[Bug 3599] How to scan for keys when sshd server has fips enabled?
https://bugzilla.mindrot.org/show_bug.cgi?id=3599
--- Comment #9 from Shreenidhi Shedi ---
There is a problem in the patch.
PTAL.
```
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 1fd5867..bb59b55 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -789,11 +789,11 @@ main(int argc, char **argv)
fatal("Unsupported hash
algorithm");
} else if (strncasecmp(optarg, "ciphers=", 8)
== 0) {
ciphers = xstrdup(optarg + 8);
- if (!mac_valid(ciphers))
+ if (!ciphers_valid(ciphers))
fatal("Unsupported ciphers");
} else if (strncasecmp(optarg, "macs=", 5) ==
0) {
macs = xstrdup(optarg + 5);
- if (!ciphers_valid(macs))
+ if (!mac_valid(macs))
fatal("Unsupported MACs");
} else if (strncasecmp(optarg,
"kexalgorithms=", 14) == 0) {
```
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3599] How to scan for keys when sshd server has fips enabled?
https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #8 from Shreenidhi Shedi --- Hi Damien Miller, Is there anything pending from my end? Please let me know. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3599] How to scan for keys when sshd server has fips enabled?
https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #7 from Shreenidhi Shedi --- Hi Damien Miller, Any inputs on when this will get merged? I mean when will this be a part of github repo? Thanks. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3599] How to scan for keys when sshd server has fips enabled?
https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #6 from Shreenidhi Shedi --- Okay, that looks fine. I was expecting these new pointers to get freed programmatically, if we are delegating that job to system, that's fine too. Thanks for the response. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3599] How to scan for keys when sshd server has fips enabled?
https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #5 from Damien Miller --- It won't until the program exits. It will be around for the life of the process because it's needed for the life of the process -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3599] How to scan for keys when sshd server has fips enabled?
https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #4 from Shreenidhi Shedi --- One query, take this for example. ``` macs = xstrdup(optarg + 5); ``` When will macs get freed? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3599] How to scan for keys when sshd server has fips enabled?
https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #3 from Shreenidhi Shedi --- Awesome, yes. These additional changes makes this fix complete for now. Thanks a lot. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3599] How to scan for keys when sshd server has fips enabled?
https://bugzilla.mindrot.org/show_bug.cgi?id=3599 Damien Miller changed: What|Removed |Added Attachment #3713|0 |1 is obsolete|| Attachment #3716||ok?(dtuc...@dtucker.net) Flags|| --- Comment #2 from Damien Miller --- Created attachment 3716 --> https://bugzilla.mindrot.org/attachment.cgi?id=3716&action=edit Options for MACs and KexAlgorithms too, document Thanks, I think you patch makes sense. This tweaks it a little, but also adds support for overriding some other things that might cause problems in restricted configurations (MACs and key-exchange algorithms), and documents them all in the ssh-keygen.8 manpage. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3599] How to scan for keys when sshd server has fips enabled?
https://bugzilla.mindrot.org/show_bug.cgi?id=3599 Damien Miller changed: What|Removed |Added Attachment #3713|application/octet-stream|text/plain mime type|| Attachment #3713|0 |1 is patch|| -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3599] How to scan for keys when sshd server has fips enabled?
https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #1 from Shreenidhi Shedi --- Created attachment 3713 --> https://bugzilla.mindrot.org/attachment.cgi?id=3713&action=edit attempt to fix. Tried fixing the issue. PTAL. I'm unaware of the development process in this project, so raised a github PR as well. https://github.com/openssh/openssh-portable/pull/424 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3599] How to scan for keys when sshd server has fips enabled?
https://bugzilla.mindrot.org/show_bug.cgi?id=3599 Shreenidhi Shedi changed: What|Removed |Added CC||d...@mindrot.org, ||dtuc...@dtucker.net -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
