Hello community,
here is the log from the commit of package openssh for openSUSE:Factory checked
in at 2020-03-01 21:26:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssh (Old)
and /work/SRC/openSUSE:Factory/.openssh.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh"
Sun Mar 1 21:26:18 2020 rev:138 rq:780476 version:8.1p1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2020-02-18
16:18:21.148057284 +0100
+++ /work/SRC/openSUSE:Factory/.openssh.new.26092/openssh.changes
2020-03-01 21:26:31.852375708 +0100
@@ -1,0 +2,5 @@
+Fri Feb 28 16:15:06 UTC 2020 - Ludwig Nussel <lnus...@suse.de>
+
+- Don't recommend xauth to avoid pulling in X.
+
+-------------------------------------------------------------------
@@ -9,0 +15,14 @@
+Tue Feb 11 02:20:32 UTC 2020 - Hans Petter Jansson <h...@suse.com>
+
+- Add openssh-8.1p1-use-openssl-kdf.patch (jsc#SLE-9443). This
+ performs key derivation using OpenSSL's SSHKDF facility, which
+ allows OpenSSH to benefit from the former's FIPS certification
+ status.
+
+-------------------------------------------------------------------
+Thu Nov 21 04:49:22 UTC 2019 - Hans Petter Jansson <h...@suse.com>
+
+- Make sure ssh-keygen runs if SSHD_AUTO_KEYGEN variable is unset
+ or contains an unrecognized value (bsc#1157176).
+
+-------------------------------------------------------------------
@@ -16,0 +36,8 @@
+Thu Oct 17 06:23:58 UTC 2019 - Hans Petter Jansson <h...@suse.com>
+
+- Update openssh-7.7p1-audit.patch to fix crash (bsc#1152730). Fix
+ by Enzo Matsumiya (ematsum...@suse.com). This was integrated in
+ a separate code stream merged with the Oct. 10 update; the patch
+ was also rebased and renamed to openssh-8.1p1-audit.patch.
+
+-------------------------------------------------------------------
@@ -23 +50,3 @@
-- Add patch from upstream openssh-7.9p1-revert-new-qos-defaults.patch
+- Added openssh-7.9p1-revert-new-qos-defaults.patch, which reverts
+ an upstream commit that caused compatibility issues with other
+ software (bsc#1136402).
New:
----
openssh-8.1p1-use-openssl-kdf.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssh.spec ++++++
--- /var/tmp/diff_new_pack.vr8BA5/_old 2020-03-01 21:26:33.004378049 +0100
+++ /var/tmp/diff_new_pack.vr8BA5/_new 2020-03-01 21:26:33.004378049 +0100
@@ -102,6 +102,7 @@
Patch36: openssh-8.1p1-seccomp-clock_nanosleep.patch
Patch37: openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
Patch38: openssh-8.1p1-seccomp-clock_gettime64.patch
+Patch39: openssh-8.1p1-use-openssl-kdf.patch
BuildRequires: audit-devel
BuildRequires: autoconf
BuildRequires: groff
@@ -117,7 +118,6 @@
Requires(pre): pwdutils
Recommends: %{name}-helpers = %{version}-%{release}
Recommends: audit
-Recommends: xauth
Conflicts: %{name}-fips < %{version}-%{release}
Conflicts: %{name}-fips > %{version}-%{release}
Conflicts: nonfreessh
++++++ openssh-8.1p1-use-openssl-kdf.patch ++++++
diff --git a/kex.c b/kex.c
index 96e44a5..7cd37d6 100644
--- a/kex.c
+++ b/kex.c
@@ -38,6 +38,7 @@
#ifdef WITH_OPENSSL
#include <openssl/crypto.h>
#include <openssl/dh.h>
+#include <openssl/kdf.h>
#endif
#include "ssh.h"
@@ -1109,8 +1110,92 @@ kex_choose_conf(struct ssh *ssh)
return r;
}
+#ifdef WITH_OPENSSL
+
+static const EVP_MD *
+get_openssl_md_for_hash_alg (int hash_alg)
+{
+ if (hash_alg < 0 || hash_alg >= SSH_DIGEST_MAX)
+ return NULL;
+
+ switch (hash_alg)
+ {
+ case SSH_DIGEST_MD5:
+ return EVP_md5();
+ case SSH_DIGEST_SHA1:
+ return EVP_sha1();
+ case SSH_DIGEST_SHA256:
+ return EVP_sha256();
+ case SSH_DIGEST_SHA384:
+ return EVP_sha384();
+ case SSH_DIGEST_SHA512:
+ return EVP_sha512();
+ default:
+ break;
+ }
+
+ return NULL;
+}
+
static int
-derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
+derive_key_via_openssl(struct ssh *ssh, int id, u_int need, u_char *hash,
u_int hashlen,
+ const struct sshbuf *shared_secret, u_char **keyp)
+{
+ struct kex *kex = ssh->kex;
+ EVP_KDF_CTX *hashctx = NULL;
+ const EVP_MD *md = NULL;
+ u_char *digest = NULL;
+ int r = SSH_ERR_LIBCRYPTO_ERROR;
+
+ hashctx = EVP_KDF_CTX_new_id (EVP_KDF_SSHKDF);
+ if (!hashctx)
+ goto out;
+
+ md = get_openssl_md_for_hash_alg (kex->hash_alg);
+ if (!md)
+ goto out;
+
+ if (EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_MD,
+ md) != 1
+ || EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_KEY,
+ sshbuf_ptr(shared_secret),
sshbuf_len(shared_secret)) != 1
+ || EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE,
+ (int) id) != 1
+ || EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
+ hash, (size_t) hashlen) != 1
+ || EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
+ kex->session_id, (size_t) kex->session_id_len) !=
1)
+ goto out;
+
+ digest = calloc (1, need);
+ if (!digest) {
+ r = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+
+ if (EVP_KDF_derive (hashctx, digest, need) != 1)
+ goto out;
+
+ *keyp = digest;
+ digest = NULL;
+ r = 0;
+
+ out:
+ if (hashctx)
+ EVP_KDF_CTX_free(hashctx);
+
+ if (digest)
+ free(digest);
+
+ return r;
+}
+
+#else
+# error This version of openssh must be built with openssl to benefit from
FIPS certification.
+#endif
+
+static int
+derive_key_via_internal(struct ssh *ssh, int id, u_int need, u_char *hash,
u_int hashlen,
const struct sshbuf *shared_secret, u_char **keyp)
{
struct kex *kex = ssh->kex;
@@ -1174,6 +1259,50 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char
*hash, u_int hashlen,
return r;
}
+/* Belt and suspenders; we want the output from openssl because it's FIPS
certified. However,
+ * if there's a bug in the implementation, we should not proceed. Minimize
risk by requiring
+ * the implementations agree. */
+static int
+derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
+ const struct sshbuf *shared_secret, u_char **keyp)
+{
+#ifdef WITH_OPENSSL
+
+ u_char *buf_openssl = NULL, *buf_internal = NULL;
+ int r;
+
+ r = derive_key_via_openssl (ssh, id, need, hash, hashlen, shared_secret,
&buf_openssl);
+ if (r != 0)
+ goto out;
+
+ r = derive_key_via_internal (ssh, id, need, hash, hashlen, shared_secret,
&buf_internal);
+ if (r != 0)
+ goto out;
+
+ if (memcmp (buf_openssl, buf_internal, need))
+ {
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+
+ *keyp = buf_openssl;
+ buf_openssl = NULL;
+
+ out:
+ if (buf_openssl)
+ free (buf_openssl);
+ if (buf_internal)
+ free (buf_internal);
+
+ return r;
+
+#else
+
+ return derive_key_via_internal (ssh, id, need, hash, hashlen,
shared_secret, keyp);
+
+#endif
+}
+
#define NKEYS 6
int
kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen,
++++++ sshd-gen-keys-start ++++++
--- /var/tmp/diff_new_pack.vr8BA5/_old 2020-03-01 21:26:33.248378544 +0100
+++ /var/tmp/diff_new_pack.vr8BA5/_new 2020-03-01 21:26:33.248378544 +0100
@@ -2,7 +2,7 @@
. /etc/sysconfig/ssh
-if [ "$SSHD_AUTO_KEYGEN" = "yes" ]; then
+if [ "x$SSHD_AUTO_KEYGEN" != "xno" ]; then
echo "Checking for missing server keys in /etc/ssh"
ssh-keygen -A
fi
