forked from pool/openssh
916f9ab5d2
- Fix build breakage caused by missing security key objects: + Modify openssh-7.7p1-cavstest-ctr.patch. + Modify openssh-7.7p1-cavstest-kdf.patch. + Add openssh-link-with-sk.patch. - Add openssh-fips-ensure-approved-moduli.patch (bsc#1177939). This ensures only approved DH parameters are used in FIPS mode. - Add openssh-8.1p1-ed25519-use-openssl-rng.patch (bsc#1173799). This uses OpenSSL's RAND_bytes() directly instead of the internal ChaCha20-based implementation to obtain random bytes for Ed25519 curve computations. This is required for FIPS compliance. OBS-URL: https://build.opensuse.org/request/show/849311 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=219
79 lines
1.7 KiB
Diff
79 lines
1.7 KiB
Diff
commit 15c95d6eb2e8bc549719578c9a16541015363360
|
|
Author: Hans Petter Jansson <hpj@hpjansson.org>
|
|
Date: Mon Oct 26 22:26:46 2020 +0100
|
|
|
|
Ensure DHGs are approved in FIPS mode using OpenSSL's DH_check_params()
|
|
|
|
diff --git a/dh.c b/dh.c
|
|
index 7cb135d..3fe7f75 100644
|
|
--- a/dh.c
|
|
+++ b/dh.c
|
|
@@ -143,6 +143,28 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
|
|
return 0;
|
|
}
|
|
|
|
+static int
|
|
+dhg_is_approved(const struct dhgroup *dhg)
|
|
+{
|
|
+ BIGNUM *g, *p;
|
|
+ DH *dh;
|
|
+ int dh_status;
|
|
+ int is_ok = 0;
|
|
+
|
|
+ /* DH_set0_pqg() transfers ownership of the bignums, so we
|
|
+ * make temporary copies here for simplicity. */
|
|
+ g = BN_dup(dhg->g);
|
|
+ p = BN_dup(dhg->p);
|
|
+ dh = dh_new_group(g, p);
|
|
+
|
|
+ if (dh) {
|
|
+ is_ok = DH_check_params(dh, &dh_status);
|
|
+ }
|
|
+
|
|
+ DH_free(dh);
|
|
+ return is_ok;
|
|
+}
|
|
+
|
|
DH *
|
|
choose_dh(int min, int wantbits, int max)
|
|
{
|
|
@@ -161,12 +183,20 @@ choose_dh(int min, int wantbits, int max)
|
|
linenum = 0;
|
|
best = bestcount = 0;
|
|
while (getline(&line, &linesize, f) != -1) {
|
|
+ int dhg_is_ok;
|
|
+
|
|
linenum++;
|
|
if (!parse_prime(linenum, line, &dhg))
|
|
continue;
|
|
+
|
|
+ dhg_is_ok = dhg_is_approved(&dhg);
|
|
+
|
|
BN_clear_free(dhg.g);
|
|
BN_clear_free(dhg.p);
|
|
|
|
+ if (!dhg_is_ok)
|
|
+ continue;
|
|
+
|
|
if (dhg.size > max || dhg.size < min)
|
|
continue;
|
|
|
|
@@ -193,10 +223,16 @@ choose_dh(int min, int wantbits, int max)
|
|
linenum = 0;
|
|
bestcount = 0;
|
|
while (getline(&line, &linesize, f) != -1) {
|
|
+ int dhg_is_ok;
|
|
+
|
|
linenum++;
|
|
if (!parse_prime(linenum, line, &dhg))
|
|
continue;
|
|
- if ((dhg.size > max || dhg.size < min) ||
|
|
+
|
|
+ dhg_is_ok = dhg_is_approved(&dhg);
|
|
+
|
|
+ if (!dhg_is_ok ||
|
|
+ (dhg.size > max || dhg.size < min) ||
|
|
dhg.size != best ||
|
|
bestcount++ != which) {
|
|
BN_clear_free(dhg.g);
|