[meta-openssl102-fips] openssh: Fix patch to properly apply on 7.9 version found in warrior

Submitted by Davis, Michael on Jan. 29, 2020, 6:47 p.m. | Patch ID: 169595

Details

Message ID 20200129184751.67966-1-michael.davis@essvote.com
State New
Headers show

Commit Message

Davis, Michael Jan. 29, 2020, 6:47 p.m.
Signed-off-by: Michael Davis <michael.davis@essvote.com>
---
 .../openssh/0001-openssh-8.0p1-fips.patch      | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

Patch hide | download patch | download mbox

diff --git a/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
index 30534c7..5ff4eff 100644
--- a/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
+++ b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
@@ -270,10 +270,10 @@  Index: git/readconf.c
 ===================================================================
 --- git.orig/readconf.c
 +++ git/readconf.c
-@@ -2077,17 +2077,18 @@ fill_default_options(Options * options)
- 	all_mac = mac_alg_list(',');
+@@ -2178,18 +2178,19 @@ fill_default_options(Options * options)
  	all_kex = kex_alg_list(',');
  	all_key = sshkey_alg_list(0, 0, 1, ',');
+ 	all_sig = sshkey_alg_list(0, 1, 1, ',');
 -#define ASSEMBLE(what, defaults, all) \
 +#define ASSEMBLE(what, defaults, fips_defaults, all) \
  	do { \
@@ -288,11 +288,13 @@  Index: git/readconf.c
 -	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
 -	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
 -	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
-+	ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
-+	ASSEMBLE(macs, KEX_CLIENT_MAC, KEX_FIPS_MAC, all_mac);
-+	ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
+-	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
++	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
++	ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
++	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
 +	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
 +	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
++	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
  #undef ASSEMBLE
  	free(all_cipher);
  	free(all_mac);
@@ -314,10 +316,10 @@  Index: git/servconf.c
 ===================================================================
 --- git.orig/servconf.c
 +++ git/servconf.c
-@@ -198,17 +198,18 @@ assemble_algorithms(ServerOptions *o)
- 	all_mac = mac_alg_list(',');
+@@ -209,18 +209,19 @@ assemble_algorithms(ServerOptions *o)
  	all_kex = kex_alg_list(',');
  	all_key = sshkey_alg_list(0, 0, 1, ',');
+ 	all_sig = sshkey_alg_list(0, 1, 1, ',');
 -#define ASSEMBLE(what, defaults, all) \
 +#define ASSEMBLE(what, defaults, fips_defaults, all) \
  	do { \
@@ -332,12 +334,14 @@  Index: git/servconf.c
 -	ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
 -	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
 -	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
+-	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
 +	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
 +	ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
 +	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
 +	ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
 +	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
 +	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
++	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
  #undef ASSEMBLE
  	free(all_cipher);
  	free(all_mac);

Comments

Mark Hatle Jan. 30, 2020, 2:49 a.m.
Should this be applied only to the warrior branch?  I don't typically build
warrior branch, but I'm happy to accept patches if you can verify it's working
properly.

--Mark

On 1/29/20 12:47 PM, Davis, Michael wrote:
> Signed-off-by: Michael Davis <michael.davis@essvote.com>
> ---
> .../openssh/0001-openssh-8.0p1-fips.patch | 18 +++++++++++-------
> 1 file changed, 11 insertions(+), 7 deletions(-)
> 
> diff --git a/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
> b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
> index 30534c7..5ff4eff 100644
> --- a/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
> +++ b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
> @@ -270,10 +270,10 @@ Index: git/readconf.c
> ===================================================================
> --- git.orig/readconf.c
> +++ git/readconf.c
> -@@ -2077,17 +2077,18 @@ fill_default_options(Options * options)
> - all_mac = mac_alg_list(',');
> +@@ -2178,18 +2178,19 @@ fill_default_options(Options * options)
> all_kex = kex_alg_list(',');
> all_key = sshkey_alg_list(0, 0, 1, ',');
> + all_sig = sshkey_alg_list(0, 1, 1, ',');
> -#define ASSEMBLE(what, defaults, all) \
> +#define ASSEMBLE(what, defaults, fips_defaults, all) \
> do { \
> @@ -288,11 +288,13 @@ Index: git/readconf.c
> - ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
> - ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
> - ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
> -+ ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
> -+ ASSEMBLE(macs, KEX_CLIENT_MAC, KEX_FIPS_MAC, all_mac);
> -+ ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
> +- ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
> ++ ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
> ++ ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
> ++ ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
> + ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
> + ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
> ++ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
> #undef ASSEMBLE
> free(all_cipher);
> free(all_mac);
> @@ -314,10 +316,10 @@ Index: git/servconf.c
> ===================================================================
> --- git.orig/servconf.c
> +++ git/servconf.c
> -@@ -198,17 +198,18 @@ assemble_algorithms(ServerOptions *o)
> - all_mac = mac_alg_list(',');
> +@@ -209,18 +209,19 @@ assemble_algorithms(ServerOptions *o)
> all_kex = kex_alg_list(',');
> all_key = sshkey_alg_list(0, 0, 1, ',');
> + all_sig = sshkey_alg_list(0, 1, 1, ',');
> -#define ASSEMBLE(what, defaults, all) \
> +#define ASSEMBLE(what, defaults, fips_defaults, all) \
> do { \
> @@ -332,12 +334,14 @@ Index: git/servconf.c
> - ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
> - ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
> - ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
> +- ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
> + ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
> + ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
> + ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
> + ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
> + ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
> + ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
> ++ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
> #undef ASSEMBLE
> free(all_cipher);
> free(all_mac);
> -- 
> 2.24.1
> 
> 
> *Disclaimer*
> 
> The information contained in this communication from the sender is confidential.
> It is intended solely for use by the recipient and others authorized to receive
> it. If you are not the recipient, you are hereby notified that any disclosure,
> copying, distribution or taking action in relation of the contents of this
> information is strictly prohibited and may be unlawful.
> 
> This email has been scanned for viruses and malware, and may have been
> automatically archived by *Mimecast Ltd*, an innovator in Software as a Service
> (SaaS) for business. Providing a *safer* and *more useful* place for your human
> generated data. Specializing in; Security, archiving and compliance. To find out
> more Click Here <http://www.mimecast.com/products/>.
> 
> 
> 
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#48206): https://lists.yoctoproject.org/g/yocto/message/48206
Mute This Topic: https://lists.yoctoproject.org/mt/70248725/3617530
Group Owner: yocto+owner@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-
Mark Hatle Jan. 30, 2020, 3:08 a.m.
On 1/29/20 8:49 PM, Mark Hatle wrote:
> Should this be applied only to the warrior branch?  I don't typically build
> warrior branch, but I'm happy to accept patches if you can verify it's working
> properly.

I tried to apply this patch, but unfortunately it's corrupt.  Likely by an
exchange server or outlook.

If you can, you can generate a pull request at:

  https://github.com/mhatle/meta-openssl102-fips

I prefer mailing list, but I realize sometime employers infrastructure can make
email more problematic then it otherwise should be..

--Mark

> --Mark
> 
> On 1/29/20 12:47 PM, Davis, Michael wrote:
>> Signed-off-by: Michael Davis <michael.davis@essvote.com>
>> ---
>> .../openssh/0001-openssh-8.0p1-fips.patch | 18 +++++++++++-------
>> 1 file changed, 11 insertions(+), 7 deletions(-)
>>
>> diff --git a/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
>> b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
>> index 30534c7..5ff4eff 100644
>> --- a/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
>> +++ b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
>> @@ -270,10 +270,10 @@ Index: git/readconf.c
>> ===================================================================
>> --- git.orig/readconf.c
>> +++ git/readconf.c
>> -@@ -2077,17 +2077,18 @@ fill_default_options(Options * options)
>> - all_mac = mac_alg_list(',');
>> +@@ -2178,18 +2178,19 @@ fill_default_options(Options * options)
>> all_kex = kex_alg_list(',');
>> all_key = sshkey_alg_list(0, 0, 1, ',');
>> + all_sig = sshkey_alg_list(0, 1, 1, ',');
>> -#define ASSEMBLE(what, defaults, all) \
>> +#define ASSEMBLE(what, defaults, fips_defaults, all) \
>> do { \
>> @@ -288,11 +288,13 @@ Index: git/readconf.c
>> - ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
>> - ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
>> - ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
>> -+ ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
>> -+ ASSEMBLE(macs, KEX_CLIENT_MAC, KEX_FIPS_MAC, all_mac);
>> -+ ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
>> +- ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
>> ++ ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
>> ++ ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
>> ++ ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
>> + ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
>> + ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
>> ++ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
>> #undef ASSEMBLE
>> free(all_cipher);
>> free(all_mac);
>> @@ -314,10 +316,10 @@ Index: git/servconf.c
>> ===================================================================
>> --- git.orig/servconf.c
>> +++ git/servconf.c
>> -@@ -198,17 +198,18 @@ assemble_algorithms(ServerOptions *o)
>> - all_mac = mac_alg_list(',');
>> +@@ -209,18 +209,19 @@ assemble_algorithms(ServerOptions *o)
>> all_kex = kex_alg_list(',');
>> all_key = sshkey_alg_list(0, 0, 1, ',');
>> + all_sig = sshkey_alg_list(0, 1, 1, ',');
>> -#define ASSEMBLE(what, defaults, all) \
>> +#define ASSEMBLE(what, defaults, fips_defaults, all) \
>> do { \
>> @@ -332,12 +334,14 @@ Index: git/servconf.c
>> - ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
>> - ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
>> - ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
>> +- ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
>> + ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
>> + ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
>> + ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
>> + ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
>> + ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
>> + ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
>> ++ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
>> #undef ASSEMBLE
>> free(all_cipher);
>> free(all_mac);
>> -- 
>> 2.24.1
>>
>>
>> *Disclaimer*
>>
>> The information contained in this communication from the sender is confidential.
>> It is intended solely for use by the recipient and others authorized to receive
>> it. If you are not the recipient, you are hereby notified that any disclosure,
>> copying, distribution or taking action in relation of the contents of this
>> information is strictly prohibited and may be unlawful.
>>
>> This email has been scanned for viruses and malware, and may have been
>> automatically archived by *Mimecast Ltd*, an innovator in Software as a Service
>> (SaaS) for business. Providing a *safer* and *more useful* place for your human
>> generated data. Specializing in; Security, archiving and compliance. To find out
>> more Click Here <http://www.mimecast.com/products/>.
>>
>>
>>
>>
>>
>>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#48208): https://lists.yoctoproject.org/g/yocto/message/48208
Mute This Topic: https://lists.yoctoproject.org/mt/70248725/3617530
Group Owner: yocto+owner@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-
Mark Hatle Feb. 1, 2020, 3:03 a.m.
Thanks for the pull request.. pushed.

--Mark

On 1/29/20 9:08 PM, Mark Hatle wrote:
> 
> 
> On 1/29/20 8:49 PM, Mark Hatle wrote:
>> Should this be applied only to the warrior branch?  I don't typically build
>> warrior branch, but I'm happy to accept patches if you can verify it's working
>> properly.
> 
> I tried to apply this patch, but unfortunately it's corrupt.  Likely by an
> exchange server or outlook.
> 
> If you can, you can generate a pull request at:
> 
>   https://github.com/mhatle/meta-openssl102-fips
> 
> I prefer mailing list, but I realize sometime employers infrastructure can make
> email more problematic then it otherwise should be..
> 
> --Mark
> 
>> --Mark
>>
>> On 1/29/20 12:47 PM, Davis, Michael wrote:
>>> Signed-off-by: Michael Davis <michael.davis@essvote.com>
>>> ---
>>> .../openssh/0001-openssh-8.0p1-fips.patch | 18 +++++++++++-------
>>> 1 file changed, 11 insertions(+), 7 deletions(-)
>>>
>>> diff --git a/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
>>> b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
>>> index 30534c7..5ff4eff 100644
>>> --- a/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
>>> +++ b/recipes-connectivity/openssh/openssh/0001-openssh-8.0p1-fips.patch
>>> @@ -270,10 +270,10 @@ Index: git/readconf.c
>>> ===================================================================
>>> --- git.orig/readconf.c
>>> +++ git/readconf.c
>>> -@@ -2077,17 +2077,18 @@ fill_default_options(Options * options)
>>> - all_mac = mac_alg_list(',');
>>> +@@ -2178,18 +2178,19 @@ fill_default_options(Options * options)
>>> all_kex = kex_alg_list(',');
>>> all_key = sshkey_alg_list(0, 0, 1, ',');
>>> + all_sig = sshkey_alg_list(0, 1, 1, ',');
>>> -#define ASSEMBLE(what, defaults, all) \
>>> +#define ASSEMBLE(what, defaults, fips_defaults, all) \
>>> do { \
>>> @@ -288,11 +288,13 @@ Index: git/readconf.c
>>> - ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
>>> - ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
>>> - ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
>>> -+ ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
>>> -+ ASSEMBLE(macs, KEX_CLIENT_MAC, KEX_FIPS_MAC, all_mac);
>>> -+ ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
>>> +- ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
>>> ++ ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
>>> ++ ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
>>> ++ ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
>>> + ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
>>> + ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
>>> ++ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
>>> #undef ASSEMBLE
>>> free(all_cipher);
>>> free(all_mac);
>>> @@ -314,10 +316,10 @@ Index: git/servconf.c
>>> ===================================================================
>>> --- git.orig/servconf.c
>>> +++ git/servconf.c
>>> -@@ -198,17 +198,18 @@ assemble_algorithms(ServerOptions *o)
>>> - all_mac = mac_alg_list(',');
>>> +@@ -209,18 +209,19 @@ assemble_algorithms(ServerOptions *o)
>>> all_kex = kex_alg_list(',');
>>> all_key = sshkey_alg_list(0, 0, 1, ',');
>>> + all_sig = sshkey_alg_list(0, 1, 1, ',');
>>> -#define ASSEMBLE(what, defaults, all) \
>>> +#define ASSEMBLE(what, defaults, fips_defaults, all) \
>>> do { \
>>> @@ -332,12 +334,14 @@ Index: git/servconf.c
>>> - ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
>>> - ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
>>> - ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
>>> +- ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
>>> + ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
>>> + ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
>>> + ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
>>> + ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
>>> + ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
>>> + ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
>>> ++ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
>>> #undef ASSEMBLE
>>> free(all_cipher);
>>> free(all_mac);
>>> -- 
>>> 2.24.1
>>>
>>>
>>> *Disclaimer*
>>>
>>> The information contained in this communication from the sender is confidential.
>>> It is intended solely for use by the recipient and others authorized to receive
>>> it. If you are not the recipient, you are hereby notified that any disclosure,
>>> copying, distribution or taking action in relation of the contents of this
>>> information is strictly prohibited and may be unlawful.
>>>
>>> This email has been scanned for viruses and malware, and may have been
>>> automatically archived by *Mimecast Ltd*, an innovator in Software as a Service
>>> (SaaS) for business. Providing a *safer* and *more useful* place for your human
>>> generated data. Specializing in; Security, archiving and compliance. To find out
>>> more Click Here <http://www.mimecast.com/products/>.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#48232): https://lists.yoctoproject.org/g/yocto/message/48232
Mute This Topic: https://lists.yoctoproject.org/mt/70248725/3617530
Group Owner: yocto+owner@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-