From 5fcc01190a60818029a1b79494a9d3b5f1e74dd5908d6f4e0ff0fdd5390c6974 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Wed, 27 Feb 2019 15:39:11 +0000 Subject: [PATCH 1/2] Accepting request 679869 from home:vitezslav_cizek:branches:network - Remove the "KexDHMin" config keyword (bsc#1127180) It used to allow lowering of the minimal allowed DH group size, which was increased to 2048 by upstream in the light of the Logjam attack. The code was broken since the upgrade to 7.6p1, but nobody noticed. As apparently no one needs the functionality any more, let's drop the patch. It's still possible to use the fixed 1024-bit diffie-hellman-group1-sha1 key exchange method when working with legacy systems. - drop openssh-7.7p1-disable_short_DH_parameters.patch - updated patches: openssh-7.7p1-fips.patch openssh-7.7p1-fips_checks.patch openssh-7.7p1-gssapi_key_exchange.patch OBS-URL: https://build.opensuse.org/request/show/679869 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=181 --- ...sh-7.7p1-disable_short_DH_parameters.patch | 425 ------------------ openssh-7.7p1-fips.patch | 230 +++------- openssh-7.7p1-fips_checks.patch | 45 +- openssh-7.7p1-gssapi_key_exchange.patch | 212 +++++---- openssh.changes | 18 + openssh.spec | 1 - 6 files changed, 204 insertions(+), 727 deletions(-) delete mode 100644 openssh-7.7p1-disable_short_DH_parameters.patch diff --git a/openssh-7.7p1-disable_short_DH_parameters.patch b/openssh-7.7p1-disable_short_DH_parameters.patch deleted file mode 100644 index d64a17c..0000000 --- a/openssh-7.7p1-disable_short_DH_parameters.patch +++ /dev/null @@ -1,425 +0,0 @@ -# HG changeset patch -# Parent 681914438b1a02c1940d19204138e9b8eacfda7b - -Raise minimal size of DH group parameters to 2048 bits like upstream did in -7.2. 1024b values are believed to be in breaking range for state adversaries -and the default moduli shipped with openssh have been around long enough to -make it more likely for them to be broken. - -Also provide an option that allows the client to accept shorter (RFC4419 -compliant) parameters. - -CVE-2015-4000 (LOGJAM) -bsc#932483 - -Index: openssh-7.9p1/dh.c -=================================================================== ---- openssh-7.9p1.orig/dh.c -+++ openssh-7.9p1/dh.c -@@ -45,6 +45,8 @@ - - #include "openbsd-compat/openssl-compat.h" - -+int dh_grp_min = DH_GRP_MIN; -+ - static int - parse_prime(int linenum, char *line, struct dhgroup *dhg) - { -Index: openssh-7.9p1/dh.h -=================================================================== ---- openssh-7.9p1.orig/dh.h -+++ openssh-7.9p1/dh.h -@@ -50,6 +50,7 @@ u_int dh_estimate(int); - * Max value from RFC4419. - * Miniumum increased in light of DH precomputation attacks. - */ -+#define DH_GRP_MIN_RFC 1024 - #define DH_GRP_MIN 2048 - #define DH_GRP_MAX 8192 - -Index: openssh-7.9p1/kexgexc.c -=================================================================== ---- openssh-7.9p1.orig/kexgexc.c -+++ openssh-7.9p1/kexgexc.c -@@ -53,6 +53,9 @@ - #include "sshbuf.h" - #include "misc.h" - -+/* import from dh.c */ -+extern int dh_grp_min; -+ - static int input_kex_dh_gex_group(int, u_int32_t, struct ssh *); - static int input_kex_dh_gex_reply(int, u_int32_t, struct ssh *); - -@@ -65,7 +68,7 @@ kexgex_client(struct ssh *ssh) - - nbits = dh_estimate(kex->dh_need * 8); - -- kex->min = DH_GRP_MIN; -+ kex->min = dh_grp_min; - kex->max = DH_GRP_MAX; - kex->nbits = nbits; - if (datafellows & SSH_BUG_DHGEX_LARGE) -@@ -111,6 +114,12 @@ input_kex_dh_gex_group(int type, u_int32 - goto out; - if ((bits = BN_num_bits(p)) < 0 || - (u_int)bits < kex->min || (u_int)bits > kex->max) { -+ if ((u_int)bits < kex->min && (u_int)bits >= DH_GRP_MIN_RFC) -+ logit("DH parameter offered by the server (%d bits) " -+ "is considered insecure. " -+ "You can lower the accepted the minimum " -+ "via the KexDHMin option.", -+ bits); - r = SSH_ERR_DH_GEX_OUT_OF_RANGE; - goto out; - } -Index: openssh-7.9p1/kexgexs.c -=================================================================== ---- openssh-7.9p1.orig/kexgexs.c -+++ openssh-7.9p1/kexgexs.c -@@ -56,6 +56,9 @@ - #include "sshbuf.h" - #include "misc.h" - -+/* import from dh.c */ -+extern int dh_grp_min; -+ - static int input_kex_dh_gex_request(int, u_int32_t, struct ssh *); - static int input_kex_dh_gex_init(int, u_int32_t, struct ssh *); - -@@ -85,13 +88,19 @@ input_kex_dh_gex_request(int type, u_int - kex->nbits = nbits; - kex->min = min; - kex->max = max; -- min = MAXIMUM(DH_GRP_MIN, min); -+ min = MAXIMUM(dh_grp_min, min); - max = MINIMUM(DH_GRP_MAX, max); -- nbits = MAXIMUM(DH_GRP_MIN, nbits); -+ nbits = MAXIMUM(dh_grp_min, nbits); - nbits = MINIMUM(DH_GRP_MAX, nbits); - - if (kex->max < kex->min || kex->nbits < kex->min || - kex->max < kex->nbits || kex->max < DH_GRP_MIN) { -+ if (kex->nbits < kex->min && kex->nbits >= DH_GRP_MIN_RFC) -+ logit("DH parameter requested by the client (%d bits) " -+ "is considered insecure. " -+ "You can lower the accepted minimum " -+ "via the KexDHMin option.", -+ kex->nbits); - r = SSH_ERR_DH_GEX_OUT_OF_RANGE; - goto out; - } -Index: openssh-7.9p1/readconf.c -=================================================================== ---- openssh-7.9p1.orig/readconf.c -+++ openssh-7.9p1/readconf.c -@@ -67,6 +67,7 @@ - #include "uidswap.h" - #include "myproposal.h" - #include "digest.h" -+#include "dh.h" - - /* Format of the configuration file: - -@@ -167,7 +168,7 @@ typedef enum { - oTunnel, oTunnelDevice, - oLocalCommand, oPermitLocalCommand, oRemoteCommand, - oVisualHostKey, -- oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, -+ oKexAlgorithms, oKexDHMin, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, - oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, - oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, - oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, -@@ -292,6 +293,7 @@ static struct { - { "remotecommand", oRemoteCommand }, - { "visualhostkey", oVisualHostKey }, - { "kexalgorithms", oKexAlgorithms }, -+ { "kexdhmin", oKexDHMin }, - { "ipqos", oIPQoS }, - { "requesttty", oRequestTTY }, - { "proxyusefdpass", oProxyUseFdpass }, -@@ -313,6 +315,9 @@ static struct { - { NULL, oBadOption } - }; - -+/* import from dh.c */ -+extern int dh_grp_min; -+ - /* - * Adds a local TCP/IP port forward to options. Never returns if there is an - * error. -@@ -1216,6 +1221,10 @@ parse_int: - options->kex_algorithms = xstrdup(arg); - break; - -+ case oKexDHMin: -+ intptr = &options->kex_dhmin; -+ goto parse_int; -+ - case oHostKeyAlgorithms: - charptr = &options->hostkeyalgorithms; - parse_keytypes: -@@ -1860,6 +1869,7 @@ initialize_options(Options * options) - options->ciphers = NULL; - options->macs = NULL; - options->kex_algorithms = NULL; -+ options->kex_dhmin = -1; - options->hostkeyalgorithms = NULL; - options->ca_sign_algorithms = NULL; - options->num_identity_files = 0; -@@ -2014,6 +2024,13 @@ fill_default_options(Options * options) - options->connection_attempts = 1; - if (options->number_of_password_prompts == -1) - options->number_of_password_prompts = 3; -+ if (options->kex_dhmin == -1) -+ options->kex_dhmin = DH_GRP_MIN; -+ else { -+ options->kex_dhmin = MAXIMUM(options->kex_dhmin, DH_GRP_MIN_RFC); -+ options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX); -+ } -+ dh_grp_min = options->kex_dhmin; - /* options->hostkeyalgorithms, default set in myproposals.h */ - if (options->add_keys_to_agent == -1) - options->add_keys_to_agent = 0; -Index: openssh-7.9p1/readconf.h -=================================================================== ---- openssh-7.9p1.orig/readconf.h -+++ openssh-7.9p1/readconf.h -@@ -68,6 +68,7 @@ typedef struct { - char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ - char *kex_algorithms; /* SSH2 kex methods in order of preference. */ - char *ca_sign_algorithms; /* Allowed CA signature algorithms */ -+ int kex_dhmin; /* minimum bit length of the DH group parameter */ - char *hostname; /* Real host to connect. */ - char *host_key_alias; /* hostname alias for .ssh/known_hosts */ - char *proxy_command; /* Proxy command for connecting the host. */ -Index: openssh-7.9p1/servconf.c -=================================================================== ---- openssh-7.9p1.orig/servconf.c -+++ openssh-7.9p1/servconf.c -@@ -64,6 +64,10 @@ - #include "auth.h" - #include "myproposal.h" - #include "digest.h" -+#include "dh.h" -+ -+/* import from dh.c */ -+extern int dh_grp_min; - - static void add_listen_addr(ServerOptions *, const char *, - const char *, int); -@@ -146,6 +150,7 @@ initialize_server_options(ServerOptions - options->ciphers = NULL; - options->macs = NULL; - options->kex_algorithms = NULL; -+ options->kex_dhmin = -1; - options->ca_sign_algorithms = NULL; - options->fwd_opts.gateway_ports = -1; - options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; -@@ -267,6 +272,14 @@ fill_default_server_options(ServerOption - if (options->use_pam_check_locks == -1) - options->use_pam_check_locks = 0; - -+ if (options->kex_dhmin == -1) -+ options->kex_dhmin = DH_GRP_MIN; -+ else { -+ options->kex_dhmin = MAXIMUM(options->kex_dhmin, DH_GRP_MIN_RFC); -+ options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX); -+ } -+ dh_grp_min = options->kex_dhmin; -+ - /* Standard Options */ - if (options->num_host_key_files == 0) { - /* fill default hostkeys for protocols */ -@@ -494,7 +507,7 @@ typedef enum { - sHostCertificate, - sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, -- sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, -+ sKexAlgorithms, sKexDHMin, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, - sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, - sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, - sStreamLocalBindMask, sStreamLocalBindUnlink, -@@ -635,6 +648,7 @@ static struct { - { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, - { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, - { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, -+ { "kexdhmin", sKexDHMin }, - { "ipqos", sIPQoS, SSHCFG_ALL }, - { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, - { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, -@@ -1735,6 +1749,10 @@ process_server_config_line(ServerOptions - options->kex_algorithms = xstrdup(arg); - break; - -+ case sKexDHMin: -+ intptr = &options->kex_dhmin; -+ goto parse_int; -+ - case sSubsystem: - if (options->num_subsystems >= MAX_SUBSYSTEMS) { - fatal("%s line %d: too many subsystems defined.", -@@ -2549,6 +2567,7 @@ dump_config(ServerOptions *o) - dump_cfg_int(sClientAliveInterval, o->client_alive_interval); - dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); - dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); -+ dump_cfg_int(sKexDHMin, o->kex_dhmin); - - /* formatted integer arguments */ - dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); -Index: openssh-7.9p1/servconf.h -=================================================================== ---- openssh-7.9p1.orig/servconf.h -+++ openssh-7.9p1/servconf.h -@@ -103,6 +103,7 @@ typedef struct { - char *ciphers; /* Supported SSH2 ciphers. */ - char *macs; /* Supported SSH2 macs. */ - char *kex_algorithms; /* SSH2 kex methods in order of preference. */ -+ int kex_dhmin; /* minimum bit length of the DH group parameter */ - struct ForwardOptions fwd_opts; /* forwarding options */ - SyslogFacility log_facility; /* Facility for system logging. */ - LogLevel log_level; /* Level for system logging. */ -Index: openssh-7.9p1/ssh_config -=================================================================== ---- openssh-7.9p1.orig/ssh_config -+++ openssh-7.9p1/ssh_config -@@ -17,6 +17,11 @@ - # list of available options, their meanings and defaults, please see the - # ssh_config(5) man page. - -+# Minimum accepted size of the DH parameter p. By default this is set to 1024 -+# to maintain compatibility with RFC4419, but should be set higher. -+# Upstream default is identical to setting this to 2048. -+#KexDHMin 1024 -+ - Host * - # ForwardAgent no - # ForwardX11 no -Index: openssh-7.9p1/ssh_config.0 -=================================================================== ---- openssh-7.9p1.orig/ssh_config.0 -+++ openssh-7.9p1/ssh_config.0 -@@ -610,6 +610,23 @@ DESCRIPTION - The list of available key exchange algorithms may also be - obtained using "ssh -Q kex". - -+ KexDHMin -+ Specifies the minimum accepted bit length of the DH group -+ parameter p. -+ -+ As per RFC4419, this is 1024 bits, however this has increasingly -+ been seen as insecure, which prompted the change to 2048 bits. -+ Setting this option allows the client to accept parameters shorter -+ than the current minimum, down to the RFC specified 1024 bits. -+ Using this option may be needed when connecting to servers that -+ only know short DH group parameters. -+ -+ Note, that while by default this option is set to 1024 to maintain -+ maximum backward compatibility, using it can severly impact -+ security and thus should be viewed as a temporary fix of last -+ resort and all efforts should be made to fix the (broken) -+ counterparty. -+ - LocalCommand - Specifies a command to execute on the local machine after - successfully connecting to the server. The command string -Index: openssh-7.9p1/ssh_config.5 -=================================================================== ---- openssh-7.9p1.orig/ssh_config.5 -+++ openssh-7.9p1/ssh_config.5 -@@ -1047,6 +1047,22 @@ diffie-hellman-group14-sha1 - .Pp - The list of available key exchange algorithms may also be obtained using - .Qq ssh -Q kex . -+.It Cm KexDHMin -+Specifies the minimum accepted bit length of the DH group -+parameter p. -+.Pp -+As per RFC4419, this is 1024 bits, however this has increasingly -+been seen as insecure, which prompted the change to 2048 bits. -+Setting this option allows the client to accept parameters shorter -+than the current minimum, down to the RFC specified 1024 bits. -+Using this option may be needed when connecting to servers that -+only know short DH group parameters. -+.Pp -+Note, that while by default this option is set to 1024 to maintain -+maximum backward compatibility, using it can severly impact -+security and thus should be viewed as a temporary fix of last -+resort and all efforts should be made to fix the (broken) -+counterparty. - .It Cm LocalCommand - Specifies a command to execute on the local machine after successfully - connecting to the server. -Index: openssh-7.9p1/sshd_config -=================================================================== ---- openssh-7.9p1.orig/sshd_config -+++ openssh-7.9p1/sshd_config -@@ -19,6 +19,13 @@ - #HostKey /etc/ssh/ssh_host_ecdsa_key - #HostKey /etc/ssh/ssh_host_ed25519_key - -+# Minimum accepted size of the DH parameter p. The default, which replicates -+# upstream behaviour, is 2048. To maintain compatibility with RFC4419 it should -+# be set to 1024. -+# You will also need to add a HostKey directive to load a DSA key (typically -+# located in /etc/ssh/ssh_host_dsa_key), which is not loaded by default. -+#KexDHMin 2048 -+ - # Ciphers and keying - #RekeyLimit default none - -Index: openssh-7.9p1/sshd_config.0 -=================================================================== ---- openssh-7.9p1.orig/sshd_config.0 -+++ openssh-7.9p1/sshd_config.0 -@@ -555,6 +555,23 @@ DESCRIPTION - The list of available key exchange algorithms may also be - obtained using "ssh -Q kex". - -+ KexDHMin -+ Specifies the minimum accepted bit length of the DH group -+ parameter p. -+ -+ As per RFC4419, this is 1024 bits, however this has increasingly -+ been seen as insecure, which prompted the change to 2048 bits. -+ Setting this option allows the server to accept parameters shorter -+ than the current minimum, down to the RFC specified 1024 bits. -+ Using this option may be needed when some of the connectiong -+ clients only know short DH group parameters. -+ -+ Note, that while by default this option is set to 1024 to maintain -+ maximum backward compatibility, using it can severly impact -+ security and thus should be viewed as a temporary fix of last -+ resort and all efforts should be made to fix the (broken) -+ counterparty. -+ - ListenAddress - Specifies the local addresses sshd(8) should listen on. The - following forms may be used: -Index: openssh-7.9p1/sshd_config.5 -=================================================================== ---- openssh-7.9p1.orig/sshd_config.5 -+++ openssh-7.9p1/sshd_config.5 -@@ -923,6 +923,22 @@ diffie-hellman-group14-sha256,diffie-hel - .Pp - The list of available key exchange algorithms may also be obtained using - .Qq ssh -Q kex . -+.It Cm KexDHMin -+Specifies the minimum accepted bit length of the DH group -+parameter p. -+.Pp -+As per RFC4419, this is 1024 bits, however this has increasingly -+been seen as insecure, which prompted the change to 2048 bits. -+Setting this option allows the server to accept parameters shorter -+than the current minimum, down to the RFC specified 1024 bits. -+Using this option may be needed when some of the connectiong -+clients only know short DH group parameters. -+.Pp -+Note, that while by default this option is set to 1024 to maintain -+maximum backward compatibility, using it can severly impact -+security and thus should be viewed as a temporary fix of last -+resort and all efforts should be made to fix the (broken) -+counterparty. - .It Cm ListenAddress - Specifies the local addresses - .Xr sshd 8 diff --git a/openssh-7.7p1-fips.patch b/openssh-7.7p1-fips.patch index 51c8900..5e07f93 100644 --- a/openssh-7.7p1-fips.patch +++ b/openssh-7.7p1-fips.patch @@ -5,8 +5,8 @@ algorithms. Index: openssh-7.9p1/Makefile.in =================================================================== ---- openssh-7.9p1.orig/Makefile.in -+++ openssh-7.9p1/Makefile.in +--- openssh-7.9p1.orig/Makefile.in 2019-02-27 14:05:59.153078796 +0100 ++++ openssh-7.9p1/Makefile.in 2019-02-27 15:41:46.539774099 +0100 @@ -102,6 +102,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ platform-pledge.o platform-tracing.o platform-misc.o @@ -18,8 +18,8 @@ Index: openssh-7.9p1/Makefile.in Index: openssh-7.9p1/cipher-ctr.c =================================================================== ---- openssh-7.9p1.orig/cipher-ctr.c -+++ openssh-7.9p1/cipher-ctr.c +--- openssh-7.9p1.orig/cipher-ctr.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/cipher-ctr.c 2019-02-27 14:05:59.305079731 +0100 @@ -27,6 +27,8 @@ #include "xmalloc.h" #include "log.h" @@ -40,8 +40,8 @@ Index: openssh-7.9p1/cipher-ctr.c } Index: openssh-7.9p1/cipher.c =================================================================== ---- openssh-7.9p1.orig/cipher.c -+++ openssh-7.9p1/cipher.c +--- openssh-7.9p1.orig/cipher.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/cipher.c 2019-02-27 15:41:46.539774099 +0100 @@ -51,6 +51,8 @@ #include "openbsd-compat/openssl-compat.h" @@ -131,23 +131,11 @@ Index: openssh-7.9p1/cipher.c if (strcmp(c->name, name) == 0) return c; return NULL; -Index: openssh-7.9p1/dh.h -=================================================================== ---- openssh-7.9p1.orig/dh.h -+++ openssh-7.9p1/dh.h -@@ -52,6 +52,7 @@ u_int dh_estimate(int); - */ - #define DH_GRP_MIN_RFC 1024 - #define DH_GRP_MIN 2048 -+#define DH_GRP_MIN_FIPS 2048 - #define DH_GRP_MAX 8192 - - /* Index: openssh-7.9p1/fips.c =================================================================== ---- /dev/null -+++ openssh-7.9p1/fips.c -@@ -0,0 +1,237 @@ +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssh-7.9p1/fips.c 2019-02-27 15:41:46.311772744 +0100 +@@ -0,0 +1,215 @@ +/* + * Copyright (c) 2012 Petr Cerny. All rights reserved. + * @@ -363,33 +351,11 @@ Index: openssh-7.9p1/fips.c + return dgst; +} + -+int -+fips_dh_grp_min(void) -+{ -+ int fips; -+ int dh; -+ -+ fips = fips_mode(); -+ switch (fips) { -+ case 0: -+ dh = dh_grp_min; -+ break; -+ case 1: -+ dh = DH_GRP_MIN_FIPS; -+ break; -+ default: -+ /* should not be reached */ -+ fatal("Fatal error: incorrect FIPS mode '%i' at %s:%u", -+ fips, __FILE__, __LINE__); -+ } -+ return dh; -+} -+ Index: openssh-7.9p1/fips.h =================================================================== ---- /dev/null -+++ openssh-7.9p1/fips.h -@@ -0,0 +1,45 @@ +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssh-7.9p1/fips.h 2019-02-27 15:41:46.311772744 +0100 +@@ -0,0 +1,44 @@ +/* + * Copyright (c) 2012 Petr Cerny. All rights reserved. + * @@ -429,7 +395,6 @@ Index: openssh-7.9p1/fips.h +int fips_mode(void); +int fips_correct_dgst(int); +int fips_dgst_min(void); -+int fips_dh_grp_min(void); +enum fp_type fips_correct_fp_type(enum fp_type); +int fips_filter_crypto(char **, fips_filters); + @@ -437,8 +402,8 @@ Index: openssh-7.9p1/fips.h + Index: openssh-7.9p1/hmac.c =================================================================== ---- openssh-7.9p1.orig/hmac.c -+++ openssh-7.9p1/hmac.c +--- openssh-7.9p1.orig/hmac.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/hmac.c 2019-02-27 14:05:59.305079731 +0100 @@ -144,7 +144,7 @@ hmac_test(void *key, size_t klen, void * size_t i; u_char digest[16]; @@ -450,8 +415,8 @@ Index: openssh-7.9p1/hmac.c ssh_hmac_update(ctx, m, mlen) < 0 || Index: openssh-7.9p1/kex.c =================================================================== ---- openssh-7.9p1.orig/kex.c -+++ openssh-7.9p1/kex.c +--- openssh-7.9p1.orig/kex.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/kex.c 2019-02-27 15:41:45.951770606 +0100 @@ -54,6 +54,8 @@ #include "sshbuf.h" #include "digest.h" @@ -547,59 +512,23 @@ Index: openssh-7.9p1/kex.c free(s); return 0; } -Index: openssh-7.9p1/kexgexc.c -=================================================================== ---- openssh-7.9p1.orig/kexgexc.c -+++ openssh-7.9p1/kexgexc.c -@@ -53,8 +53,7 @@ - #include "sshbuf.h" - #include "misc.h" - --/* import from dh.c */ --extern int dh_grp_min; -+#include "fips.h" - - static int input_kex_dh_gex_group(int, u_int32_t, struct ssh *); - static int input_kex_dh_gex_reply(int, u_int32_t, struct ssh *); -@@ -68,7 +67,7 @@ kexgex_client(struct ssh *ssh) - - nbits = dh_estimate(kex->dh_need * 8); - -- kex->min = dh_grp_min; -+ kex->min = fips_dh_grp_min(); - kex->max = DH_GRP_MAX; - kex->nbits = nbits; - if (datafellows & SSH_BUG_DHGEX_LARGE) Index: openssh-7.9p1/kexgexs.c =================================================================== ---- openssh-7.9p1.orig/kexgexs.c -+++ openssh-7.9p1/kexgexs.c -@@ -56,8 +56,7 @@ +--- openssh-7.9p1.orig/kexgexs.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/kexgexs.c 2019-02-27 14:05:59.305079731 +0100 +@@ -56,6 +56,8 @@ #include "sshbuf.h" #include "misc.h" --/* import from dh.c */ --extern int dh_grp_min; +#include "fips.h" - ++ static int input_kex_dh_gex_request(int, u_int32_t, struct ssh *); static int input_kex_dh_gex_init(int, u_int32_t, struct ssh *); -@@ -88,9 +87,9 @@ input_kex_dh_gex_request(int type, u_int - kex->nbits = nbits; - kex->min = min; - kex->max = max; -- min = MAXIMUM(dh_grp_min, min); -+ min = MAXIMUM(fips_dh_grp_min(), min); - max = MINIMUM(DH_GRP_MAX, max); -- nbits = MAXIMUM(dh_grp_min, nbits); -+ nbits = MAXIMUM(fips_dh_grp_min(), nbits); - nbits = MINIMUM(DH_GRP_MAX, nbits); - if (kex->max < kex->min || kex->nbits < kex->min || Index: openssh-7.9p1/mac.c =================================================================== ---- openssh-7.9p1.orig/mac.c -+++ openssh-7.9p1/mac.c +--- openssh-7.9p1.orig/mac.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/mac.c 2019-02-27 15:31:46.644209847 +0100 @@ -40,6 +40,9 @@ #include "openbsd-compat/openssl-compat.h" @@ -681,8 +610,8 @@ Index: openssh-7.9p1/mac.c if (mac != NULL) Index: openssh-7.9p1/myproposal.h =================================================================== ---- openssh-7.9p1.orig/myproposal.h -+++ openssh-7.9p1/myproposal.h +--- openssh-7.9p1.orig/myproposal.h 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/myproposal.h 2019-02-27 14:05:59.309079755 +0100 @@ -151,6 +151,8 @@ #else /* WITH_OPENSSL */ @@ -694,17 +623,18 @@ Index: openssh-7.9p1/myproposal.h "curve25519-sha256@libssh.org" Index: openssh-7.9p1/readconf.c =================================================================== ---- openssh-7.9p1.orig/readconf.c -+++ openssh-7.9p1/readconf.c -@@ -68,6 +68,7 @@ +--- openssh-7.9p1.orig/readconf.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/readconf.c 2019-02-27 15:42:19.495969910 +0100 +@@ -68,6 +68,8 @@ #include "myproposal.h" #include "digest.h" - #include "dh.h" -+#include "fips.h" ++#include "fips.h" ++ /* Format of the configuration file: -@@ -1825,6 +1826,23 @@ option_clear_or_none(const char *o) + # Configuration data is parsed as follows: +@@ -1816,6 +1818,23 @@ option_clear_or_none(const char *o) return o == NULL || strcasecmp(o, "none") == 0; } @@ -728,19 +658,7 @@ Index: openssh-7.9p1/readconf.c /* * Initializes options to special values that indicate that they have not yet * been set. Read_config_file will only set options with this value. Options -@@ -2025,9 +2043,9 @@ fill_default_options(Options * options) - if (options->number_of_password_prompts == -1) - options->number_of_password_prompts = 3; - if (options->kex_dhmin == -1) -- options->kex_dhmin = DH_GRP_MIN; -+ options->kex_dhmin = fips_dh_grp_min(); - else { -- options->kex_dhmin = MAXIMUM(options->kex_dhmin, DH_GRP_MIN_RFC); -+ options->kex_dhmin = MAXIMUM(options->kex_dhmin, fips_dh_grp_min()); - options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX); - } - dh_grp_min = options->kex_dhmin; -@@ -2112,6 +2130,8 @@ fill_default_options(Options * options) +@@ -2095,6 +2114,8 @@ fill_default_options(Options * options) options->canonicalize_hostname = SSH_CANONICALISE_NO; if (options->fingerprint_hash == -1) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; @@ -749,7 +667,7 @@ Index: openssh-7.9p1/readconf.c if (options->update_hostkeys == -1) options->update_hostkeys = 0; -@@ -2594,6 +2614,7 @@ dump_client_config(Options *o, const cha +@@ -2577,6 +2598,7 @@ dump_client_config(Options *o, const cha KEX_DEFAULT_PK_ALG, all_key) != 0) fatal("%s: kex_assemble_names failed", __func__); free(all_key); @@ -759,9 +677,9 @@ Index: openssh-7.9p1/readconf.c dump_cfg_string(oUser, o->user); Index: openssh-7.9p1/readconf.h =================================================================== ---- openssh-7.9p1.orig/readconf.h -+++ openssh-7.9p1/readconf.h -@@ -198,6 +198,7 @@ typedef struct { +--- openssh-7.9p1.orig/readconf.h 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/readconf.h 2019-02-27 15:41:45.951770606 +0100 +@@ -197,6 +197,7 @@ typedef struct { #define SSH_STRICT_HOSTKEY_YES 2 #define SSH_STRICT_HOSTKEY_ASK 3 @@ -771,17 +689,17 @@ Index: openssh-7.9p1/readconf.h void fill_default_options_for_canonicalization(Options *); Index: openssh-7.9p1/servconf.c =================================================================== ---- openssh-7.9p1.orig/servconf.c -+++ openssh-7.9p1/servconf.c -@@ -65,6 +65,7 @@ +--- openssh-7.9p1.orig/servconf.c 2019-02-27 14:05:59.237079313 +0100 ++++ openssh-7.9p1/servconf.c 2019-02-27 15:41:45.951770606 +0100 +@@ -64,6 +64,7 @@ + #include "auth.h" #include "myproposal.h" #include "digest.h" - #include "dh.h" +#include "fips.h" - /* import from dh.c */ - extern int dh_grp_min; -@@ -195,6 +196,23 @@ option_clear_or_none(const char *o) + static void add_listen_addr(ServerOptions *, const char *, + const char *, int); +@@ -190,6 +191,23 @@ option_clear_or_none(const char *o) return o == NULL || strcasecmp(o, "none") == 0; } @@ -805,7 +723,7 @@ Index: openssh-7.9p1/servconf.c static void assemble_algorithms(ServerOptions *o) { -@@ -224,6 +242,8 @@ assemble_algorithms(ServerOptions *o) +@@ -219,6 +237,8 @@ assemble_algorithms(ServerOptions *o) free(all_kex); free(all_key); free(all_sig); @@ -814,19 +732,7 @@ Index: openssh-7.9p1/servconf.c } static void -@@ -273,9 +293,9 @@ fill_default_server_options(ServerOption - options->use_pam_check_locks = 0; - - if (options->kex_dhmin == -1) -- options->kex_dhmin = DH_GRP_MIN; -+ options->kex_dhmin = fips_dh_grp_min(); - else { -- options->kex_dhmin = MAXIMUM(options->kex_dhmin, DH_GRP_MIN_RFC); -+ options->kex_dhmin = MAXIMUM(options->kex_dhmin, fips_dh_grp_min()); - options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX); - } - dh_grp_min = options->kex_dhmin; -@@ -423,6 +443,8 @@ fill_default_server_options(ServerOption +@@ -410,6 +430,8 @@ fill_default_server_options(ServerOption options->fwd_opts.streamlocal_bind_unlink = 0; if (options->fingerprint_hash == -1) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; @@ -837,8 +743,8 @@ Index: openssh-7.9p1/servconf.c if (options->expose_userauth_info == -1) Index: openssh-7.9p1/ssh-keygen.c =================================================================== ---- openssh-7.9p1.orig/ssh-keygen.c -+++ openssh-7.9p1/ssh-keygen.c +--- openssh-7.9p1.orig/ssh-keygen.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/ssh-keygen.c 2019-02-27 14:05:59.309079755 +0100 @@ -61,6 +61,8 @@ #include "utf8.h" #include "authfd.h" @@ -913,8 +819,8 @@ Index: openssh-7.9p1/ssh-keygen.c if (!quiet) Index: openssh-7.9p1/ssh_config.0 =================================================================== ---- openssh-7.9p1.orig/ssh_config.0 -+++ openssh-7.9p1/ssh_config.0 +--- openssh-7.9p1.orig/ssh_config.0 2018-10-19 03:06:19.000000000 +0200 ++++ openssh-7.9p1/ssh_config.0 2019-02-27 15:41:45.951770606 +0100 @@ -353,6 +353,9 @@ DESCRIPTION Specifies the hash algorithm used when displaying key fingerprints. Valid options are: md5 and sha256 (the default). @@ -925,9 +831,9 @@ Index: openssh-7.9p1/ssh_config.0 ForwardAgent Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. The argument must -@@ -627,6 +630,9 @@ DESCRIPTION - resort and all efforts should be made to fix the (broken) - counterparty. +@@ -610,6 +613,9 @@ DESCRIPTION + The list of available key exchange algorithms may also be + obtained using "ssh -Q kex". + In the FIPS mode the FIPS standard takes precedence over RFC and + forces the minimum to a higher value, currently 2048 bits. @@ -937,8 +843,8 @@ Index: openssh-7.9p1/ssh_config.0 successfully connecting to the server. The command string Index: openssh-7.9p1/ssh_config.5 =================================================================== ---- openssh-7.9p1.orig/ssh_config.5 -+++ openssh-7.9p1/ssh_config.5 +--- openssh-7.9p1.orig/ssh_config.5 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/ssh_config.5 2019-02-27 15:41:45.951770606 +0100 @@ -642,6 +642,8 @@ Valid options are: and .Cm sha256 @@ -948,20 +854,10 @@ Index: openssh-7.9p1/ssh_config.5 .It Cm ForwardAgent Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. -@@ -1063,6 +1065,9 @@ maximum backward compatibility, using it - security and thus should be viewed as a temporary fix of last - resort and all efforts should be made to fix the (broken) - counterparty. -+.Pp -+In the FIPS mode the FIPS standard takes precedence over RFC and -+forces the minimum to a higher value, currently 2048 bits. - .It Cm LocalCommand - Specifies a command to execute on the local machine after successfully - connecting to the server. Index: openssh-7.9p1/sshd.c =================================================================== ---- openssh-7.9p1.orig/sshd.c -+++ openssh-7.9p1/sshd.c +--- openssh-7.9p1.orig/sshd.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/sshd.c 2019-02-27 15:41:46.311772744 +0100 @@ -123,6 +123,8 @@ #include "version.h" #include "ssherr.h" @@ -973,8 +869,8 @@ Index: openssh-7.9p1/sshd.c #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) Index: openssh-7.9p1/sshd_config.0 =================================================================== ---- openssh-7.9p1.orig/sshd_config.0 -+++ openssh-7.9p1/sshd_config.0 +--- openssh-7.9p1.orig/sshd_config.0 2019-02-27 14:05:59.237079313 +0100 ++++ openssh-7.9p1/sshd_config.0 2019-02-27 15:41:45.951770606 +0100 @@ -348,6 +348,9 @@ DESCRIPTION Specifies the hash algorithm used when logging key fingerprints. Valid options are: md5 and sha256. The default is sha256. @@ -985,9 +881,9 @@ Index: openssh-7.9p1/sshd_config.0 ForceCommand Forces the execution of the command specified by ForceCommand, ignoring any command supplied by the client and ~/.ssh/rc if -@@ -572,6 +575,9 @@ DESCRIPTION - resort and all efforts should be made to fix the (broken) - counterparty. +@@ -555,6 +558,9 @@ DESCRIPTION + The list of available key exchange algorithms may also be + obtained using "ssh -Q kex". + In the FIPS mode the FIPS standard takes precedence over RFC and + forces the minimum to a higher value, currently 2048 bits. @@ -997,8 +893,8 @@ Index: openssh-7.9p1/sshd_config.0 following forms may be used: Index: openssh-7.9p1/sshd_config.5 =================================================================== ---- openssh-7.9p1.orig/sshd_config.5 -+++ openssh-7.9p1/sshd_config.5 +--- openssh-7.9p1.orig/sshd_config.5 2019-02-27 14:05:59.237079313 +0100 ++++ openssh-7.9p1/sshd_config.5 2019-02-27 15:41:45.951770606 +0100 @@ -603,6 +603,8 @@ and .Cm sha256 . The default is diff --git a/openssh-7.7p1-fips_checks.patch b/openssh-7.7p1-fips_checks.patch index 9a13bd0..dd5f62b 100644 --- a/openssh-7.7p1-fips_checks.patch +++ b/openssh-7.7p1-fips_checks.patch @@ -14,10 +14,10 @@ # file is not found (or the hash matches), proceed in non-FIPS mode and abort # otherwise. -Index: openssh-7.8p1/fips-check.c +Index: openssh-7.9p1/fips-check.c =================================================================== ---- /dev/null -+++ openssh-7.8p1/fips-check.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssh-7.9p1/fips-check.c 2019-02-27 14:03:03.383988170 +0100 @@ -0,0 +1,34 @@ +#include "includes.h" +#include @@ -53,10 +53,10 @@ Index: openssh-7.8p1/fips-check.c + fips_ssh_init(); + return 0; +} -Index: openssh-7.8p1/fips.c +Index: openssh-7.9p1/fips.c =================================================================== ---- openssh-7.8p1.orig/fips.c -+++ openssh-7.8p1/fips.c +--- openssh-7.9p1.orig/fips.c 2019-02-27 14:03:03.323987792 +0100 ++++ openssh-7.9p1/fips.c 2019-02-27 14:03:03.383988170 +0100 @@ -35,33 +35,296 @@ #include "log.h" #include "xmalloc.h" @@ -365,15 +365,10 @@ Index: openssh-7.8p1/fips.c int fips_mode(void) { -@@ -234,4 +497,3 @@ fips_dh_grp_min(void) - } - return dh; - } -- -Index: openssh-7.8p1/fips.h +Index: openssh-7.9p1/fips.h =================================================================== ---- openssh-7.8p1.orig/fips.h -+++ openssh-7.8p1/fips.h +--- openssh-7.9p1.orig/fips.h 2019-02-27 14:03:03.323987792 +0100 ++++ openssh-7.9p1/fips.h 2019-02-27 14:03:03.383988170 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012 Petr Cerny. All rights reserved. @@ -410,15 +405,15 @@ Index: openssh-7.8p1/fips.h int fips_mode(void); int fips_correct_dgst(int); int fips_dgst_min(void); -@@ -42,4 +57,3 @@ enum fp_type fips_correct_fp_type(enum +@@ -41,4 +56,3 @@ enum fp_type fips_correct_fp_type(enum int fips_filter_crypto(char **, fips_filters); #endif - -Index: openssh-7.8p1/sftp-server.c +Index: openssh-7.9p1/sftp-server.c =================================================================== ---- openssh-7.8p1.orig/sftp-server.c -+++ openssh-7.8p1/sftp-server.c +--- openssh-7.9p1.orig/sftp-server.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/sftp-server.c 2019-02-27 14:03:03.383988170 +0100 @@ -51,6 +51,8 @@ #include "sftp.h" #include "sftp-common.h" @@ -438,10 +433,10 @@ Index: openssh-7.8p1/sftp-server.c ssh_malloc_init(); /* must be called before any mallocs */ __progname = ssh_get_progname(argv[0]); log_init(__progname, log_level, log_facility, log_stderr); -Index: openssh-7.8p1/ssh.c +Index: openssh-7.9p1/ssh.c =================================================================== ---- openssh-7.8p1.orig/ssh.c -+++ openssh-7.8p1/ssh.c +--- openssh-7.9p1.orig/ssh.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/ssh.c 2019-02-27 14:03:03.387988194 +0100 @@ -113,6 +113,8 @@ #include "ssh-pkcs11.h" #endif @@ -462,11 +457,11 @@ Index: openssh-7.8p1/ssh.c ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); -Index: openssh-7.8p1/sshd.c +Index: openssh-7.9p1/sshd.c =================================================================== ---- openssh-7.8p1.orig/sshd.c -+++ openssh-7.8p1/sshd.c -@@ -1486,6 +1486,10 @@ main(int ac, char **av) +--- openssh-7.9p1.orig/sshd.c 2019-02-27 14:03:03.327987816 +0100 ++++ openssh-7.9p1/sshd.c 2019-02-27 14:03:03.387988194 +0100 +@@ -1485,6 +1485,10 @@ main(int ac, char **av) Authctxt *authctxt; struct connection_info *connection_info = NULL; diff --git a/openssh-7.7p1-gssapi_key_exchange.patch b/openssh-7.7p1-gssapi_key_exchange.patch index 304bbe2..02cc099 100644 --- a/openssh-7.7p1-gssapi_key_exchange.patch +++ b/openssh-7.7p1-gssapi_key_exchange.patch @@ -3,8 +3,8 @@ Index: openssh-7.9p1/Makefile.in =================================================================== ---- openssh-7.9p1.orig/Makefile.in -+++ openssh-7.9p1/Makefile.in +--- openssh-7.9p1.orig/Makefile.in 2019-02-27 15:43:51.360515721 +0100 ++++ openssh-7.9p1/Makefile.in 2019-02-27 15:43:55.360539487 +0100 @@ -104,10 +104,13 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ @@ -30,8 +30,8 @@ Index: openssh-7.9p1/Makefile.in sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ Index: openssh-7.9p1/auth-krb5.c =================================================================== ---- openssh-7.9p1.orig/auth-krb5.c -+++ openssh-7.9p1/auth-krb5.c +--- openssh-7.9p1.orig/auth-krb5.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/auth-krb5.c 2019-02-27 15:43:51.428516125 +0100 @@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, c len = strlen(authctxt->krb5_ticket_file) + 6; @@ -76,8 +76,8 @@ Index: openssh-7.9p1/auth-krb5.c } Index: openssh-7.9p1/auth.c =================================================================== ---- openssh-7.9p1.orig/auth.c -+++ openssh-7.9p1/auth.c +--- openssh-7.9p1.orig/auth.c 2019-02-27 15:43:51.228514936 +0100 ++++ openssh-7.9p1/auth.c 2019-02-27 15:43:55.360539487 +0100 @@ -399,6 +399,7 @@ auth_root_allowed(struct ssh *ssh, const case PERMIT_NO_PASSWD: if (strcmp(method, "publickey") == 0 || @@ -88,8 +88,8 @@ Index: openssh-7.9p1/auth.c break; Index: openssh-7.9p1/auth2-gss.c =================================================================== ---- openssh-7.9p1.orig/auth2-gss.c -+++ openssh-7.9p1/auth2-gss.c +--- openssh-7.9p1.orig/auth2-gss.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/auth2-gss.c 2019-02-27 15:43:51.428516125 +0100 @@ -31,6 +31,7 @@ #include @@ -143,7 +143,7 @@ Index: openssh-7.9p1/auth2-gss.c * We only support those mechanisms that we know about (ie ones that we know * how to check local user kuserok and the like) */ -@@ -260,7 +302,8 @@ input_gssapi_exchange_complete(int type, +@@ -260,7 +299,8 @@ input_gssapi_exchange_complete(int type, if ((r = sshpkt_get_end(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); @@ -153,7 +153,7 @@ Index: openssh-7.9p1/auth2-gss.c if ((!use_privsep || mm_is_monitor()) && (displayname = ssh_gssapi_displayname()) != NULL) -@@ -306,7 +349,8 @@ input_gssapi_mic(int type, u_int32_t ple +@@ -306,7 +346,8 @@ input_gssapi_mic(int type, u_int32_t ple gssbuf.length = sshbuf_len(b); if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) @@ -163,7 +163,7 @@ Index: openssh-7.9p1/auth2-gss.c else logit("GSSAPI MIC check failed"); -@@ -326,6 +370,12 @@ input_gssapi_mic(int type, u_int32_t ple +@@ -326,6 +367,12 @@ input_gssapi_mic(int type, u_int32_t ple return 0; } @@ -178,8 +178,8 @@ Index: openssh-7.9p1/auth2-gss.c userauth_gssapi, Index: openssh-7.9p1/auth2.c =================================================================== ---- openssh-7.9p1.orig/auth2.c -+++ openssh-7.9p1/auth2.c +--- openssh-7.9p1.orig/auth2.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/auth2.c 2019-02-27 15:43:55.360539487 +0100 @@ -74,6 +74,7 @@ extern Authmethod method_passwd; extern Authmethod method_kbdint; extern Authmethod method_hostbased; @@ -198,8 +198,8 @@ Index: openssh-7.9p1/auth2.c &method_passwd, Index: openssh-7.9p1/clientloop.c =================================================================== ---- openssh-7.9p1.orig/clientloop.c -+++ openssh-7.9p1/clientloop.c +--- openssh-7.9p1.orig/clientloop.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/clientloop.c 2019-02-27 15:43:51.428516125 +0100 @@ -112,6 +112,10 @@ #include "ssherr.h" #include "hostfile.h" @@ -233,8 +233,8 @@ Index: openssh-7.9p1/clientloop.c Index: openssh-7.9p1/configure.ac =================================================================== ---- openssh-7.9p1.orig/configure.ac -+++ openssh-7.9p1/configure.ac +--- openssh-7.9p1.orig/configure.ac 2019-02-27 15:43:51.412516029 +0100 ++++ openssh-7.9p1/configure.ac 2019-02-27 15:43:55.192538489 +0100 @@ -664,6 +664,30 @@ main() { if (NSVersionOfRunTimeLibrary(" [Use tunnel device compatibility to OpenBSD]) AC_DEFINE([SSH_TUN_PREPEND_AF], [1], @@ -308,8 +308,8 @@ Index: openssh-7.9p1/configure.ac if test "X$maildir" != "X"; then Index: openssh-7.9p1/gss-genr.c =================================================================== ---- openssh-7.9p1.orig/gss-genr.c -+++ openssh-7.9p1/gss-genr.c +--- openssh-7.9p1.orig/gss-genr.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/gss-genr.c 2019-02-27 15:43:54.528534543 +0100 @@ -41,12 +41,174 @@ #include "sshbuf.h" #include "log.h" @@ -485,7 +485,7 @@ Index: openssh-7.9p1/gss-genr.c /* sshbuf_get for gss_buffer_desc */ int ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g) -@@ -218,7 +381,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int de +@@ -218,7 +380,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int de } ctx->major = gss_init_sec_context(&ctx->minor, @@ -494,7 +494,7 @@ Index: openssh-7.9p1/gss-genr.c GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, 0, NULL, recv_tok, NULL, send_tok, flags, NULL); -@@ -248,8 +411,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, con +@@ -248,8 +410,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, con } OM_uint32 @@ -537,7 +537,7 @@ Index: openssh-7.9p1/gss-genr.c if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, GSS_C_QOP_DEFAULT, buffer, hash))) ssh_gssapi_error(ctx); -@@ -257,6 +454,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer +@@ -257,6 +453,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer return (ctx->major); } @@ -557,7 +557,7 @@ Index: openssh-7.9p1/gss-genr.c void ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service, const char *context) -@@ -273,22 +483,31 @@ ssh_gssapi_buildmic(struct sshbuf *b, co +@@ -273,22 +482,31 @@ ssh_gssapi_buildmic(struct sshbuf *b, co } int @@ -592,7 +592,7 @@ Index: openssh-7.9p1/gss-genr.c NULL); gss_release_buffer(&minor, &token); if ((*ctx)->context != GSS_C_NO_CONTEXT) -@@ -296,10 +515,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx +@@ -296,10 +514,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx GSS_C_NO_BUFFER); } @@ -662,8 +662,8 @@ Index: openssh-7.9p1/gss-genr.c #endif /* GSSAPI */ Index: openssh-7.9p1/gss-serv-krb5.c =================================================================== ---- openssh-7.9p1.orig/gss-serv-krb5.c -+++ openssh-7.9p1/gss-serv-krb5.c +--- openssh-7.9p1.orig/gss-serv-krb5.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/gss-serv-krb5.c 2019-02-27 15:43:51.432516148 +0100 @@ -120,7 +120,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl krb5_error_code problem; krb5_principal princ; @@ -701,7 +701,7 @@ Index: openssh-7.9p1/gss-serv-krb5.c #ifdef USE_PAM if (options.use_pam) -@@ -193,9 +208,76 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl +@@ -193,9 +205,76 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl krb5_cc_close(krb_context, ccache); @@ -778,7 +778,7 @@ Index: openssh-7.9p1/gss-serv-krb5.c ssh_gssapi_mech gssapi_kerberos_mech = { "toWM5Slw5Ew8Mqkay+al2g==", "Kerberos", -@@ -203,7 +285,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = { +@@ -203,7 +282,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = { NULL, &ssh_gssapi_krb5_userok, NULL, @@ -790,8 +790,8 @@ Index: openssh-7.9p1/gss-serv-krb5.c #endif /* KRB5 */ Index: openssh-7.9p1/gss-serv.c =================================================================== ---- openssh-7.9p1.orig/gss-serv.c -+++ openssh-7.9p1/gss-serv.c +--- openssh-7.9p1.orig/gss-serv.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/gss-serv.c 2019-02-27 15:43:51.432516148 +0100 @@ -44,17 +44,19 @@ #include "session.h" #include "misc.h" @@ -1075,8 +1075,8 @@ Index: openssh-7.9p1/gss-serv.c /* Privileged */ Index: openssh-7.9p1/kex.c =================================================================== ---- openssh-7.9p1.orig/kex.c -+++ openssh-7.9p1/kex.c +--- openssh-7.9p1.orig/kex.c 2019-02-27 15:43:51.296515340 +0100 ++++ openssh-7.9p1/kex.c 2019-02-27 15:43:55.360539487 +0100 @@ -56,6 +56,10 @@ #include "fips.h" @@ -1126,8 +1126,8 @@ Index: openssh-7.9p1/kex.c } Index: openssh-7.9p1/kex.h =================================================================== ---- openssh-7.9p1.orig/kex.h -+++ openssh-7.9p1/kex.h +--- openssh-7.9p1.orig/kex.h 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/kex.h 2019-02-27 15:43:55.360539487 +0100 @@ -100,6 +100,11 @@ enum kex_exchange { KEX_DH_GEX_SHA256, KEX_ECDH_SHA2, @@ -1166,8 +1166,8 @@ Index: openssh-7.9p1/kex.h const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, Index: openssh-7.9p1/kexgssc.c =================================================================== ---- /dev/null -+++ openssh-7.9p1/kexgssc.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssh-7.9p1/kexgssc.c 2019-02-27 15:44:14.792654941 +0100 @@ -0,0 +1,346 @@ +/* + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. @@ -1240,7 +1240,7 @@ Index: openssh-7.9p1/kexgssc.c + char *lang; + int type = 0; + int first = 1; -+ int nbits = 0, min = fips_dh_grp_min(), max = DH_GRP_MAX; ++ int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX; + u_char hash[SSH_DIGEST_MAX_LENGTH]; + size_t hashlen; + @@ -1517,9 +1517,9 @@ Index: openssh-7.9p1/kexgssc.c +#endif /* GSSAPI */ Index: openssh-7.9p1/kexgsss.c =================================================================== ---- /dev/null -+++ openssh-7.9p1/kexgsss.c -@@ -0,0 +1,308 @@ +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssh-7.9p1/kexgsss.c 2019-02-27 15:43:51.432516148 +0100 +@@ -0,0 +1,302 @@ +/* + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. + * @@ -1636,16 +1636,10 @@ Index: openssh-7.9p1/kexgsss.c + cmin = packet_get_int(); + nbits = packet_get_int(); + cmax = packet_get_int(); -+ min = MAX(fips_dh_grp_min(), cmin); ++ min = MAX(DH_GRP_MIN, cmin); + max = MIN(DH_GRP_MAX, cmax); + packet_check_eom(); + if (max < min || nbits < min || max < nbits) { -+ if (nbits < min && nbits >= DH_GRP_MIN_RFC) -+ logit("DH parameter requested by the client (%d bits) " -+ "is considered insecure. " -+ "You can lower the accepted minimum " -+ "via the KexDHMin option.", -+ nbits); + fatal("GSS_GEX, bad parameters: %d !< %d !< %d", + min, nbits, max); + } @@ -1830,8 +1824,8 @@ Index: openssh-7.9p1/kexgsss.c +#endif /* GSSAPI */ Index: openssh-7.9p1/monitor.c =================================================================== ---- openssh-7.9p1.orig/monitor.c -+++ openssh-7.9p1/monitor.c +--- openssh-7.9p1.orig/monitor.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/monitor.c 2019-02-27 15:43:55.360539487 +0100 @@ -145,6 +145,8 @@ int mm_answer_gss_setup_ctx(int, struct int mm_answer_gss_accept_ctx(int, struct sshbuf *); int mm_answer_gss_userok(int, struct sshbuf *); @@ -2045,8 +2039,8 @@ Index: openssh-7.9p1/monitor.c +#endif /* GSSAPI */ Index: openssh-7.9p1/monitor.h =================================================================== ---- openssh-7.9p1.orig/monitor.h -+++ openssh-7.9p1/monitor.h +--- openssh-7.9p1.orig/monitor.h 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/monitor.h 2019-02-27 15:43:55.360539487 +0100 @@ -63,6 +63,9 @@ enum monitor_reqtype { MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, @@ -2059,8 +2053,8 @@ Index: openssh-7.9p1/monitor.h struct monitor { Index: openssh-7.9p1/monitor_wrap.c =================================================================== ---- openssh-7.9p1.orig/monitor_wrap.c -+++ openssh-7.9p1/monitor_wrap.c +--- openssh-7.9p1.orig/monitor_wrap.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/monitor_wrap.c 2019-02-27 15:43:55.360539487 +0100 @@ -984,7 +984,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss } @@ -2125,8 +2119,8 @@ Index: openssh-7.9p1/monitor_wrap.c #endif /* GSSAPI */ Index: openssh-7.9p1/monitor_wrap.h =================================================================== ---- openssh-7.9p1.orig/monitor_wrap.h -+++ openssh-7.9p1/monitor_wrap.h +--- openssh-7.9p1.orig/monitor_wrap.h 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/monitor_wrap.h 2019-02-27 15:43:55.360539487 +0100 @@ -60,8 +60,10 @@ int mm_sshkey_verify(const struct sshkey OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, @@ -2141,8 +2135,8 @@ Index: openssh-7.9p1/monitor_wrap.h #ifdef USE_PAM Index: openssh-7.9p1/readconf.c =================================================================== ---- openssh-7.9p1.orig/readconf.c -+++ openssh-7.9p1/readconf.c +--- openssh-7.9p1.orig/readconf.c 2019-02-27 15:43:51.296515340 +0100 ++++ openssh-7.9p1/readconf.c 2019-02-27 15:43:51.432516148 +0100 @@ -163,6 +163,8 @@ typedef enum { oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, @@ -2173,7 +2167,7 @@ Index: openssh-7.9p1/readconf.c #endif #ifdef ENABLE_PKCS11 { "smartcarddevice", oPKCS11Provider }, -@@ -980,10 +992,30 @@ parse_time: +@@ -976,10 +988,30 @@ parse_time: intptr = &options->gss_authentication; goto parse_flag; @@ -2204,7 +2198,7 @@ Index: openssh-7.9p1/readconf.c case oBatchMode: intptr = &options->batch_mode; goto parse_flag; -@@ -1869,7 +1901,12 @@ initialize_options(Options * options) +@@ -1861,7 +1893,12 @@ initialize_options(Options * options) options->pubkey_authentication = -1; options->challenge_response_authentication = -1; options->gss_authentication = -1; @@ -2217,7 +2211,7 @@ Index: openssh-7.9p1/readconf.c options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->kbd_interactive_devices = NULL; -@@ -2016,8 +2053,14 @@ fill_default_options(Options * options) +@@ -2007,8 +2044,14 @@ fill_default_options(Options * options) options->challenge_response_authentication = 1; if (options->gss_authentication == -1) options->gss_authentication = 0; @@ -2234,8 +2228,8 @@ Index: openssh-7.9p1/readconf.c if (options->kbd_interactive_authentication == -1) Index: openssh-7.9p1/readconf.h =================================================================== ---- openssh-7.9p1.orig/readconf.h -+++ openssh-7.9p1/readconf.h +--- openssh-7.9p1.orig/readconf.h 2019-02-27 15:43:51.296515340 +0100 ++++ openssh-7.9p1/readconf.h 2019-02-27 15:43:51.432516148 +0100 @@ -40,7 +40,12 @@ typedef struct { int challenge_response_authentication; /* Try S/Key or TIS, authentication. */ @@ -2251,8 +2245,8 @@ Index: openssh-7.9p1/readconf.h int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ Index: openssh-7.9p1/regress/cert-hostkey.sh =================================================================== ---- openssh-7.9p1.orig/regress/cert-hostkey.sh -+++ openssh-7.9p1/regress/cert-hostkey.sh +--- openssh-7.9p1.orig/regress/cert-hostkey.sh 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/regress/cert-hostkey.sh 2019-02-27 15:43:51.432516148 +0100 @@ -66,7 +66,7 @@ touch $OBJ/host_revoked_plain touch $OBJ/host_revoked_cert cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca @@ -2264,8 +2258,8 @@ Index: openssh-7.9p1/regress/cert-hostkey.sh PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" Index: openssh-7.9p1/regress/cert-userkey.sh =================================================================== ---- openssh-7.9p1.orig/regress/cert-userkey.sh -+++ openssh-7.9p1/regress/cert-userkey.sh +--- openssh-7.9p1.orig/regress/cert-userkey.sh 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/regress/cert-userkey.sh 2019-02-27 15:43:51.432516148 +0100 @@ -7,7 +7,7 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/us cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak @@ -2277,8 +2271,8 @@ Index: openssh-7.9p1/regress/cert-userkey.sh if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then Index: openssh-7.9p1/regress/kextype.sh =================================================================== ---- openssh-7.9p1.orig/regress/kextype.sh -+++ openssh-7.9p1/regress/kextype.sh +--- openssh-7.9p1.orig/regress/kextype.sh 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/regress/kextype.sh 2019-02-27 15:43:51.432516148 +0100 @@ -14,6 +14,9 @@ echo "KexAlgorithms=$KEXOPT" >> $OBJ/ssh tries="1 2 3 4" @@ -2291,8 +2285,8 @@ Index: openssh-7.9p1/regress/kextype.sh ${SSH} -F $OBJ/ssh_proxy -o KexAlgorithms=$k x true Index: openssh-7.9p1/regress/rekey.sh =================================================================== ---- openssh-7.9p1.orig/regress/rekey.sh -+++ openssh-7.9p1/regress/rekey.sh +--- openssh-7.9p1.orig/regress/rekey.sh 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/regress/rekey.sh 2019-02-27 15:43:51.436516173 +0100 @@ -38,6 +38,9 @@ increase_datafile_size 300 opts="" @@ -2315,9 +2309,9 @@ Index: openssh-7.9p1/regress/rekey.sh done Index: openssh-7.9p1/servconf.c =================================================================== ---- openssh-7.9p1.orig/servconf.c -+++ openssh-7.9p1/servconf.c -@@ -130,8 +130,10 @@ initialize_server_options(ServerOptions +--- openssh-7.9p1.orig/servconf.c 2019-02-27 15:43:51.296515340 +0100 ++++ openssh-7.9p1/servconf.c 2019-02-27 15:43:51.436516173 +0100 +@@ -126,8 +126,10 @@ initialize_server_options(ServerOptions options->kerberos_ticket_cleanup = -1; options->kerberos_get_afs_token = -1; options->gss_authentication=-1; @@ -2328,7 +2322,7 @@ Index: openssh-7.9p1/servconf.c options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; -@@ -373,10 +375,14 @@ fill_default_server_options(ServerOption +@@ -360,10 +362,14 @@ fill_default_server_options(ServerOption options->kerberos_get_afs_token = 0; if (options->gss_authentication == -1) options->gss_authentication = 0; @@ -2343,7 +2337,7 @@ Index: openssh-7.9p1/servconf.c if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) -@@ -523,6 +529,7 @@ typedef enum { +@@ -510,6 +516,7 @@ typedef enum { sHostKeyAlgorithms, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, @@ -2351,7 +2345,7 @@ Index: openssh-7.9p1/servconf.c sAcceptEnv, sSetEnv, sPermitTunnel, sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, -@@ -600,11 +607,17 @@ static struct { +@@ -587,11 +594,17 @@ static struct { { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, @@ -2369,7 +2363,7 @@ Index: openssh-7.9p1/servconf.c { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, -@@ -1512,6 +1525,10 @@ process_server_config_line(ServerOptions +@@ -1498,6 +1511,10 @@ process_server_config_line(ServerOptions intptr = &options->gss_authentication; goto parse_flag; @@ -2380,7 +2374,7 @@ Index: openssh-7.9p1/servconf.c case sGssCleanupCreds: intptr = &options->gss_cleanup_creds; goto parse_flag; -@@ -1520,6 +1537,10 @@ process_server_config_line(ServerOptions +@@ -1506,6 +1523,10 @@ process_server_config_line(ServerOptions intptr = &options->gss_strict_acceptor; goto parse_flag; @@ -2391,7 +2385,7 @@ Index: openssh-7.9p1/servconf.c case sPasswordAuthentication: intptr = &options->password_authentication; goto parse_flag; -@@ -2313,6 +2334,10 @@ copy_set_server_options(ServerOptions *d +@@ -2295,6 +2316,10 @@ copy_set_server_options(ServerOptions *d M_CP_INTOPT(password_authentication); M_CP_INTOPT(gss_authentication); @@ -2402,7 +2396,7 @@ Index: openssh-7.9p1/servconf.c M_CP_INTOPT(pubkey_authentication); M_CP_INTOPT(kerberos_authentication); M_CP_INTOPT(hostbased_authentication); -@@ -2609,7 +2634,10 @@ dump_config(ServerOptions *o) +@@ -2590,7 +2615,10 @@ dump_config(ServerOptions *o) #endif #ifdef GSSAPI dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); @@ -2415,8 +2409,8 @@ Index: openssh-7.9p1/servconf.c dump_cfg_fmtint(sKbdInteractiveAuthentication, Index: openssh-7.9p1/servconf.h =================================================================== ---- openssh-7.9p1.orig/servconf.h -+++ openssh-7.9p1/servconf.h +--- openssh-7.9p1.orig/servconf.h 2019-02-27 15:43:51.232514961 +0100 ++++ openssh-7.9p1/servconf.h 2019-02-27 15:43:51.436516173 +0100 @@ -16,6 +16,8 @@ #ifndef SERVCONF_H #define SERVCONF_H @@ -2426,7 +2420,7 @@ Index: openssh-7.9p1/servconf.h #define MAX_PORTS 256 /* Max # ports. */ #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ -@@ -126,8 +128,10 @@ typedef struct { +@@ -125,8 +127,10 @@ typedef struct { int kerberos_get_afs_token; /* If true, try to get AFS token if * authenticated with Kerberos. */ int gss_authentication; /* If true, permit GSSAPI authentication */ @@ -2439,8 +2433,8 @@ Index: openssh-7.9p1/servconf.h int kbd_interactive_authentication; /* If true, permit */ Index: openssh-7.9p1/ssh-gss.h =================================================================== ---- openssh-7.9p1.orig/ssh-gss.h -+++ openssh-7.9p1/ssh-gss.h +--- openssh-7.9p1.orig/ssh-gss.h 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/ssh-gss.h 2019-02-27 15:43:51.436516173 +0100 @@ -61,10 +61,22 @@ #define SSH_GSS_OIDTYPE 0x06 @@ -2533,9 +2527,9 @@ Index: openssh-7.9p1/ssh-gss.h #endif /* _SSH_GSS_H */ Index: openssh-7.9p1/ssh_config =================================================================== ---- openssh-7.9p1.orig/ssh_config -+++ openssh-7.9p1/ssh_config -@@ -45,6 +45,8 @@ Host * +--- openssh-7.9p1.orig/ssh_config 2019-02-27 15:43:51.172514604 +0100 ++++ openssh-7.9p1/ssh_config 2019-02-27 15:43:51.436516173 +0100 +@@ -40,6 +40,8 @@ Host * # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no @@ -2546,8 +2540,8 @@ Index: openssh-7.9p1/ssh_config # AddressFamily any Index: openssh-7.9p1/ssh_config.0 =================================================================== ---- openssh-7.9p1.orig/ssh_config.0 -+++ openssh-7.9p1/ssh_config.0 +--- openssh-7.9p1.orig/ssh_config.0 2019-02-27 15:43:51.300515365 +0100 ++++ openssh-7.9p1/ssh_config.0 2019-02-27 15:43:51.436516173 +0100 @@ -422,9 +422,40 @@ DESCRIPTION Specifies whether user authentication based on GSSAPI is allowed. The default is no. @@ -2591,8 +2585,8 @@ Index: openssh-7.9p1/ssh_config.0 they are added to ~/.ssh/known_hosts. These hashed names may be Index: openssh-7.9p1/ssh_config.5 =================================================================== ---- openssh-7.9p1.orig/ssh_config.5 -+++ openssh-7.9p1/ssh_config.5 +--- openssh-7.9p1.orig/ssh_config.5 2019-02-27 15:43:51.300515365 +0100 ++++ openssh-7.9p1/ssh_config.5 2019-02-27 15:43:51.436516173 +0100 @@ -738,10 +738,40 @@ The default is Specifies whether user authentication based on GSSAPI is allowed. The default is @@ -2636,8 +2630,8 @@ Index: openssh-7.9p1/ssh_config.5 .Xr ssh 1 Index: openssh-7.9p1/sshconnect2.c =================================================================== ---- openssh-7.9p1.orig/sshconnect2.c -+++ openssh-7.9p1/sshconnect2.c +--- openssh-7.9p1.orig/sshconnect2.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/sshconnect2.c 2019-02-27 15:43:51.436516173 +0100 @@ -82,6 +82,124 @@ extern char *client_version_string; extern char *server_version_string; extern Options options; @@ -2956,7 +2950,7 @@ Index: openssh-7.9p1/sshconnect2.c #endif /* GSSAPI */ int -@@ -1473,8 +1716,8 @@ key_type_allowed_by_config(struct sshkey +@@ -1473,8 +1713,8 @@ key_type_allowed_by_config(struct sshkey /* * try keys in the following order: @@ -2969,8 +2963,8 @@ Index: openssh-7.9p1/sshconnect2.c * 5. keys that are only listed in the config file Index: openssh-7.9p1/sshd.c =================================================================== ---- openssh-7.9p1.orig/sshd.c -+++ openssh-7.9p1/sshd.c +--- openssh-7.9p1.orig/sshd.c 2019-02-27 15:43:51.412516029 +0100 ++++ openssh-7.9p1/sshd.c 2019-02-27 15:43:55.360539487 +0100 @@ -131,6 +131,10 @@ #include "fips.h" @@ -3204,9 +3198,9 @@ Index: openssh-7.9p1/sshd.c kex->server_version_string=server_version_string; Index: openssh-7.9p1/sshd_config =================================================================== ---- openssh-7.9p1.orig/sshd_config -+++ openssh-7.9p1/sshd_config -@@ -76,6 +76,8 @@ AuthorizedKeysFile .ssh/authorized_keys +--- openssh-7.9p1.orig/sshd_config 2019-02-27 15:43:51.172514604 +0100 ++++ openssh-7.9p1/sshd_config 2019-02-27 15:43:51.436516173 +0100 +@@ -69,6 +69,8 @@ AuthorizedKeysFile .ssh/authorized_keys # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes @@ -3217,8 +3211,8 @@ Index: openssh-7.9p1/sshd_config # and session processing. If this is enabled, PAM authentication will Index: openssh-7.9p1/sshd_config.5 =================================================================== ---- openssh-7.9p1.orig/sshd_config.5 -+++ openssh-7.9p1/sshd_config.5 +--- openssh-7.9p1.orig/sshd_config.5 2019-02-27 15:43:51.300515365 +0100 ++++ openssh-7.9p1/sshd_config.5 2019-02-27 15:43:51.436516173 +0100 @@ -655,6 +655,11 @@ Specifies whether to automatically destr on logout. The default is @@ -3243,7 +3237,7 @@ Index: openssh-7.9p1/sshd_config.5 .It Cm HostbasedAcceptedKeyTypes Specifies the key types that will be accepted for hostbased authentication as a list of comma-separated patterns. -@@ -1643,16 +1653,16 @@ as a non-root user. +@@ -1627,16 +1637,16 @@ as a non-root user. The default is .Cm no . .It Cm UsePAMCheckLocks @@ -3265,8 +3259,8 @@ Index: openssh-7.9p1/sshd_config.5 Optionally specifies additional text to append to the SSH protocol banner Index: openssh-7.9p1/sshkey.c =================================================================== ---- openssh-7.9p1.orig/sshkey.c -+++ openssh-7.9p1/sshkey.c +--- openssh-7.9p1.orig/sshkey.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/sshkey.c 2019-02-27 15:43:55.360539487 +0100 @@ -135,6 +135,7 @@ static const struct keytype keytypes[] = # endif /* OPENSSL_HAS_NISTP521 */ # endif /* OPENSSL_HAS_ECC */ @@ -3277,8 +3271,8 @@ Index: openssh-7.9p1/sshkey.c Index: openssh-7.9p1/sshkey.h =================================================================== ---- openssh-7.9p1.orig/sshkey.h -+++ openssh-7.9p1/sshkey.h +--- openssh-7.9p1.orig/sshkey.h 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/sshkey.h 2019-02-27 15:43:55.360539487 +0100 @@ -64,6 +64,7 @@ enum sshkey_types { KEY_ED25519_CERT, KEY_XMSS, @@ -3289,8 +3283,8 @@ Index: openssh-7.9p1/sshkey.h Index: openssh-7.9p1/sshd_config.0 =================================================================== ---- openssh-7.9p1.orig/sshd_config.0 -+++ openssh-7.9p1/sshd_config.0 +--- openssh-7.9p1.orig/sshd_config.0 2019-02-27 15:43:51.300515365 +0100 ++++ openssh-7.9p1/sshd_config.0 2019-02-27 15:43:51.436516173 +0100 @@ -380,6 +380,12 @@ DESCRIPTION Specifies whether user authentication based on GSSAPI is allowed. The default is no. diff --git a/openssh.changes b/openssh.changes index c5888e4..750c734 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Wed Feb 27 12:29:05 UTC 2019 - Vítězslav Čížek + +- Remove the "KexDHMin" config keyword (bsc#1127180) + It used to allow lowering of the minimal allowed DH group size, + which was increased to 2048 by upstream in the light of the Logjam + attack. + The code was broken since the upgrade to 7.6p1, but nobody noticed. + As apparently no one needs the functionality any more, let's drop + the patch. + It's still possible to use the fixed 1024-bit diffie-hellman-group1-sha1 + key exchange method when working with legacy systems. +- drop openssh-7.7p1-disable_short_DH_parameters.patch +- updated patches: + openssh-7.7p1-fips.patch + openssh-7.7p1-fips_checks.patch + openssh-7.7p1-gssapi_key_exchange.patch + ------------------------------------------------------------------- Mon Feb 18 10:01:45 UTC 2019 - Pedro Monreal Gonzalez diff --git a/openssh.spec b/openssh.spec index 59e28d8..88e3725 100644 --- a/openssh.spec +++ b/openssh.spec @@ -65,7 +65,6 @@ Patch7: openssh-7.7p1-hostname_changes_when_forwarding_X.patch Patch8: openssh-7.7p1-remove_xauth_cookies_on_exit.patch Patch9: openssh-7.7p1-pts_names_formatting.patch Patch10: openssh-7.7p1-pam_check_locks.patch -Patch11: openssh-7.7p1-disable_short_DH_parameters.patch # https://bugzilla.mindrot.org/show_bug.cgi?id=2752 Patch14: openssh-7.7p1-seccomp_stat.patch # https://bugzilla.mindrot.org/show_bug.cgi?id=2752 From 3f73bd983145d4df53128bcaa98d5f171bdcfeec8e68a1caa07643802fabf5d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Thu, 28 Feb 2019 20:03:36 +0000 Subject: [PATCH 2/2] Accepting request 680202 from home:vitezslav_cizek:branches:network - Correctly filter out non-compliant algorithms when in FIPS mode (bsc#1126397) * A hunk was applied to a wrong place due to a patch fuzz when the fips patch was being ported to openssh 7.9p1 - update openssh-7.7p1-fips.patch OBS-URL: https://build.opensuse.org/request/show/680202 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=182 --- openssh-7.7p1-fips.patch | 58 ++++++++++++++++++++-------------------- openssh.changes | 9 +++++++ 2 files changed, 38 insertions(+), 29 deletions(-) diff --git a/openssh-7.7p1-fips.patch b/openssh-7.7p1-fips.patch index 5e07f93..7d6bc9d 100644 --- a/openssh-7.7p1-fips.patch +++ b/openssh-7.7p1-fips.patch @@ -5,8 +5,8 @@ algorithms. Index: openssh-7.9p1/Makefile.in =================================================================== ---- openssh-7.9p1.orig/Makefile.in 2019-02-27 14:05:59.153078796 +0100 -+++ openssh-7.9p1/Makefile.in 2019-02-27 15:41:46.539774099 +0100 +--- openssh-7.9p1.orig/Makefile.in 2019-02-28 17:20:15.767164591 +0100 ++++ openssh-7.9p1/Makefile.in 2019-02-28 20:18:30.666473978 +0100 @@ -102,6 +102,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ platform-pledge.o platform-tracing.o platform-misc.o @@ -19,7 +19,7 @@ Index: openssh-7.9p1/Makefile.in Index: openssh-7.9p1/cipher-ctr.c =================================================================== --- openssh-7.9p1.orig/cipher-ctr.c 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/cipher-ctr.c 2019-02-27 14:05:59.305079731 +0100 ++++ openssh-7.9p1/cipher-ctr.c 2019-02-28 17:20:15.919165544 +0100 @@ -27,6 +27,8 @@ #include "xmalloc.h" #include "log.h" @@ -41,7 +41,7 @@ Index: openssh-7.9p1/cipher-ctr.c Index: openssh-7.9p1/cipher.c =================================================================== --- openssh-7.9p1.orig/cipher.c 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/cipher.c 2019-02-27 15:41:46.539774099 +0100 ++++ openssh-7.9p1/cipher.c 2019-02-28 20:18:30.666473978 +0100 @@ -51,6 +51,8 @@ #include "openbsd-compat/openssl-compat.h" @@ -134,7 +134,7 @@ Index: openssh-7.9p1/cipher.c Index: openssh-7.9p1/fips.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssh-7.9p1/fips.c 2019-02-27 15:41:46.311772744 +0100 ++++ openssh-7.9p1/fips.c 2019-02-28 20:18:30.534473204 +0100 @@ -0,0 +1,215 @@ +/* + * Copyright (c) 2012 Petr Cerny. All rights reserved. @@ -354,7 +354,7 @@ Index: openssh-7.9p1/fips.c Index: openssh-7.9p1/fips.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssh-7.9p1/fips.h 2019-02-27 15:41:46.311772744 +0100 ++++ openssh-7.9p1/fips.h 2019-02-28 20:18:30.534473204 +0100 @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2012 Petr Cerny. All rights reserved. @@ -403,7 +403,7 @@ Index: openssh-7.9p1/fips.h Index: openssh-7.9p1/hmac.c =================================================================== --- openssh-7.9p1.orig/hmac.c 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/hmac.c 2019-02-27 14:05:59.305079731 +0100 ++++ openssh-7.9p1/hmac.c 2019-02-28 17:20:15.919165544 +0100 @@ -144,7 +144,7 @@ hmac_test(void *key, size_t klen, void * size_t i; u_char digest[16]; @@ -416,7 +416,7 @@ Index: openssh-7.9p1/hmac.c Index: openssh-7.9p1/kex.c =================================================================== --- openssh-7.9p1.orig/kex.c 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/kex.c 2019-02-27 15:41:45.951770606 +0100 ++++ openssh-7.9p1/kex.c 2019-02-28 17:20:15.919165544 +0100 @@ -54,6 +54,8 @@ #include "sshbuf.h" #include "digest.h" @@ -515,7 +515,7 @@ Index: openssh-7.9p1/kex.c Index: openssh-7.9p1/kexgexs.c =================================================================== --- openssh-7.9p1.orig/kexgexs.c 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/kexgexs.c 2019-02-27 14:05:59.305079731 +0100 ++++ openssh-7.9p1/kexgexs.c 2019-02-28 17:20:15.923165569 +0100 @@ -56,6 +56,8 @@ #include "sshbuf.h" #include "misc.h" @@ -528,7 +528,7 @@ Index: openssh-7.9p1/kexgexs.c Index: openssh-7.9p1/mac.c =================================================================== --- openssh-7.9p1.orig/mac.c 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/mac.c 2019-02-27 15:31:46.644209847 +0100 ++++ openssh-7.9p1/mac.c 2019-02-28 17:20:15.923165569 +0100 @@ -40,6 +40,9 @@ #include "openbsd-compat/openssl-compat.h" @@ -611,7 +611,7 @@ Index: openssh-7.9p1/mac.c Index: openssh-7.9p1/myproposal.h =================================================================== --- openssh-7.9p1.orig/myproposal.h 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/myproposal.h 2019-02-27 14:05:59.309079755 +0100 ++++ openssh-7.9p1/myproposal.h 2019-02-28 17:20:15.923165569 +0100 @@ -151,6 +151,8 @@ #else /* WITH_OPENSSL */ @@ -624,7 +624,7 @@ Index: openssh-7.9p1/myproposal.h Index: openssh-7.9p1/readconf.c =================================================================== --- openssh-7.9p1.orig/readconf.c 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/readconf.c 2019-02-27 15:42:19.495969910 +0100 ++++ openssh-7.9p1/readconf.c 2019-02-28 20:18:54.650614520 +0100 @@ -68,6 +68,8 @@ #include "myproposal.h" #include "digest.h" @@ -667,18 +667,18 @@ Index: openssh-7.9p1/readconf.c if (options->update_hostkeys == -1) options->update_hostkeys = 0; -@@ -2577,6 +2598,7 @@ dump_client_config(Options *o, const cha - KEX_DEFAULT_PK_ALG, all_key) != 0) - fatal("%s: kex_assemble_names failed", __func__); +@@ -2122,6 +2143,7 @@ fill_default_options(Options * options) + free(all_kex); free(all_key); -+ filter_fips_algorithms(o); + free(all_sig); ++ filter_fips_algorithms(options); - /* Most interesting options first: user, host, port */ - dump_cfg_string(oUser, o->user); + #define CLEAR_ON_NONE(v) \ + do { \ Index: openssh-7.9p1/readconf.h =================================================================== --- openssh-7.9p1.orig/readconf.h 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/readconf.h 2019-02-27 15:41:45.951770606 +0100 ++++ openssh-7.9p1/readconf.h 2019-02-28 17:20:15.923165569 +0100 @@ -197,6 +197,7 @@ typedef struct { #define SSH_STRICT_HOSTKEY_YES 2 #define SSH_STRICT_HOSTKEY_ASK 3 @@ -689,8 +689,8 @@ Index: openssh-7.9p1/readconf.h void fill_default_options_for_canonicalization(Options *); Index: openssh-7.9p1/servconf.c =================================================================== ---- openssh-7.9p1.orig/servconf.c 2019-02-27 14:05:59.237079313 +0100 -+++ openssh-7.9p1/servconf.c 2019-02-27 15:41:45.951770606 +0100 +--- openssh-7.9p1.orig/servconf.c 2019-02-28 17:20:15.851165117 +0100 ++++ openssh-7.9p1/servconf.c 2019-02-28 17:20:15.923165569 +0100 @@ -64,6 +64,7 @@ #include "auth.h" #include "myproposal.h" @@ -744,7 +744,7 @@ Index: openssh-7.9p1/servconf.c Index: openssh-7.9p1/ssh-keygen.c =================================================================== --- openssh-7.9p1.orig/ssh-keygen.c 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/ssh-keygen.c 2019-02-27 14:05:59.309079755 +0100 ++++ openssh-7.9p1/ssh-keygen.c 2019-02-28 17:20:15.923165569 +0100 @@ -61,6 +61,8 @@ #include "utf8.h" #include "authfd.h" @@ -820,7 +820,7 @@ Index: openssh-7.9p1/ssh-keygen.c Index: openssh-7.9p1/ssh_config.0 =================================================================== --- openssh-7.9p1.orig/ssh_config.0 2018-10-19 03:06:19.000000000 +0200 -+++ openssh-7.9p1/ssh_config.0 2019-02-27 15:41:45.951770606 +0100 ++++ openssh-7.9p1/ssh_config.0 2019-02-28 17:20:15.923165569 +0100 @@ -353,6 +353,9 @@ DESCRIPTION Specifies the hash algorithm used when displaying key fingerprints. Valid options are: md5 and sha256 (the default). @@ -844,7 +844,7 @@ Index: openssh-7.9p1/ssh_config.0 Index: openssh-7.9p1/ssh_config.5 =================================================================== --- openssh-7.9p1.orig/ssh_config.5 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/ssh_config.5 2019-02-27 15:41:45.951770606 +0100 ++++ openssh-7.9p1/ssh_config.5 2019-02-28 17:20:15.923165569 +0100 @@ -642,6 +642,8 @@ Valid options are: and .Cm sha256 @@ -857,7 +857,7 @@ Index: openssh-7.9p1/ssh_config.5 Index: openssh-7.9p1/sshd.c =================================================================== --- openssh-7.9p1.orig/sshd.c 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/sshd.c 2019-02-27 15:41:46.311772744 +0100 ++++ openssh-7.9p1/sshd.c 2019-02-28 20:18:30.534473204 +0100 @@ -123,6 +123,8 @@ #include "version.h" #include "ssherr.h" @@ -869,8 +869,8 @@ Index: openssh-7.9p1/sshd.c #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) Index: openssh-7.9p1/sshd_config.0 =================================================================== ---- openssh-7.9p1.orig/sshd_config.0 2019-02-27 14:05:59.237079313 +0100 -+++ openssh-7.9p1/sshd_config.0 2019-02-27 15:41:45.951770606 +0100 +--- openssh-7.9p1.orig/sshd_config.0 2019-02-28 17:20:15.851165117 +0100 ++++ openssh-7.9p1/sshd_config.0 2019-02-28 17:20:15.927165594 +0100 @@ -348,6 +348,9 @@ DESCRIPTION Specifies the hash algorithm used when logging key fingerprints. Valid options are: md5 and sha256. The default is sha256. @@ -893,8 +893,8 @@ Index: openssh-7.9p1/sshd_config.0 following forms may be used: Index: openssh-7.9p1/sshd_config.5 =================================================================== ---- openssh-7.9p1.orig/sshd_config.5 2019-02-27 14:05:59.237079313 +0100 -+++ openssh-7.9p1/sshd_config.5 2019-02-27 15:41:45.951770606 +0100 +--- openssh-7.9p1.orig/sshd_config.5 2019-02-28 17:20:15.851165117 +0100 ++++ openssh-7.9p1/sshd_config.5 2019-02-28 17:20:15.927165594 +0100 @@ -603,6 +603,8 @@ and .Cm sha256 . The default is diff --git a/openssh.changes b/openssh.changes index 750c734..420fc0a 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Feb 28 19:20:58 UTC 2019 - Vítězslav Čížek + +- Correctly filter out non-compliant algorithms when in FIPS mode + (bsc#1126397) + * A hunk was applied to a wrong place due to a patch fuzz when + the fips patch was being ported to openssh 7.9p1 +- update openssh-7.7p1-fips.patch + ------------------------------------------------------------------- Wed Feb 27 12:29:05 UTC 2019 - Vítězslav Čížek