rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Fix FIPS mode for DH kex (#1260253)

Browse Source
This commit is contained in:
Jakub Jelen 2015-09-11 11:32:37 +02:00
parent 98262158d8
commit 3e5d955bcb
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
openssh-6.7p1-fips.patch
View File

@ -191,12 +191,9 @@ diff -up openssh-7.0p1/kexgexc.c.fips openssh-7.0p1/kexgexc.c
diff -up openssh-7.0p1/kexgexs.c.fips openssh-7.0p1/kexgexs.c
--- openssh-7.0p1/kexgexs.c.fips 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/kexgexs.c 2015-08-19 12:36:51.151412892 +0200
@@ -81,11 +81,11 @@ input_kex_dh_gex_request(int type, u_int
(r = sshpkt_get_end(ssh)) != 0)
goto out;
@@ -81,9 +81,9 @@ input_kex_dh_gex_request(int type, u_int
kex->nbits = nbits;
- kex->min = min;
+ kex->min = min = FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN;
kex->min = min;
kex->max = max;
- min = MAX(DH_GRP_MIN, min);
+ min = MAX(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, min);