[warrior][PATCH] dropbear: new feature: disable-weak-ciphers

[warrior][PATCH] dropbear: new feature: disable-weak-ciphers

[Joseph Reynolds]

Enhances dropbear with a new feature "disable-weak-ciphers", on by default.
This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers in
the dropbear ssh server and client.

Disable this feature if you need to connect to the ssh server from older
clients.  Additional customization can be done with local_options.h as usual.

Tested: On dropbear_2019.78.

Upstream-Status: Inappropriate [configuration]

Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/dropbear/dropbear.inc            |  6 ++-
 .../dropbear/dropbear-disable-weak-ciphers.patch   | 44 ++++++++++++++++++++++
 2 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch

diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
index 2537603..b090377 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -19,7 +19,8 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
            file://dropbear@.service \
            file://dropbear.socket \
            file://dropbear.default \
-           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} "
+           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} "
 
 PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
                file://0006-dropbear-configuration-file.patch \
@@ -45,8 +46,9 @@ SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
 BINCOMMANDS = "dbclient ssh scp"
 EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
 
-PACKAGECONFIG ?= ""
+PACKAGECONFIG ?= "disable-weak-ciphers"
 PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt"
+PACKAGECONFIG[disable-weak-ciphers] = ""
 
 EXTRA_OECONF += "\
  ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
new file mode 100644
index 0000000..e48a34b
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
@@ -0,0 +1,44 @@
+This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers 
+in the dropbear ssh server and client since they're considered weak ciphers
+and we want to support the stong algorithms.
+
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
+
+Index: dropbear-2019.78/default_options.h
+===================================================================
+--- dropbear-2019.78.orig/default_options.h
++++ dropbear-2019.78/default_options.h
+@@ -91,7 +91,7 @@ IMPORTANT: Some options will require "ma
+ 
+ /* Enable CBC mode for ciphers. This has security issues though
+  * is the most compatible with older SSH implementations */
+-#define DROPBEAR_ENABLE_CBC_MODE 1
++#define DROPBEAR_ENABLE_CBC_MODE 0
+ 
+ /* Enable "Counter Mode" for ciphers. This is more secure than
+  * CBC mode against certain attacks. It is recommended for security
+@@ -101,7 +101,7 @@ IMPORTANT: Some options will require "ma
+ /* Message integrity. sha2-256 is recommended as a default, 
+    sha1 for compatibility */
+ #define DROPBEAR_SHA1_HMAC 1
+-#define DROPBEAR_SHA1_96_HMAC 1
++#define DROPBEAR_SHA1_96_HMAC 0
+ #define DROPBEAR_SHA2_256_HMAC 1
+ 
+ /* Hostkey/public key algorithms - at least one required, these are used
+@@ -149,12 +149,12 @@ IMPORTANT: Some options will require "ma
+  * Small systems should generally include either curve25519 or ecdh for performance.
+  * curve25519 is less widely supported but is faster
+  */ 
+-#define DROPBEAR_DH_GROUP14_SHA1 1
++#define DROPBEAR_DH_GROUP14_SHA1 0
+ #define DROPBEAR_DH_GROUP14_SHA256 1
+ #define DROPBEAR_DH_GROUP16 0
+ #define DROPBEAR_CURVE25519 1
+ #define DROPBEAR_ECDH 1
+-#define DROPBEAR_DH_GROUP1 1
++#define DROPBEAR_DH_GROUP1 0
+ 
+ /* When group1 is enabled it will only be allowed by Dropbear client
+ not as a server, due to concerns over its strength. Set to 0 to allow
-- 
1.8.3.1

Re: [warrior][PATCH] dropbear: new feature: disable-weak-ciphers

[Adrian Bunk]

On Mon, Jul 15, 2019 at 03:38:57PM -0500, Joseph Reynolds wrote:
> Enhances dropbear with a new feature "disable-weak-ciphers", on by default.
> This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers in
> the dropbear ssh server and client.
> 
> Disable this feature if you need to connect to the ssh server from older
> clients.  Additional customization can be done with local_options.h as usual.
>...

Changing the default behaviour in a stable series does not sound 
appropriate to me.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Re: [warrior][PATCH] dropbear: new feature: disable-weak-ciphers

[Joseph Reynolds]

On 7/15/19 3:58 PM, Adrian Bunk wrote:
> On Mon, Jul 15, 2019 at 03:38:57PM -0500, Joseph Reynolds wrote:
>> Enhances dropbear with a new feature "disable-weak-ciphers", on by default.
>> This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers in
>> the dropbear ssh server and client.
>>
>> Disable this feature if you need to connect to the ssh server from older
>> clients.  Additional customization can be done with local_options.h as usual.
>> ...
> Changing the default behaviour in a stable series does not sound
> appropriate to me.

Although this patch is for security, it is a config change and not a 
fix.  I understand if you don't want to add it to a release branch, and 
I am am okay with that.  I just want to know one way or the other.  If 
this is the answer, we'll put the patch into our downstream project 
(github.com/openbmc/openbmc branch=warrior) ... waiting for more 
opinions ....

Thanks!
- Joseph
>
> cu
> Adrian
>

Re: [warrior][PATCH] dropbear: new feature: disable-weak-ciphers

[richard.purdie]

On Mon, 2019-07-15 at 16:08 -0500, Joseph Reynolds wrote:
> On 7/15/19 3:58 PM, Adrian Bunk wrote:
> > On Mon, Jul 15, 2019 at 03:38:57PM -0500, Joseph Reynolds wrote:
> > > Enhances dropbear with a new feature "disable-weak-ciphers", on
> > > by default.
> > > This feature disables all CBC, SHA1, and diffie-hellman group1
> > > ciphers in
> > > the dropbear ssh server and client.
> > > 
> > > Disable this feature if you need to connect to the ssh server
> > > from older
> > > clients.  Additional customization can be done with
> > > local_options.h as usual.
> > > ...
> > Changing the default behaviour in a stable series does not sound
> > appropriate to me.
> 
> Although this patch is for security, it is a config change and not a 
> fix.  I understand if you don't want to add it to a release branch,
> and I am am okay with that.  I just want to know one way or the
> other. 
> If this is the answer, we'll put the patch into our downstream
> project (github.com/openbmc/openbmc branch=warrior) ... waiting for
> more opinions ....

Whilst I understand the rationale behind this, our policy for stable
branches is clear, we shouldn't change behaviour there unless its for a
significant security issue. This is more prevention rather than a known
large issue.

So unless I hear strong support for adding it, I think we probably just
move forward with it in master.

The patch is here if anyone does want it.

(Armin as the stable branch maintainer does also have a say in this,
I'm not sure what his opinion is).

Cheers,

Richard