Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/045-remove_unacceptable_algs.patch
changeset 7649 69d7508f0d66
parent 6930 31ef2580c45d
equal deleted inserted replaced
7648:20e09cf3cfaa 7649:69d7508f0d66 
     5 # deprecated 3des-cbc by default on client (already disabled on the server).
 
     5 # deprecated 3des-cbc by default on client (already disabled on the server).
 
     6 #
 
     6 #
 
     7 # Update Aug 29, 2016:
 
     7 # Update Aug 29, 2016:
 
     8 # Disabling arcfour used to be implemented by Solaris specific macro
 
     8 # Disabling arcfour used to be implemented by Solaris specific macro
 
     9 # WITHOUT_ARCFOUR, but now upstream OPENSSL_NO_RC4 is used instead.
 
     9 # WITHOUT_ARCFOUR, but now upstream OPENSSL_NO_RC4 is used instead.
 
       
    10 #
 
       
    11 # Update Jan 4, 2017:
 
       
    12 # We used to disable 3des-cbc on the client, but now upstream does that too and
 
       
    13 # we no longer have to.
 
    10 #
 
    14 #
 
    11 # Patch source: in-house
 
    15 # Patch source: in-house
 
    12 #
 
    16 #
 
    13 diff -pur old/mac.c new/mac.c
 
    17 diff -pur old/mac.c new/mac.c
 
    14 --- old/mac.c
 
    18 --- old/mac.c
 
    19  #endif
 
    23  #endif
 
    20 +#ifndef WITHOUT_HMAC_MD5
 
    24 +#ifndef WITHOUT_HMAC_MD5
 
    21  	{ "hmac-md5",				SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 },
 
    25  	{ "hmac-md5",				SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 },
 
    22  	{ "hmac-md5-96",			SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
 
    26  	{ "hmac-md5-96",			SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
 
    23 +#endif
 
    27 +#endif
 
       
    28  #ifdef HAVE_EVP_RIPEMD160
 
    24  	{ "hmac-ripemd160",			SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
 
    29  	{ "hmac-ripemd160",			SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
 
    25  	{ "[email protected]",		SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
 
    30  	{ "[email protected]",		SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
 
    26  	{ "[email protected]",		SSH_UMAC, 0, 0, 128, 64, 0 },
 
    31 @@ -103,8 +105,10 @@ static const struct macalg macs[] = {
 
    27 @@ -101,8 +103,10 @@ static const struct macalg macs[] = {
 
       
    28  	{ "[email protected]",	SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 },
 
    32  	{ "[email protected]",	SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 },
 
    29  	{ "[email protected]",	SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 },
 
    33  	{ "[email protected]",	SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 },
 
    30  #endif
 
    34  #endif
 
    31 +#ifndef WITHOUT_HMAC_MD5
 
    35 +#ifndef WITHOUT_HMAC_MD5
 
    32  	{ "[email protected]",		SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
 
    36  	{ "[email protected]",		SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
 
    33  	{ "[email protected]",	SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
 
    37  	{ "[email protected]",	SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
 
    34 +#endif
 
    38 +#endif
 
       
    39  #ifdef HAVE_EVP_RIPEMD160
 
    35  	{ "[email protected]",	SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 },
 
    40  	{ "[email protected]",	SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 },
 
    36  	{ "[email protected]",		SSH_UMAC, 0, 0, 128, 64, 1 },
 
    41  #endif
 
    37  	{ "[email protected]",		SSH_UMAC128, 0, 0, 128, 128, 1 },
 
       
    38 diff -pur old/myproposal.h new/myproposal.h
 
       
    39 --- old/myproposal.h
 
       
    40 +++ new/myproposal.h
 
       
    41 @@ -140,14 +140,14 @@
 
       
    42  	AESGCM_CIPHER_MODES
 
       
    43  
       
    44  #define KEX_CLIENT_ENCRYPT_DFLT KEX_SERVER_ENCRYPT_DFLT "," \
 
       
    45 -	"aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
 
       
    46 +	"aes128-cbc,aes192-cbc,aes256-cbc"
 
       
    47  
       
    48  #define KEX_SERVER_ENCRYPT_FIPS \
 
       
    49  	"aes128-ctr,aes192-ctr,aes256-ctr" \
 
       
    50  	AESGCM_CIPHER_MODES
 
       
    51  
       
    52  #define KEX_CLIENT_ENCRYPT_FIPS KEX_SERVER_ENCRYPT_FIPS "," \
 
       
    53 -	"aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
 
       
    54 +	"aes128-cbc,aes192-cbc,aes256-cbc"
 
       
    55  
       
    56  #define KEX_SERVER_MAC_DFLT \
 
       
    57  	"[email protected]," \
 
       
    58 diff -pur old/ssh_config.5 new/ssh_config.5
 
    42 diff -pur old/ssh_config.5 new/ssh_config.5
 
    59 --- old/ssh_config.5
 
    43 --- old/ssh_config.5
 
    60 +++ new/ssh_config.5
 
    44 +++ new/ssh_config.5
 
    61 @@ -470,12 +470,6 @@ [email protected]
 
    45 @@ -427,9 +427,6 @@ aes192-ctr
 
    62  .It
 
    46  aes256-ctr
 
       
    47  [email protected]
 
    63  [email protected]
 
    48  [email protected]
 
    64  .It
 
       
    65 -arcfour
 
    49 -arcfour
 
    66 -.It
 
       
    67 -arcfour128
 
    50 -arcfour128
 
    68 -.It
 
       
    69 -arcfour256
 
    51 -arcfour256
 
    70 -.It
 
       
    71  blowfish-cbc
 
    52  blowfish-cbc
 
    72  .It
 
       
    73  [email protected]
 
    53  [email protected]
 
    74 @@ -486,7 +480,7 @@ The default is:
 
       
    75  [email protected],
 
       
    76  aes128-ctr,aes192-ctr,aes256-ctr,
 
       
    77  [email protected],[email protected],
 
       
    78 -aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
 
       
    79 +aes128-cbc,aes192-cbc,aes256-cbc
 
       
    80  .Ed
 
    54  .Ed
 
    81  .Pp
 
       
    82  The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode:
 
       
    83 diff -pur old/sshd.8 new/sshd.8
 
    55 diff -pur old/sshd.8 new/sshd.8
 
    84 --- old/sshd.8
 
    56 --- old/sshd.8
 
    85 +++ new/sshd.8
 
    57 +++ new/sshd.8
 
    86 @@ -310,12 +310,12 @@ For protocol 2,
 
    58 @@ -258,12 +258,12 @@ host key against its own database to ver
 
    87  forward security is provided through a Diffie-Hellman key agreement.
 
    59  Forward security is provided through a Diffie-Hellman key agreement.
 
    88  This key agreement results in a shared session key.
 
    60  This key agreement results in a shared session key.
 
    89  The rest of the session is encrypted using a symmetric cipher, currently
 
    61  The rest of the session is encrypted using a symmetric cipher, currently
 
    90 -128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES.
 
    62 -128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES.
 
    91 +128-bit AES, Blowfish, 3DES, 192-bit AES, or 256-bit AES.
 
    63 +128-bit AES, Blowfish, 3DES, 192-bit AES, or 256-bit AES.
 
    92  The client selects the encryption algorithm
 
    64  The client selects the encryption algorithm
 
    99  .Pp
 
    71  .Pp
 
   100  Finally, the server and the client enter an authentication dialog.
 
    72  Finally, the server and the client enter an authentication dialog.
 
   101 diff -pur old/sshd_config.5 new/sshd_config.5
 
    73 diff -pur old/sshd_config.5 new/sshd_config.5
 
   102 --- old/sshd_config.5
 
    74 --- old/sshd_config.5
 
   103 +++ new/sshd_config.5
 
    75 +++ new/sshd_config.5
 
   104 @@ -471,12 +471,6 @@ [email protected]
 
    76 @@ -460,12 +460,6 @@ [email protected]
 
   105  .It
 
    77  .It
 
   106  [email protected]
 
    78  [email protected]
 
   107  .It
 
    79  .It
 
   108 -arcfour
 
    80 -arcfour
 
   109 -.It
 
    81 -.It
 
   112 -arcfour256
 
    84 -arcfour256
 
   113 -.It
 
    85 -.It
 
   114  blowfish-cbc
 
    86  blowfish-cbc
 
   115  .It
 
    87  .It
 
   116  [email protected]
 
    88  [email protected]
 
   117 @@ -1009,10 +1003,6 @@ The supported MACs are:
 
    89 @@ -981,10 +975,6 @@ The supported MACs are:
 
   118  .Pp
 
    90  .Pp
 
   119  .Bl -item -compact -offset indent
 
    91  .Bl -item -compact -offset indent
 
   120  .It
 
    92  .It
 
   121 -hmac-md5
 
    93 -hmac-md5
 
   122 -.It
 
    94 -.It
 
   123 -hmac-md5-96
 
    95 -hmac-md5-96
 
   124 -.It
 
    96 -.It
 
   125  hmac-ripemd160
 
    97  hmac-ripemd160
 
   126  .It
 
    98  .It
 
   127  hmac-sha1
 
    99  hmac-sha1
 
   128 @@ -1027,10 +1017,6 @@ [email protected]
 
   100 @@ -999,10 +989,6 @@ [email protected]
 
   129  .It
 
   101  .It
 
   130  [email protected]
 
   102  [email protected]
 
   131  .It
 
   103  .It
 
   132 [email protected]
 
   104 [email protected]
 
   133 -.It
 
   105 -.It
upstream/oracle/userland-gate