rsa-sha2-256," \
++ "ssh-rsa"
++
+ /* the actual algorithms */
+
+ #define KEX_SERVER_ENCRYPT \
+@@ -134,6 +142,38 @@
+
+ #define KEX_CLIENT_MAC KEX_SERVER_MAC
+
++#define KEX_FIPS_ENCRYPT \
++ "aes128-ctr,aes192-ctr,aes256-ctr," \
++ "aes128-cbc,3des-cbc," \
++ "aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se" \
++ AESGCM_CIPHER_MODES
++#ifdef HAVE_EVP_SHA256
++# define KEX_DEFAULT_KEX_FIPS \
++ KEX_ECDH_METHODS \
++ KEX_SHA2_METHODS \
++ "diffie-hellman-group14-sha256"
++# define KEX_FIPS_MAC \
++ "hmac-sha1," \
++ "hmac-sha2-256," \
++ "hmac-sha2-512," \
++ "hmac-sha1-etm at openssh.com," \
++ "hmac-sha2-256-etm at openssh.com," \
++ "hmac-sha2-512-etm at openssh.com"
++#else
++# ifdef OPENSSL_HAS_NISTP521
++# define KEX_DEFAULT_KEX_FIPS \
++ "ecdh-sha2-nistp256," \
++ "ecdh-sha2-nistp384," \
++ "ecdh-sha2-nistp521"
++# else
++# define KEX_DEFAULT_KEX_FIPS \
++ "ecdh-sha2-nistp256," \
++ "ecdh-sha2-nistp384"
++# endif
++#define KEX_FIPS_MAC \
++ "hmac-sha1"
++#endif
++
+ /* Not a KEX value, but here so all the algorithm defaults are together */
+ #define SSH_ALLOWED_CA_SIGALGS \
+ "ecdsa-sha2-nistp256," \
+diff --git a/readconf.c b/readconf.c
+index ec497e7..1f1a16d 100644
+--- a/readconf.c
++++ b/readconf.c
+@@ -2116,18 +2116,19 @@ fill_default_options(Options * options)
+ all_kex = kex_alg_list(',');
+ all_key = sshkey_alg_list(0, 0, 1, ',');
+ all_sig = sshkey_alg_list(0, 1, 1, ',');
+-#define ASSEMBLE(what, defaults, all) \
++#define ASSEMBLE(what, defaults, fips_defaults, all) \
+ do { \
+ if ((r = kex_assemble_names(&options->what, \
+- defaults, all)) != 0) \
++ (FIPS_mode() ? fips_defaults : defaults), \
++ all)) != 0) \
+ fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
+ } while (0)
+- ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, all_cipher);
+- ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac);
+- ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex);
+- ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
+- ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
+- ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
++ ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
++ ASSEMBLE(macs, KEX_CLIENT_MAC, KEX_FIPS_MAC, all_mac);
++ ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
++ ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
++ ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
++ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
+ #undef ASSEMBLE
+ free(all_cipher);
+ free(all_mac);
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 5edbc69..3c40136 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -137,6 +137,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_open
+ SC_DENY(__NR_open, EACCES),
+ #endif
++#ifdef __NR_socket
++ SC_DENY(__NR_socket, EACCES),
++#endif
+ #ifdef __NR_openat
+ SC_DENY(__NR_openat, EACCES),
+ #endif
+diff --git a/servconf.c b/servconf.c
+index ffac5d2..7ad0e4e 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -200,18 +200,19 @@ assemble_algorithms(ServerOptions *o)
+ all_kex = kex_alg_list(',');
+ all_key = sshkey_alg_list(0, 0, 1, ',');
+ all_sig = sshkey_alg_list(0, 1, 1, ',');
+-#define ASSEMBLE(what, defaults, all) \
++#define ASSEMBLE(what, defaults, fips_defaults, all) \
+ do { \
+- if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
++ if ((r = kex_assemble_names(&o->what, (FIPS_mode() \
++ ? fips_defaults : defaults), all)) != 0) \
+ fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
+ } while (0)
+- ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
+- ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
+- ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
+- ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
+- ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
+- ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
+- ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
++ ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
++ ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
++ ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
++ ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
++ ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
++ ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
++ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
+ #undef ASSEMBLE
+ free(all_cipher);
+ free(all_mac);
+diff --git a/ssh-keygen.c b/ssh-keygen.c
+index 3898b28..f3f4975 100644
+--- a/ssh-keygen.c
++++ b/ssh-keygen.c
+@@ -199,6 +199,12 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
+ OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
+ if (*bitsp > maxbits)
+ fatal("key bits exceeds maximum %d", maxbits);
++ if (FIPS_mode()) {
++ if (type == KEY_DSA)
++ fatal("DSA keys are not allowed in FIPS mode");
++ if (type == KEY_ED25519)
++ fatal("ED25519 keys are not allowed in FIPS mode");
++ }
+ switch (type) {
+ case KEY_DSA:
+ if (*bitsp != 1024)
+diff --git a/ssh.c b/ssh.c
+index 91e7c35..1cf14f6 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -76,6 +76,8 @@
+ #include <openssl/evp.h>
+ #include <openssl/err.h>
+ #endif
++#include <openssl/crypto.h>
++#include <fipscheck.h>
+ #include "openbsd-compat/openssl-compat.h"
+ #include "openbsd-compat/sys-queue.h"
+
+@@ -600,6 +602,16 @@ main(int ac, char **av)
+ sanitise_stdfd();
+
+ __progname = ssh_get_progname(av[0]);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ SSLeay_add_all_algorithms();
++#endif
++ if (access("/etc/system-fips", F_OK) == 0)
++ if (! FIPSCHECK_verify(NULL, NULL)){
++ if (FIPS_mode())
++ fatal("FIPS integrity verification test failed.");
++ else
++ logit("FIPS integrity verification test failed.");
++ }
+
+ #ifndef HAVE_SETPROCTITLE
+ /* Prepare for later setproctitle emulation */
+@@ -614,6 +626,10 @@ main(int ac, char **av)
+
+ seed_rng();
+
++ if (FIPS_mode()) {
++ logit("FIPS mode initialized");
++ }
++
+ /*
+ * Discard other fds that are hanging around. These can cause problem
+ * with backgrounded ssh processes started by ControlPersist.
+diff --git a/sshconnect2.c b/sshconnect2.c
+index dffee90..28b2554 100644
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -44,6 +44,8 @@
+ #include <vis.h>
+ #endif
+
++#include <openssl/crypto.h>
++
+ #include "openbsd-compat/sys-queue.h"
+
+ #include "xmalloc.h"
+@@ -117,7 +119,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
+ for (i = 0; i < options.num_system_hostfiles; i++)
+ load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
+
+- oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG);
++ oavail = avail = xstrdup((FIPS_mode()
++ ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG));
+ maxlen = strlen(avail) + 1;
+ first = xmalloc(maxlen);
+ last = xmalloc(maxlen);
+@@ -179,14 +182,16 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
+ if (options.hostkeyalgorithms != NULL) {
+ all_key = sshkey_alg_list(0, 0, 1, ',');
+ if (kex_assemble_names(&options.hostkeyalgorithms,
+- KEX_DEFAULT_PK_ALG, all_key) != 0)
++ (FIPS_mode() ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG),
++ all_key) != 0)
+ fatal("%s: kex_assemble_namelist", __func__);
+ free(all_key);
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ compat_pkalg_proposal(options.hostkeyalgorithms);
+ } else {
+ /* Enforce default */
+- options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
++ options.hostkeyalgorithms = xstrdup((FIPS_mode()
++ ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG));
+ /* Prefer algorithms that we already have keys for */
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ compat_pkalg_proposal(
+diff --git a/sshd.c b/sshd.c
+index a3c1975..bf25d76 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -66,6 +66,7 @@
+ #include <grp.h>
+ #include <pwd.h>
+ #include <signal.h>
++#include <syslog.h>
+ #include <stdarg.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -77,6 +78,8 @@
+ #include <openssl/dh.h>
+ #include <openssl/bn.h>
+ #include <openssl/rand.h>
++#include <openssl/crypto.h>
++#include <fipscheck.h>
+ #include "openbsd-compat/openssl-compat.h"
+ #endif
+
+@@ -1447,6 +1450,18 @@ main(int ac, char **av)
+ #endif
+ __progname = ssh_get_progname(av[0]);
+
++ OpenSSL_add_all_algorithms();
++ if (access("/etc/system-fips", F_OK) == 0)
++ if (! FIPSCHECK_verify(NULL, NULL)) {
++ openlog(__progname, LOG_PID, LOG_AUTHPRIV);
++ if (FIPS_mode()) {
++ syslog(LOG_CRIT, "FIPS integrity verification test failed.");
++ cleanup_exit(255);
++ }
++ else
++ syslog(LOG_INFO, "FIPS integrity verification test failed.");
++ closelog();
++ }
+ /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
+ saved_argc = ac;
+ rexec_argc = ac;
+@@ -1905,6 +1920,10 @@ main(int ac, char **av)
+ /* Reinitialize the log (because of the fork above). */
+ log_init(__progname, options.log_level, options.log_facility, log_stderr);
+
++ if (FIPS_mode()) {
++ logit("FIPS mode initialized");
++ }
++
+ /* Chdir to the root directory so that the current disk can be
+ unmounted if desired. */
+ if (chdir("/") == -1)
+diff --git a/sshkey.c b/sshkey.c
+index ad19577..18906cb 100644
+--- a/sshkey.c
++++ b/sshkey.c
+@@ -34,6 +34,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/err.h>
+ #include <openssl/pem.h>
++#include <openssl/crypto.h>
+ #endif
+
+ #include "crypto_api.h"
+@@ -57,6 +58,7 @@
+ #include "sshkey.h"
+ #include "sshkey-xmss.h"
+ #include "match.h"
++#include "log.h"
+
+ #include "xmss_fast.h"
+
+@@ -1481,6 +1483,8 @@ rsa_generate_private_key(u_int bits, RSA **rsap)
+ }
+ if (!BN_set_word(f4, RSA_F4) ||
+ !RSA_generate_key_ex(private, bits, f4, NULL)) {
++ if (FIPS_mode())
++ logit("%s: the key length might be unsupported by FIPS mode approved key generation method", __func__);
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+--
+2.7.4
+
diff --git a/recipes-connectivity/openssh/openssh_8.%.bbappend b/recipes-connectivity/openssh/openssh_8.%.bbappend
new file mode 100644
index 0000000..07799f6
--- /dev/null
+++ b/recipes-connectivity/openssh/openssh_8.%.bbappend
@@ -0,0 +1,4 @@
+FIPSINC = ""
+FIPSINC_class-target = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else 'openssh_fips.inc'}"
+
+require ${FIPSINC}
diff --git a/recipes-connectivity/openssh/openssh_fips.inc b/recipes-connectivity/openssh/openssh_fips.inc
new file mode 100644
index 0000000..99a3482
--- /dev/null
+++ b/recipes-connectivity/openssh/openssh_fips.inc
@@ -0,0 +1,8 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/openssh:"
+DEPENDS += " \
+ openssl-fips \
+ fipscheck \
+"
+SRC_URI += " \
+ file://0001-openssh-8.0p1-fips.patch \
+"
--
2.7.4
More information about the yocto
mailing list