[yocto] [meta-openssl102-fips][PATCH 2/15] openssh_8.%.bbappend: support fips 140-2
Mark Hatle
mark.hatle at kernel.crashing.org
Mon Sep 23 07:13:17 PDT 2019
On 9/22/19 9:56 AM, Hongxu Jia wrote:
> Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
> ---
> .../openssh/openssh/0001-openssh-8.0p1-fips.patch | 528 +++++++++++++++++++++
> recipes-connectivity/openssh/openssh_8.%.bbappend | 4 +
> recipes-connectivity/openssh/openssh_fips.inc | 8 +
> 3 files changed, 540 insertions(+)
> create mode 100644 recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
> create mode 100644 recipes-connectivity/openssh/openssh_8.%.bbappend
> create mode 100644 recipes-connectivity/openssh/openssh_fips.inc
>
> diff --git a/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
> new file mode 100644
> index 0000000..fd0a411
> --- /dev/null
> +++ b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
> @@ -0,0 +1,528 @@
> +From 255e5dcdec36df7222f69b253dfc05be63927ed2 Mon Sep 17 00:00:00 2001
> +From: Hongxu Jia <hongxu.jia at windriver.com>
> +Date: Fri, 20 Sep 2019 17:59:00 +0800
> +Subject: [PATCH] openssh 8.0p1 fips
> +
> +Port openssh-7.7p1-fips.patch from Fedora
> +https://src.fedoraproject.org/rpms/openssh.git
Can you include the commit id of the Fedora version where you pulled the patch from?
This will make it easier to update in the future.
--Mark
> +Upstream-Status: Inappropriate [oe specific]
> +
> +Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
> +---
> + Makefile.in | 14 +++++++-------
> + cipher-ctr.c | 3 ++-
> + clientloop.c | 3 ++-
> + dh.c | 40 ++++++++++++++++++++++++++++++++++++++++
> + dh.h | 1 +
> + kex.c | 5 ++++-
> + kexgexc.c | 5 +++++
> + myproposal.h | 40 ++++++++++++++++++++++++++++++++++++++++
> + readconf.c | 17 +++++++++--------
> + sandbox-seccomp-filter.c | 3 +++
> + servconf.c | 19 ++++++++++---------
> + ssh-keygen.c | 6 ++++++
> + ssh.c | 16 ++++++++++++++++
> + sshconnect2.c | 11 ++++++++---
> + sshd.c | 19 +++++++++++++++++++
> + sshkey.c | 4 ++++
> + 16 files changed, 176 insertions(+), 30 deletions(-)
> +
> +diff --git a/Makefile.in b/Makefile.in
> +index 6f001bb..ddd1804 100644
> +--- a/Makefile.in
> ++++ b/Makefile.in
> +@@ -170,31 +170,31 @@ libssh.a: $(LIBSSH_OBJS)
> + $(RANLIB) $@
> +
> + ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
> +- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
> ++ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS) $(GSSLIBS)
> +
> + sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
> +- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
> ++ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
> +
> + scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
> + $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
> +
> + ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
> +- $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
> ++ $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
> +
> + ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
> +- $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
> ++ $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
> +
> + ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
> +- $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
> ++ $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
> +
> + ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o
> +- $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
> ++ $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
> +
> + ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
> + $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
> +
> + ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
> +- $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
> ++ $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
> +
> + sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
> + $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
> +diff --git a/cipher-ctr.c b/cipher-ctr.c
> +index 32771f2..74fac3b 100644
> +--- a/cipher-ctr.c
> ++++ b/cipher-ctr.c
> +@@ -138,7 +138,8 @@ evp_aes_128_ctr(void)
> + aes_ctr.do_cipher = ssh_aes_ctr;
> + #ifndef SSH_OLD_EVP
> + aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
> +- EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
> ++ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV |
> ++ EVP_CIPH_FLAG_FIPS;
> + #endif
> + return (&aes_ctr);
> + }
> +diff --git a/clientloop.c b/clientloop.c
> +index 086c0df..0b308d4 100644
> +--- a/clientloop.c
> ++++ b/clientloop.c
> +@@ -2036,7 +2036,8 @@ key_accepted_by_hostkeyalgs(const struct sshkey *key)
> + {
> + const char *ktype = sshkey_ssh_name(key);
> + const char *hostkeyalgs = options.hostkeyalgorithms != NULL ?
> +- options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG;
> ++ options.hostkeyalgorithms : (FIPS_mode() ?
> ++ KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG);
> +
> + if (key == NULL || key->type == KEY_UNSPEC)
> + return 0;
> +diff --git a/dh.c b/dh.c
> +index a98d39e..92e800a 100644
> +--- a/dh.c
> ++++ b/dh.c
> +@@ -152,6 +152,12 @@ choose_dh(int min, int wantbits, int max)
> + int best, bestcount, which, linenum;
> + struct dhgroup dhg;
> +
> ++ if (FIPS_mode()) {
> ++ logit("Using arbitrary primes is not allowed in FIPS mode."
> ++ " Falling back to known groups.");
> ++ return (dh_new_group_fallback(max));
> ++ }
> ++
> + if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
> + logit("WARNING: could not open %s (%s), using fixed modulus",
> + _PATH_DH_MODULI, strerror(errno));
> +@@ -489,4 +495,38 @@ dh_estimate(int bits)
> + return 8192;
> + }
> +
> ++/*
> ++ * Compares the received DH parameters with known-good groups,
> ++ * which might be either from group14, group16 or group18.
> ++ */
> ++int
> ++dh_is_known_group(const DH *dh)
> ++{
> ++ const BIGNUM *p, *g;
> ++ const BIGNUM *known_p, *known_g;
> ++ DH *known = NULL;
> ++ int bits = 0, rv = 0;
> ++
> ++ DH_get0_pqg(dh, &p, NULL, &g);
> ++ bits = BN_num_bits(p);
> ++
> ++ if (bits <= 3072) {
> ++ known = dh_new_group14();
> ++ } else if (bits <= 6144) {
> ++ known = dh_new_group16();
> ++ } else {
> ++ known = dh_new_group18();
> ++ }
> ++
> ++ DH_get0_pqg(known, &known_p, NULL, &known_g);
> ++
> ++ if (BN_cmp(g, known_g) == 0 &&
> ++ BN_cmp(p, known_p) == 0) {
> ++ rv = 1;
> ++ }
> ++
> ++ DH_free(known);
> ++ return rv;
> ++}
> ++
> + #endif /* WITH_OPENSSL */
> +diff --git a/dh.h b/dh.h
> +index adb643a..5d1cad5 100644
> +--- a/dh.h
> ++++ b/dh.h
> +@@ -43,6 +43,7 @@ DH *dh_new_group_fallback(int);
> +
> + int dh_gen_key(DH *, int);
> + int dh_pub_is_valid(const DH *, const BIGNUM *);
> ++int dh_is_known_group(const DH *);
> +
> + u_int dh_estimate(int);
> +
> +diff --git a/kex.c b/kex.c
> +index 34808b5..b356a26 100644
> +--- a/kex.c
> ++++ b/kex.c
> +@@ -161,7 +161,10 @@ kex_names_valid(const char *names)
> + for ((p = strsep(&cp, ",")); p && *p != '\0';
> + (p = strsep(&cp, ","))) {
> + if (kex_alg_by_name(p) == NULL) {
> +- error("Unsupported KEX algorithm \"%.100s\"", p);
> ++ if (FIPS_mode())
> ++ error("\"%.100s\" is not allowed in FIPS mode", p);
> ++ else
> ++ error("Unsupported KEX algorithm \"%.100s\"", p);
> + free(s);
> + return 0;
> + }
> +diff --git a/kexgexc.c b/kexgexc.c
> +index 1c65b8a..b6b25bf 100644
> +--- a/kexgexc.c
> ++++ b/kexgexc.c
> +@@ -28,6 +28,7 @@
> +
> + #ifdef WITH_OPENSSL
> +
> ++#include <openssl/crypto.h>
> + #include <sys/types.h>
> +
> + #include <openssl/dh.h>
> +@@ -113,6 +114,10 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
> + r = SSH_ERR_ALLOC_FAIL;
> + goto out;
> + }
> ++ if (FIPS_mode() && dh_is_known_group(kex->dh) == 0) {
> ++ r = SSH_ERR_INVALID_ARGUMENT;
> ++ goto out;
> ++ }
> + p = g = NULL; /* belong to kex->dh now */
> +
> + /* generate and send 'e', client DH public key */
> +diff --git a/myproposal.h b/myproposal.h
> +index f167298..812d9a2 100644
> +--- a/myproposal.h
> ++++ b/myproposal.h
> +@@ -111,6 +111,14 @@
> + "rsa-sha2-256," \
> + "ssh-rsa"
> +
> ++#define KEX_FIPS_PK_ALG \
> ++ HOSTKEY_ECDSA_CERT_METHODS \
> ++ "ssh-rsa-cert-v01 at openssh.com," \
> ++ HOSTKEY_ECDSA_METHODS \
> ++ "rsa-sha2-512," \
> ++ "rsa-sha2-256," \
> ++ "ssh-rsa"
> ++
> + /* the actual algorithms */
> +
> + #define KEX_SERVER_ENCRYPT \
> +@@ -134,6 +142,38 @@
> +
> + #define KEX_CLIENT_MAC KEX_SERVER_MAC
> +
> ++#define KEX_FIPS_ENCRYPT \
> ++ "aes128-ctr,aes192-ctr,aes256-ctr," \
> ++ "aes128-cbc,3des-cbc," \
> ++ "aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se" \
> ++ AESGCM_CIPHER_MODES
> ++#ifdef HAVE_EVP_SHA256
> ++# define KEX_DEFAULT_KEX_FIPS \
> ++ KEX_ECDH_METHODS \
> ++ KEX_SHA2_METHODS \
> ++ "diffie-hellman-group14-sha256"
> ++# define KEX_FIPS_MAC \
> ++ "hmac-sha1," \
> ++ "hmac-sha2-256," \
> ++ "hmac-sha2-512," \
> ++ "hmac-sha1-etm at openssh.com," \
> ++ "hmac-sha2-256-etm at openssh.com," \
> ++ "hmac-sha2-512-etm at openssh.com"
> ++#else
> ++# ifdef OPENSSL_HAS_NISTP521
> ++# define KEX_DEFAULT_KEX_FIPS \
> ++ "ecdh-sha2-nistp256," \
> ++ "ecdh-sha2-nistp384," \
> ++ "ecdh-sha2-nistp521"
> ++# else
> ++# define KEX_DEFAULT_KEX_FIPS \
> ++ "ecdh-sha2-nistp256," \
> ++ "ecdh-sha2-nistp384"
> ++# endif
> ++#define KEX_FIPS_MAC \
> ++ "hmac-sha1"
> ++#endif
> ++
> + /* Not a KEX value, but here so all the algorithm defaults are together */
> + #define SSH_ALLOWED_CA_SIGALGS \
> + "ecdsa-sha2-nistp256," \
> +diff --git a/readconf.c b/readconf.c
> +index ec497e7..1f1a16d 100644
> +--- a/readconf.c
> ++++ b/readconf.c
> +@@ -2116,18 +2116,19 @@ fill_default_options(Options * options)
> + all_kex = kex_alg_list(',');
> + all_key = sshkey_alg_list(0, 0, 1, ',');
> + all_sig = sshkey_alg_list(0, 1, 1, ',');
> +-#define ASSEMBLE(what, defaults, all) \
> ++#define ASSEMBLE(what, defaults, fips_defaults, all) \
> + do { \
> + if ((r = kex_assemble_names(&options->what, \
> +- defaults, all)) != 0) \
> ++ (FIPS_mode() ? fips_defaults : defaults), \
> ++ all)) != 0) \
> + fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
> + } while (0)
> +- ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, all_cipher);
> +- ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac);
> +- ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex);
> +- ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
> +- ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
> +- ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
> ++ ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
> ++ ASSEMBLE(macs, KEX_CLIENT_MAC, KEX_FIPS_MAC, all_mac);
> ++ ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
> ++ ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
> ++ ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
> ++ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
> + #undef ASSEMBLE
> + free(all_cipher);
> + free(all_mac);
> +diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
> +index 5edbc69..3c40136 100644
> +--- a/sandbox-seccomp-filter.c
> ++++ b/sandbox-seccomp-filter.c
> +@@ -137,6 +137,9 @@ static const struct sock_filter preauth_insns[] = {
> + #ifdef __NR_open
> + SC_DENY(__NR_open, EACCES),
> + #endif
> ++#ifdef __NR_socket
> ++ SC_DENY(__NR_socket, EACCES),
> ++#endif
> + #ifdef __NR_openat
> + SC_DENY(__NR_openat, EACCES),
> + #endif
> +diff --git a/servconf.c b/servconf.c
> +index ffac5d2..7ad0e4e 100644
> +--- a/servconf.c
> ++++ b/servconf.c
> +@@ -200,18 +200,19 @@ assemble_algorithms(ServerOptions *o)
> + all_kex = kex_alg_list(',');
> + all_key = sshkey_alg_list(0, 0, 1, ',');
> + all_sig = sshkey_alg_list(0, 1, 1, ',');
> +-#define ASSEMBLE(what, defaults, all) \
> ++#define ASSEMBLE(what, defaults, fips_defaults, all) \
> + do { \
> +- if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
> ++ if ((r = kex_assemble_names(&o->what, (FIPS_mode() \
> ++ ? fips_defaults : defaults), all)) != 0) \
> + fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
> + } while (0)
> +- ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
> +- ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
> +- ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
> +- ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
> +- ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
> +- ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
> +- ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
> ++ ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
> ++ ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
> ++ ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
> ++ ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
> ++ ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
> ++ ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
> ++ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
> + #undef ASSEMBLE
> + free(all_cipher);
> + free(all_mac);
> +diff --git a/ssh-keygen.c b/ssh-keygen.c
> +index 3898b28..f3f4975 100644
> +--- a/ssh-keygen.c
> ++++ b/ssh-keygen.c
> +@@ -199,6 +199,12 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
> + OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
> + if (*bitsp > maxbits)
> + fatal("key bits exceeds maximum %d", maxbits);
> ++ if (FIPS_mode()) {
> ++ if (type == KEY_DSA)
> ++ fatal("DSA keys are not allowed in FIPS mode");
> ++ if (type == KEY_ED25519)
> ++ fatal("ED25519 keys are not allowed in FIPS mode");
> ++ }
> + switch (type) {
> + case KEY_DSA:
> + if (*bitsp != 1024)
> +diff --git a/ssh.c b/ssh.c
> +index 91e7c35..1cf14f6 100644
> +--- a/ssh.c
> ++++ b/ssh.c
> +@@ -76,6 +76,8 @@
> + #include <openssl/evp.h>
> + #include <openssl/err.h>
> + #endif
> ++#include <openssl/crypto.h>
> ++#include <fipscheck.h>
> + #include "openbsd-compat/openssl-compat.h"
> + #include "openbsd-compat/sys-queue.h"
> +
> +@@ -600,6 +602,16 @@ main(int ac, char **av)
> + sanitise_stdfd();
> +
> + __progname = ssh_get_progname(av[0]);
> ++#if OPENSSL_VERSION_NUMBER < 0x10100000L
> ++ SSLeay_add_all_algorithms();
> ++#endif
> ++ if (access("/etc/system-fips", F_OK) == 0)
> ++ if (! FIPSCHECK_verify(NULL, NULL)){
> ++ if (FIPS_mode())
> ++ fatal("FIPS integrity verification test failed.");
> ++ else
> ++ logit("FIPS integrity verification test failed.");
> ++ }
> +
> + #ifndef HAVE_SETPROCTITLE
> + /* Prepare for later setproctitle emulation */
> +@@ -614,6 +626,10 @@ main(int ac, char **av)
> +
> + seed_rng();
> +
> ++ if (FIPS_mode()) {
> ++ logit("FIPS mode initialized");
> ++ }
> ++
> + /*
> + * Discard other fds that are hanging around. These can cause problem
> + * with backgrounded ssh processes started by ControlPersist.
> +diff --git a/sshconnect2.c b/sshconnect2.c
> +index dffee90..28b2554 100644
> +--- a/sshconnect2.c
> ++++ b/sshconnect2.c
> +@@ -44,6 +44,8 @@
> + #include <vis.h>
> + #endif
> +
> ++#include <openssl/crypto.h>
> ++
> + #include "openbsd-compat/sys-queue.h"
> +
> + #include "xmalloc.h"
> +@@ -117,7 +119,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
> + for (i = 0; i < options.num_system_hostfiles; i++)
> + load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
> +
> +- oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG);
> ++ oavail = avail = xstrdup((FIPS_mode()
> ++ ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG));
> + maxlen = strlen(avail) + 1;
> + first = xmalloc(maxlen);
> + last = xmalloc(maxlen);
> +@@ -179,14 +182,16 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
> + if (options.hostkeyalgorithms != NULL) {
> + all_key = sshkey_alg_list(0, 0, 1, ',');
> + if (kex_assemble_names(&options.hostkeyalgorithms,
> +- KEX_DEFAULT_PK_ALG, all_key) != 0)
> ++ (FIPS_mode() ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG),
> ++ all_key) != 0)
> + fatal("%s: kex_assemble_namelist", __func__);
> + free(all_key);
> + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
> + compat_pkalg_proposal(options.hostkeyalgorithms);
> + } else {
> + /* Enforce default */
> +- options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
> ++ options.hostkeyalgorithms = xstrdup((FIPS_mode()
> ++ ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG));
> + /* Prefer algorithms that we already have keys for */
> + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
> + compat_pkalg_proposal(
> +diff --git a/sshd.c b/sshd.c
> +index a3c1975..bf25d76 100644
> +--- a/sshd.c
> ++++ b/sshd.c
> +@@ -66,6 +66,7 @@
> + #include <grp.h>
> + #include <pwd.h>
> + #include <signal.h>
> ++#include <syslog.h>
> + #include <stdarg.h>
> + #include <stdio.h>
> + #include <stdlib.h>
> +@@ -77,6 +78,8 @@
> + #include <openssl/dh.h>
> + #include <openssl/bn.h>
> + #include <openssl/rand.h>
> ++#include <openssl/crypto.h>
> ++#include <fipscheck.h>
> + #include "openbsd-compat/openssl-compat.h"
> + #endif
> +
> +@@ -1447,6 +1450,18 @@ main(int ac, char **av)
> + #endif
> + __progname = ssh_get_progname(av[0]);
> +
> ++ OpenSSL_add_all_algorithms();
> ++ if (access("/etc/system-fips", F_OK) == 0)
> ++ if (! FIPSCHECK_verify(NULL, NULL)) {
> ++ openlog(__progname, LOG_PID, LOG_AUTHPRIV);
> ++ if (FIPS_mode()) {
> ++ syslog(LOG_CRIT, "FIPS integrity verification test failed.");
> ++ cleanup_exit(255);
> ++ }
> ++ else
> ++ syslog(LOG_INFO, "FIPS integrity verification test failed.");
> ++ closelog();
> ++ }
> + /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
> + saved_argc = ac;
> + rexec_argc = ac;
> +@@ -1905,6 +1920,10 @@ main(int ac, char **av)
> + /* Reinitialize the log (because of the fork above). */
> + log_init(__progname, options.log_level, options.log_facility, log_stderr);
> +
> ++ if (FIPS_mode()) {
> ++ logit("FIPS mode initialized");
> ++ }
> ++
> + /* Chdir to the root directory so that the current disk can be
> + unmounted if desired. */
> + if (chdir("/") == -1)
> +diff --git a/sshkey.c b/sshkey.c
> +index ad19577..18906cb 100644
> +--- a/sshkey.c
> ++++ b/sshkey.c
> +@@ -34,6 +34,7 @@
> + #include <openssl/evp.h>
> + #include <openssl/err.h>
> + #include <openssl/pem.h>
> ++#include <openssl/crypto.h>
> + #endif
> +
> + #include "crypto_api.h"
> +@@ -57,6 +58,7 @@
> + #include "sshkey.h"
> + #include "sshkey-xmss.h"
> + #include "match.h"
> ++#include "log.h"
> +
> + #include "xmss_fast.h"
> +
> +@@ -1481,6 +1483,8 @@ rsa_generate_private_key(u_int bits, RSA **rsap)
> + }
> + if (!BN_set_word(f4, RSA_F4) ||
> + !RSA_generate_key_ex(private, bits, f4, NULL)) {
> ++ if (FIPS_mode())
> ++ logit("%s: the key length might be unsupported by FIPS mode approved key generation method", __func__);
> + ret = SSH_ERR_LIBCRYPTO_ERROR;
> + goto out;
> + }
> +--
> +2.7.4
> +
> diff --git a/recipes-connectivity/openssh/openssh_8.%.bbappend b/recipes-connectivity/openssh/openssh_8.%.bbappend
> new file mode 100644
> index 0000000..07799f6
> --- /dev/null
> +++ b/recipes-connectivity/openssh/openssh_8.%.bbappend
> @@ -0,0 +1,4 @@
> +FIPSINC = ""
> +FIPSINC_class-target = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else 'openssh_fips.inc'}"
> +
> +require ${FIPSINC}
> diff --git a/recipes-connectivity/openssh/openssh_fips.inc b/recipes-connectivity/openssh/openssh_fips.inc
> new file mode 100644
> index 0000000..99a3482
> --- /dev/null
> +++ b/recipes-connectivity/openssh/openssh_fips.inc
> @@ -0,0 +1,8 @@
> +FILESEXTRAPATHS_prepend := "${THISDIR}/openssh:"
> +DEPENDS += " \
> + openssl-fips \
> + fipscheck \
> +"
> +SRC_URI += " \
> + file://0001-openssh-8.0p1-fips.patch \
> +"
>
More information about the yocto
mailing list