Add missing hostkey certificate algorithms to the FIPS list

This commit is contained in:
Jakub Jelen 2019-07-23 15:35:09 +02:00
parent d19ba936f2
commit 5eb2d51328

View File

@ -174,12 +174,14 @@ diff -up openssh-8.0p1/Makefile.in.fips openssh-8.0p1/Makefile.in
diff -up openssh-8.0p1/myproposal.h.fips openssh-8.0p1/myproposal.h diff -up openssh-8.0p1/myproposal.h.fips openssh-8.0p1/myproposal.h
--- openssh-8.0p1/myproposal.h.fips 2019-04-18 00:52:57.000000000 +0200 --- openssh-8.0p1/myproposal.h.fips 2019-04-18 00:52:57.000000000 +0200
+++ openssh-8.0p1/myproposal.h 2019-07-23 14:55:45.402526411 +0200 +++ openssh-8.0p1/myproposal.h 2019-07-23 14:55:45.402526411 +0200
@@ -111,6 +111,14 @@ @@ -111,6 +111,16 @@
"rsa-sha2-256," \ "rsa-sha2-256," \
"ssh-rsa" "ssh-rsa"
+#define KEX_FIPS_PK_ALG \ +#define KEX_FIPS_PK_ALG \
+ HOSTKEY_ECDSA_CERT_METHODS \ + HOSTKEY_ECDSA_CERT_METHODS \
+ "rsa-sha2-512-cert-v01@openssh.com," \
+ "rsa-sha2-256-cert-v01@openssh.com," \
+ "ssh-rsa-cert-v01@openssh.com," \ + "ssh-rsa-cert-v01@openssh.com," \
+ HOSTKEY_ECDSA_METHODS \ + HOSTKEY_ECDSA_METHODS \
+ "rsa-sha2-512," \ + "rsa-sha2-512," \