forked from rpms/openssh
		
	- add AES-CTR ciphers to the FIPS mode proposal
This commit is contained in:
		
							parent
							
								
									adad2a814e
								
							
						
					
					
						commit
						0f07b4ad95
					
				| @ -1,6 +1,6 @@ | ||||
| diff -up openssh-5.2p1/ssh-agent.c.fips openssh-5.2p1/ssh-agent.c
 | ||||
| --- openssh-5.2p1/ssh-agent.c.fips	2009-02-11 19:01:26.000000000 +0100
 | ||||
| +++ openssh-5.2p1/ssh-agent.c	2009-02-12 13:46:18.000000000 +0100
 | ||||
| --- openssh-5.2p1/ssh-agent.c.fips	2009-03-13 11:23:15.000000000 +0100
 | ||||
| +++ openssh-5.2p1/ssh-agent.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -51,6 +51,8 @@
 | ||||
|   | ||||
|  #include <openssl/evp.h> | ||||
| @ -36,8 +36,8 @@ diff -up openssh-5.2p1/ssh-agent.c.fips openssh-5.2p1/ssh-agent.c | ||||
|  	__progname = ssh_get_progname(av[0]); | ||||
|  	init_rng(); | ||||
| diff -up openssh-5.2p1/auth2-pubkey.c.fips openssh-5.2p1/auth2-pubkey.c
 | ||||
| --- openssh-5.2p1/auth2-pubkey.c.fips	2009-02-11 19:01:25.000000000 +0100
 | ||||
| +++ openssh-5.2p1/auth2-pubkey.c	2009-02-11 19:01:26.000000000 +0100
 | ||||
| --- openssh-5.2p1/auth2-pubkey.c.fips	2009-03-13 11:23:15.000000000 +0100
 | ||||
| +++ openssh-5.2p1/auth2-pubkey.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -33,6 +33,7 @@
 | ||||
|  #include <stdio.h> | ||||
|  #include <stdarg.h> | ||||
| @ -56,8 +56,8 @@ diff -up openssh-5.2p1/auth2-pubkey.c.fips openssh-5.2p1/auth2-pubkey.c | ||||
|  			    key_type(found), fp); | ||||
|  			xfree(fp); | ||||
| diff -up openssh-5.2p1/ssh.c.fips openssh-5.2p1/ssh.c
 | ||||
| --- openssh-5.2p1/ssh.c.fips	2009-02-11 19:01:26.000000000 +0100
 | ||||
| +++ openssh-5.2p1/ssh.c	2009-02-12 13:48:43.000000000 +0100
 | ||||
| --- openssh-5.2p1/ssh.c.fips	2009-03-13 11:23:15.000000000 +0100
 | ||||
| +++ openssh-5.2p1/ssh.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -71,6 +71,8 @@
 | ||||
|   | ||||
|  #include <openssl/evp.h> | ||||
| @ -78,7 +78,7 @@ diff -up openssh-5.2p1/ssh.c.fips openssh-5.2p1/ssh.c | ||||
|  	init_rng(); | ||||
|   | ||||
|  	/* | ||||
| @@ -562,7 +568,6 @@ main(int ac, char **av)
 | ||||
| @@ -550,7 +556,6 @@ main(int ac, char **av)
 | ||||
|  	if (!host) | ||||
|  		usage(); | ||||
|   | ||||
| @ -87,9 +87,9 @@ diff -up openssh-5.2p1/ssh.c.fips openssh-5.2p1/ssh.c | ||||
|   | ||||
|  	/* Initialize the command to execute on remote host. */ | ||||
| diff -up openssh-5.2p1/sshconnect2.c.fips openssh-5.2p1/sshconnect2.c
 | ||||
| --- openssh-5.2p1/sshconnect2.c.fips	2009-02-11 19:01:26.000000000 +0100
 | ||||
| +++ openssh-5.2p1/sshconnect2.c	2009-02-11 19:01:26.000000000 +0100
 | ||||
| @@ -43,6 +43,8 @@
 | ||||
| --- openssh-5.2p1/sshconnect2.c.fips	2009-03-13 11:23:15.000000000 +0100
 | ||||
| +++ openssh-5.2p1/sshconnect2.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -44,6 +44,8 @@
 | ||||
|  #include <vis.h> | ||||
|  #endif | ||||
|   | ||||
| @ -98,7 +98,7 @@ diff -up openssh-5.2p1/sshconnect2.c.fips openssh-5.2p1/sshconnect2.c | ||||
|  #include "openbsd-compat/sys-queue.h" | ||||
|   | ||||
|  #include "xmalloc.h" | ||||
| @@ -113,6 +115,10 @@ ssh_kex2(char *host, struct sockaddr *ho
 | ||||
| @@ -115,6 +117,10 @@ ssh_kex2(char *host, struct sockaddr *ho
 | ||||
|  	if (options.ciphers != NULL) { | ||||
|  		myproposal[PROPOSAL_ENC_ALGS_CTOS] = | ||||
|  		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; | ||||
| @ -109,7 +109,7 @@ diff -up openssh-5.2p1/sshconnect2.c.fips openssh-5.2p1/sshconnect2.c | ||||
|  	} | ||||
|  	myproposal[PROPOSAL_ENC_ALGS_CTOS] = | ||||
|  	    compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); | ||||
| @@ -128,7 +134,11 @@ ssh_kex2(char *host, struct sockaddr *ho
 | ||||
| @@ -130,7 +136,11 @@ ssh_kex2(char *host, struct sockaddr *ho
 | ||||
|  	if (options.macs != NULL) { | ||||
|  		myproposal[PROPOSAL_MAC_ALGS_CTOS] = | ||||
|  		myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; | ||||
| @ -121,7 +121,7 @@ diff -up openssh-5.2p1/sshconnect2.c.fips openssh-5.2p1/sshconnect2.c | ||||
|  	if (options.hostkeyalgorithms != NULL) | ||||
|  		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = | ||||
|  		    options.hostkeyalgorithms; | ||||
| @@ -478,8 +488,8 @@ input_userauth_pk_ok(int type, u_int32_t
 | ||||
| @@ -507,8 +517,8 @@ input_userauth_pk_ok(int type, u_int32_t
 | ||||
|  		    key->type, pktype); | ||||
|  		goto done; | ||||
|  	} | ||||
| @ -133,8 +133,8 @@ diff -up openssh-5.2p1/sshconnect2.c.fips openssh-5.2p1/sshconnect2.c | ||||
|   | ||||
|  	/* | ||||
| diff -up openssh-5.2p1/Makefile.in.fips openssh-5.2p1/Makefile.in
 | ||||
| --- openssh-5.2p1/Makefile.in.fips	2009-02-11 19:01:26.000000000 +0100
 | ||||
| +++ openssh-5.2p1/Makefile.in	2009-02-12 14:06:25.000000000 +0100
 | ||||
| --- openssh-5.2p1/Makefile.in.fips	2009-03-13 11:23:15.000000000 +0100
 | ||||
| +++ openssh-5.2p1/Makefile.in	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -134,28 +134,28 @@ libssh.a: $(LIBSSH_OBJS)
 | ||||
|  	$(RANLIB) $@ | ||||
|   | ||||
| @ -172,8 +172,8 @@ diff -up openssh-5.2p1/Makefile.in.fips openssh-5.2p1/Makefile.in | ||||
|  sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o | ||||
|  	$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | ||||
| diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c
 | ||||
| --- openssh-5.2p1/sshd.c.fips	2009-02-11 19:01:25.000000000 +0100
 | ||||
| +++ openssh-5.2p1/sshd.c	2009-02-12 13:51:51.000000000 +0100
 | ||||
| --- openssh-5.2p1/sshd.c.fips	2009-03-13 11:23:15.000000000 +0100
 | ||||
| +++ openssh-5.2p1/sshd.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -76,6 +76,8 @@
 | ||||
|  #include <openssl/bn.h> | ||||
|  #include <openssl/md5.h> | ||||
| @ -183,7 +183,7 @@ diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c | ||||
|  #include "openbsd-compat/openssl-compat.h" | ||||
|   | ||||
|  #ifdef HAVE_SECUREWARE | ||||
| @@ -1261,6 +1263,12 @@ main(int ac, char **av)
 | ||||
| @@ -1260,6 +1262,12 @@ main(int ac, char **av)
 | ||||
|  	(void)set_auth_parameters(ac, av); | ||||
|  #endif | ||||
|  	__progname = ssh_get_progname(av[0]); | ||||
| @ -196,7 +196,7 @@ diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c | ||||
|  	init_rng(); | ||||
|   | ||||
|  	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ | ||||
| @@ -1413,8 +1421,6 @@ main(int ac, char **av)
 | ||||
| @@ -1412,8 +1420,6 @@ main(int ac, char **av)
 | ||||
|  	else | ||||
|  		closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); | ||||
|   | ||||
| @ -205,7 +205,7 @@ diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c | ||||
|  	/* | ||||
|  	 * Force logging to stderr until we have loaded the private host | ||||
|  	 * key (unless started from inetd) | ||||
| @@ -2183,6 +2189,9 @@ do_ssh2_kex(void)
 | ||||
| @@ -2182,6 +2188,9 @@ do_ssh2_kex(void)
 | ||||
|  	if (options.ciphers != NULL) { | ||||
|  		myproposal[PROPOSAL_ENC_ALGS_CTOS] = | ||||
|  		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; | ||||
| @ -215,7 +215,7 @@ diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c | ||||
|  	} | ||||
|  	myproposal[PROPOSAL_ENC_ALGS_CTOS] = | ||||
|  	    compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); | ||||
| @@ -2192,6 +2201,9 @@ do_ssh2_kex(void)
 | ||||
| @@ -2191,6 +2200,9 @@ do_ssh2_kex(void)
 | ||||
|  	if (options.macs != NULL) { | ||||
|  		myproposal[PROPOSAL_MAC_ALGS_CTOS] = | ||||
|  		myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; | ||||
| @ -227,7 +227,7 @@ diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c | ||||
|  		myproposal[PROPOSAL_COMP_ALGS_CTOS] = | ||||
| diff -up openssh-5.2p1/mac.c.fips openssh-5.2p1/mac.c
 | ||||
| --- openssh-5.2p1/mac.c.fips	2008-06-13 02:58:50.000000000 +0200
 | ||||
| +++ openssh-5.2p1/mac.c	2009-02-11 19:01:26.000000000 +0100
 | ||||
| +++ openssh-5.2p1/mac.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -28,6 +28,7 @@
 | ||||
|  #include <sys/types.h> | ||||
|   | ||||
| @ -278,8 +278,8 @@ diff -up openssh-5.2p1/mac.c.fips openssh-5.2p1/mac.c | ||||
|  	for (i = 0; macs[i].name; i++) { | ||||
|  		if (strcmp(name, macs[i].name) == 0) { | ||||
| diff -up openssh-5.2p1/ssh-keygen.c.fips openssh-5.2p1/ssh-keygen.c
 | ||||
| --- openssh-5.2p1/ssh-keygen.c.fips	2009-02-11 19:01:26.000000000 +0100
 | ||||
| +++ openssh-5.2p1/ssh-keygen.c	2009-02-12 13:46:00.000000000 +0100
 | ||||
| --- openssh-5.2p1/ssh-keygen.c.fips	2009-03-13 11:23:15.000000000 +0100
 | ||||
| +++ openssh-5.2p1/ssh-keygen.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -21,6 +21,8 @@
 | ||||
|   | ||||
|  #include <openssl/evp.h> | ||||
| @ -332,8 +332,8 @@ diff -up openssh-5.2p1/ssh-keygen.c.fips openssh-5.2p1/ssh-keygen.c | ||||
|  		xfree(ra); | ||||
|  		xfree(fp); | ||||
| diff -up openssh-5.2p1/nsskeys.c.fips openssh-5.2p1/nsskeys.c
 | ||||
| --- openssh-5.2p1/nsskeys.c.fips	2009-02-11 19:01:26.000000000 +0100
 | ||||
| +++ openssh-5.2p1/nsskeys.c	2009-02-11 19:01:26.000000000 +0100
 | ||||
| --- openssh-5.2p1/nsskeys.c.fips	2009-03-13 11:23:15.000000000 +0100
 | ||||
| +++ openssh-5.2p1/nsskeys.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -183,8 +183,8 @@ nss_convert_pubkey(Key *k)
 | ||||
|  			break; | ||||
|  	} | ||||
| @ -346,8 +346,8 @@ diff -up openssh-5.2p1/nsskeys.c.fips openssh-5.2p1/nsskeys.c | ||||
|   | ||||
|  	return 0; | ||||
| diff -up openssh-5.2p1/ssh-add.c.fips openssh-5.2p1/ssh-add.c
 | ||||
| --- openssh-5.2p1/ssh-add.c.fips	2009-02-11 19:01:26.000000000 +0100
 | ||||
| +++ openssh-5.2p1/ssh-add.c	2009-02-12 13:46:31.000000000 +0100
 | ||||
| --- openssh-5.2p1/ssh-add.c.fips	2009-03-13 11:23:15.000000000 +0100
 | ||||
| +++ openssh-5.2p1/ssh-add.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -42,6 +42,8 @@
 | ||||
|  #include <sys/param.h> | ||||
|   | ||||
| @ -387,7 +387,7 @@ diff -up openssh-5.2p1/ssh-add.c.fips openssh-5.2p1/ssh-add.c | ||||
|  	if (ac == NULL) { | ||||
| diff -up openssh-5.2p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.2p1/openbsd-compat/bsd-arc4random.c
 | ||||
| --- openssh-5.2p1/openbsd-compat/bsd-arc4random.c.fips	2008-06-04 02:54:00.000000000 +0200
 | ||||
| +++ openssh-5.2p1/openbsd-compat/bsd-arc4random.c	2009-02-11 19:01:26.000000000 +0100
 | ||||
| +++ openssh-5.2p1/openbsd-compat/bsd-arc4random.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -39,6 +39,7 @@
 | ||||
|  static int rc4_ready = 0; | ||||
|  static RC4_KEY rc4; | ||||
| @ -430,14 +430,15 @@ diff -up openssh-5.2p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.2p1/openbs | ||||
|   | ||||
|  #ifndef ARC4RANDOM_BUF | ||||
| diff -up openssh-5.2p1/myproposal.h.fips openssh-5.2p1/myproposal.h
 | ||||
| --- openssh-5.2p1/myproposal.h.fips	2007-06-11 06:01:42.000000000 +0200
 | ||||
| +++ openssh-5.2p1/myproposal.h	2009-02-11 19:01:26.000000000 +0100
 | ||||
| @@ -52,7 +52,11 @@
 | ||||
| --- openssh-5.2p1/myproposal.h.fips	2009-01-28 06:33:31.000000000 +0100
 | ||||
| +++ openssh-5.2p1/myproposal.h	2009-03-13 11:27:49.000000000 +0100
 | ||||
| @@ -53,7 +53,12 @@
 | ||||
|  	"hmac-sha1-96,hmac-md5-96" | ||||
|  #define	KEX_DEFAULT_COMP	"none,zlib@openssh.com,zlib" | ||||
|  #define	KEX_DEFAULT_LANG	"" | ||||
| -
 | ||||
| +#define	KEX_FIPS_ENCRYPT \
 | ||||
| +	"aes128-ctr,aes192-ctr,aes256-ctr," \
 | ||||
| +	"aes128-cbc,3des-cbc," \
 | ||||
| +	"aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se"
 | ||||
| +#define	KEX_FIPS_MAC \
 | ||||
| @ -447,7 +448,7 @@ diff -up openssh-5.2p1/myproposal.h.fips openssh-5.2p1/myproposal.h | ||||
|  	KEX_DEFAULT_KEX, | ||||
| diff -up openssh-5.2p1/ssh-keysign.c.fips openssh-5.2p1/ssh-keysign.c
 | ||||
| --- openssh-5.2p1/ssh-keysign.c.fips	2006-09-01 07:38:37.000000000 +0200
 | ||||
| +++ openssh-5.2p1/ssh-keysign.c	2009-02-12 13:44:41.000000000 +0100
 | ||||
| +++ openssh-5.2p1/ssh-keysign.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -38,6 +38,8 @@
 | ||||
|  #include <openssl/evp.h> | ||||
|  #include <openssl/rand.h> | ||||
| @ -478,8 +479,8 @@ diff -up openssh-5.2p1/ssh-keysign.c.fips openssh-5.2p1/ssh-keysign.c | ||||
|  		rnd[i] = arc4random(); | ||||
|  	RAND_seed(rnd, sizeof(rnd)); | ||||
| diff -up openssh-5.2p1/cipher.c.fips openssh-5.2p1/cipher.c
 | ||||
| --- openssh-5.2p1/cipher.c.fips	2008-07-23 14:03:19.000000000 +0200
 | ||||
| +++ openssh-5.2p1/cipher.c	2009-02-11 19:01:26.000000000 +0100
 | ||||
| --- openssh-5.2p1/cipher.c.fips	2009-03-06 18:23:21.000000000 +0100
 | ||||
| +++ openssh-5.2p1/cipher.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -40,6 +40,7 @@
 | ||||
|  #include <sys/types.h> | ||||
|   | ||||
| @ -488,7 +489,7 @@ diff -up openssh-5.2p1/cipher.c.fips openssh-5.2p1/cipher.c | ||||
|   | ||||
|  #include <string.h> | ||||
|  #include <stdarg.h> | ||||
| @@ -91,6 +92,22 @@ struct Cipher {
 | ||||
| @@ -93,6 +94,22 @@ struct Cipher {
 | ||||
|  	{ NULL,			SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL } | ||||
|  }; | ||||
|   | ||||
| @ -511,7 +512,7 @@ diff -up openssh-5.2p1/cipher.c.fips openssh-5.2p1/cipher.c | ||||
|  /*--*/ | ||||
|   | ||||
|  u_int | ||||
| @@ -133,7 +150,7 @@ Cipher *
 | ||||
| @@ -135,7 +152,7 @@ Cipher *
 | ||||
|  cipher_by_name(const char *name) | ||||
|  { | ||||
|  	Cipher *c; | ||||
| @ -520,7 +521,7 @@ diff -up openssh-5.2p1/cipher.c.fips openssh-5.2p1/cipher.c | ||||
|  		if (strcmp(c->name, name) == 0) | ||||
|  			return c; | ||||
|  	return NULL; | ||||
| @@ -143,7 +160,7 @@ Cipher *
 | ||||
| @@ -145,7 +162,7 @@ Cipher *
 | ||||
|  cipher_by_number(int id) | ||||
|  { | ||||
|  	Cipher *c; | ||||
| @ -529,7 +530,7 @@ diff -up openssh-5.2p1/cipher.c.fips openssh-5.2p1/cipher.c | ||||
|  		if (c->number == id) | ||||
|  			return c; | ||||
|  	return NULL; | ||||
| @@ -187,7 +204,7 @@ cipher_number(const char *name)
 | ||||
| @@ -189,7 +206,7 @@ cipher_number(const char *name)
 | ||||
|  	Cipher *c; | ||||
|  	if (name == NULL) | ||||
|  		return -1; | ||||
| @ -539,8 +540,8 @@ diff -up openssh-5.2p1/cipher.c.fips openssh-5.2p1/cipher.c | ||||
|  			return c->number; | ||||
|  	return -1; | ||||
| diff -up openssh-5.2p1/ssh-keyscan.c.fips openssh-5.2p1/ssh-keyscan.c
 | ||||
| --- openssh-5.2p1/ssh-keyscan.c.fips	2008-07-04 15:10:49.000000000 +0200
 | ||||
| +++ openssh-5.2p1/ssh-keyscan.c	2009-02-12 13:44:21.000000000 +0100
 | ||||
| --- openssh-5.2p1/ssh-keyscan.c.fips	2009-01-28 06:31:23.000000000 +0100
 | ||||
| +++ openssh-5.2p1/ssh-keyscan.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -19,6 +19,8 @@
 | ||||
|  #include <arpa/inet.h> | ||||
|   | ||||
| @ -550,7 +551,7 @@ diff -up openssh-5.2p1/ssh-keyscan.c.fips openssh-5.2p1/ssh-keyscan.c | ||||
|   | ||||
|  #include <netdb.h> | ||||
|  #include <errno.h> | ||||
| @@ -730,6 +732,13 @@ main(int argc, char **argv)
 | ||||
| @@ -731,6 +733,13 @@ main(int argc, char **argv)
 | ||||
|  	extern char *optarg; | ||||
|   | ||||
|  	__progname = ssh_get_progname(argv[0]); | ||||
| @ -565,8 +566,8 @@ diff -up openssh-5.2p1/ssh-keyscan.c.fips openssh-5.2p1/ssh-keyscan.c | ||||
|  	seed_rng(); | ||||
|  	TAILQ_INIT(&tq); | ||||
| diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c
 | ||||
| --- openssh-5.2p1/sshconnect.c.fips	2009-02-11 19:01:26.000000000 +0100
 | ||||
| +++ openssh-5.2p1/sshconnect.c	2009-02-11 19:01:26.000000000 +0100
 | ||||
| --- openssh-5.2p1/sshconnect.c.fips	2009-03-13 11:23:15.000000000 +0100
 | ||||
| +++ openssh-5.2p1/sshconnect.c	2009-03-13 11:23:15.000000000 +0100
 | ||||
| @@ -40,6 +40,8 @@
 | ||||
|  #include <unistd.h> | ||||
|  #include <fcntl.h> | ||||
| @ -576,7 +577,7 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c | ||||
|  #include "xmalloc.h" | ||||
|  #include "key.h" | ||||
|  #include "hostfile.h" | ||||
| @@ -765,6 +767,7 @@ check_host_key(char *hostname, struct so
 | ||||
| @@ -761,6 +763,7 @@ check_host_key(char *hostname, struct so
 | ||||
|  			goto fail; | ||||
|  		} else if (options.strict_host_key_checking == 2) { | ||||
|  			char msg1[1024], msg2[1024]; | ||||
| @ -584,7 +585,7 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c | ||||
|   | ||||
|  			if (show_other_keys(host, host_key)) | ||||
|  				snprintf(msg1, sizeof(msg1), | ||||
| @@ -773,8 +776,8 @@ check_host_key(char *hostname, struct so
 | ||||
| @@ -769,8 +772,8 @@ check_host_key(char *hostname, struct so
 | ||||
|  			else | ||||
|  				snprintf(msg1, sizeof(msg1), "."); | ||||
|  			/* The default */ | ||||
| @ -595,7 +596,7 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c | ||||
|  			    SSH_FP_RANDOMART); | ||||
|  			msg2[0] = '\0'; | ||||
|  			if (options.verify_host_key_dns) { | ||||
| @@ -790,10 +793,10 @@ check_host_key(char *hostname, struct so
 | ||||
| @@ -786,10 +789,10 @@ check_host_key(char *hostname, struct so
 | ||||
|  			snprintf(msg, sizeof(msg), | ||||
|  			    "The authenticity of host '%.200s (%s)' can't be " | ||||
|  			    "established%s\n" | ||||
| @ -608,7 +609,7 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c | ||||
|  			    options.visual_host_key ? "\n" : "", | ||||
|  			    options.visual_host_key ? ra : "", | ||||
|  			    msg2); | ||||
| @@ -1081,17 +1084,18 @@ show_key_from_file(const char *file, con
 | ||||
| @@ -1077,17 +1080,18 @@ show_key_from_file(const char *file, con
 | ||||
|  	Key *found; | ||||
|  	char *fp, *ra; | ||||
|  	int line, ret; | ||||
| @ -631,7 +632,7 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c | ||||
|  		xfree(ra); | ||||
|  		xfree(fp); | ||||
|  	} | ||||
| @@ -1137,8 +1141,9 @@ warn_changed_key(Key *host_key)
 | ||||
| @@ -1133,8 +1137,9 @@ warn_changed_key(Key *host_key)
 | ||||
|  { | ||||
|  	char *fp; | ||||
|  	const char *type = key_type(host_key); | ||||
| @ -642,7 +643,7 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c | ||||
|   | ||||
|  	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | ||||
|  	error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @"); | ||||
| @@ -1146,8 +1151,8 @@ warn_changed_key(Key *host_key)
 | ||||
| @@ -1142,8 +1147,8 @@ warn_changed_key(Key *host_key)
 | ||||
|  	error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); | ||||
|  	error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); | ||||
|  	error("It is also possible that the %s host key has just been changed.", type); | ||||
|  | ||||
| @ -63,7 +63,7 @@ | ||||
| Summary: An open source implementation of SSH protocol versions 1 and 2 | ||||
| Name: openssh | ||||
| Version: 5.2p1 | ||||
| Release: 1%{?dist}%{?rescue_rel} | ||||
| Release: 2%{?dist}%{?rescue_rel} | ||||
| URL: http://www.openssh.com/portable.html | ||||
| #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz | ||||
| #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc | ||||
| @ -472,7 +472,10 @@ fi | ||||
| %endif | ||||
| 
 | ||||
| %changelog | ||||
| * Thu Mar  9 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-1 | ||||
| * Fri Mar 13 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-2 | ||||
| - add AES-CTR ciphers to the FIPS mode proposal | ||||
| 
 | ||||
| * Mon Mar  9 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-1 | ||||
| - upgrade to new upstream release | ||||
| 
 | ||||
| * Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.1p1-8 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user