[openssh-commits] [openssh] 01/01: disable ciphers not supported by OpenSSL

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Jul 15 14:47:19 AEST 2016 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 832b7443b7a8e181c95898bc5d73497b7190decd
Author: Damien Miller <djm at mindrot.org>
Date:   Fri Jul 15 14:45:34 2016 +1000

    disable ciphers not supported by OpenSSL
    
    bz#2466 ok dtucker@
---
 cipher-bf1.c |  4 ++--
 cipher.c     | 12 ++++++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/cipher-bf1.c b/cipher-bf1.c
index ee72ac0..7d51f51 100644
--- a/cipher-bf1.c
+++ b/cipher-bf1.c
@@ -20,7 +20,7 @@
 
 #include "includes.h"
 
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF)
 
 #include <sys/types.h>
 
@@ -100,4 +100,4 @@ evp_ssh1_bf(void)
 	ssh1_bf.key_len = 32;
 	return (&ssh1_bf);
 }
-#endif /* WITH_OPENSSL */
+#endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF) */
diff --git a/cipher.c b/cipher.c
index 13847e5..031bda9 100644
--- a/cipher.c
+++ b/cipher.c
@@ -81,18 +81,26 @@ static const struct sshcipher ciphers[] = {
 #ifdef WITH_SSH1
 	{ "des",	SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
 	{ "3des",	SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
+# ifndef OPENSSL_NO_BF
 	{ "blowfish",	SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
+# endif /* OPENSSL_NO_BF */
 #endif /* WITH_SSH1 */
 #ifdef WITH_OPENSSL
 	{ "none",	SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
 	{ "3des-cbc",	SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
+# ifndef OPENSSL_NO_BF
 	{ "blowfish-cbc",
 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
+# endif /* OPENSSL_NO_BF */
+# ifndef OPENSSL_NO_CAST
 	{ "cast128-cbc",
 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
+# endif /* OPENSSL_NO_CAST */
+# ifndef OPENSSL_NO_RC4
 	{ "arcfour",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
 	{ "arcfour128",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
 	{ "arcfour256",	SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
+# endif /* OPENSSL_NO_RC4 */
 	{ "aes128-cbc",	SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc },
 	{ "aes192-cbc",	SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc },
 	{ "aes256-cbc",	SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
@@ -625,7 +633,7 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
 int
 cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat)
 {
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
 	const struct sshcipher *c = cc->cipher;
 	int plen = 0;
 
@@ -644,7 +652,7 @@ cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat)
 void
 cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat)
 {
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
 	const struct sshcipher *c = cc->cipher;
 	int plen;
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list