In FIPS mode do not append bogus comma after the kex list
This commit is contained in:
parent
204765aba1
commit
eb751fd1d3
@ -309,20 +309,20 @@ diff -up openssh-7.4p1/Makefile.in.fips openssh-7.4p1/Makefile.in
|
||||
diff -up openssh-7.4p1/myproposal.h.fips openssh-7.4p1/myproposal.h
|
||||
--- openssh-7.4p1/myproposal.h.fips 2016-12-19 05:59:41.000000000 +0100
|
||||
+++ openssh-7.4p1/myproposal.h 2016-12-23 16:37:49.300741586 +0100
|
||||
@@ -138,6 +138,27 @@
|
||||
@@ -138,6 +138,37 @@
|
||||
|
||||
#define KEX_CLIENT_MAC KEX_SERVER_MAC
|
||||
|
||||
+#define KEX_DEFAULT_KEX_FIPS \
|
||||
+ KEX_ECDH_METHODS \
|
||||
+ KEX_SHA2_METHODS \
|
||||
+ KEX_SHA2_GROUP14
|
||||
+#define KEX_FIPS_ENCRYPT \
|
||||
+ "aes128-ctr,aes192-ctr,aes256-ctr," \
|
||||
+ "aes128-cbc,3des-cbc," \
|
||||
+ "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se"
|
||||
+#ifdef HAVE_EVP_SHA256
|
||||
+#define KEX_FIPS_MAC \
|
||||
+# define KEX_DEFAULT_KEX_FIPS \
|
||||
+ KEX_ECDH_METHODS \
|
||||
+ KEX_SHA2_METHODS \
|
||||
+ "diffie-hellman-group14-sha256"
|
||||
+# define KEX_FIPS_MAC \
|
||||
+ "hmac-sha1," \
|
||||
+ "hmac-sha2-256," \
|
||||
+ "hmac-sha2-512," \
|
||||
@ -330,6 +330,16 @@ diff -up openssh-7.4p1/myproposal.h.fips openssh-7.4p1/myproposal.h
|
||||
+ "hmac-sha2-256-etm@openssh.com," \
|
||||
+ "hmac-sha2-512-etm@openssh.com"
|
||||
+#else
|
||||
+# ifdef OPENSSL_HAS_NISTP521
|
||||
+# define KEX_DEFAULT_KEX_FIPS \
|
||||
+ "ecdh-sha2-nistp256," \
|
||||
+ "ecdh-sha2-nistp384," \
|
||||
+ "ecdh-sha2-nistp521"
|
||||
+# else
|
||||
+# define KEX_DEFAULT_KEX_FIPS \
|
||||
+ "ecdh-sha2-nistp256," \
|
||||
+ "ecdh-sha2-nistp384"
|
||||
+# endif
|
||||
+#define KEX_FIPS_MAC \
|
||||
+ "hmac-sha1"
|
||||
+#endif
|
||||
|
Loading…
Reference in New Issue
Block a user