Hello community,
here is the log from the commit of package openssh for openSUSE:Factory checked
in at 2020-11-26 23:10:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssh (Old)
and /work/SRC/openSUSE:Factory/.openssh.new.5913 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh"
Thu Nov 26 23:10:42 2020 rev:144 rq:849984 version:8.3p1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2020-10-18
16:30:22.716730029 +0200
+++ /work/SRC/openSUSE:Factory/.openssh.new.5913/openssh.changes
2020-11-26 23:12:22.672940774 +0100
@@ -1,0 +2,22 @@
+Wed Nov 11 20:05:27 UTC 2020 - Hans Petter Jansson <h...@suse.com>
+
+- Fix build breakage caused by missing security key objects:
+ + Modify openssh-7.7p1-cavstest-ctr.patch.
+ + Modify openssh-7.7p1-cavstest-kdf.patch.
+ + Add openssh-link-with-sk.patch.
+
+-------------------------------------------------------------------
+Wed Nov 11 18:27:55 UTC 2020 - Hans Petter Jansson <h...@suse.com>
+
+- Add openssh-fips-ensure-approved-moduli.patch (bsc#1177939).
+ This ensures only approved DH parameters are used in FIPS mode.
+
+-------------------------------------------------------------------
+Wed Nov 11 18:27:54 UTC 2020 - Hans Petter Jansson <h...@suse.com>
+
+- Add openssh-8.1p1-ed25519-use-openssl-rng.patch (bsc#1173799).
+ This uses OpenSSL's RAND_bytes() directly instead of the internal
+ ChaCha20-based implementation to obtain random bytes for Ed25519
+ curve computations. This is required for FIPS compliance.
+
+-------------------------------------------------------------------
New:
----
openssh-8.1p1-ed25519-use-openssl-rng.patch
openssh-fips-ensure-approved-moduli.patch
openssh-link-with-sk.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssh.spec ++++++
--- /var/tmp/diff_new_pack.NqJRYZ/_old 2020-11-26 23:12:24.268941105 +0100
+++ /var/tmp/diff_new_pack.NqJRYZ/_new 2020-11-26 23:12:24.268941105 +0100
@@ -104,6 +104,9 @@
Patch37: openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
Patch38: openssh-8.1p1-seccomp-clock_gettime64.patch
Patch39: openssh-8.1p1-use-openssl-kdf.patch
+Patch40: openssh-8.1p1-ed25519-use-openssl-rng.patch
+Patch41: openssh-fips-ensure-approved-moduli.patch
+Patch42: openssh-link-with-sk.patch
BuildRequires: audit-devel
BuildRequires: autoconf
BuildRequires: groff
++++++ openssh-7.7p1-cavstest-ctr.patch ++++++
--- /var/tmp/diff_new_pack.NqJRYZ/_old 2020-11-26 23:12:24.348941121 +0100
+++ /var/tmp/diff_new_pack.NqJRYZ/_new 2020-11-26 23:12:24.352941122 +0100
@@ -28,8 +28,8 @@
$(LD) -o $@ $(SFTP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
$(LIBEDIT)
+# FIPS tests
-+cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o
-+ $(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh
$(LIBS)
++cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o
cavstest-ctr.o
++ $(LD) -o $@ cavstest-ctr.o ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh
-lopenbsd-compat -lssh $(LIBS) $(LIBFIDO2)
+
# test driver for the loginrec code - not built by default
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
++++++ openssh-7.7p1-cavstest-kdf.patch ++++++
--- /var/tmp/diff_new_pack.NqJRYZ/_old 2020-11-26 23:12:24.360941124 +0100
+++ /var/tmp/diff_new_pack.NqJRYZ/_new 2020-11-26 23:12:24.360941124 +0100
@@ -24,11 +24,11 @@
XMSS_OBJS=\
ssh-xmss.o \
@@ -251,6 +252,9 @@ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTP_OBJS)
- cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o
- $(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh
$(LIBS)
+ cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o
cavstest-ctr.o
+ $(LD) -o $@ cavstest-ctr.o ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh
-lopenbsd-compat -lssh $(LIBS) $(LIBFIDO2)
-+cavstest-kdf$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-kdf.o
-+ $(LD) -o $@ cavstest-kdf.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh
$(LIBS)
++cavstest-kdf$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o
cavstest-kdf.o
++ $(LD) -o $@ cavstest-kdf.o ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh
-lopenbsd-compat -lssh $(LIBS) $(LIBFIDO2)
+
# test driver for the loginrec code - not built by default
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
++++++ openssh-8.1p1-ed25519-use-openssl-rng.patch ++++++
commit d281831d887044ede45d458c3dda74be9ae017e3
Author: Hans Petter Jansson <h...@hpjansson.org>
Date: Fri Sep 25 23:26:58 2020 +0200
Use OpenSSL's FIPS approved RAND_bytes() to get randomness for Ed25519
diff --git a/ed25519.c b/ed25519.c
index 767ec24..5d506a9 100644
--- a/ed25519.c
+++ b/ed25519.c
@@ -9,6 +9,13 @@
#include "includes.h"
#include "crypto_api.h"
+#ifdef WITH_OPENSSL
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#endif
+
+#include "log.h"
+
#include "ge25519.h"
static void get_hram(unsigned char *hram, const unsigned char *sm, const
unsigned char *pk, unsigned char *playground, unsigned long long smlen)
@@ -33,7 +40,15 @@ int crypto_sign_ed25519_keypair(
unsigned char extsk[64];
int i;
+#ifdef WITH_OPENSSL
+ /* Use FIPS approved RNG */
+ if (RAND_bytes(sk, 32) <= 0)
+ fatal("Couldn't obtain random bytes (error 0x%lx)",
+ (unsigned long)ERR_get_error());
+#else
randombytes(sk, 32);
+#endif
+
crypto_hash_sha512(extsk, sk, 32);
extsk[0] &= 248;
extsk[31] &= 127;
diff --git a/kexc25519.c b/kexc25519.c
index f13d766..2604eda 100644
--- a/kexc25519.c
+++ b/kexc25519.c
@@ -33,6 +33,13 @@
#include <string.h>
#include <signal.h>
+#ifdef WITH_OPENSSL
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#endif
+
+#include "log.h"
+
#include "sshkey.h"
#include "kex.h"
#include "sshbuf.h"
@@ -51,7 +58,15 @@ kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char
pub[CURVE25519_SIZE])
{
static const u_char basepoint[CURVE25519_SIZE] = {9};
+#ifdef WITH_OPENSSL
+ /* Use FIPS approved RNG */
+ if (RAND_bytes(key, CURVE25519_SIZE) <= 0)
+ fatal("Couldn't obtain random bytes (error 0x%lx)",
+ (unsigned long)ERR_get_error());
+#else
arc4random_buf(key, CURVE25519_SIZE);
+#endif
+
crypto_scalarmult_curve25519(pub, key, basepoint);
}
++++++ openssh-fips-ensure-approved-moduli.patch ++++++
commit 15c95d6eb2e8bc549719578c9a16541015363360
Author: Hans Petter Jansson <h...@hpjansson.org>
Date: Mon Oct 26 22:26:46 2020 +0100
Ensure DHGs are approved in FIPS mode using OpenSSL's DH_check_params()
diff --git a/dh.c b/dh.c
index 7cb135d..3fe7f75 100644
--- a/dh.c
+++ b/dh.c
@@ -143,6 +143,28 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
return 0;
}
+static int
+dhg_is_approved(const struct dhgroup *dhg)
+{
+ BIGNUM *g, *p;
+ DH *dh;
+ int dh_status;
+ int is_ok = 0;
+
+ /* DH_set0_pqg() transfers ownership of the bignums, so we
+ * make temporary copies here for simplicity. */
+ g = BN_dup(dhg->g);
+ p = BN_dup(dhg->p);
+ dh = dh_new_group(g, p);
+
+ if (dh) {
+ is_ok = DH_check_params(dh, &dh_status);
+ }
+
+ DH_free(dh);
+ return is_ok;
+}
+
DH *
choose_dh(int min, int wantbits, int max)
{
@@ -161,12 +183,20 @@ choose_dh(int min, int wantbits, int max)
linenum = 0;
best = bestcount = 0;
while (getline(&line, &linesize, f) != -1) {
+ int dhg_is_ok;
+
linenum++;
if (!parse_prime(linenum, line, &dhg))
continue;
+
+ dhg_is_ok = dhg_is_approved(&dhg);
+
BN_clear_free(dhg.g);
BN_clear_free(dhg.p);
+ if (!dhg_is_ok)
+ continue;
+
if (dhg.size > max || dhg.size < min)
continue;
@@ -193,10 +223,16 @@ choose_dh(int min, int wantbits, int max)
linenum = 0;
bestcount = 0;
while (getline(&line, &linesize, f) != -1) {
+ int dhg_is_ok;
+
linenum++;
if (!parse_prime(linenum, line, &dhg))
continue;
- if ((dhg.size > max || dhg.size < min) ||
+
+ dhg_is_ok = dhg_is_approved(&dhg);
+
+ if (!dhg_is_ok ||
+ (dhg.size > max || dhg.size < min) ||
dhg.size != best ||
bestcount++ != which) {
BN_clear_free(dhg.g);
++++++ openssh-link-with-sk.patch ++++++
diff --git a/Makefile.in b/Makefile.in
index 6dec09c..25e74ac 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -251,8 +251,8 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a
$(SSHKEYSCAN_OBJS)
ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o
ldapmisc.o ldap-helper.o
$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS)
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
-sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTPSERVER_OBJS)
- $(LD) -o $@ $(SFTPSERVER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o
$(SFTPSERVER_OBJS)
+ $(LD) -o $@ $(SFTPSERVER_OBJS) ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh
-lopenbsd-compat $(LIBS) $(LIBFIDO2)
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTP_OBJS)
$(LD) -o $@ $(SFTP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
$(LIBEDIT)
_______________________________________________
openSUSE Commits mailing list -- commit@lists.opensuse.org
To unsubscribe, email commit-le...@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives:
https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
