Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:23
erlang
0734-ssh-Rebuild-algo-cache-if-crypto-fips-mode...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0734-ssh-Rebuild-algo-cache-if-crypto-fips-mode-has-chang.patch of Package erlang
From 774733f7e14e517ba6e2bc6a547e1544ce5d18c8 Mon Sep 17 00:00:00 2001 From: Hans Nilsson <hans@erlang.org> Date: Fri, 12 Nov 2021 17:13:14 +0100 Subject: [PATCH 1/2] ssh: Rebuild algo cache if crypto fips mode has changed --- lib/ssh/src/ssh_transport.erl | 64 +++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 22 deletions(-) diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 64998631db..0b91e0258c 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -88,33 +88,45 @@ clear_default_algorithms_env() -> | no_return() % error(Reason) . default_algorithms() -> + FipsMode = crypto:info_fips(), case application:get_env(ssh, ?DEFAULT_ALGS) of undefined -> - %% Not cached, have to build the default, connection independent - %% set of algorithms: - Opts = get_alg_conf(), - Algs1 = - case proplists:get_value(preferred_algorithms, Opts) of - undefined -> - [{K,default_algorithms1(K)} || K <- algo_classes()]; - Algs0 -> - {true,Algs01} = ssh_options:check_preferred_algorithms(Algs0), - Algs01 - end, - Algs = - case proplists:get_value(modify_algorithms, Opts) of - undefined -> - Algs1; - Modifications -> - ssh_options:initial_default_algorithms(Algs1, Modifications) - end, - application:set_env(ssh, ?DEFAULT_ALGS, Algs), + Algs = build_cache(), + application:set_env(ssh, ?DEFAULT_ALGS, {FipsMode,Algs}), Algs; - {ok,Algs} -> + {ok,{FipsMode,Algs}} -> + %% Cached, and the FIPS mode is the same now as when it was cached. + Algs; + + {ok,{_OtherFipsMode,_Algs}} -> + %% Cached, but the FIPS mode has changed. + Algs = build_cache(), + application:set_env(ssh, ?DEFAULT_ALGS, {FipsMode,Algs}), Algs end. +build_cache() -> + Opts = get_alg_conf(), + Algs1 = + case proplists:get_value(preferred_algorithms, Opts) of + undefined -> + [{K,default_algorithms1(K)} || K <- algo_classes()]; + Algs0 -> + {true,Algs01} = ssh_options:check_preferred_algorithms(Algs0), + Algs01 + end, + Algs = + case proplists:get_value(modify_algorithms, Opts) of + undefined -> + Algs1; + Modifications -> + ssh_options:initial_default_algorithms(Algs1, Modifications) + end, + Algs. + + + get_alg_conf() -> [{T,L} || T <- [preferred_algorithms, modify_algorithms], L <- [application:get_env(ssh, T, [])], @@ -139,10 +151,17 @@ algo_two_spec_class(_) -> false. default_algorithms(Tag) -> + FipsMode = crypto:info_fips(), case application:get_env(ssh, ?DEFAULT_ALGS) of undefined -> default_algorithms1(Tag); - {ok,Algs} -> + {ok,{FipsMode,Algs}} -> + %% Cached, and the FIPS mode is the same now as when it was cached. + proplists:get_value(Tag, Algs, []); + {ok,{_OtherFipsMode,_Algs}} -> + %% Cached, but the FIPS mode has changed. + Algs = build_cache(), + application:set_env(ssh, ?DEFAULT_ALGS, {FipsMode,Algs}), proplists:get_value(Tag, Algs, []) end. @@ -356,7 +375,8 @@ s2c(Key, Algs) -> x2y(server2client, Key, Algs). x2y(DirectionKey, Key, Algs) -> to_strings(proplists:get_value(DirectionKey, get_algs(Key,Algs))). -get_algs(Key, Algs) -> proplists:get_value(Key, Algs, default_algorithms(Key)). +get_algs(Key, {_FipsMode,Algs}) when is_list(Algs) -> proplists:get_value(Key, Algs, default_algorithms(Key)); +get_algs(Key, Algs) when is_list(Algs) -> proplists:get_value(Key, Algs, default_algorithms(Key)). to_strings(L) -> lists:map(fun erlang:atom_to_list/1, L). -- 2.31.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor