File openssh-fips-ensure-approved-moduli.patch of Package openssh.29886
From bb6b4d3908d308651f81940e31b67dfb47297482 Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@suse.com>
Date: Wed, 26 Oct 2022 10:01:18 +0200
Subject: [PATCH] openssh-fips-ensure-approved-moduli
commit 102956da05b4b01c46cb2a555e1277ab3a8d0167
Author: Hans Petter Jansson <hpj@hpjansson.org>
Date: Wed Nov 11 00:59:45 2020 +0100
Ensure DHGs are approved in FIPS mode using OpenSSL's DH_check()
---
dh.c | 38 +++++++++++++++++++++++++++++++++++++-
1 file changed, 37 insertions(+), 1 deletion(-)
diff --git a/dh.c b/dh.c
index 351c79ce..13e7c189 100644
--- a/dh.c
+++ b/dh.c
@@ -144,6 +144,28 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
return 0;
}
+static int
+dhg_is_approved(const struct dhgroup *dhg)
+{
+ BIGNUM *g, *p;
+ DH *dh;
+ int dh_status;
+ int is_ok = 0;
+
+ /* DH_set0_pqg() transfers ownership of the bignums, so we
+ * make temporary copies here for simplicity. */
+ g = BN_dup(dhg->g);
+ p = BN_dup(dhg->p);
+ dh = dh_new_group(g, p);
+
+ if (dh) {
+ is_ok = DH_check(dh, &dh_status);
+ }
+
+ DH_free(dh);
+ return is_ok;
+}
+
DH *
choose_dh(int min, int wantbits, int max)
{
@@ -163,12 +185,20 @@ choose_dh(int min, int wantbits, int max)
linenum = 0;
best = bestcount = 0;
while (fgets(line, sizeof(line), f)) {
+ int dhg_is_ok;
+
linenum++;
if (!parse_prime(linenum, line, &dhg))
continue;
+
+ dhg_is_ok = dhg_is_approved(&dhg);
+
BN_clear_free(dhg.g);
BN_clear_free(dhg.p);
+ if (!dhg_is_ok)
+ continue;
+
if (dhg.size > max || dhg.size < min)
continue;
@@ -191,9 +221,15 @@ choose_dh(int min, int wantbits, int max)
linenum = 0;
which = arc4random_uniform(bestcount);
while (fgets(line, sizeof(line), f)) {
+ int dhg_is_ok;
+
if (!parse_prime(linenum, line, &dhg))
continue;
- if ((dhg.size > max || dhg.size < min) ||
+
+ dhg_is_ok = dhg_is_approved(&dhg);
+
+ if (!dhg_is_ok ||
+ (dhg.size > max || dhg.size < min) ||
dhg.size != best ||
linenum++ != which) {
BN_clear_free(dhg.g);
--
2.38.0
