Accepting request 779739 from home:hpjansson:branches:network

Add openssh-8.1p1-use-openssl-kdf.patch (jsc#SLE-9443). This
  performs key derivation using OpenSSL's SSHKDF facility, which
  allows OpenSSH to benefit from the former's FIPS certification
  status.

Make sure ssh-keygen runs if SSHD_AUTO_KEYGEN variable is unset
  or contains an unrecognized value (bsc#1157176).

OBS-URL: https://build.opensuse.org/request/show/779739
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=205
This commit is contained in:
Vítězslav Čížek 2020-02-28 12:19:42 +00:00 committed by Git OBS Bridge
parent b71bd2f41b
commit 302f567739
5 changed files with 186 additions and 8 deletions

View File

@ -0,0 +1,157 @@
diff --git a/kex.c b/kex.c
index 96e44a5..7cd37d6 100644
--- a/kex.c
+++ b/kex.c
@@ -38,6 +38,7 @@
#ifdef WITH_OPENSSL
#include <openssl/crypto.h>
#include <openssl/dh.h>
+#include <openssl/kdf.h>
#endif
#include "ssh.h"
@@ -1109,8 +1110,92 @@ kex_choose_conf(struct ssh *ssh)
return r;
}
+#ifdef WITH_OPENSSL
+
+static const EVP_MD *
+get_openssl_md_for_hash_alg (int hash_alg)
+{
+ if (hash_alg < 0 || hash_alg >= SSH_DIGEST_MAX)
+ return NULL;
+
+ switch (hash_alg)
+ {
+ case SSH_DIGEST_MD5:
+ return EVP_md5();
+ case SSH_DIGEST_SHA1:
+ return EVP_sha1();
+ case SSH_DIGEST_SHA256:
+ return EVP_sha256();
+ case SSH_DIGEST_SHA384:
+ return EVP_sha384();
+ case SSH_DIGEST_SHA512:
+ return EVP_sha512();
+ default:
+ break;
+ }
+
+ return NULL;
+}
+
static int
-derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
+derive_key_via_openssl(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
+ const struct sshbuf *shared_secret, u_char **keyp)
+{
+ struct kex *kex = ssh->kex;
+ EVP_KDF_CTX *hashctx = NULL;
+ const EVP_MD *md = NULL;
+ u_char *digest = NULL;
+ int r = SSH_ERR_LIBCRYPTO_ERROR;
+
+ hashctx = EVP_KDF_CTX_new_id (EVP_KDF_SSHKDF);
+ if (!hashctx)
+ goto out;
+
+ md = get_openssl_md_for_hash_alg (kex->hash_alg);
+ if (!md)
+ goto out;
+
+ if (EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_MD,
+ md) != 1
+ || EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_KEY,
+ sshbuf_ptr(shared_secret), sshbuf_len(shared_secret)) != 1
+ || EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE,
+ (int) id) != 1
+ || EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
+ hash, (size_t) hashlen) != 1
+ || EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
+ kex->session_id, (size_t) kex->session_id_len) != 1)
+ goto out;
+
+ digest = calloc (1, need);
+ if (!digest) {
+ r = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+
+ if (EVP_KDF_derive (hashctx, digest, need) != 1)
+ goto out;
+
+ *keyp = digest;
+ digest = NULL;
+ r = 0;
+
+ out:
+ if (hashctx)
+ EVP_KDF_CTX_free(hashctx);
+
+ if (digest)
+ free(digest);
+
+ return r;
+}
+
+#else
+# error This version of openssh must be built with openssl to benefit from FIPS certification.
+#endif
+
+static int
+derive_key_via_internal(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
const struct sshbuf *shared_secret, u_char **keyp)
{
struct kex *kex = ssh->kex;
@@ -1174,6 +1259,50 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
return r;
}
+/* Belt and suspenders; we want the output from openssl because it's FIPS certified. However,
+ * if there's a bug in the implementation, we should not proceed. Minimize risk by requiring
+ * the implementations agree. */
+static int
+derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
+ const struct sshbuf *shared_secret, u_char **keyp)
+{
+#ifdef WITH_OPENSSL
+
+ u_char *buf_openssl = NULL, *buf_internal = NULL;
+ int r;
+
+ r = derive_key_via_openssl (ssh, id, need, hash, hashlen, shared_secret, &buf_openssl);
+ if (r != 0)
+ goto out;
+
+ r = derive_key_via_internal (ssh, id, need, hash, hashlen, shared_secret, &buf_internal);
+ if (r != 0)
+ goto out;
+
+ if (memcmp (buf_openssl, buf_internal, need))
+ {
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+
+ *keyp = buf_openssl;
+ buf_openssl = NULL;
+
+ out:
+ if (buf_openssl)
+ free (buf_openssl);
+ if (buf_internal)
+ free (buf_internal);
+
+ return r;
+
+#else
+
+ return derive_key_via_internal (ssh, id, need, hash, hashlen, shared_secret, keyp);
+
+#endif
+}
+
#define NKEYS 6
int
kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen,

View File

@ -1,7 +1,7 @@
#
# spec file for package openssh-askpass-gnome
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed

View File

@ -6,6 +6,20 @@ Tue Feb 18 14:47:36 UTC 2020 - Fabian Vogt <fvogt@suse.com>
* openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
* openssh-8.1p1-seccomp-clock_gettime64.patch
-------------------------------------------------------------------
Tue Feb 11 02:20:32 UTC 2020 - Hans Petter Jansson <hpj@suse.com>
- Add openssh-8.1p1-use-openssl-kdf.patch (jsc#SLE-9443). This
performs key derivation using OpenSSL's SSHKDF facility, which
allows OpenSSH to benefit from the former's FIPS certification
status.
-------------------------------------------------------------------
Thu Nov 21 04:49:22 UTC 2019 - Hans Petter Jansson <hpj@suse.com>
- Make sure ssh-keygen runs if SSHD_AUTO_KEYGEN variable is unset
or contains an unrecognized value (bsc#1157176).
-------------------------------------------------------------------
Fri Nov 8 18:05:37 UTC 2019 - Cristian Rodríguez <crrodriguez@opensuse.org>
@ -13,14 +27,20 @@ Fri Nov 8 18:05:37 UTC 2019 - Cristian Rodríguez <crrodriguez@opensuse.org>
glibc master implements multiple functions using that syscall making
the privsep sandbox kill the preauth process.
-------------------------------------------------------------------
Thu Oct 17 06:23:58 UTC 2019 - Hans Petter Jansson <hpj@suse.com>
- Update openssh-7.7p1-audit.patch to fix crash (bsc#1152730). Fix
by Enzo Matsumiya (ematsumiya@suse.com). This was integrated in
a separate code stream merged with the Oct. 10 update; the patch
was also rebased and renamed to openssh-8.1p1-audit.patch.
-------------------------------------------------------------------
Mon Oct 14 23:58:39 UTC 2019 - Hans Petter Jansson <hpj@suse.com>
- Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574).
This attempts to preserve the permissions of any existing
known_hosts file when modified by ssh-keygen (for instance,
with -R).
- Add patch from upstream openssh-7.9p1-revert-new-qos-defaults.patch
- Added openssh-7.9p1-revert-new-qos-defaults.patch, which reverts
an upstream commit that caused compatibility issues with other
software (bsc#1136402).
-------------------------------------------------------------------
Mon Oct 14 23:56:42 UTC 2019 - Hans Petter Jansson <hpj@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package openssh
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -102,6 +102,7 @@ Patch35: openssh-7.9p1-revert-new-qos-defaults.patch
Patch36: openssh-8.1p1-seccomp-clock_nanosleep.patch
Patch37: openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
Patch38: openssh-8.1p1-seccomp-clock_gettime64.patch
Patch39: openssh-8.1p1-use-openssl-kdf.patch
BuildRequires: audit-devel
BuildRequires: autoconf
BuildRequires: groff

View File

@ -2,7 +2,7 @@
. /etc/sysconfig/ssh
if [ "$SSHD_AUTO_KEYGEN" = "yes" ]; then
if [ "x$SSHD_AUTO_KEYGEN" != "xno" ]; then
echo "Checking for missing server keys in /etc/ssh"
ssh-keygen -A
fi