RE: [ DRAFT PATCH ] - FIPS 140-2 patch for OpenSSH 6.5p1

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

I am facing some difficulties to attach the patch as a file. Trying now to
attach with plain-text email.

In addition, here is inline patch draft which is actually based on
openssh-6.0p1.fips-revised.patch.

I have also submitted via
https://bugzilla.mindrot.org/show_bug.cgi?id=2202

Request moderators to validate this patch and update as required.

Thanks,
Manish

--- PATCH START

diff -ruN openssh-6.5p1_orig/auth2-hostbased.c
openssh-6.5p1_patched/auth2-hostbased.c
--- openssh-6.5p1_orig/auth2-hostbased.c	2013-12-31
06:55:41.000000000 +0530
+++ openssh-6.5p1_patched/auth2-hostbased.c	2014-02-06
20:18:02.000000000 +0530
@@ -207,15 +207,15 @@
 	if (host_status == HOST_OK) {
 		if (key_is_cert(key)) {
 			fp = key_fingerprint(key->cert->signature_key,
-			    SSH_FP_MD5, SSH_FP_HEX);
+			    key_fp_type_select(), SSH_FP_HEX);
 			verbose("Accepted certificate ID \"%s\" signed by
"
 			    "%s CA %s from %s@%s", key->cert->key_id,
-			    key_type(key->cert->signature_key), fp,
+			    key_fp_type_select(), fp,
 			    cuser, lookup);
 		} else {
-			fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+			fp = key_fingerprint(key, key_fp_type_select(),
SSH_FP_HEX);
 			verbose("Accepted %s public key %s from %s@%s",
-			    key_type(key), fp, cuser, lookup);
+			    key_fp_type_select(), fp, cuser, lookup);
 		}
 		free(fp);
 	}
diff -ruN openssh-6.5p1_orig/auth2-pubkey.c
openssh-6.5p1_patched/auth2-pubkey.c
--- openssh-6.5p1_orig/auth2-pubkey.c	2013-12-31 06:55:41.000000000
+0530
+++ openssh-6.5p1_patched/auth2-pubkey.c	2014-02-06
20:18:32.000000000 +0530
@@ -213,7 +213,7 @@

 	if (key_is_cert(key)) {
 		fp = key_fingerprint(key->cert->signature_key,
-		    SSH_FP_MD5, SSH_FP_HEX);
+		    key_fp_type_select(), SSH_FP_HEX);
 		auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s",

 		    key_type(key), key->cert->key_id,
 		    (unsigned long long)key->cert->serial,
@@ -221,7 +221,7 @@
 		    extra == NULL ? "" : ", ", extra == NULL ? "" :
extra);
 		free(fp);
 	} else {
-		fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+		fp = key_fingerprint(key, key_fp_type_select(),
SSH_FP_HEX);
 		auth_info(authctxt, "%s %s%s%s", key_type(key), fp,
 		    extra == NULL ? "" : ", ", extra == NULL ? "" :
extra);
 		free(fp);
@@ -365,7 +365,7 @@
 				continue;
 			if (!key_is_cert_authority)
 				continue;
-			fp = key_fingerprint(found, SSH_FP_MD5,
+			fp = key_fingerprint(found, key_fp_type_select(),
 			    SSH_FP_HEX);
 			debug("matching CA found: file %s, line %lu, %s
%s",
 			    file, linenum, key_type(found), fp);
@@ -406,7 +406,7 @@
 			if (key_is_cert_authority)
 				continue;
 			found_key = 1;
-			fp = key_fingerprint(found, SSH_FP_MD5,
SSH_FP_HEX);
+			fp = key_fingerprint(found, key_fp_type_select(),
SSH_FP_HEX);
 			debug("matching key found: file %s, line %lu %s
%s",
 			    file, linenum, key_type(found), fp);
 			free(fp);
@@ -432,7 +432,7 @@
 		return 0;

 	ca_fp = key_fingerprint(key->cert->signature_key,
-	    SSH_FP_MD5, SSH_FP_HEX);
+	    key_fp_type_select(), SSH_FP_HEX);

 	if (key_in_file(key->cert->signature_key,
 	    options.trusted_user_ca_keys, 1) != 1) {
diff -ruN openssh-6.5p1_orig/auth.c openssh-6.5p1_patched/auth.c
--- openssh-6.5p1_orig/auth.c	2013-06-02 03:11:51.000000000 +0530
+++ openssh-6.5p1_patched/auth.c	2014-02-06 20:19:07.000000000
+0530
@@ -685,7 +685,7 @@
 	case 1:
  revoked:
 		/* Key revoked */
-		key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+		key_fp = key_fingerprint(key, key_fp_type_select(),
SSH_FP_HEX);
 		error("WARNING: authentication attempt with a revoked "
 		    "%s key %s ", key_type(key), key_fp);
 		free(key_fp);
diff -ruN openssh-6.5p1_orig/auth-rsa.c openssh-6.5p1_patched/auth-rsa.c
--- openssh-6.5p1_orig/auth-rsa.c	2013-07-18 11:42:44.000000000
+0530
+++ openssh-6.5p1_patched/auth-rsa.c	2014-02-06 20:27:36.000000000
+0530
@@ -2,7 +2,7 @@
 /*
  * Author: Tatu Ylonen <ylo@xxxxxxxxx>
  * Copyright (c) 1995 Tatu Ylonen <ylo@xxxxxxxxx>, Espoo, Finland
- *                    All rights reserved
+ *		      All rights reserved
  * RSA-based authentication.  This code determines whether to admit a
login
  * based on RSA authentication.  This file also contains functions to
check
  * validity of the host key.
@@ -20,7 +20,7 @@
 #include <sys/stat.h>

 #include <openssl/rsa.h>
-#include <openssl/md5.h>
+#include <openssl/evp.h>

 #include <pwd.h>
 #include <stdio.h>
@@ -47,6 +47,7 @@
 #include "monitor_wrap.h"
 #include "ssh.h"
 #include "misc.h"
+#include "fips.h"

 /* import */
 extern ServerOptions options;
@@ -88,11 +89,14 @@
 }

 int
-auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char
response[16])
+auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char
response[MAX_HASH_LEN])
 {
-	u_char buf[32], mdbuf[16];
-	MD5_CTX md;
+	u_char buf[2 * MAX_HASH_LEN], mdbuf[MAX_HASH_LEN];
+	const EVP_MD *evp_md;
+	EVP_MD_CTX md;
+
 	int len;
+	int hash_len;

 	/* don't allow short keys */
 	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
@@ -101,19 +105,29 @@
 		return (0);
 	}

-	/* The response is MD5 of decrypted challenge plus session id. */
+	hash_len = fips_hash_len(fips_hash_min());
+
+	/* The response is a hash of decrypted challenge plus session id.
+	 * Normally this is MD5, in FIPS mode a stronger function is
used.*/
+
+
 	len = BN_num_bytes(challenge);
-	if (len <= 0 || len > 32)
+	if (len <= 0 || len > (2 * hash_len))
 		fatal("auth_rsa_verify_response: bad challenge length %d",
len);
-	memset(buf, 0, 32);
-	BN_bn2bin(challenge, buf + 32 - len);
-	MD5_Init(&md);
-	MD5_Update(&md, buf, 32);
-	MD5_Update(&md, session_id, 16);
-	MD5_Final(mdbuf, &md);
+
+	memset(buf, 0, sizeof(buf));
+	BN_bn2bin(challenge, buf + 2 * hash_len - len);
+
+	if ((evp_md = fips_EVP_get_digest_min()) == NULL) {
+				   fatal("auth_rsa_verify_response:
fips_EVP_get_digest_min failed");
+	}
+	EVP_DigestInit(&md, evp_md);
+	EVP_DigestUpdate(&md, buf, 2 * hash_len);
+	EVP_DigestUpdate(&md, session_id, hash_len);
+	EVP_DigestFinal(&md, mdbuf, NULL);

 	/* Verify that the response is the original challenge. */
-	if (timingsafe_bcmp(response, mdbuf, 16) != 0) {
+	if (timingsafe_bcmp(response, mdbuf, hash_len) != 0) {
 		/* Wrong answer. */
 		return (0);
 	}
@@ -131,7 +145,7 @@
 auth_rsa_challenge_dialog(Key *key)
 {
 	BIGNUM *challenge, *encrypted_challenge;
-	u_char response[16];
+	u_char response[MAX_HASH_LEN];
 	int i, success;

 	if ((encrypted_challenge = BN_new()) == NULL)
@@ -151,7 +165,7 @@

 	/* Wait for a response. */
 	packet_read_expect(SSH_CMSG_AUTH_RSA_RESPONSE);
-	for (i = 0; i < 16; i++)
+	for (i = 0; i < fips_hash_len(fips_hash_min()); i++)
 		response[i] = (u_char)packet_get_char();
 	packet_check_eom();

@@ -231,7 +245,7 @@
 			    "actual %d vs. announced %d.",
 			    file, linenum, BN_num_bits(key->rsa->n),
bits);

-		fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+		fp = key_fingerprint(key, key_fp_type_select(),
SSH_FP_HEX);
 		debug("matching key found: file %s, line %lu %s %s",
 		    file, linenum, key_type(key), fp);
 		free(fp);
diff -ruN openssh-6.5p1_orig/cipher.c openssh-6.5p1_patched/cipher.c
--- openssh-6.5p1_orig/cipher.c	2014-01-26 04:07:26.000000000 +0530
+++ openssh-6.5p1_patched/cipher.c	2014-02-07 00:52:15.000000000
+0530
@@ -2,7 +2,7 @@
 /*
  * Author: Tatu Ylonen <ylo@xxxxxxxxx>
  * Copyright (c) 1995 Tatu Ylonen <ylo@xxxxxxxxx>, Espoo, Finland
- *                    All rights reserved
+ *		      All rights reserved
  *
  * As far as I am concerned, the code I have written for this software
  * can be used freely for any purpose.  Any derived versions of this
@@ -49,6 +49,7 @@
 #include "log.h"
 #include "misc.h"
 #include "cipher.h"
+#include "fips.h"

 /* compatibility with old or broken OpenSSL versions */
 #include "openbsd-compat/openssl-compat.h"
@@ -104,8 +105,50 @@
 	{ NULL,		SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL }
 };

+struct Cipher ciphers_fips140_2[] = {
+	{ "none",	SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
+	{ "3des",	SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des
},
+
+	{ "3des-cbc",   SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1,
EVP_des_ede3_cbc },
+	{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1,
EVP_aes_128_cbc },
+	{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1,
EVP_aes_192_cbc },
+	{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1,
EVP_aes_256_cbc },
+	{ "rijndael-cbc@xxxxxxxxxxxxxx",
+					    SSH_CIPHER_SSH2, 16, 32, 0, 0,
0, 1, EVP_aes_256_cbc },
+	{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0,
EVP_aes_128_ctr },
+	{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0,
EVP_aes_192_ctr },
+	{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0,
EVP_aes_256_ctr },
+#ifdef OPENSSL_HAVE_EVPGCM
+	{ "aes128-gcm@xxxxxxxxxxx",
+					    SSH_CIPHER_SSH2, 16, 16, 12,
16, 0, 0, EVP_aes_128_gcm },
+	{ "aes256-gcm@xxxxxxxxxxx",
+					    SSH_CIPHER_SSH2, 16, 32, 12,
16, 0, 0, EVP_aes_256_gcm },
+#endif
+	{ "chacha20-poly1305@xxxxxxxxxxx",
+			SSH_CIPHER_SSH2, 8, 64, 0, 16, 0,
CFLAG_CHACHAPOLY, NULL },
+	{ NULL,	  SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL }
+};
+
 /*--*/

+static struct Cipher *
+fips_select_ciphers(void)
+{
+	int fips = fips_mode();
+	switch (fips) {
+		 case 0:
+			  return ciphers;
+		 case 1:
+			  return ciphers_fips140_2;
+		 default:
+	/* should not be reached */
+	fatal("Fatal error: incorrect FIPS mode '%i' at %s:%u",
+	fips, __FILE__, __LINE__);
+//     return NULL;
+	}
+}
+
+
 /* Returns a list of supported ciphers separated by the specified char.
*/
 char *
 cipher_alg_list(char sep, int auth_only)
@@ -194,7 +237,7 @@
 cipher_by_name(const char *name)
 {
 	const Cipher *c;
-	for (c = ciphers; c->name != NULL; c++)
+	for (c = fips_select_ciphers(); c->name != NULL; c++)
 		if (strcmp(c->name, name) == 0)
 			return c;
 	return NULL;
@@ -204,7 +247,7 @@
 cipher_by_number(int id)
 {
 	const Cipher *c;
-	for (c = ciphers; c->name != NULL; c++)
+	for (c = fips_select_ciphers(); c->name != NULL; c++)
 		if (c->number == id)
 			return c;
 	return NULL;
@@ -248,7 +291,7 @@
 	const Cipher *c;
 	if (name == NULL)
 		return -1;
-	for (c = ciphers; c->name != NULL; c++)
+	for (c =  fips_select_ciphers(); c->name != NULL; c++)
 		if (strcasecmp(c->name, name) == 0)
 			return c->number;
 	return -1;
@@ -436,14 +479,19 @@
 cipher_set_key_string(CipherContext *cc, const Cipher *cipher,
     const char *passphrase, int do_encrypt)
 {
-	MD5_CTX md;
-	u_char digest[16];
+	const EVP_MD *evp_md;
+	EVP_MD_CTX md;
+	u_char digest[MAX_HASH_LEN];
+	int dlen;
+	if ((evp_md = fips_EVP_get_digest_min()) == NULL) {
+		 fatal("auth_rsa_verify_response: fips_EVP_get_digest_min
failed");
+	}

-	MD5_Init(&md);
-	MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase));
-	MD5_Final(digest, &md);
+	EVP_DigestInit(&md, evp_md);
+	EVP_DigestUpdate(&md, (const u_char *)passphrase,
strlen(passphrase));
+	EVP_DigestFinal(&md, digest, &dlen);

-	cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt);
+	cipher_init(cc, cipher, digest, dlen, NULL, 0, do_encrypt);

 	memset(digest, 0, sizeof(digest));
 	memset(&md, 0, sizeof(md));
diff -ruN openssh-6.5p1_orig/cipher-ctr.c
openssh-6.5p1_patched/cipher-ctr.c
--- openssh-6.5p1_orig/cipher-ctr.c	2013-06-02 03:37:32.000000000
+0530
+++ openssh-6.5p1_patched/cipher-ctr.c	2014-02-07 00:54:23.000000000
+0530
@@ -26,6 +26,7 @@

 #include "xmalloc.h"
 #include "log.h"
+#include "fips.h"

 /* compatibility with old or broken OpenSSL versions */
 #include "openbsd-compat/openssl-compat.h"
@@ -139,6 +140,9 @@
 #ifndef SSH_OLD_EVP
 	aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
 	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
+	if (fips_mode())
+		aes_ctr.flags |= EVP_CIPH_FLAG_FIPS;
+
 #endif
 	return (&aes_ctr);
 }
diff -ruN openssh-6.5p1_orig/fips.c openssh-6.5p1_patched/fips.c
--- openssh-6.5p1_orig/fips.c	1970-01-01 05:30:00.000000000 +0530
+++ openssh-6.5p1_patched/fips.c	2014-02-07 00:56:54.000000000
+0530
@@ -0,0 +1,176 @@
+/*
+ * Copyright (c) 2012 Petr Cerny.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the
distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "fips.h"
+
+#include "log.h"
+
+enum hgp {
+	HGP_LEN,
+	HGP_NID
+};
+
+static int fips_state = -1;
+
+static const struct Hashes {
+	enum hash_type ht;
+	int byte_length;
+	int nid;
+} hashes[] = {
+	{ HASH_MD5,    HASH_LEN_MD5,    NID_md5 },
+	{ HASH_SHA1,   HASH_LEN_SHA1,   NID_sha1 },
+	{ HASH_SHA256, HASH_LEN_SHA256, NID_sha256 },
+	{ HASH_err,    -1,              -1 }
+};
+
+int
+fips_mode()
+{
+	if (-1 == fips_state) {
+		fips_state = FIPS_mode();
+		if (fips_state)
+			debug("FIPS mode initialized");
+	}
+	return fips_state;
+}
+
+static int
+fips_hash_get_param(enum hash_type ht, int param)
+{
+	int i;
+	for (i = 0; i < HASH_err; i++) {
+		if (hashes[i].ht == ht) {
+			switch (param) {
+				case HGP_LEN:
+					return hashes[i].byte_length;
+				case HGP_NID:
+					return hashes[i].nid;
+				default:
+					fatal("Fatal error: internal error
at %s:%u",
+					    __FILE__, __LINE__);
+			}
+		}
+	}
+	/* should not be reached */
+	fatal("Fatal error: incorrect hash type '%i' at %s:%u",
+	    ht, __FILE__, __LINE__);
+//    return -1;
+}
+
+int
+fips_hash2nid(enum hash_type ht)
+{
+	return fips_hash_get_param(ht, HGP_NID);
+}
+
+int
+fips_hash_len(enum hash_type ht)
+{
+	return fips_hash_get_param(ht, HGP_LEN);
+}
+
+void
+fips_correct_fp_type(enum fp_type *fp)
+{
+	int fips;
+
+	fips = fips_mode();
+	switch (fips) {
+		case 0:
+			break;
+		case 1:
+			if (SSH_FP_MD5 == *fp) {
+				*fp = SSH_FP_SHA1;
+				logit("MD5 not allowed in FIPS 140-2 mode,
"
+				    "using SHA-1 for key fingerprints
instead.");
+			}
+			break;
+		default:
+			/* should not be reached */
+			fatal("Fatal error: incorrect FIPS mode '%i' at
%s:%u",
+			    fips, __FILE__, __LINE__);
+	}
+
+	return;
+}
+
+void
+fips_correct_nid(int *nid)
+{
+	int fips;
+
+	fips = fips_mode();
+	switch (fips) {
+		case 0:
+			break;
+		case 1:
+			if (NID_md5 == *nid) {
+				*nid = NID_sha1;
+				logit("MD5 not allowed in FIPS 140-2 mode,
"
+				    "using SHA-1 for hashing instead.");
+			}
+			break;
+		default:
+			/* should not be reached */
+			fatal("Fatal error: incorrect FIPS mode '%i' at
%s:%u",
+			    fips, __FILE__, __LINE__);
+	}
+
+	return;
+}
+
+enum hash_type
+fips_hash_min(void)
+{
+	int fips;
+	enum hash_type ht;
+
+	fips = fips_mode();
+	switch (fips) {
+		case 0:
+			ht = HASH_MD5;
+			break;
+		case 1:
+			ht = HASH_SHA1;
+			break;
+		default:
+			/* should not be reached */
+			fatal("Fatal error: incorrect FIPS mode '%i' at
%s:%u",
+			    fips, __FILE__, __LINE__);
+	}
+	return ht;
+}
+
+enum hash_type
+fips_hash_nid_min()
+{
+	return fips_hash2nid(fips_hash_min());
+}
+
+const EVP_MD *
+fips_EVP_get_digest_min(void)
+{
+	return EVP_get_digestbynid(fips_hash_nid_min());
+}
+
diff -ruN openssh-6.5p1_orig/fips.h openssh-6.5p1_patched/fips.h
--- openssh-6.5p1_orig/fips.h	1970-01-01 05:30:00.000000000 +0530
+++ openssh-6.5p1_patched/fips.h	2014-02-07 00:58:38.000000000
+0530
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2012 Petr Cerny.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *	notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *	notice, this list of conditions and the following disclaimer in
the
+ *	documentation and/or other materials provided with the
distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef FIPS_H
+#define FIPS_H
+
+#include <openssl/evp.h>
+
+#include "key.h"
+
+#define HASH_LEN_MD5	16
+#define HASH_LEN_SHA1	20
+#define HASH_LEN_SHA256	32
+#define MAX_HASH_LEN	HASH_LEN_SHA256
+
+enum hash_type {
+	HASH_MD5 = 1,
+	HASH_SHA1,
+	HASH_SHA256,
+	HASH_err
+};
+
+int	 fips_mode(void);
+void	 fips_correct_fp_type(enum fp_type *);
+void	 fips_correct_nid(int *);
+
+enum hash_type	 fips_hash_min(void);
+const EVP_MD	*fips_EVP_get_digest_min(void);
+int		 fips_hash2nid(enum hash_type);
+int		 fips_hash_len(enum hash_type);
+
+#endif
diff -ruN openssh-6.5p1_orig/key.c openssh-6.5p1_patched/key.c
--- openssh-6.5p1_orig/key.c	2014-01-10 05:28:53.000000000 +0530
+++ openssh-6.5p1_patched/key.c	2014-02-11 00:57:29.000000000 +0530
@@ -57,6 +57,7 @@
 #include "misc.h"
 #include "ssh2.h"
 #include "digest.h"
+#include "fips.h"

 static int to_blob(const Key *, u_char **, u_int *, int);
 static Key *key_from_blob2(const u_char *, u_int, int);
@@ -425,12 +426,12 @@
 }

 static char *
-key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
+key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len, enum fp_type
dgst_type)
 {
 	char *retval;
 	u_int i;

-	retval = xcalloc(1, dgst_raw_len * 3 + 1);
+	retval = xcalloc(1, dgst_raw_len * 3 + 1 + SSH_FP_TYPE_STRLEN +
2);
 	for (i = 0; i < dgst_raw_len; i++) {
 		char hex[4];
 		snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
@@ -438,7 +439,14 @@
 	}

 	/* Remove the trailing ':' character */
-	retval[(dgst_raw_len * 3) - 1] = '\0';
+	retval[(dgst_raw_len * 3) - 1] = ' ';
+	/* Append hash type */
+	{
+		char hash[SSH_FP_TYPE_STRLEN + 2 + 1];
+		snprintf(hash, sizeof(hash), "[%s]",
key_fp_type_str(dgst_type));
+		strlcat(retval, hash, dgst_raw_len * 3 + 1 +
SSH_FP_TYPE_STRLEN + 2);
+	}
+
 	return retval;
 }

@@ -523,7 +531,7 @@
 #define	FLDSIZE_Y	(FLDBASE + 1)
 #define	FLDSIZE_X	(FLDBASE * 2 + 1)
 static char *
-key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key
*k)
+key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key
*k, enum fp_type dgst_type)
 {
 	/*
 	 * Chars to be used after each other every time the worm
@@ -590,8 +598,9 @@
 	}

 	/* output lower border */
-	*p++ = '+';
-	for (i = 0; i < FLDSIZE_X; i++)
+	i = snprintf(p, FLDSIZE_X, "+--[%s]", key_fp_type_str(dgst_type));
+	p += i;
+	for (i--; i < FLDSIZE_X; i++)
 		*p++ = '-';
 	*p++ = '+';

@@ -610,13 +619,13 @@
 		fatal("key_fingerprint: null from key_fingerprint_raw()");
 	switch (dgst_rep) {
 	case SSH_FP_HEX:
-		retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
+		retval = key_fingerprint_hex(dgst_raw, dgst_raw_len,
dgst_type);
 		break;
 	case SSH_FP_BUBBLEBABBLE:
 		retval = key_fingerprint_bubblebabble(dgst_raw,
dgst_raw_len);
 		break;
 	case SSH_FP_RANDOMART:
-		retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len,
k);
+		retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len,
k, dgst_type);
 		break;
 	default:
 		fatal("key_fingerprint: bad digest representation %d",
@@ -628,6 +637,65 @@
 	return retval;
 }

+enum fp_type
+key_fp_type_select(void)
+{
+	static enum fp_type fp;
+	static char fp_defined = 0;
+	char *env;
+
+	if (!fp_defined) {
+		env = getenv(SSH_FP_TYPE_ENVVAR);
+		if (env) {
+			if (!strcasecmp(env, "md5") ||
+				!strcasecmp(env, "md-5"))
+				fp = SSH_FP_MD5;
+			else if (!strcasecmp(env, "sha1") ||
+				!strcasecmp(env, "sha-1"))
+				fp = SSH_FP_SHA1;
+#ifdef HAVE_EVP_SHA256
+			else if (!strcasecmp(env, "sha256") ||
+					!strcasecmp(env, "sha-256"))
+				fp = SSH_FP_SHA256;
+#endif
+			else {
+				error("invalid key type in environment
variable "
+						SSH_FP_TYPE_ENVVAR ": '%s'
- falling back to MD5.",
+						env);
+				fp = SSH_FP_MD5;
+				}
+		} else
+			fp = SSH_FP_MD5;
+
+		if (fips_mode())
+			fips_correct_fp_type(&fp);
+
+		fp_defined = 1;
+	}
+	return fp;
+}
+
+/*
+ * string lengths must be less or equal to SSH_FP_TYPE_STRLEN (defined in
+ * key.h) as to fit into the fingerprint string buffer
+ */
+char *
+key_fp_type_str(enum fp_type dgst_type)
+{
+	switch (dgst_type) {
+		case SSH_FP_MD5:
+			return "MD5";
+		case SSH_FP_SHA1:
+			return "SHA-1";
+#ifdef HAVE_EVP_SHA256
+		case SSH_FP_SHA256:
+			return "SHA-256";
+#endif
+		default:
+			fatal("%s: unknown key fingerprint hash algorithm
requested", __func__);
+	}
+}
+
 /*
  * Reads a multiple-precision integer in decimal from the buffer, and
advances
  * the pointer.  The integer must already be initialized.  This function
is
diff -ruN openssh-6.5p1_orig/key.h openssh-6.5p1_patched/key.h
--- openssh-6.5p1_orig/key.h	2014-01-10 05:28:53.000000000 +0530
+++ openssh-6.5p1_patched/key.h	2014-02-07 01:09:41.000000000 +0530
@@ -58,6 +58,8 @@
 	SSH_FP_BUBBLEBABBLE,
 	SSH_FP_RANDOMART
 };
+#define SSH_FP_TYPE_ENVVAR  "SSH_FINGERPRINT_TYPE"
+#define SSH_FP_TYPE_STRLEN  8

 /* key is stored in external hardware */
 #define KEY_FLAG_EXT		0x0001
@@ -109,6 +111,9 @@
 int		 key_write(const Key *, FILE *);
 int		 key_read(Key *, char **);
 u_int		 key_size(const Key *);
+enum fp_type	  key_fp_type_select(void);
+char	  *key_fp_type_str(enum fp_type);
+

 Key	*key_generate(int, u_int);
 Key	*key_from_private(const Key *);
diff -ruN openssh-6.5p1_orig/mac.c openssh-6.5p1_patched/mac.c
--- openssh-6.5p1_orig/mac.c	2014-01-10 05:07:05.000000000 +0530
+++ openssh-6.5p1_patched/mac.c	2014-02-07 01:14:38.000000000 +0530
@@ -41,6 +41,7 @@
 #include "kex.h"
 #include "mac.h"
 #include "misc.h"
+#include "fips.h"

 #include "umac.h"

@@ -60,7 +61,7 @@
 	int		etm;		/* Encrypt-then-MAC */
 };

-static const struct macalg macs[] = {
+static const struct macalg all_macs[] = {
 	/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
 	{ "hmac-sha1",				SSH_EVP, EVP_sha1, 0, 0,
0, 0 },
 	{ "hmac-sha1-96",			SSH_EVP, EVP_sha1, 96, 0,
0, 0 },
@@ -90,6 +91,30 @@

 	{ NULL,					0, NULL, 0, 0, 0, 0 }
 };
+struct macalg macs_fips140_2[] = {
+	{ "hmac-sha1",				SSH_EVP, EVP_sha1, 0, 0,
0, 0 },
+#ifdef HAVE_EVP_SHA256
+	{ "hmac-sha2-256",			SSH_EVP, EVP_sha256, 0, 0,
0, 0 },
+	{ "hmac-sha2-512",			SSH_EVP, EVP_sha512, 0, 0,
0, 0 },
+#endif
+	{ NULL,					0, NULL, 0, 0, 0, 0 }
+};
+
+static struct macalg *
+fips_select_macs(void)
+{
+	int fips = fips_mode();
+	switch (fips) {
+		case 0:
+			return all_macs;
+		case 1:
+			return macs_fips140_2;
+		default:
+			/* should not be reached */
+			fatal("Fatal error: incorrect FIPS mode '%i' at
%s:%u", fips, __FILE__, __LINE__);
+//			return NULL;
+	}
+}

 /* Returns a list of supported MACs separated by the specified char. */
 char *
@@ -97,9 +122,9 @@
 {
 	char *ret = NULL;
 	size_t nlen, rlen = 0;
-	const struct macalg *m;
+	const struct macalg *m = fips_select_macs();

-	for (m = macs; m->name != NULL; m++) {
+	for (; m->name != NULL; m++) {
 		if (ret != NULL)
 			ret[rlen++] = sep;
 		nlen = strlen(m->name);
@@ -134,9 +159,9 @@
 int
 mac_setup(Mac *mac, char *name)
 {
-	const struct macalg *m;
+	const struct macalg *m = fips_select_macs();

-	for (m = macs; m->name != NULL; m++) {
+	for (; m->name != NULL; m++) {
 		if (strcmp(name, m->name) != 0)
 			continue;
 		if (mac != NULL)
diff -ruN openssh-6.5p1_orig/Makefile.in openssh-6.5p1_patched/Makefile.in
--- openssh-6.5p1_orig/Makefile.in	2014-01-27 12:05:04.000000000
+0530
+++ openssh-6.5p1_patched/Makefile.in	2014-02-07 01:58:20.000000000
+0530
@@ -76,7 +76,7 @@
 	jpake.o schnorr.o ssh-pkcs11.o krl.o smult_curve25519_ref.o \
 	kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \
 	ssh-ed25519.o digest.o \
-	sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o
+	sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o
fips.o

 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
 	sshconnect.o sshconnect1.o sshconnect2.o mux.o \
diff -ruN openssh-6.5p1_orig/myproposal.h
openssh-6.5p1_patched/myproposal.h
--- openssh-6.5p1_orig/myproposal.h	2013-12-07 05:54:02.000000000
+0530
+++ openssh-6.5p1_patched/myproposal.h	2014-02-07 02:00:09.000000000
+0530
@@ -109,6 +109,10 @@
 	"chacha20-poly1305@xxxxxxxxxxx," \
 	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
 	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx"
+#define    KEX_FIPS_140_2_ENCRYPT \
+	"aes128-ctr,aes192-ctr,aes256-ctr," \
+	"aes128-cbc,3des-cbc," \
+	"aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx"

 #define	KEX_DEFAULT_MAC \
 	"hmac-md5-etm@xxxxxxxxxxx," \
@@ -129,6 +133,10 @@
 	"hmac-ripemd160@xxxxxxxxxxx," \
 	"hmac-sha1-96," \
 	"hmac-md5-96"
+#define    KEX_FIPS_140_2_MAC \
+	"hmac-sha1," \
+	SHA2_HMAC_MODES
+

 #define	KEX_DEFAULT_COMP	"none,zlib@xxxxxxxxxxx,zlib"
 #define	KEX_DEFAULT_LANG	""
diff -ruN openssh-6.5p1_orig/openbsd-compat/arc4random.c
openssh-6.5p1_patched/openbsd-compat/arc4random.c
--- openssh-6.5p1_orig/openbsd-compat/arc4random.c	2013-10-09
05:14:49.000000000 +0530
+++ openssh-6.5p1_patched/openbsd-compat/arc4random.c	2014-02-07
02:02:32.000000000 +0530
@@ -37,6 +37,7 @@
 #include <openssl/err.h>

 #include "log.h"
+#include "fips.h"

 #define KEYSTREAM_ONLY
 #include "chacha_private.h"
diff -ruN openssh-6.5p1_orig/ssh-add.c openssh-6.5p1_patched/ssh-add.c
--- openssh-6.5p1_orig/ssh-add.c	2013-12-29 12:14:07.000000000
+0530
+++ openssh-6.5p1_patched/ssh-add.c	2014-02-07 02:08:54.000000000
+0530
@@ -330,7 +330,7 @@
 		    key = ssh_get_next_identity(ac, &comment, version)) {
 			had_identities = 1;
 			if (do_fp) {
-				fp = key_fingerprint(key, SSH_FP_MD5,
+				fp = key_fingerprint(key,
key_fp_type_select(),
 				    SSH_FP_HEX);
 				printf("%d %s %s (%s)\n",
 				    key_size(key), fp, comment,
key_type(key));
diff -ruN openssh-6.5p1_orig/ssh-agent.c openssh-6.5p1_patched/ssh-agent.c
--- openssh-6.5p1_orig/ssh-agent.c	2013-12-29 12:15:52.000000000
+0530
+++ openssh-6.5p1_patched/ssh-agent.c	2014-02-07 02:09:21.000000000
+0530
@@ -198,7 +198,7 @@
 	char *p;
 	int ret = -1;

-	p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
+	p = key_fingerprint(id->key, key_fp_type_select(), SSH_FP_HEX);
 	if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
 	    id->comment, p))
 		ret = 0;
diff -ruN openssh-6.5p1_orig/ssh.c openssh-6.5p1_patched/ssh.c
--- openssh-6.5p1_orig/ssh.c	2013-12-29 12:23:40.000000000 +0530
+++ openssh-6.5p1_patched/ssh.c	2014-02-07 02:11:49.000000000 +0530
@@ -104,6 +104,7 @@
 #include "uidswap.h"
 #include "roaming.h"
 #include "version.h"
+#include "fips.h"

 #ifdef ENABLE_PKCS11
 #include "ssh-pkcs11.h"
@@ -458,6 +459,8 @@
 	    "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
 		switch (opt) {
 		case '1':
+			if (fips_mode())
+				fatal("Protocol 1 not allowed in the FIPS
mode.");
 			options.protocol = SSH_PROTO_1;
 			break;
 		case '2':
@@ -964,6 +967,12 @@

 	timeout_ms = options.connection_timeout * 1000;

+	if (FIPS_mode()) {
+		options.protocol &= SSH_PROTO_2;
+		if (options.protocol == 0)
+			fatal("Protocol 2 disabled by configuration but
required in the FIPS mode");
+	}
+
 	/* Open a connection to the remote host. */
 	if (ssh_connect(host, addrs, &hostaddr, options.port,
 	    options.address_family, options.connection_attempts,
diff -ruN openssh-6.5p1_orig/sshconnect2.c
openssh-6.5p1_patched/sshconnect2.c
--- openssh-6.5p1_orig/sshconnect2.c	2014-01-10 05:28:53.000000000
+0530
+++ openssh-6.5p1_patched/sshconnect2.c	2014-02-07 02:16:14.000000000
+0530
@@ -72,6 +72,7 @@
 #include "hostfile.h"
 #include "schnorr.h"
 #include "jpake.h"
+#include "fips.h"

 #ifdef GSSAPI
 #include "ssh-gss.h"
@@ -170,6 +171,9 @@
 	if (options.ciphers != NULL) {
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
+	} else if (fips_mode()) {
+		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+		myproposal[PROPOSAL_ENC_ALGS_STOC] =
KEX_FIPS_140_2_ENCRYPT;
 	}
 	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 	    compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
@@ -185,6 +189,9 @@
 	if (options.macs != NULL) {
 		myproposal[PROPOSAL_MAC_ALGS_CTOS] =
 		myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
+	} else if (fips_mode()) {
+		myproposal[PROPOSAL_MAC_ALGS_CTOS] =
+		myproposal[PROPOSAL_MAC_ALGS_STOC] = KEX_FIPS_140_2_MAC;
 	}
 	if (options.hostkeyalgorithms != NULL)
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
@@ -592,7 +599,7 @@
 		    key->type, pktype);
 		goto done;
 	}
-	fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+	fp = key_fingerprint(key, key_fp_type_select(), SSH_FP_HEX);
 	debug2("input_userauth_pk_ok: fp %s", fp);
 	free(fp);

@@ -1204,7 +1211,7 @@
 	int have_sig = 1;
 	char *fp;

-	fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
+	fp = key_fingerprint(id->key, key_fp_type_select(), SSH_FP_HEX);
 	debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
 	free(fp);

diff -ruN openssh-6.5p1_orig/sshconnect.c
openssh-6.5p1_patched/sshconnect.c
--- openssh-6.5p1_orig/sshconnect.c	2014-01-10 05:29:24.000000000
+0530
+++ openssh-6.5p1_patched/sshconnect.c	2014-02-07 02:17:50.000000000
+0530
@@ -911,8 +911,8 @@
 				    "key for IP address '%.128s' to the
list "
 				    "of known hosts.", type, ip);
 		} else if (options.visual_host_key) {
-			fp = key_fingerprint(host_key, SSH_FP_MD5,
SSH_FP_HEX);
-			ra = key_fingerprint(host_key, SSH_FP_MD5,
+			fp = key_fingerprint(host_key,
key_fp_type_select(), SSH_FP_HEX);
+			ra = key_fingerprint(host_key,
key_fp_type_select(),
 			    SSH_FP_RANDOMART);
 			logit("Host key fingerprint is %s\n%s\n", fp, ra);
 			free(ra);
@@ -952,8 +952,8 @@
 			else
 				snprintf(msg1, sizeof(msg1), ".");
 			/* The default */
-			fp = key_fingerprint(host_key, SSH_FP_MD5,
SSH_FP_HEX);
-			ra = key_fingerprint(host_key, SSH_FP_MD5,
+			fp = key_fingerprint(host_key,
key_fp_type_select(), SSH_FP_HEX);
+			ra = key_fingerprint(host_key,
key_fp_type_select(),
 			    SSH_FP_RANDOMART);
 			msg2[0] = '\0';
 			if (options.verify_host_key_dns) {
@@ -1217,7 +1217,7 @@
 	int flags = 0;
 	char *fp;

-	fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+	fp = key_fingerprint(host_key, key_fp_type_select(), SSH_FP_HEX);
 	debug("Server host key: %s %s", key_type(host_key), fp);
 	free(fp);

@@ -1324,8 +1324,8 @@
 			continue;
 		if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i],
&found))
 			continue;
-		fp = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_HEX);
-		ra = key_fingerprint(found->key, SSH_FP_MD5,
SSH_FP_RANDOMART);
+		fp = key_fingerprint(found->key, key_fp_type_select(),
SSH_FP_HEX);
+		ra = key_fingerprint(found->key, key_fp_type_select(),
SSH_FP_RANDOMART);
 		logit("WARNING: %s key found for host %s\n"
 		    "in %s:%lu\n"
 		    "%s key fingerprint %s.",
@@ -1346,7 +1346,7 @@
 {
 	char *fp;

-	fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+	fp = key_fingerprint(host_key, key_fp_type_select(), SSH_FP_HEX);


error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 	error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
@");
diff -ruN openssh-6.5p1_orig/sshd.c openssh-6.5p1_patched/sshd.c
--- openssh-6.5p1_orig/sshd.c	2014-01-28 09:38:13.000000000 +0530
+++ openssh-6.5p1_patched/sshd.c	2014-02-07 02:22:10.000000000
+0530
@@ -121,6 +121,7 @@
 #include "roaming.h"
 #include "ssh-sandbox.h"
 #include "version.h"
+#include "fips.h"

 #ifdef LIBWRAP
 #include <tcpd.h>
@@ -1717,6 +1718,10 @@
 		debug("private host key: #%d type %d %s", i, keytype,
 		    key_type(key ? key : pubkey));
 	}
+	if ((options.protocol & SSH_PROTO_1) && fips_mode()) {
+		logit("Disabling protocol version 1. Not allowed in the
FIPS mode.");
+		options.protocol &= ~SSH_PROTO_1;
+	}
 	if ((options.protocol & SSH_PROTO_1) &&
!sensitive_data.have_ssh1_key) {
 		logit("Disabling protocol version 1. Could not load host
key");
 		options.protocol &= ~SSH_PROTO_1;
@@ -2429,6 +2434,9 @@
 	if (options.ciphers != NULL) {
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
+	} else if (fips_mode()) {
+		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+		myproposal[PROPOSAL_ENC_ALGS_STOC] =
KEX_FIPS_140_2_ENCRYPT;
 	}
 	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 	    compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
@@ -2438,6 +2446,9 @@
 	if (options.macs != NULL) {
 		myproposal[PROPOSAL_MAC_ALGS_CTOS] =
 		myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
+	} else if (fips_mode()) {
+		myproposal[PROPOSAL_MAC_ALGS_CTOS] =
+		myproposal[PROPOSAL_MAC_ALGS_STOC] = KEX_FIPS_140_2_MAC;
 	}
 	if (options.compression == COMP_NONE) {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
diff -ruN openssh-6.5p1_orig/ssh-keygen.c
openssh-6.5p1_patched/ssh-keygen.c
--- openssh-6.5p1_orig/ssh-keygen.c	2013-12-07 05:54:02.000000000
+0530
+++ openssh-6.5p1_patched/ssh-keygen.c	2014-02-07 02:27:57.000000000
+0530
@@ -746,7 +746,7 @@
 	enum fp_type fptype;
 	char *fp, *ra;

-	fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
+	fptype = print_bubblebabble ? SSH_FP_SHA1 : key_fp_type_select();
 	rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;

 	pkcs11_init(0);
@@ -801,7 +801,7 @@
 	public = key_load_public(identity_file, &comment);
 	if (public != NULL) {
 		fp = key_fingerprint(public, fptype, rep);
-		ra = key_fingerprint(public, SSH_FP_MD5,
SSH_FP_RANDOMART);
+		ra = key_fingerprint(public, key_fp_type_select(),
SSH_FP_RANDOMART);
 		printf("%u %s %s (%s)\n", key_size(public), fp, comment,
 		    key_type(public));
 		if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -867,7 +867,7 @@
 		}
 		comment = *cp ? cp : comment;
 		fp = key_fingerprint(public, fptype, rep);
-		ra = key_fingerprint(public, SSH_FP_MD5,
SSH_FP_RANDOMART);
+		ra = key_fingerprint(public, key_fp_type_select(),
SSH_FP_RANDOMART);
 		printf("%u %s %s (%s)\n", key_size(public), fp,
 		    comment ? comment : "no comment", key_type(public));
 		if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -988,10 +988,10 @@
 		enum fp_type fptype;
 		char *fp, *ra;

-		fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
+		fptype = print_bubblebabble ? SSH_FP_SHA1 :
key_fp_type_select();
 		rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE :
SSH_FP_HEX;
 		fp = key_fingerprint(public, fptype, rep);
-		ra = key_fingerprint(public, SSH_FP_MD5,
SSH_FP_RANDOMART);
+		ra = key_fingerprint(public, key_fp_type_select(),
SSH_FP_RANDOMART);
 		printf("%u %s %s (%s)\n", key_size(public), fp, name,
 		    key_type(public));
 		if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -1878,9 +1878,9 @@
 		fatal("%s is not a certificate", identity_file);
 	v00 = key->type == KEY_RSA_CERT_V00 || key->type ==
KEY_DSA_CERT_V00;

-	key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+	key_fp = key_fingerprint(key, key_fp_type_select(), SSH_FP_HEX);
 	ca_fp = key_fingerprint(key->cert->signature_key,
-	    SSH_FP_MD5, SSH_FP_HEX);
+	    key_fp_type_select(), SSH_FP_HEX);

 	printf("%s:\n", identity_file);
 	printf("        Type: %s %s certificate\n", key_ssh_name(key),
@@ -2686,8 +2686,8 @@
 	fclose(f);

 	if (!quiet) {
-		char *fp = key_fingerprint(public, SSH_FP_MD5,
SSH_FP_HEX);
-		char *ra = key_fingerprint(public, SSH_FP_MD5,
+		char *fp = key_fingerprint(public, key_fp_type_select(),
SSH_FP_HEX);
+		char *ra = key_fingerprint(public, key_fp_type_select(),
 		    SSH_FP_RANDOMART);
 		printf("Your public key has been saved in %s.\n",
 		    identity_file);
diff -ruN openssh-6.5p1_orig/ssh-rsa.c openssh-6.5p1_patched/ssh-rsa.c
--- openssh-6.5p1_orig/ssh-rsa.c	2014-01-10 05:28:53.000000000
+0530
+++ openssh-6.5p1_patched/ssh-rsa.c	2014-02-07 02:36:26.000000000
+0530
@@ -33,6 +33,7 @@
 #include "misc.h"
 #include "ssh.h"
 #include "digest.h"
+#include "fips.h"

 static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA
*);

@@ -56,6 +57,7 @@
 	/* hash the data */
 	hash_alg = SSH_DIGEST_SHA1;
 	nid = NID_sha1;
+	fips_correct_nid(&nid);
 	if ((dlen = ssh_digest_bytes(hash_alg)) == 0) {
 		error("%s: bad hash algorithm %d", __func__, hash_alg);
 		return -1;

--- PATCH END

-----Original Message-----
From: Steve Marquess [mailto:marquess@xxxxxxxxxxxxxxxxxxxxx]
Sent: Monday, February 17, 2014 5:35 PM
To: openssh-unix-dev@xxxxxxxxxxx
Cc: manish.jagtap@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [ DRAFT PATCH ] - FIPS 140-2 patch for OpenSSH 6.5p1

On 02/17/2014 01:09 AM, Manish Jagtap wrote:
> Hi,
>
>
>
> Here is FIPS 140-2 patch for OpenSSH 6.5p1. Since our expertise in
> OpenSSH code is limited, request moderators to validate this patch and
> update as required.

I didn't see any patch but the following comments apply regardless.

For a long time I hoped to see native OpenSSL FIPS module support in
OpenSSH. Over the years OSF has prepared a number of patches such as:


http://opensslfoundation.com/export/openssh/openssh-6.0p1.fips-revised.pat
ch

for interested clients.

However, with continuing evolution of OpenSSH and changing FIPS 140-2
requirements such support is becoming increasingly difficult. In order to
make any reasonable claim that an application like OpenSSH is "FIPS
140-2 compliant" *all* cryptography used by that application must be
implemented in the validated module(s). OpenSSH has always had some
inlined cryptography, but the recent introduction of "non-NIST"
cryptography exacerbates that issue.

Then there is the additional consideration that FIPS 140-2 is only
desirable in a context (USG and DoD) where x.509 support is also
mandatory. OpenSSH has adopted a different (and more robust) certificate
scheme. FIPS 140-2 has always been focused on compliance to a specific
ritualized policy and process, and thus is necessarily less secure in an
absolute sense, while OpenSSH is focused on real-world security. IMHO that
discrepancy will probably continue to grow.

So while it remains technically possible to jam the round OpenSSH peg into
the square FIPS 140-2 hole, I'm no longer sure it makes sense to attempt
it in the baseline OpenSSH.

-Steve M.

--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess@xxxxxxxxxxxxxxxxxxxxx
marquess@xxxxxxxxxxx
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux