[gsi-openssh/epel7] Based on openssh-6.4p1-8.el7
Mattias Ellert
ellert at fedoraproject.org
Wed Jul 16 21:14:03 UTC 2014
commit 50cfa4c1435bcf06bc045ceebdeef95866453dd7
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Wed Jul 16 23:13:46 2014 +0200
Based on openssh-6.4p1-8.el7
gsi-openssh.spec | 27 +++-
gsisshd-keygen | 7 +-
gsisshd.sysconfig | 8 +-
openssh-6.2p2-dont-test-ecdsa-521-keys.patch | 47 ------
openssh-6.3p1-fips.patch | 32 +++--
openssh-6.3p1-keycat.patch | 2 +-
openssh-6.3p1-ldap.patch | 60 ++++++--
openssh-6.3p1-redhat.patch | 12 ++
openssh-6.4p1-3des-dh-size.patch | 144 ++++++++++++++++++
openssh-6.4p1-FIPS-mode-SP800-131A.patch | 206 ++++++++++++++++++++++++++
openssh-6.4p1-audit.patch | 11 ++-
openssh-6.4p1-fromto-remote.patch | 16 ++
openssh-6.4p1-ignore-bad-env-var.patch | 37 +++++
openssh-6.4p1-legacy-ssh-copy-id.patch | 57 +++++++
openssh-6.4p1-ssh-keygen-V.patch | 23 +++
15 files changed, 600 insertions(+), 89 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index c323c99..ae9c4af 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -29,7 +29,7 @@
%global ldap 1
%global openssh_ver 6.4p1
-%global openssh_rel 1
+%global openssh_rel 2
Summary: An implementation of the SSH protocol with GSI authentication
Name: gsi-openssh
@@ -129,8 +129,19 @@ Patch901: openssh-6.3p1-kuserok.patch
Patch902: openssh-6.3p1-krb5-use-default_ccache_name.patch
# increase the size of the Diffie-Hellman groups (#1010607)
Patch903: openssh-6.3p1-increase-size-of-DF-groups.patch
-# don't test ecdsa-521 keys (#969342)
-Patch1000: openssh-6.2p2-dont-test-ecdsa-521-keys.patch
+# FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A (#1001748)
+Patch904: openssh-6.4p1-FIPS-mode-SP800-131A.patch
+# Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set (#969375
+Patch905: openssh-6.4p1-legacy-ssh-copy-id.patch
+# Use tty allocation for a remote scp (#985650)
+Patch906: openssh-6.4p1-fromto-remote.patch
+# ssh-keygen - relative-specified certificate expiry time should be relative to current time and
+# not the validity start time (#1058234)
+Patch907: openssh-6.4p1-ssh-keygen-V.patch
+# use the size of security of 3des for DH (#1053107)
+Patch908: openssh-6.4p1-3des-dh-size.patch
+# ignore environment variables with embedded '=' or '\0' characters (#1077843)
+Patch909: openssh-6.4p1-ignore-bad-env-var.patch
# This is the patch that adds GSI support
# Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-6.4p1.patch
@@ -279,7 +290,12 @@ This version of OpenSSH has been modified to support GSI authentication.
%patch901 -p1 -b .kuserok
%patch902 -p1 -b .ccache_name
%patch903 -p1 -b .dh
-%patch1000 -p1 -b .ecc
+%patch904 -p1 -b .SP800-131A
+%patch905 -p1 -b .legacy-ssh-copy-id
+%patch906 -p1 -b .fromto-remote
+%patch907 -p1 -b .ssh-keygen-V
+%patch908 -p1 -b .3des-dh-size
+%patch909 -p1 -b .bad-env-var
%patch98 -p1 -b .gsi
@@ -493,6 +509,9 @@ getent passwd sshd >/dev/null || \
%attr(0644,root,root) %{_unitdir}/gsisshd-keygen.service
%changelog
+* Wed Jul 16 2014 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.4p1-2
+- Based on openssh-6.4p1-8.el7
+
* Tue Jan 28 2014 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.4p1-1
- Based on openssh-6.4p1-1.el7
diff --git a/gsisshd-keygen b/gsisshd-keygen
index 28e57ba..d8e19f3 100644
--- a/gsisshd-keygen
+++ b/gsisshd-keygen
@@ -4,7 +4,7 @@
#
# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
# variable.
-AUTOCREATE_SERVER_KEYS=RSAONLY
+AUTOCREATE_SERVER_KEYS=NODSA
# source function library
. /etc/rc.d/init.d/functions
@@ -115,8 +115,9 @@ do_ecdsa_keygen() {
if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
do_rsa_keygen
if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
- do_rsa1_keygen
- do_dsa_keygen
do_ecdsa_keygen
+ if [ "x${AUTOCREATE_SERVER_KEYS}" != xNODSA ]; then
+ do_dsa_keygen
+ fi
fi
fi
diff --git a/gsisshd.sysconfig b/gsisshd.sysconfig
index 9a30a83..ddd7744 100644
--- a/gsisshd.sysconfig
+++ b/gsisshd.sysconfig
@@ -1,9 +1,11 @@
# Configuration file for the sshd service.
-# The server keys are automatically generated if they ommited
-# to change the automatic creation uncomment the approprite
-# line. The default is RSAONLY
+# The server keys are automatically generated if they omitted
+# to change the automatic creation uncomment the appropriate
+# line. The default is NODSA which means rsa and ecdsa keys are
+# generated.
+# AUTOCREATE_SERVER_KEYS=NODSA
# AUTOCREATE_SERVER_KEYS=RSAONLY
# AUTOCREATE_SERVER_KEYS=NO
# AUTOCREATE_SERVER_KEYS=YES
diff --git a/openssh-6.3p1-fips.patch b/openssh-6.3p1-fips.patch
index acf4e82..6a5a332 100644
--- a/openssh-6.3p1-fips.patch
+++ b/openssh-6.3p1-fips.patch
@@ -527,9 +527,9 @@ diff -up openssh-6.3p1/sshconnect2.c.fips openssh-6.3p1/sshconnect2.c
if (options.hostkeyalgorithms != NULL)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
options.hostkeyalgorithms;
-diff -up openssh-6.3p1/sshd.c.fips openssh-6.3p1/sshd.c
---- openssh-6.3p1/sshd.c.fips 2013-10-11 22:24:32.842031223 +0200
-+++ openssh-6.3p1/sshd.c 2013-10-11 22:24:32.873031077 +0200
+diff -up openssh-6.4p1/sshd.c.fips openssh-6.4p1/sshd.c
+--- openssh-6.4p1/sshd.c.fips 2014-01-27 16:20:12.751358484 +0100
++++ openssh-6.4p1/sshd.c 2014-01-27 16:21:12.961052163 +0100
@@ -76,6 +76,8 @@
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -539,22 +539,26 @@ diff -up openssh-6.3p1/sshd.c.fips openssh-6.3p1/sshd.c
#include "openbsd-compat/openssl-compat.h"
#ifdef HAVE_SECUREWARE
-@@ -1450,6 +1452,14 @@ main(int ac, char **av)
+@@ -1450,6 +1452,18 @@ main(int ac, char **av)
#endif
__progname = ssh_get_progname(av[0]);
+ SSLeay_add_all_algorithms();
+ if (access("/etc/system-fips", F_OK) == 0)
-+ if (! FIPSCHECK_verify(NULL, NULL))
-+ if (FIPS_mode())
-+ fatal("FIPS integrity verification test failed.");
++ if (! FIPSCHECK_verify(NULL, NULL)) {
++ openlog(__progname, LOG_PID, LOG_AUTHPRIV);
++ if (FIPS_mode()) {
++ syslog(LOG_CRIT, "FIPS integrity verification test failed.");
++ cleanup_exit(255);
++ }
+ else
-+ logit("FIPS integrity verification test failed.");
-+
++ syslog(LOG_INFO, "FIPS integrity verification test failed.");
++ closelog();
++ }
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac;
rexec_argc = ac;
-@@ -1601,8 +1611,6 @@ main(int ac, char **av)
+@@ -1601,8 +1615,6 @@ main(int ac, char **av)
else
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
@@ -563,7 +567,7 @@ diff -up openssh-6.3p1/sshd.c.fips openssh-6.3p1/sshd.c
/* If requested, redirect the logs to the specified logfile. */
if (logfile != NULL) {
log_redirect_stderr_to(logfile);
-@@ -1773,6 +1781,10 @@ main(int ac, char **av)
+@@ -1773,6 +1785,10 @@ main(int ac, char **av)
debug("private host key: #%d type %d %s", i, keytype,
key_type(key ? key : pubkey));
}
@@ -574,7 +578,7 @@ diff -up openssh-6.3p1/sshd.c.fips openssh-6.3p1/sshd.c
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
-@@ -1936,6 +1948,10 @@ main(int ac, char **av)
+@@ -1936,6 +1952,10 @@ main(int ac, char **av)
/* Initialize the random number generator. */
arc4random_stir();
@@ -585,7 +589,7 @@ diff -up openssh-6.3p1/sshd.c.fips openssh-6.3p1/sshd.c
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
if (chdir("/") == -1)
-@@ -2498,6 +2514,9 @@ do_ssh2_kex(void)
+@@ -2498,6 +2518,9 @@ do_ssh2_kex(void)
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
@@ -595,7 +599,7 @@ diff -up openssh-6.3p1/sshd.c.fips openssh-6.3p1/sshd.c
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
-@@ -2507,6 +2526,9 @@ do_ssh2_kex(void)
+@@ -2507,6 +2530,9 @@ do_ssh2_kex(void)
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
diff --git a/openssh-6.3p1-keycat.patch b/openssh-6.3p1-keycat.patch
index 90cfb7e..6105d09 100644
--- a/openssh-6.3p1-keycat.patch
+++ b/openssh-6.3p1-keycat.patch
@@ -8,7 +8,7 @@ diff -up openssh-6.3p1/HOWTO.ssh-keycat.keycat openssh-6.3p1/HOWTO.ssh-keycat
+
+To use ssh-keycat, set these options in /etc/ssh/sshd_config file:
+ AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
-+ AuthorizedKeysCommandRunAs root
++ AuthorizedKeysCommandUser root
+
+Do not forget to enable public key authentication:
+ PubkeyAuthentication yes
diff --git a/openssh-6.3p1-ldap.patch b/openssh-6.3p1-ldap.patch
index 994ef59..052973c 100644
--- a/openssh-6.3p1-ldap.patch
+++ b/openssh-6.3p1-ldap.patch
@@ -759,10 +759,9 @@ diff -up openssh-6.2p1/ldapbody.h.ldap openssh-6.2p1/ldapbody.h
+
+#endif /* LDAPBODY_H */
+
-diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
---- openssh-6.2p2/ldapconf.c.ldap 2013-06-07 15:10:05.601942693 +0200
-+++ openssh-6.2p2/ldapconf.c 2013-06-07 15:10:24.928857566 +0200
-@@ -0,0 +1,691 @@
+--- openssh-6.4p1/ldapconf.c.ldap 2013-11-26 10:31:03.513794385 +0100
++++ openssh-6.4p1/ldapconf.c 2013-11-26 10:38:15.474635149 +0100
+@@ -0,0 +1,720 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
@@ -886,6 +885,35 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ return lBadOption;
+}
+
++/* Characters considered whitespace in strsep calls. */
++#define WHITESPACE " \t\r\n"
++
++/* return next token in configuration line */
++static char *
++ldap_strdelim(char **s)
++{
++ char *old;
++ int wspace = 0;
++
++ if (*s == NULL)
++ return NULL;
++
++ old = *s;
++
++ *s = strpbrk(*s, WHITESPACE);
++ if (*s == NULL)
++ return (old);
++
++ *s[0] = '\0';
++
++ /* Skip any extra whitespace after first token */
++ *s += strspn(*s + 1, WHITESPACE) + 1;
++ if (*s[0] == '=' && !wspace)
++ *s += strspn(*s + 1, WHITESPACE) + 1;
++
++ return (old);
++}
++
+/*
+ * Processes a single option line as used in the configuration files. This
+ * only sets those values that have not already been set.
@@ -909,11 +937,11 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+
+ s = line;
+ /* Get the keyword. (Each line is supposed to begin with a keyword). */
-+ if ((keyword = strdelim(&s)) == NULL)
++ if ((keyword = ldap_strdelim(&s)) == NULL)
+ return 0;
+ /* Ignore leading whitespace. */
+ if (*keyword == '\0')
-+ keyword = strdelim(&s);
++ keyword = ldap_strdelim(&s);
+ if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
+ return 0;
+
@@ -949,7 +977,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ case lBindPW:
+ charptr = &options.bindpw;
+parse_string:
-+ arg = strdelim(&s);
++ arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
+ if (*charptr == NULL)
@@ -962,7 +990,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+
+ case lScope:
+ intptr = &options.scope;
-+ arg = strdelim(&s);
++ arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing sub/one/base argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */
@@ -980,7 +1008,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+
+ case lDeref:
+ intptr = &options.scope;
-+ arg = strdelim(&s);
++ arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing never/searching/finding/always argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */
@@ -1001,7 +1029,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ case lPort:
+ intptr = &options.port;
+parse_int:
-+ arg = strdelim(&s);
++ arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
+ if (arg[0] < '0' || arg[0] > '9')
@@ -1018,7 +1046,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ case lTimeLimit:
+ intptr = &options.timelimit;
+parse_time:
-+ arg = strdelim(&s);
++ arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing time value.",
+ filename, linenum);
@@ -1039,7 +1067,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+
+ case lBind_Policy:
+ intptr = &options.bind_policy;
-+ arg = strdelim(&s);
++ arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing soft/hard argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */
@@ -1058,7 +1086,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+
+ case lSSL:
+ intptr = &options.ssl;
-+ arg = strdelim(&s);
++ arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing yes/no/start_tls argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */
@@ -1077,7 +1105,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ case lReferrals:
+ intptr = &options.referrals;
+parse_flag:
-+ arg = strdelim(&s);
++ arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */
@@ -1097,7 +1125,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+
+ case lTLS_CheckPeer:
+ intptr = &options.tls_checkpeer;
-+ arg = strdelim(&s);
++ arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing never/hard/demand/alow/try argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */
@@ -1171,7 +1199,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ }
+
+ /* Check that there is no garbage at end of line. */
-+ if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
++ if ((arg = ldap_strdelim(&s)) != NULL && *arg != '\0') {
+ fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
+ filename, linenum, arg);
+ }
diff --git a/openssh-6.3p1-redhat.patch b/openssh-6.3p1-redhat.patch
index 5b1ec1d..d85244d 100644
--- a/openssh-6.3p1-redhat.patch
+++ b/openssh-6.3p1-redhat.patch
@@ -58,6 +58,18 @@ diff -up openssh-6.3p1/sshd_config.redhat openssh-6.3p1/sshd_config
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
+@@ -21,9 +25,9 @@
+ # HostKey for protocol version 1
+ #HostKey /etc/ssh/ssh_host_key
+ # HostKeys for protocol version 2
+-#HostKey /etc/ssh/ssh_host_rsa_key
++HostKey /etc/ssh/ssh_host_rsa_key
+ #HostKey /etc/ssh/ssh_host_dsa_key
+-#HostKey /etc/ssh/ssh_host_ecdsa_key
++HostKey /etc/ssh/ssh_host_ecdsa_key
+
+ # Lifetime and size of ephemeral version 1 server key
+ #KeyRegenerationInterval 1h
@@ -35,6 +39,7 @@
# Logging
# obsoletes QuietMode and FascistLogging
diff --git a/openssh-6.4p1-3des-dh-size.patch b/openssh-6.4p1-3des-dh-size.patch
new file mode 100644
index 0000000..a2bedec
--- /dev/null
+++ b/openssh-6.4p1-3des-dh-size.patch
@@ -0,0 +1,144 @@
+diff -U0 openssh-6.4p1/ChangeLog.3des-dh-size openssh-6.4p1/ChangeLog
+--- openssh-6.4p1/ChangeLog.3des-dh-size 2014-01-28 14:15:25.178358616 +0100
++++ openssh-6.4p1/ChangeLog 2014-01-28 14:18:24.678444650 +0100
+@@ -0,0 +1,15 @@
++20140126
++ - OpenBSD CVS Sync
++ - dtucker at cvs.openbsd.org 2014/01/25 10:12:50
++ [cipher.c cipher.h kex.c kex.h kexgexc.c]
++ Add a special case for the DH group size for 3des-cbc, which has an
++ effective strength much lower than the key size. This causes problems
++ with some cryptlib implementations, which don't support group sizes larger
++ than 4k but also don't use the largest group size it does support as
++ specified in the RFC. Based on a patch from Petr Lautrbach at Redhat,
++ reduced by me with input from Markus. ok djm@ markus@
++ - markus at cvs.openbsd.org 2014/01/25 20:35:37
++ [kex.c]
++ dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
++ ok dtucker@, noted by mancha
++
+diff -up openssh-6.4p1/cipher.c.3des-dh-size openssh-6.4p1/cipher.c
+--- openssh-6.4p1/cipher.c.3des-dh-size 2014-01-28 14:15:25.101359008 +0100
++++ openssh-6.4p1/cipher.c 2014-01-28 14:17:48.119630792 +0100
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: cipher.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */
++/* $OpenBSD: cipher.c,v 1.94 2014/01/25 10:12:50 dtucker Exp $ */
+ /*
+ * Author: Tatu Ylonen <ylo at cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
+@@ -144,6 +144,14 @@ cipher_keylen(const Cipher *c)
+ }
+
+ u_int
++cipher_seclen(const Cipher *c)
++{
++ if (strcmp("3des-cbc", c->name) == 0)
++ return 14;
++ return cipher_keylen(c);
++}
++
++u_int
+ cipher_authlen(const Cipher *c)
+ {
+ return (c->auth_len);
+diff -up openssh-6.4p1/cipher.h.3des-dh-size openssh-6.4p1/cipher.h
+--- openssh-6.4p1/cipher.h.3des-dh-size 2014-01-28 14:15:25.178358616 +0100
++++ openssh-6.4p1/cipher.h 2014-01-28 14:17:17.858784879 +0100
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: cipher.h,v 1.40 2013/04/19 01:06:50 djm Exp $ */
++/* $OpenBSD: cipher.h,v 1.44 2014/01/25 10:12:50 dtucker Exp $ */
+
+ /*
+ * Author: Tatu Ylonen <ylo at cs.hut.fi>
+@@ -95,6 +95,7 @@ void cipher_cleanup(CipherContext *);
+ int cipher_set_key_string(CipherContext *, const Cipher *, const char *, int);
+ u_int cipher_blocksize(const Cipher *);
+ u_int cipher_keylen(const Cipher *);
++u_int cipher_seclen(const Cipher *);
+ u_int cipher_authlen(const Cipher *);
+ u_int cipher_ivlen(const Cipher *);
+ u_int cipher_is_cbc(const Cipher *);
+diff -up openssh-6.4p1/kex.c.3des-dh-size openssh-6.4p1/kex.c
+--- openssh-6.4p1/kex.c.3des-dh-size 2014-01-28 14:15:25.165358682 +0100
++++ openssh-6.4p1/kex.c 2014-01-28 14:19:22.038152586 +0100
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: kex.c,v 1.91 2013/05/17 00:13:13 djm Exp $ */
++/* $OpenBSD: kex.c,v 1.97 2014/01/25 20:35:37 markus Exp $ */
+ /*
+ * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
+ *
+@@ -494,7 +494,7 @@ kex_choose_conf(Kex *kex)
+ char **my, **peer;
+ char **cprop, **sprop;
+ int nenc, nmac, ncomp;
+- u_int mode, ctos, need, authlen;
++ u_int mode, ctos, need, dh_need, authlen;
+ int first_kex_follows, type;
+
+ my = kex_buf2prop(&kex->my, NULL);
+@@ -545,20 +545,21 @@ kex_choose_conf(Kex *kex)
+ choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
+ choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
+ sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);
+- need = 0;
++ need = dh_need = 0;
+ for (mode = 0; mode < MODE_MAX; mode++) {
+ newkeys = kex->newkeys[mode];
+- if (need < newkeys->enc.key_len)
+- need = newkeys->enc.key_len;
+- if (need < newkeys->enc.block_size)
+- need = newkeys->enc.block_size;
+- if (need < newkeys->enc.iv_len)
+- need = newkeys->enc.iv_len;
+- if (need < newkeys->mac.key_len)
+- need = newkeys->mac.key_len;
++ need = MAX(need, newkeys->enc.key_len);
++ need = MAX(need, newkeys->enc.block_size);
++ need = MAX(need, newkeys->enc.iv_len);
++ need = MAX(need, newkeys->mac.key_len);
++ dh_need = MAX(dh_need, cipher_seclen(newkeys->enc.cipher));
++ dh_need = MAX(dh_need, newkeys->enc.block_size);
++ dh_need = MAX(dh_need, newkeys->enc.iv_len);
++ dh_need = MAX(dh_need, newkeys->mac.key_len);
+ }
+ /* XXX need runden? */
+ kex->we_need = need;
++ kex->dh_need = dh_need;
+
+ /* ignore the next message if the proposals do not match */
+ if (first_kex_follows && !proposals_match(my, peer) &&
+diff -up openssh-6.4p1/kexgexc.c.3des-dh-size openssh-6.4p1/kexgexc.c
+--- openssh-6.4p1/kexgexc.c.3des-dh-size 2014-01-28 14:15:25.165358682 +0100
++++ openssh-6.4p1/kexgexc.c 2014-01-28 14:19:09.718215323 +0100
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: kexgexc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
++/* $OpenBSD: kexgexc.c,v 1.16 2014/01/25 10:12:50 dtucker Exp $ */
+ /*
+ * Copyright (c) 2000 Niels Provos. All rights reserved.
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+@@ -60,7 +60,7 @@ kexgex_client(Kex *kex)
+ int min, max, nbits;
+ DH *dh;
+
+- nbits = dh_estimate(kex->we_need * 8);
++ nbits = dh_estimate(kex->dh_need * 8);
+
+ if (datafellows & SSH_OLD_DHGEX) {
+ /* Old GEX request */
+diff -up openssh-6.4p1/kex.h.3des-dh-size openssh-6.4p1/kex.h
+--- openssh-6.4p1/kex.h.3des-dh-size 2014-01-28 14:15:25.142358799 +0100
++++ openssh-6.4p1/kex.h 2014-01-28 14:18:49.431318614 +0100
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: kex.h,v 1.56 2013/07/19 07:37:48 markus Exp $ */
++/* $OpenBSD: kex.h,v 1.61 2014/01/25 10:12:50 dtucker Exp $ */
+
+ /*
+ * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
+@@ -125,6 +125,7 @@ struct Kex {
+ u_int session_id_len;
+ Newkeys *newkeys[MODE_MAX];
+ u_int we_need;
++ u_int dh_need;
+ int server;
+ char *name;
+ int hostkey_type;
diff --git a/openssh-6.4p1-FIPS-mode-SP800-131A.patch b/openssh-6.4p1-FIPS-mode-SP800-131A.patch
new file mode 100644
index 0000000..cf632d8
--- /dev/null
+++ b/openssh-6.4p1-FIPS-mode-SP800-131A.patch
@@ -0,0 +1,206 @@
+diff --git a/dh.h b/dh.h
+index 48f7b68..9ff39f4 100644
+--- a/dh.h
++++ b/dh.h
+@@ -45,6 +45,7 @@ int dh_estimate(int);
+
+ /* Min and max values from RFC4419. */
+ #define DH_GRP_MIN 1024
++#define DH_GRP_MIN_FIPS 2048
+ #define DH_GRP_MAX 8192
+
+ /*
+diff --git a/kex.c b/kex.c
+index a468805..3a0eb16 100644
+--- a/kex.c
++++ b/kex.c
+@@ -34,6 +34,7 @@
+ #include <string.h>
+
+ #include <openssl/crypto.h>
++#include <openssl/fips.h>
+
+ #include "xmalloc.h"
+ #include "ssh2.h"
+@@ -93,6 +94,20 @@ static const struct kexalg kexalgs[] = {
+ { NULL, -1, -1, NULL},
+ };
+
++static const struct kexalg kexalgs_fips[] = {
++ { KEX_DH14, KEX_DH_GRP14_SHA1, 0, EVP_sha1 },
++ { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, EVP_sha1 },
++#ifdef HAVE_EVP_SHA256
++ { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, EVP_sha256 },
++#endif
++#ifdef OPENSSL_HAS_ECC
++ { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, EVP_sha256 },
++ { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 },
++ { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 },
++#endif
++ { NULL, -1, -1, NULL},
++};
++
+ char *
+ kex_alg_list(void)
+ {
+@@ -116,7 +131,7 @@ kex_alg_by_name(const char *name)
+ {
+ const struct kexalg *k;
+
+- for (k = kexalgs; k->name != NULL; k++) {
++ for (k = (FIPS_mode() ? kexalgs_fips : kexalgs); k->name != NULL; k++) {
+ if (strcmp(k->name, name) == 0)
+ return k;
+ #ifdef GSSAPI
+@@ -141,7 +156,10 @@ kex_names_valid(const char *names)
+ for ((p = strsep(&cp, ",")); p && *p != '\0';
+ (p = strsep(&cp, ","))) {
+ if (kex_alg_by_name(p) == NULL) {
+- error("Unsupported KEX algorithm \"%.100s\"", p);
++ if (FIPS_mode())
++ error("\"%.100s\" is not allowed in FIPS mode", p);
++ else
++ error("Unsupported KEX algorithm \"%.100s\"", p);
+ free(s);
+ return 0;
+ }
+diff --git a/kexecdhc.c b/kexecdhc.c
+index 6193836..d435f1f 100644
+--- a/kexecdhc.c
++++ b/kexecdhc.c
+@@ -154,6 +154,7 @@ kexecdh_client(Kex *kex)
+
+ kex_derive_keys(kex, hash, hashlen, shared_secret);
+ BN_clear_free(shared_secret);
++ memset(hash, 0, hashlen);
+ kex_finish(kex);
+ }
+ #else /* OPENSSL_HAS_ECC */
+diff --git a/kexecdhs.c b/kexecdhs.c
+index 3a580aa..9a06905 100644
+--- a/kexecdhs.c
++++ b/kexecdhs.c
+@@ -155,6 +155,7 @@ kexecdh_server(Kex *kex)
+
+ kex_derive_keys(kex, hash, hashlen, shared_secret);
+ BN_clear_free(shared_secret);
++ memset(hash, 0, hashlen);
+ kex_finish(kex);
+ }
+ #else /* OPENSSL_HAS_ECC */
+diff --git a/kexgexc.c b/kexgexc.c
+index 5a3be20..a931b6e 100644
+--- a/kexgexc.c
++++ b/kexgexc.c
+@@ -26,6 +26,8 @@
+
+ #include "includes.h"
+
++#include <openssl/fips.h>
++
+ #include <sys/types.h>
+
+ #include <openssl/dh.h>
+@@ -64,13 +66,13 @@ kexgex_client(Kex *kex)
+ /* Old GEX request */
+ packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
+ packet_put_int(nbits);
+- min = DH_GRP_MIN;
++ min = FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN;
+ max = DH_GRP_MAX;
+
+ debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD(%u) sent", nbits);
+ } else {
+ /* New GEX request */
+- min = DH_GRP_MIN;
++ min = FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN;
+ max = DH_GRP_MAX;
+ packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
+ packet_put_int(min);
+diff --git a/kexgexs.c b/kexgexs.c
+index 4e473fc..2ed49bd 100644
+--- a/kexgexs.c
++++ b/kexgexs.c
+@@ -76,16 +76,16 @@ kexgex_server(Kex *kex)
+ omin = min = packet_get_int();
+ onbits = nbits = packet_get_int();
+ omax = max = packet_get_int();
+- min = MAX(DH_GRP_MIN, min);
++ min = MAX(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, min);
+ max = MIN(DH_GRP_MAX, max);
+- nbits = MAX(DH_GRP_MIN, nbits);
++ nbits = MAX(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, nbits);
+ nbits = MIN(DH_GRP_MAX, nbits);
+ break;
+ case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
+ debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
+ onbits = nbits = packet_get_int();
+ /* unused for old GEX */
+- omin = min = DH_GRP_MIN;
++ omin = min = FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN;
+ omax = max = DH_GRP_MAX;
+ break;
+ default:
+diff --git a/myproposal.h b/myproposal.h
+index ee69ea2..1b68c5b 100644
+--- a/myproposal.h
++++ b/myproposal.h
+@@ -72,6 +72,12 @@
+ "diffie-hellman-group14-sha1," \
+ "diffie-hellman-group1-sha1"
+
++#define KEX_DEFAULT_KEX_FIPS \
++ KEX_ECDH_METHODS \
++ KEX_SHA256_METHODS \
++ "diffie-hellman-group-exchange-sha1," \
++ "diffie-hellman-group14-sha1"
++
+ #define KEX_DEFAULT_PK_ALG \
+ HOSTKEY_ECDSA_CERT_METHODS \
+ "ssh-rsa-cert-v01 at openssh.com," \
+diff --git a/ssh-keygen.c b/ssh-keygen.c
+index cac6762..2569016 100644
+--- a/ssh-keygen.c
++++ b/ssh-keygen.c
+@@ -183,8 +183,14 @@ type_bits_valid(int type, u_int32_t *bitsp)
+ fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
+ exit(1);
+ }
+- if (type == KEY_DSA && *bitsp != 1024)
++ if (type == KEY_DSA && FIPS_mode())
++ fatal("DSA keys are not allowed in FIPS mode");
++ else if (type == KEY_DSA && *bitsp != 1024)
+ fatal("DSA keys must be 1024 bits");
++ else if (type == KEY_RSA && bits < DEFAULT_BITS && FIPS_mode()) {
++ fprintf(stderr, "RSA keys must be at least %d bits in FIPS mode\n", DEFAULT_BITS);
++ exit(1);
++ }
+ else if (type != KEY_ECDSA && *bitsp < 768)
+ fatal("Key must at least be 768 bits");
+ else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1)
+diff --git a/sshconnect2.c b/sshconnect2.c
+index 7e48880..3179d82 100644
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -231,6 +231,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+ }
+ if (options.kex_algorithms != NULL)
+ myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
++ else if (FIPS_mode())
++ myproposal[PROPOSAL_KEX_ALGS] = KEX_DEFAULT_KEX_FIPS;
+
+ #ifdef GSSAPI
+ /* If we've got GSSAPI algorithms, then we also support the
+diff --git a/sshd.c b/sshd.c
+index 11adbf6..f5e98bc 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -2605,6 +2605,8 @@ do_ssh2_kex(void)
+ }
+ if (options.kex_algorithms != NULL)
+ myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
++ else if (FIPS_mode())
++ myproposal[PROPOSAL_KEX_ALGS] = KEX_DEFAULT_KEX_FIPS;
+
+ if (options.rekey_limit || options.rekey_interval)
+ packet_set_rekey_limits((u_int32_t)options.rekey_limit,
diff --git a/openssh-6.4p1-audit.patch b/openssh-6.4p1-audit.patch
index 0c4ce54..77a6fa4 100644
--- a/openssh-6.4p1-audit.patch
+++ b/openssh-6.4p1-audit.patch
@@ -2148,6 +2148,15 @@ diff -up openssh-6.3p1/sshd.c.audit openssh-6.3p1/sshd.c
}
/* Certs do not need demotion */
}
+@@ -652,7 +703,7 @@ privsep_preauth(Authctxt *authctxt)
+
+ if (use_privsep == PRIVSEP_ON)
+ box = ssh_sandbox_init();
+- pid = fork();
++ pmonitor->m_pid = pid = fork();
+ if (pid == -1) {
+ fatal("fork of unprivileged child failed");
+ } else if (pid != 0) {
@@ -708,6 +759,8 @@ privsep_preauth(Authctxt *authctxt)
}
}
@@ -2244,7 +2253,7 @@ diff -up openssh-6.3p1/sshd.c.audit openssh-6.3p1/sshd.c
pmonitor->m_pid, strerror(errno));
}
}
-+ is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor();
++ is_privsep_child = use_privsep && pmonitor != NULL && pmonitor->m_pid == 0;
+ if (sensitive_data.host_keys != NULL)
+ destroy_sensitive_data(is_privsep_child);
+ packet_destroy_all(1, is_privsep_child);
diff --git a/openssh-6.4p1-fromto-remote.patch b/openssh-6.4p1-fromto-remote.patch
new file mode 100644
index 0000000..4a7d849
--- /dev/null
+++ b/openssh-6.4p1-fromto-remote.patch
@@ -0,0 +1,16 @@
+diff --git a/scp.c b/scp.c
+index d98fa67..25d347b 100644
+--- a/scp.c
++++ b/scp.c
+@@ -638,7 +638,10 @@ toremote(char *targ, int argc, char **argv)
+ addargs(&alist, "%s", ssh_program);
+ addargs(&alist, "-x");
+ addargs(&alist, "-oClearAllForwardings=yes");
+- addargs(&alist, "-n");
++ if (isatty(fileno(stdin)))
++ addargs(&alist, "-t");
++ else
++ addargs(&alist, "-n");
+ for (j = 0; j < remote_remote_args.num; j++) {
+ addargs(&alist, "%s",
+ remote_remote_args.list[j]);
diff --git a/openssh-6.4p1-ignore-bad-env-var.patch b/openssh-6.4p1-ignore-bad-env-var.patch
new file mode 100644
index 0000000..3bb49c2
--- /dev/null
+++ b/openssh-6.4p1-ignore-bad-env-var.patch
@@ -0,0 +1,37 @@
+diff -U0 openssh-6.4p1/ChangeLog.bad-env-var openssh-6.4p1/ChangeLog
+--- openssh-6.4p1/ChangeLog.bad-env-var 2014-03-19 21:37:36.270509907 +0100
++++ openssh-6.4p1/ChangeLog 2014-03-19 21:37:36.276509878 +0100
+@@ -0,0 +1,7 @@
++20140304
++ - OpenBSD CVS Sync
++ - djm at cvs.openbsd.org 2014/03/03 22:22:30
++ [session.c]
++ ignore enviornment variables with embedded '=' or '\0' characters;
++ spotted by Jann Horn; ok deraadt@
++
+diff -up openssh-6.4p1/session.c.bad-env-var openssh-6.4p1/session.c
+--- openssh-6.4p1/session.c.bad-env-var 2014-03-19 21:37:36.233510090 +0100
++++ openssh-6.4p1/session.c 2014-03-19 21:37:36.277509873 +0100
+@@ -990,6 +990,11 @@ child_set_env(char ***envp, u_int *envsi
+ u_int envsize;
+ u_int i, namelen;
+
++ if (strchr(name, '=') != NULL) {
++ error("Invalid environment variable \"%.100s\"", name);
++ return;
++ }
++
+ /*
+ * If we're passed an uninitialized list, allocate a single null
+ * entry before continuing.
+@@ -2255,8 +2260,8 @@ session_env_req(Session *s)
+ char *name, *val;
+ u_int name_len, val_len, i;
+
+- name = packet_get_string(&name_len);
+- val = packet_get_string(&val_len);
++ name = packet_get_cstring(&name_len);
++ val = packet_get_cstring(&val_len);
+ packet_check_eom();
+
+ /* Don't set too many environment variables */
diff --git a/openssh-6.4p1-legacy-ssh-copy-id.patch b/openssh-6.4p1-legacy-ssh-copy-id.patch
new file mode 100644
index 0000000..ba8d949
--- /dev/null
+++ b/openssh-6.4p1-legacy-ssh-copy-id.patch
@@ -0,0 +1,57 @@
+diff -up openssh-6.4p1/contrib/ssh-copy-id.1.legacy-ssh-copy-id openssh-6.4p1/contrib/ssh-copy-id.1
+--- openssh-6.4p1/contrib/ssh-copy-id.1.legacy-ssh-copy-id 2013-03-22 00:17:37.000000000 +0100
++++ openssh-6.4p1/contrib/ssh-copy-id.1 2014-01-28 17:12:49.197542425 +0100
+@@ -180,6 +180,19 @@ should prove enlightening (N.B. the mode
+ .Fl W
+ option, rather than
+ .Xr nc 1 ) .
++.Sh ENVIRONMENT
++.Bl -tag -width Ds
++.Pp
++.It Pa SSH_COPY_ID_LEGACY
++If the
++.Cm SSH_COPY_ID_LEGACY
++environment variable is set, the
++.Nm
++is run in a legacy mode. In this mode, the
++.Nm
++doesn't check an existence of a private key and doesn't do remote checks
++of the remote server versions or if public keys are already installed.
++.El
+ .Sh "SEE ALSO"
+ .Xr ssh 1 ,
+ .Xr ssh-agent 1 ,
+diff -up openssh-6.4p1/contrib/ssh-copy-id.legacy-ssh-copy-id openssh-6.4p1/contrib/ssh-copy-id
+--- openssh-6.4p1/contrib/ssh-copy-id.legacy-ssh-copy-id 2013-06-05 14:48:45.000000000 +0200
++++ openssh-6.4p1/contrib/ssh-copy-id 2014-01-28 17:11:51.538833032 +0100
+@@ -77,7 +77,7 @@ use_id_file() {
+ PUB_ID_FILE="$L_ID_FILE.pub"
+ fi
+
+- PRIV_ID_FILE=$(dirname "$PUB_ID_FILE")/$(basename "$PUB_ID_FILE" .pub)
++ [ "x$SSH_COPY_ID_LEGACY" != "x" ] || PRIV_ID_FILE=$(dirname "$PUB_ID_FILE")/$(basename "$PUB_ID_FILE" .pub)
+
+ # check that the files are readable
+ for f in $PUB_ID_FILE $PRIV_ID_FILE ; do
+@@ -243,7 +243,7 @@ populate_new_ids() {
+ printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2
+ }
+
+-REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' "$@" 2>&1 |
++[ "x$SSH_COPY_ID_LEGACY" != "x" ] || REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' "$@" 2>&1 |
+ sed -ne 's/.*remote software version //p')
+
+ case "$REMOTE_VERSION" in
+@@ -268,7 +268,11 @@ case "$REMOTE_VERSION" in
+ ;;
+ *)
+ # Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
+- populate_new_ids 0
++ if [ "x$SSH_COPY_ID_LEGACY" != "x" ]; then
++ NEW_IDS=`eval "$GET_ID"`
++ else
++ populate_new_ids 0
++ fi
+ [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | ssh "$@" "
+ umask 077 ;
+ mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ;
diff --git a/openssh-6.4p1-ssh-keygen-V.patch b/openssh-6.4p1-ssh-keygen-V.patch
new file mode 100644
index 0000000..c63df4d
--- /dev/null
+++ b/openssh-6.4p1-ssh-keygen-V.patch
@@ -0,0 +1,23 @@
+diff -U0 openssh-6.4p1/ChangeLog.ssh-keygen-V openssh-6.4p1/ChangeLog
+--- openssh-6.4p1/ChangeLog.ssh-keygen-V 2014-01-28 11:07:41.374758458 +0100
++++ openssh-6.4p1/ChangeLog 2014-01-28 11:14:38.172631130 +0100
+@@ -0,0 +1,7 @@
++20131023
++ - djm at cvs.openbsd.org 2013/10/23 04:16:22
++ [ssh-keygen.c]
++ Make code match documentation: relative-specified certificate expiry time
++ should be relative to current time and not the validity start time.
++ Reported by Petr Lautrbach; ok deraadt@
++
+diff -up openssh-6.4p1/ssh-keygen.c.ssh-keygen-V openssh-6.4p1/ssh-keygen.c
+--- openssh-6.4p1/ssh-keygen.c.ssh-keygen-V 2014-01-28 11:07:41.365758505 +0100
++++ openssh-6.4p1/ssh-keygen.c 2014-01-28 11:07:41.375758453 +0100
+@@ -1747,7 +1747,7 @@ parse_cert_times(char *timespec)
+ cert_valid_from = parse_absolute_time(from);
+
+ if (*to == '-' || *to == '+')
+- cert_valid_to = parse_relative_time(to, cert_valid_from);
++ cert_valid_to = parse_relative_time(to, now);
+ else
+ cert_valid_to = parse_absolute_time(to);
+
More information about the scm-commits
mailing list