Hello community, here is the log from the commit of package openssh for openSUSE:Factory checked in at 2020-11-26 23:10:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssh (Old) and /work/SRC/openSUSE:Factory/.openssh.new.5913 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh" Thu Nov 26 23:10:42 2020 rev:144 rq:849984 version:8.3p1 Changes: -------- --- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2020-10-18 16:30:22.716730029 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new.5913/openssh.changes 2020-11-26 23:12:22.672940774 +0100 @@ -1,0 +2,22 @@ +Wed Nov 11 20:05:27 UTC 2020 - Hans Petter Jansson <h...@suse.com> + +- Fix build breakage caused by missing security key objects: + + Modify openssh-7.7p1-cavstest-ctr.patch. + + Modify openssh-7.7p1-cavstest-kdf.patch. + + Add openssh-link-with-sk.patch. + +------------------------------------------------------------------- +Wed Nov 11 18:27:55 UTC 2020 - Hans Petter Jansson <h...@suse.com> + +- Add openssh-fips-ensure-approved-moduli.patch (bsc#1177939). + This ensures only approved DH parameters are used in FIPS mode. + +------------------------------------------------------------------- +Wed Nov 11 18:27:54 UTC 2020 - Hans Petter Jansson <h...@suse.com> + +- Add openssh-8.1p1-ed25519-use-openssl-rng.patch (bsc#1173799). + This uses OpenSSL's RAND_bytes() directly instead of the internal + ChaCha20-based implementation to obtain random bytes for Ed25519 + curve computations. This is required for FIPS compliance. + +------------------------------------------------------------------- New: ---- openssh-8.1p1-ed25519-use-openssl-rng.patch openssh-fips-ensure-approved-moduli.patch openssh-link-with-sk.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.NqJRYZ/_old 2020-11-26 23:12:24.268941105 +0100 +++ /var/tmp/diff_new_pack.NqJRYZ/_new 2020-11-26 23:12:24.268941105 +0100 @@ -104,6 +104,9 @@ Patch37: openssh-8.1p1-seccomp-clock_nanosleep_time64.patch Patch38: openssh-8.1p1-seccomp-clock_gettime64.patch Patch39: openssh-8.1p1-use-openssl-kdf.patch +Patch40: openssh-8.1p1-ed25519-use-openssl-rng.patch +Patch41: openssh-fips-ensure-approved-moduli.patch +Patch42: openssh-link-with-sk.patch BuildRequires: audit-devel BuildRequires: autoconf BuildRequires: groff ++++++ openssh-7.7p1-cavstest-ctr.patch ++++++ --- /var/tmp/diff_new_pack.NqJRYZ/_old 2020-11-26 23:12:24.348941121 +0100 +++ /var/tmp/diff_new_pack.NqJRYZ/_new 2020-11-26 23:12:24.352941122 +0100 @@ -28,8 +28,8 @@ $(LD) -o $@ $(SFTP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) +# FIPS tests -+cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o -+ $(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) ++cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o cavstest-ctr.o ++ $(LD) -o $@ cavstest-ctr.o ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(LIBFIDO2) + # test driver for the loginrec code - not built by default logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o ++++++ openssh-7.7p1-cavstest-kdf.patch ++++++ --- /var/tmp/diff_new_pack.NqJRYZ/_old 2020-11-26 23:12:24.360941124 +0100 +++ /var/tmp/diff_new_pack.NqJRYZ/_new 2020-11-26 23:12:24.360941124 +0100 @@ -24,11 +24,11 @@ XMSS_OBJS=\ ssh-xmss.o \ @@ -251,6 +252,9 @@ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTP_OBJS) - cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o - $(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) + cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o cavstest-ctr.o + $(LD) -o $@ cavstest-ctr.o ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(LIBFIDO2) -+cavstest-kdf$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-kdf.o -+ $(LD) -o $@ cavstest-kdf.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) ++cavstest-kdf$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o cavstest-kdf.o ++ $(LD) -o $@ cavstest-kdf.o ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(LIBFIDO2) + # test driver for the loginrec code - not built by default logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o ++++++ openssh-8.1p1-ed25519-use-openssl-rng.patch ++++++ commit d281831d887044ede45d458c3dda74be9ae017e3 Author: Hans Petter Jansson <h...@hpjansson.org> Date: Fri Sep 25 23:26:58 2020 +0200 Use OpenSSL's FIPS approved RAND_bytes() to get randomness for Ed25519 diff --git a/ed25519.c b/ed25519.c index 767ec24..5d506a9 100644 --- a/ed25519.c +++ b/ed25519.c @@ -9,6 +9,13 @@ #include "includes.h" #include "crypto_api.h" +#ifdef WITH_OPENSSL +#include <openssl/rand.h> +#include <openssl/err.h> +#endif + +#include "log.h" + #include "ge25519.h" static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen) @@ -33,7 +40,15 @@ int crypto_sign_ed25519_keypair( unsigned char extsk[64]; int i; +#ifdef WITH_OPENSSL + /* Use FIPS approved RNG */ + if (RAND_bytes(sk, 32) <= 0) + fatal("Couldn't obtain random bytes (error 0x%lx)", + (unsigned long)ERR_get_error()); +#else randombytes(sk, 32); +#endif + crypto_hash_sha512(extsk, sk, 32); extsk[0] &= 248; extsk[31] &= 127; diff --git a/kexc25519.c b/kexc25519.c index f13d766..2604eda 100644 --- a/kexc25519.c +++ b/kexc25519.c @@ -33,6 +33,13 @@ #include <string.h> #include <signal.h> +#ifdef WITH_OPENSSL +#include <openssl/rand.h> +#include <openssl/err.h> +#endif + +#include "log.h" + #include "sshkey.h" #include "kex.h" #include "sshbuf.h" @@ -51,7 +58,15 @@ kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) { static const u_char basepoint[CURVE25519_SIZE] = {9}; +#ifdef WITH_OPENSSL + /* Use FIPS approved RNG */ + if (RAND_bytes(key, CURVE25519_SIZE) <= 0) + fatal("Couldn't obtain random bytes (error 0x%lx)", + (unsigned long)ERR_get_error()); +#else arc4random_buf(key, CURVE25519_SIZE); +#endif + crypto_scalarmult_curve25519(pub, key, basepoint); } ++++++ openssh-fips-ensure-approved-moduli.patch ++++++ commit 15c95d6eb2e8bc549719578c9a16541015363360 Author: Hans Petter Jansson <h...@hpjansson.org> Date: Mon Oct 26 22:26:46 2020 +0100 Ensure DHGs are approved in FIPS mode using OpenSSL's DH_check_params() diff --git a/dh.c b/dh.c index 7cb135d..3fe7f75 100644 --- a/dh.c +++ b/dh.c @@ -143,6 +143,28 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) return 0; } +static int +dhg_is_approved(const struct dhgroup *dhg) +{ + BIGNUM *g, *p; + DH *dh; + int dh_status; + int is_ok = 0; + + /* DH_set0_pqg() transfers ownership of the bignums, so we + * make temporary copies here for simplicity. */ + g = BN_dup(dhg->g); + p = BN_dup(dhg->p); + dh = dh_new_group(g, p); + + if (dh) { + is_ok = DH_check_params(dh, &dh_status); + } + + DH_free(dh); + return is_ok; +} + DH * choose_dh(int min, int wantbits, int max) { @@ -161,12 +183,20 @@ choose_dh(int min, int wantbits, int max) linenum = 0; best = bestcount = 0; while (getline(&line, &linesize, f) != -1) { + int dhg_is_ok; + linenum++; if (!parse_prime(linenum, line, &dhg)) continue; + + dhg_is_ok = dhg_is_approved(&dhg); + BN_clear_free(dhg.g); BN_clear_free(dhg.p); + if (!dhg_is_ok) + continue; + if (dhg.size > max || dhg.size < min) continue; @@ -193,10 +223,16 @@ choose_dh(int min, int wantbits, int max) linenum = 0; bestcount = 0; while (getline(&line, &linesize, f) != -1) { + int dhg_is_ok; + linenum++; if (!parse_prime(linenum, line, &dhg)) continue; - if ((dhg.size > max || dhg.size < min) || + + dhg_is_ok = dhg_is_approved(&dhg); + + if (!dhg_is_ok || + (dhg.size > max || dhg.size < min) || dhg.size != best || bestcount++ != which) { BN_clear_free(dhg.g); ++++++ openssh-link-with-sk.patch ++++++ diff --git a/Makefile.in b/Makefile.in index 6dec09c..25e74ac 100644 --- a/Makefile.in +++ b/Makefile.in @@ -251,8 +251,8 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS) ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) -sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTPSERVER_OBJS) - $(LD) -o $@ $(SFTPSERVER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o $(SFTPSERVER_OBJS) + $(LD) -o $@ $(SFTPSERVER_OBJS) ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2) sftp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTP_OBJS) $(LD) -o $@ $(SFTP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) _______________________________________________ openSUSE Commits mailing list -- commit@lists.opensuse.org To unsubscribe, email commit-le...@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/commit@lists.opensuse.org