Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/033-without_cast128.patch
author Tomas Kuthan <tomas.kuthan@oracle.com>
Wed, 20 Apr 2016 13:13:57 -0700
changeset 5821 7c212462920b
parent 5819 c5f05bd2a9bc
child 6930 31ef2580c45d
permissions -rw-r--r--
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates 23046459 Generate moduli file for OpenSSH
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
5026
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     1
 
#
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     2
 
# Removes cast128-cbc support.
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     3
 
#
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     4
 
# At this moment this algorithm is not listed in Approved Security
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     5
 
# Technologies: Standards Details at all. Eventually it will be added as
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     6
 
# deprecated.
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     7
 
#
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     8
 
# SunSSH did not support cast128-cbc. In this respect removing cast128-cbc from
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     9
 
# OpenSSH doesn't constitute a regression in functionality from SunSSH.
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    10
 
#
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    11
 
# Interoperability gain provided by cast128-cbc is negligible, because all
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    12
 
# relevant ssh implementations also provide several more common encryption
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    13
 
# algorithms (aes256-ctr, aes128-cbc, ...) on top of cast128-cbc.
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    14
 
#
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    15
 
# This is a Solaris specific patch and it is not likely to be accepted upstream.
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    16
 
#
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    17
 
diff -pur old/cipher.c new/cipher.c
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    18
 
--- old/cipher.c
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    19
 
+++ new/cipher.c
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    20
 
@@ -88,8 +88,10 @@ static const struct sshcipher ciphers[]
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    21
 
 	{ "3des-cbc",	SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    22
 
 	{ "blowfish-cbc",
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    23
 
 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    24
 
+#ifndef WITHOUT_CAST128
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    25
 
 	{ "cast128-cbc",
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    26
 
 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    27
 
+#endif
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    28
 
 	{ "arcfour",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    29
 
 	{ "arcfour128",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
12114fad0da4 22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    30
 
 	{ "arcfour256",	SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
5223
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    31
 
diff -pur old/ssh_config.5 new/ssh_config.5
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    32
 
--- old/ssh_config.5
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    33
 
+++ new/ssh_config.5
5819
c5f05bd2a9bc PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5223
diff changeset 
    34
 
@@ -478,8 +478,6 @@ arcfour256
5223
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    35
 
 .It
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    36
 
 blowfish-cbc
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    37
 
 .It
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    38
 
-cast128-cbc
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    39
 
-.It
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    40
 
 [email protected]
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    41
 
 .El
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    42
 
 .Pp
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    43
 
diff -pur old/sshd.8 new/sshd.8
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    44
 
--- old/sshd.8
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    45
 
+++ new/sshd.8
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    46
 
@@ -307,7 +307,7 @@ For protocol 2,
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    47
 
 forward security is provided through a Diffie-Hellman key agreement.
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    48
 
 This key agreement results in a shared session key.
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    49
 
 The rest of the session is encrypted using a symmetric cipher, currently
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    50
 
-128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    51
 
+128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES.
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    52
 
 The client selects the encryption algorithm
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    53
 
 to use from those offered by the server.
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    54
 
 Additionally, session integrity is provided
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    55
 
diff -pur old/sshd_config.5 new/sshd_config.5
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    56
 
--- old/sshd_config.5
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    57
 
+++ new/sshd_config.5
5819
c5f05bd2a9bc PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5223
diff changeset 
    58
 
@@ -472,8 +472,6 @@ arcfour256
5223
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    59
 
 .It
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    60
 
 blowfish-cbc
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    61
 
 .It
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    62
 
-cast128-cbc
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    63
 
-.It
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    64
 
 [email protected]
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    65
 
 .El
66bb65945d8f 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents: 5026
diff changeset 
    66
 
 .Pp
upstream/oracle/userland-gate