forked from rpms/openssh
resolve warnings in port_linux.c
This commit is contained in:
parent
1f6bdc75f1
commit
8ecc9b0555
@ -1,7 +1,15 @@
|
||||
diff -up openssh-5.8p1/entropy.c.entropy openssh-5.8p1/entropy.c
|
||||
--- openssh-5.8p1/entropy.c.entropy 2011-01-13 11:05:29.000000000 +0100
|
||||
+++ openssh-5.8p1/entropy.c 2011-03-28 16:22:37.422648742 +0200
|
||||
@@ -144,6 +144,9 @@ seed_rng(void)
|
||||
+++ openssh-5.8p1/entropy.c 2011-04-01 10:23:58.318648953 +0200
|
||||
@@ -50,6 +50,7 @@
|
||||
#include "pathnames.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
+#include "openbsd-compat/port-linux.h"
|
||||
|
||||
/*
|
||||
* Portable OpenSSH PRNG seeding:
|
||||
@@ -144,6 +145,9 @@ seed_rng(void)
|
||||
memset(buf, '\0', sizeof(buf));
|
||||
|
||||
#endif /* OPENSSL_PRNG_ONLY */
|
||||
@ -13,7 +21,7 @@ diff -up openssh-5.8p1/entropy.c.entropy openssh-5.8p1/entropy.c
|
||||
}
|
||||
diff -up openssh-5.8p1/openbsd-compat/Makefile.in.entropy openssh-5.8p1/openbsd-compat/Makefile.in
|
||||
--- openssh-5.8p1/openbsd-compat/Makefile.in.entropy 2010-10-07 13:19:24.000000000 +0200
|
||||
+++ openssh-5.8p1/openbsd-compat/Makefile.in 2011-03-28 16:22:37.484648793 +0200
|
||||
+++ openssh-5.8p1/openbsd-compat/Makefile.in 2011-04-01 10:21:38.251648364 +0200
|
||||
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport
|
||||
|
||||
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
|
||||
@ -23,10 +31,22 @@ diff -up openssh-5.8p1/openbsd-compat/Makefile.in.entropy openssh-5.8p1/openbsd-
|
||||
|
||||
.c.o:
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
|
||||
diff -up openssh-5.8p1/openbsd-compat/port-linux.h.entropy openssh-5.8p1/openbsd-compat/port-linux.h
|
||||
--- openssh-5.8p1/openbsd-compat/port-linux.h.entropy 2011-04-01 10:22:10.165648950 +0200
|
||||
+++ openssh-5.8p1/openbsd-compat/port-linux.h 2011-04-01 10:22:36.965648719 +0200
|
||||
@@ -19,6 +19,8 @@
|
||||
#ifndef _PORT_LINUX_H
|
||||
#define _PORT_LINUX_H
|
||||
|
||||
+void linux_seed(void);
|
||||
+
|
||||
#ifdef WITH_SELINUX
|
||||
int ssh_selinux_enabled(void);
|
||||
void ssh_selinux_setup_pty(char *, const char *);
|
||||
diff -up openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy openssh-5.8p1/openbsd-compat/port-linux-prng.c
|
||||
--- openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy 2011-03-28 16:22:37.508648739 +0200
|
||||
+++ openssh-5.8p1/openbsd-compat/port-linux-prng.c 2011-03-28 16:22:37.520650578 +0200
|
||||
@@ -0,0 +1,55 @@
|
||||
--- openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy 2011-04-01 10:21:38.302648133 +0200
|
||||
+++ openssh-5.8p1/openbsd-compat/port-linux-prng.c 2011-04-01 10:21:38.311648282 +0200
|
||||
@@ -0,0 +1,56 @@
|
||||
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
|
||||
+
|
||||
+/*
|
||||
@ -55,6 +75,7 @@ diff -up openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy openssh-5.8p1/op
|
||||
+#include <stdarg.h>
|
||||
+#include <string.h>
|
||||
+#include <stdio.h>
|
||||
+#include <openssl/rand.h>
|
||||
+
|
||||
+#include "log.h"
|
||||
+#include "xmalloc.h"
|
||||
@ -84,7 +105,7 @@ diff -up openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy openssh-5.8p1/op
|
||||
+}
|
||||
diff -up openssh-5.8p1/ssh.1.entropy openssh-5.8p1/ssh.1
|
||||
--- openssh-5.8p1/ssh.1.entropy 2010-11-20 05:21:03.000000000 +0100
|
||||
+++ openssh-5.8p1/ssh.1 2011-03-28 16:22:37.621648461 +0200
|
||||
+++ openssh-5.8p1/ssh.1 2011-04-01 10:21:38.352648197 +0200
|
||||
@@ -1250,6 +1250,15 @@ For more information, see the
|
||||
.Cm PermitUserEnvironment
|
||||
option in
|
||||
@ -103,7 +124,7 @@ diff -up openssh-5.8p1/ssh.1.entropy openssh-5.8p1/ssh.1
|
||||
.It Pa ~/.rhosts
|
||||
diff -up openssh-5.8p1/ssh-add.1.entropy openssh-5.8p1/ssh-add.1
|
||||
--- openssh-5.8p1/ssh-add.1.entropy 2010-11-05 00:20:14.000000000 +0100
|
||||
+++ openssh-5.8p1/ssh-add.1 2011-03-28 16:22:37.674648474 +0200
|
||||
+++ openssh-5.8p1/ssh-add.1 2011-04-01 10:21:38.416648713 +0200
|
||||
@@ -157,6 +157,15 @@ to make this work.)
|
||||
Identifies the path of a
|
||||
.Ux Ns -domain
|
||||
@ -122,7 +143,7 @@ diff -up openssh-5.8p1/ssh-add.1.entropy openssh-5.8p1/ssh-add.1
|
||||
.Bl -tag -width Ds
|
||||
diff -up openssh-5.8p1/ssh-agent.1.entropy openssh-5.8p1/ssh-agent.1
|
||||
--- openssh-5.8p1/ssh-agent.1.entropy 2010-12-01 01:50:35.000000000 +0100
|
||||
+++ openssh-5.8p1/ssh-agent.1 2011-03-28 16:22:37.729648529 +0200
|
||||
+++ openssh-5.8p1/ssh-agent.1 2011-04-01 10:21:38.459648714 +0200
|
||||
@@ -198,6 +198,18 @@ sockets used to contain the connection t
|
||||
These sockets should only be readable by the owner.
|
||||
The sockets should get automatically removed when the agent exits.
|
||||
@ -144,7 +165,7 @@ diff -up openssh-5.8p1/ssh-agent.1.entropy openssh-5.8p1/ssh-agent.1
|
||||
.Xr ssh-add 1 ,
|
||||
diff -up openssh-5.8p1/sshd.8.entropy openssh-5.8p1/sshd.8
|
||||
--- openssh-5.8p1/sshd.8.entropy 2010-11-05 00:20:14.000000000 +0100
|
||||
+++ openssh-5.8p1/sshd.8 2011-03-28 16:22:37.789648521 +0200
|
||||
+++ openssh-5.8p1/sshd.8 2011-04-01 10:21:38.505648778 +0200
|
||||
@@ -937,6 +937,18 @@ concurrently for different ports, this c
|
||||
started last).
|
||||
The content of this file is not sensitive; it can be world-readable.
|
||||
@ -166,7 +187,7 @@ diff -up openssh-5.8p1/sshd.8.entropy openssh-5.8p1/sshd.8
|
||||
.Xr sftp 1 ,
|
||||
diff -up openssh-5.8p1/ssh-keygen.1.entropy openssh-5.8p1/ssh-keygen.1
|
||||
--- openssh-5.8p1/ssh-keygen.1.entropy 2010-11-05 00:20:14.000000000 +0100
|
||||
+++ openssh-5.8p1/ssh-keygen.1 2011-03-28 16:22:37.845648487 +0200
|
||||
+++ openssh-5.8p1/ssh-keygen.1 2011-04-01 10:21:38.554648691 +0200
|
||||
@@ -655,6 +655,18 @@ Contains Diffie-Hellman groups used for
|
||||
The file format is described in
|
||||
.Xr moduli 5 .
|
||||
@ -188,7 +209,7 @@ diff -up openssh-5.8p1/ssh-keygen.1.entropy openssh-5.8p1/ssh-keygen.1
|
||||
.Xr ssh-add 1 ,
|
||||
diff -up openssh-5.8p1/ssh-keysign.8.entropy openssh-5.8p1/ssh-keysign.8
|
||||
--- openssh-5.8p1/ssh-keysign.8.entropy 2010-08-31 14:41:14.000000000 +0200
|
||||
+++ openssh-5.8p1/ssh-keysign.8 2011-03-28 16:22:37.900648475 +0200
|
||||
+++ openssh-5.8p1/ssh-keysign.8 2011-04-01 10:21:38.606648660 +0200
|
||||
@@ -78,6 +78,18 @@ must be set-uid root if host-based authe
|
||||
If these files exist they are assumed to contain public certificate
|
||||
information corresponding with the private keys above.
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c
|
||||
--- openssh-5.8p1/authfile.c.fips 2010-12-01 02:03:39.000000000 +0100
|
||||
+++ openssh-5.8p1/authfile.c 2011-02-25 09:23:19.000000000 +0100
|
||||
+++ openssh-5.8p1/authfile.c 2011-04-01 09:34:12.136698711 +0200
|
||||
@@ -145,8 +145,14 @@ key_private_rsa1_to_blob(Key *key, Buffe
|
||||
/* Allocate space for the private part of the key in the buffer. */
|
||||
cp = buffer_append_space(&encrypted, buffer_len(&buffer));
|
||||
@ -35,8 +35,8 @@ diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c
|
||||
buffer_ptr(blob), buffer_len(blob));
|
||||
cipher_cleanup(&ciphercontext);
|
||||
diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c
|
||||
--- openssh-5.8p1/cipher.c.fips 2011-02-25 09:23:18.000000000 +0100
|
||||
+++ openssh-5.8p1/cipher.c 2011-02-25 09:23:19.000000000 +0100
|
||||
--- openssh-5.8p1/cipher.c.fips 2011-04-01 09:34:05.444648701 +0200
|
||||
+++ openssh-5.8p1/cipher.c 2011-04-01 09:34:12.184648648 +0200
|
||||
@@ -40,6 +40,7 @@
|
||||
#include <sys/types.h>
|
||||
|
||||
@ -123,7 +123,7 @@ diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c
|
||||
/*
|
||||
diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c
|
||||
--- openssh-5.8p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200
|
||||
+++ openssh-5.8p1/cipher-ctr.c 2011-02-25 09:23:19.000000000 +0100
|
||||
+++ openssh-5.8p1/cipher-ctr.c 2011-04-01 09:34:12.228648747 +0200
|
||||
@@ -140,7 +140,8 @@ evp_aes_128_ctr(void)
|
||||
aes_ctr.do_cipher = ssh_aes_ctr;
|
||||
#ifndef SSH_OLD_EVP
|
||||
@ -135,8 +135,8 @@ diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c
|
||||
return (&aes_ctr);
|
||||
}
|
||||
diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h
|
||||
--- openssh-5.8p1/cipher.h.fips 2011-02-25 09:23:18.000000000 +0100
|
||||
+++ openssh-5.8p1/cipher.h 2011-02-25 09:23:19.000000000 +0100
|
||||
--- openssh-5.8p1/cipher.h.fips 2011-04-01 09:34:05.488648661 +0200
|
||||
+++ openssh-5.8p1/cipher.h 2011-04-01 09:34:12.270648743 +0200
|
||||
@@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe
|
||||
const u_char *, u_int, int);
|
||||
void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
|
||||
@ -147,8 +147,8 @@ diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h
|
||||
u_int cipher_keylen(const Cipher *);
|
||||
u_int cipher_is_cbc(const Cipher *);
|
||||
diff -up openssh-5.8p1/key.c.fips openssh-5.8p1/key.c
|
||||
--- openssh-5.8p1/key.c.fips 2011-02-25 09:23:19.000000000 +0100
|
||||
+++ openssh-5.8p1/key.c 2011-02-25 09:24:35.000000000 +0100
|
||||
--- openssh-5.8p1/key.c.fips 2011-04-01 09:34:07.105648513 +0200
|
||||
+++ openssh-5.8p1/key.c 2011-04-01 09:34:12.329648473 +0200
|
||||
@@ -40,6 +40,7 @@
|
||||
#include <sys/types.h>
|
||||
|
||||
@ -175,8 +175,8 @@ diff -up openssh-5.8p1/key.c.fips openssh-5.8p1/key.c
|
||||
}
|
||||
return rv;
|
||||
diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c
|
||||
--- openssh-5.8p1/mac.c.fips 2011-02-25 09:23:18.000000000 +0100
|
||||
+++ openssh-5.8p1/mac.c 2011-02-25 09:23:19.000000000 +0100
|
||||
--- openssh-5.8p1/mac.c.fips 2011-04-01 09:34:06.204648928 +0200
|
||||
+++ openssh-5.8p1/mac.c 2011-04-01 09:34:12.379648663 +0200
|
||||
@@ -28,6 +28,7 @@
|
||||
#include <sys/types.h>
|
||||
|
||||
@ -227,9 +227,9 @@ diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c
|
||||
for (i = 0; macs[i].name; i++) {
|
||||
if (strcmp(name, macs[i].name) == 0) {
|
||||
diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in
|
||||
--- openssh-5.8p1/Makefile.in.fips 2011-02-25 09:23:19.000000000 +0100
|
||||
+++ openssh-5.8p1/Makefile.in 2011-02-25 09:23:19.000000000 +0100
|
||||
@@ -145,25 +145,25 @@ libssh.a: $(LIBSSH_OBJS)
|
||||
--- openssh-5.8p1/Makefile.in.fips 2011-04-01 09:34:09.725648593 +0200
|
||||
+++ openssh-5.8p1/Makefile.in 2011-04-01 09:34:12.422658984 +0200
|
||||
@@ -146,25 +146,25 @@ libssh.a: $(LIBSSH_OBJS)
|
||||
$(RANLIB) $@
|
||||
|
||||
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
||||
@ -261,7 +261,7 @@ diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in
|
||||
|
||||
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
|
||||
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
@@ -172,7 +172,7 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
|
||||
@@ -173,7 +173,7 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
|
||||
$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
|
||||
|
||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
||||
@ -272,7 +272,7 @@ diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in
|
||||
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h
|
||||
--- openssh-5.8p1/myproposal.h.fips 2011-01-13 12:00:22.000000000 +0100
|
||||
+++ openssh-5.8p1/myproposal.h 2011-02-25 09:23:19.000000000 +0100
|
||||
+++ openssh-5.8p1/myproposal.h 2011-04-01 09:34:12.583648839 +0200
|
||||
@@ -81,7 +81,12 @@
|
||||
"hmac-sha1-96,hmac-md5-96"
|
||||
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
|
||||
@ -289,51 +289,65 @@ diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h
|
||||
KEX_DEFAULT_KEX,
|
||||
diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbsd-compat/bsd-arc4random.c
|
||||
--- openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100
|
||||
+++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-02-25 09:23:19.000000000 +0100
|
||||
@@ -39,6 +39,7 @@
|
||||
static int rc4_ready = 0;
|
||||
static RC4_KEY rc4;
|
||||
+++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-04-01 09:36:17.282648749 +0200
|
||||
@@ -37,25 +37,18 @@
|
||||
#define REKEY_BYTES (1 << 24)
|
||||
|
||||
static int rc4_ready = 0;
|
||||
-static RC4_KEY rc4;
|
||||
|
||||
+#if 0
|
||||
unsigned int
|
||||
arc4random(void)
|
||||
{
|
||||
@@ -82,6 +83,32 @@ arc4random_stir(void)
|
||||
|
||||
rc4_ready = REKEY_BYTES;
|
||||
}
|
||||
+#else
|
||||
+unsigned int
|
||||
+arc4random(void)
|
||||
+{
|
||||
+ unsigned int r = 0;
|
||||
unsigned int r = 0;
|
||||
- static int first_time = 1;
|
||||
+ void *rp = &r;
|
||||
+
|
||||
|
||||
- if (rc4_ready <= 0) {
|
||||
- if (first_time)
|
||||
- seed_rng();
|
||||
- first_time = 0;
|
||||
+ if (!rc4_ready) {
|
||||
+ arc4random_stir();
|
||||
+ }
|
||||
arc4random_stir();
|
||||
}
|
||||
+ RAND_bytes(rp, sizeof(r));
|
||||
+
|
||||
+ return(r);
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+arc4random_stir(void)
|
||||
+{
|
||||
+ unsigned char rand_buf[SEED_SIZE];
|
||||
+
|
||||
+ if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
|
||||
+ fatal("Couldn't obtain random bytes (error %ld)",
|
||||
+ ERR_get_error());
|
||||
|
||||
- RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
|
||||
-
|
||||
- rc4_ready -= sizeof(r);
|
||||
-
|
||||
return(r);
|
||||
}
|
||||
|
||||
@@ -63,24 +56,11 @@ void
|
||||
arc4random_stir(void)
|
||||
{
|
||||
unsigned char rand_buf[SEED_SIZE];
|
||||
- int i;
|
||||
|
||||
- memset(&rc4, 0, sizeof(rc4));
|
||||
if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
|
||||
fatal("Couldn't obtain random bytes (error %ld)",
|
||||
ERR_get_error());
|
||||
- RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
|
||||
-
|
||||
- /*
|
||||
- * Discard early keystream, as per recommendations in:
|
||||
- * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
|
||||
- */
|
||||
- for(i = 0; i <= 256; i += sizeof(rand_buf))
|
||||
- RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
|
||||
-
|
||||
- memset(rand_buf, 0, sizeof(rand_buf));
|
||||
-
|
||||
- rc4_ready = REKEY_BYTES;
|
||||
+ rc4_ready = 1;
|
||||
+}
|
||||
+#endif
|
||||
}
|
||||
#endif /* !HAVE_ARC4RANDOM */
|
||||
|
||||
#ifndef HAVE_ARC4RANDOM_BUF
|
||||
diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c
|
||||
--- openssh-5.8p1/ssh.c.fips 2011-02-04 01:42:15.000000000 +0100
|
||||
+++ openssh-5.8p1/ssh.c 2011-02-25 09:23:19.000000000 +0100
|
||||
+++ openssh-5.8p1/ssh.c 2011-04-01 09:34:12.689648154 +0200
|
||||
@@ -73,6 +73,8 @@
|
||||
|
||||
#include <openssl/evp.h>
|
||||
@ -397,8 +411,8 @@ diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c
|
||||
if (ssh_connect(host, &hostaddr, options.port,
|
||||
options.address_family, options.connection_attempts, &timeout_ms,
|
||||
diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c
|
||||
--- openssh-5.8p1/sshconnect2.c.fips 2011-02-25 09:23:18.000000000 +0100
|
||||
+++ openssh-5.8p1/sshconnect2.c 2011-02-25 09:23:19.000000000 +0100
|
||||
--- openssh-5.8p1/sshconnect2.c.fips 2011-04-01 09:34:03.780648205 +0200
|
||||
+++ openssh-5.8p1/sshconnect2.c 2011-04-01 09:34:12.739648223 +0200
|
||||
@@ -44,6 +44,8 @@
|
||||
#include <vis.h>
|
||||
#endif
|
||||
@ -432,8 +446,8 @@ diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c
|
||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
|
||||
options.hostkeyalgorithms;
|
||||
diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
|
||||
--- openssh-5.8p1/sshd.c.fips 2011-02-25 09:23:19.000000000 +0100
|
||||
+++ openssh-5.8p1/sshd.c 2011-02-25 09:23:19.000000000 +0100
|
||||
--- openssh-5.8p1/sshd.c.fips 2011-04-01 09:34:11.218648712 +0200
|
||||
+++ openssh-5.8p1/sshd.c 2011-04-01 09:34:12.835695243 +0200
|
||||
@@ -76,6 +76,8 @@
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/md5.h>
|
||||
@ -443,7 +457,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
|
||||
#ifdef HAVE_SECUREWARE
|
||||
@@ -1364,6 +1366,12 @@ main(int ac, char **av)
|
||||
@@ -1368,6 +1370,12 @@ main(int ac, char **av)
|
||||
(void)set_auth_parameters(ac, av);
|
||||
#endif
|
||||
__progname = ssh_get_progname(av[0]);
|
||||
@ -456,7 +470,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
|
||||
init_rng();
|
||||
|
||||
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
|
||||
@@ -1525,8 +1533,6 @@ main(int ac, char **av)
|
||||
@@ -1529,8 +1537,6 @@ main(int ac, char **av)
|
||||
else
|
||||
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
|
||||
|
||||
@ -465,7 +479,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
|
||||
/*
|
||||
* Force logging to stderr until we have loaded the private host
|
||||
* key (unless started from inetd)
|
||||
@@ -1645,6 +1651,10 @@ main(int ac, char **av)
|
||||
@@ -1649,6 +1655,10 @@ main(int ac, char **av)
|
||||
debug("private host key: #%d type %d %s", i, key->type,
|
||||
key_type(key));
|
||||
}
|
||||
@ -476,7 +490,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
|
||||
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
|
||||
logit("Disabling protocol version 1. Could not load host key");
|
||||
options.protocol &= ~SSH_PROTO_1;
|
||||
@@ -1809,6 +1819,10 @@ main(int ac, char **av)
|
||||
@@ -1813,6 +1823,10 @@ main(int ac, char **av)
|
||||
/* Initialize the random number generator. */
|
||||
arc4random_stir();
|
||||
|
||||
@ -487,7 +501,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
|
||||
/* Chdir to the root directory so that the current disk can be
|
||||
unmounted if desired. */
|
||||
chdir("/");
|
||||
@@ -2350,6 +2364,9 @@ do_ssh2_kex(void)
|
||||
@@ -2355,6 +2369,9 @@ do_ssh2_kex(void)
|
||||
if (options.ciphers != NULL) {
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
|
||||
@ -497,7 +511,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
|
||||
}
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
|
||||
@@ -2359,6 +2376,9 @@ do_ssh2_kex(void)
|
||||
@@ -2364,6 +2381,9 @@ do_ssh2_kex(void)
|
||||
if (options.macs != NULL) {
|
||||
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||
|
@ -6,7 +6,7 @@ diff -up openssh-5.8p1/session.c.pwchange openssh-5.8p1/session.c
|
||||
fprintf(stderr,
|
||||
"You must change your password now and login again!\n");
|
||||
+#ifdef __linux__
|
||||
+ execl("/bin/sh", "sh", "-c", "passwd", s->pw->pw_name,
|
||||
+ execl("/bin/sh", "sh", "-c", _PATH_PASSWD_PROG, s->pw->pw_name,
|
||||
+ (char *)NULL);
|
||||
+#else
|
||||
#ifdef PASSWD_NEEDS_USERNAME
|
||||
|
@ -7,11 +7,12 @@
|
||||
patch -sp0 << EOF
|
||||
--- cipher.c.orig 2005-07-17 09:02:10.000000000 +0200
|
||||
+++ cipher.c 2005-09-06 14:52:06.000000000 +0200
|
||||
@@ -45,6 +45,8 @@
|
||||
@@ -45,6 +45,9 @@
|
||||
|
||||
/* compatibility with old or broken OpenSSL versions */
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
+#undef USE_CIPHER_ACSS
|
||||
+#undef EVP_acss
|
||||
+#define EVP_acss NULL
|
||||
|
||||
extern const EVP_CIPHER *evp_ssh1_bf(void);
|
||||
|
Loading…
Reference in New Issue
Block a user