forked from pool/openssh
9fb40d132b
- curve25519 key exchange fix (-curve25519-6.6.1p1.patch) - patch re-ordering (-audit3-key_auth_usage-fips.patch, -audit4-kex_results-fips.patch) OBS-URL: https://build.opensuse.org/request/show/231427 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=80
83 lines
2.6 KiB
Diff
83 lines
2.6 KiB
Diff
# HG changeset patch
|
|
# Parent 274a545b591567f1378c1086ad3ba40c911a8bd6
|
|
|
|
diff --git a/openssh-6.6p1/Makefile.in b/openssh-6.6p1/Makefile.in
|
|
--- a/openssh-6.6p1/Makefile.in
|
|
+++ b/openssh-6.6p1/Makefile.in
|
|
@@ -72,17 +72,18 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o
|
|
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
|
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
|
|
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
|
|
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
|
|
ssh-pkcs11.o krl.o smult_curve25519_ref.o \
|
|
kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \
|
|
ssh-ed25519.o digest-openssl.o hmac.o \
|
|
sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \
|
|
- fips.o
|
|
+ fips.o \
|
|
+ auditstub.o
|
|
|
|
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
|
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
|
|
roaming_common.o roaming_client.o
|
|
|
|
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
|
|
audit.o audit-bsm.o audit-linux.o platform.o \
|
|
sshpty.o sshlogin.o servconf.o serverloop.o \
|
|
diff --git a/openssh-6.6p1/cipher.c b/openssh-6.6p1/cipher.c
|
|
--- a/openssh-6.6p1/cipher.c
|
|
+++ b/openssh-6.6p1/cipher.c
|
|
@@ -54,30 +54,16 @@
|
|
|
|
/* compatibility with old or broken OpenSSL versions */
|
|
#include "openbsd-compat/openssl-compat.h"
|
|
|
|
extern const EVP_CIPHER *evp_ssh1_bf(void);
|
|
extern const EVP_CIPHER *evp_ssh1_3des(void);
|
|
extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
|
|
|
|
-struct Cipher {
|
|
- char *name;
|
|
- int number; /* for ssh1 only */
|
|
- u_int block_size;
|
|
- u_int key_len;
|
|
- u_int iv_len; /* defaults to block_size */
|
|
- u_int auth_len;
|
|
- u_int discard_len;
|
|
- u_int flags;
|
|
-#define CFLAG_CBC (1<<0)
|
|
-#define CFLAG_CHACHAPOLY (1<<1)
|
|
- const EVP_CIPHER *(*evptype)(void);
|
|
-};
|
|
-
|
|
static const struct Cipher ciphers_all[] = {
|
|
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
|
|
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
|
|
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
|
|
{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
|
|
|
|
{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
|
|
{ "blowfish-cbc",
|
|
diff --git a/openssh-6.6p1/sshd.c b/openssh-6.6p1/sshd.c
|
|
--- a/openssh-6.6p1/sshd.c
|
|
+++ b/openssh-6.6p1/sshd.c
|
|
@@ -119,16 +119,18 @@
|
|
#endif
|
|
#include "monitor_wrap.h"
|
|
#include "roaming.h"
|
|
#include "ssh-sandbox.h"
|
|
#include "version.h"
|
|
|
|
#include "fips.h"
|
|
|
|
+#include "audit.h"
|
|
+
|
|
#ifdef LIBWRAP
|
|
#include <tcpd.h>
|
|
#include <syslog.h>
|
|
int allow_severity;
|
|
int deny_severity;
|
|
#endif /* LIBWRAP */
|
|
|
|
#ifndef O_NOCTTY
|