From bf627f9a4265d2dfc0fe048d08de122862f8b865 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Mon, 4 May 2026 14:59:28 -0700 Subject: [PATCH] Index all openssh patches in README MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The README listed only the two non-FIPS patches plus a stale reference to a `openssh-FIPS-wolfprov.patch` that does not exist in the directory. The three FIPS patches that have landed since (or are landing in flight) had no entries: - openssh-V_9_6_P1-FIPS-wolfprov.patch — upstream openssh-9.6p1. - openssh-RHEL-9.9p1-FIPS-wolfprov.patch — RHEL/CentOS Stream 10 dist-git build of openssh-9.9p1 (PR #332). - openssh-RHEL-10.2p1-FIPS-wolfprov.patch — Fedora 44 dist-git build of openssh-10.2p1 (PR #334). Rewrites the README with non-FIPS / FIPS sections and a per-patch description of the OpenSSH source it targets. --- wolfProvider/openssh/README.md | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/wolfProvider/openssh/README.md b/wolfProvider/openssh/README.md index 4da44ba3..bcdd80dd 100644 --- a/wolfProvider/openssh/README.md +++ b/wolfProvider/openssh/README.md @@ -1,5 +1,25 @@ -These patches are needed to run a full openssh test suite with wolfProvider. -For V_9_9_P1 testing use the patch `openssh-V_9_9_P1-wolfprov.patch` -For V_10_0_P2 testing use the patch `openssh-V_10_0_P2-wolfprov.patch` -For V_10_0_P2 or V_9_9_P1 FIPS testing support use the patch `openssh-FIPS-wolfprov.patch` -Note: use either the FIPS patch or the normal ones not both. \ No newline at end of file +These patches adapt the OpenSSH regress test suite to run against +wolfProvider. Pick the one matching the OpenSSH source you are +exercising, and pick FIPS or non-FIPS to match the wolfProvider +build mode. + +Non-FIPS: + +- `openssh-V_9_9_P1-wolfprov.patch` — upstream openssh-portable, tag + `V_9_9_P1`. +- `openssh-V_10_0_P2-wolfprov.patch` — upstream openssh-portable, tag + `V_10_0_P2`. + +FIPS: + +- `openssh-V_9_6_P1-FIPS-wolfprov.patch` — upstream openssh-portable, + tag `V_9_6_P1`. +- `openssh-RHEL-9.9p1-FIPS-wolfprov.patch` — CentOS Stream 10 / RHEL 10 + dist-git build of openssh-9.9p1 (the RHEL patch set adds the + SSHKDF-routing patch that makes wolfProvider's SSHKDF actually + fire during KEX). +- `openssh-RHEL-10.2p1-FIPS-wolfprov.patch` — Fedora 44 dist-git + build of openssh-10.2p1 (same RHEL patch set, newer openssh). + +Use either the FIPS patch or the non-FIPS one for a given OpenSSH +version, not both.