Date
1 - 4 of 4
[meta-openssl102-fips][PATCH] openssh: Fix patch to properly apply on 7.9 version found in warrior
|
Mark Hatle
Thanks for the pull request.. pushed.
toggle quoted message
Show quoted text
--Mark On 1/29/20 9:08 PM, Mark Hatle wrote:
|
|
|
|
Mark Hatle
On 1/29/20 8:49 PM, Mark Hatle wrote:
Should this be applied only to the warrior branch? I don't typically buildI tried to apply this patch, but unfortunately it's corrupt. Likely by an exchange server or outlook. If you can, you can generate a pull request at: https://github.com/mhatle/meta-openssl102-fips I prefer mailing list, but I realize sometime employers infrastructure can make email more problematic then it otherwise should be.. --Mark --Mark |
|
|
|
Mark Hatle
Should this be applied only to the warrior branch? I don't typically build
toggle quoted message
Show quoted text
warrior branch, but I'm happy to accept patches if you can verify it's working properly. --Mark On 1/29/20 12:47 PM, Davis, Michael wrote:
Signed-off-by: Michael Davis <michael.davis@...> |
|
|
|
Davis, Michael
Signed-off-by: Michael Davis <michael.davis@...>
--- .../openssh/0001-openssh-8.0p1-fips.patch | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch index 30534c7..5ff4eff 100644 --- a/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch +++ b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch @@ -270,10 +270,10 @@ Index: git/readconf.c =================================================================== --- git.orig/readconf.c +++ git/readconf.c -@@ -2077,17 +2077,18 @@ fill_default_options(Options * options) - all_mac = mac_alg_list(','); +@@ -2178,18 +2178,19 @@ fill_default_options(Options * options) all_kex = kex_alg_list(','); all_key = sshkey_alg_list(0, 0, 1, ','); + all_sig = sshkey_alg_list(0, 1, 1, ','); -#define ASSEMBLE(what, defaults, all) \ +#define ASSEMBLE(what, defaults, fips_defaults, all) \ do { \ @@ -288,11 +288,13 @@ Index: git/readconf.c - ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex); - ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); - ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); -+ ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher); -+ ASSEMBLE(macs, KEX_CLIENT_MAC, KEX_FIPS_MAC, all_mac); -+ ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, KEX_DEFAULT_KEX_FIPS, all_kex); +- ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); ++ ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher); ++ ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac); ++ ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex); + ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key); + ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key); ++ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig); #undef ASSEMBLE free(all_cipher); free(all_mac); @@ -314,10 +316,10 @@ Index: git/servconf.c =================================================================== --- git.orig/servconf.c +++ git/servconf.c -@@ -198,17 +198,18 @@ assemble_algorithms(ServerOptions *o) - all_mac = mac_alg_list(','); +@@ -209,18 +209,19 @@ assemble_algorithms(ServerOptions *o) all_kex = kex_alg_list(','); all_key = sshkey_alg_list(0, 0, 1, ','); + all_sig = sshkey_alg_list(0, 1, 1, ','); -#define ASSEMBLE(what, defaults, all) \ +#define ASSEMBLE(what, defaults, fips_defaults, all) \ do { \ @@ -332,12 +334,14 @@ Index: git/servconf.c - ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); - ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); - ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); +- ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); + ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher); + ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac); + ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex); + ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key); + ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key); + ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key); ++ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig); #undef ASSEMBLE free(all_cipher); free(all_mac); -- 2.24.1 Disclaimer The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. |
|
|