forked from rpms/openssh
		
	In FIPS mode do not append bogus comma after the kex list
This commit is contained in:
		
							parent
							
								
									204765aba1
								
							
						
					
					
						commit
						eb751fd1d3
					
				| @ -309,20 +309,20 @@ diff -up openssh-7.4p1/Makefile.in.fips openssh-7.4p1/Makefile.in | ||||
| diff -up openssh-7.4p1/myproposal.h.fips openssh-7.4p1/myproposal.h
 | ||||
| --- openssh-7.4p1/myproposal.h.fips	2016-12-19 05:59:41.000000000 +0100
 | ||||
| +++ openssh-7.4p1/myproposal.h	2016-12-23 16:37:49.300741586 +0100
 | ||||
| @@ -138,6 +138,27 @@
 | ||||
| @@ -138,6 +138,37 @@
 | ||||
|   | ||||
|  #define KEX_CLIENT_MAC KEX_SERVER_MAC | ||||
|   | ||||
| +#define KEX_DEFAULT_KEX_FIPS		\
 | ||||
| +	KEX_ECDH_METHODS \
 | ||||
| +	KEX_SHA2_METHODS \
 | ||||
| +	KEX_SHA2_GROUP14
 | ||||
| +#define	KEX_FIPS_ENCRYPT \
 | ||||
| +	"aes128-ctr,aes192-ctr,aes256-ctr," \
 | ||||
| +	"aes128-cbc,3des-cbc," \
 | ||||
| +	"aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se"
 | ||||
| +#ifdef HAVE_EVP_SHA256
 | ||||
| +#define	KEX_FIPS_MAC \
 | ||||
| +# define KEX_DEFAULT_KEX_FIPS		\
 | ||||
| +	KEX_ECDH_METHODS \
 | ||||
| +	KEX_SHA2_METHODS \
 | ||||
| +	"diffie-hellman-group14-sha256"
 | ||||
| +# define KEX_FIPS_MAC \
 | ||||
| +	"hmac-sha1," \
 | ||||
| +	"hmac-sha2-256," \
 | ||||
| +	"hmac-sha2-512," \
 | ||||
| @ -330,6 +330,16 @@ diff -up openssh-7.4p1/myproposal.h.fips openssh-7.4p1/myproposal.h | ||||
| +	"hmac-sha2-256-etm@openssh.com," \
 | ||||
| +	"hmac-sha2-512-etm@openssh.com"
 | ||||
| +#else
 | ||||
| +# ifdef OPENSSL_HAS_NISTP521
 | ||||
| +#  define KEX_DEFAULT_KEX_FIPS		\
 | ||||
| +	"ecdh-sha2-nistp256," \
 | ||||
| +	"ecdh-sha2-nistp384," \
 | ||||
| +	"ecdh-sha2-nistp521"
 | ||||
| +# else
 | ||||
| +#  define KEX_DEFAULT_KEX_FIPS		\
 | ||||
| +	"ecdh-sha2-nistp256," \
 | ||||
| +	"ecdh-sha2-nistp384"
 | ||||
| +# endif
 | ||||
| +#define        KEX_FIPS_MAC \
 | ||||
| +       "hmac-sha1"
 | ||||
| +#endif
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user