diff options
author | mingli.yu@windriver.com <mingli.yu@windriver.com> | 2016-07-19 15:13:09 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-07-26 08:56:29 +0100 |
commit | 2f6bbc7006f2b34ab533d3582f28323330c7195d (patch) | |
tree | bd3fa2fad81b6c6823d680288f08a27032b5885d /meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch | |
parent | 2c2f22a5338ce8b71b6d939ca42d47b314391908 (diff) | |
download | poky-2f6bbc7006f2b34ab533d3582f28323330c7195d.tar.gz |
openssh: conditional compile DES code.
After openssl disabled DES, openssh fails to build
for some DES codes are not wrapped in conditional
compile statement "#ifndef OPENSSL_NO_DES" and "#endif".
(From OE-Core rev: cd9c62461e837967dd29a532d32990c23350acf8)
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch new file mode 100644 index 0000000000..26193c2e53 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch | |||
@@ -0,0 +1,116 @@ | |||
1 | From 1cd94ed4750d5392cf3c09ed64d2c162a0833bdb Mon Sep 17 00:00:00 2001 | ||
2 | From: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
3 | Date: Fri, 18 Mar 2016 15:49:31 +0800 | ||
4 | Subject: [PATCH 2/3] remove des in cipher. | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
9 | |||
10 | --- | ||
11 | cipher.c | 18 ++++++++++++++++++ | ||
12 | 1 file changed, 18 insertions(+) | ||
13 | |||
14 | diff --git a/cipher.c b/cipher.c | ||
15 | index 02dae6f..63d3c29 100644 | ||
16 | --- a/cipher.c | ||
17 | +++ b/cipher.c | ||
18 | @@ -53,8 +53,10 @@ | ||
19 | |||
20 | #ifdef WITH_SSH1 | ||
21 | extern const EVP_CIPHER *evp_ssh1_bf(void); | ||
22 | +#ifndef OPENSSL_NO_DES | ||
23 | extern const EVP_CIPHER *evp_ssh1_3des(void); | ||
24 | extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); | ||
25 | +#endif /* OPENSSL_NO_DES */ | ||
26 | #endif | ||
27 | |||
28 | struct sshcipher { | ||
29 | @@ -79,13 +81,17 @@ struct sshcipher { | ||
30 | |||
31 | static const struct sshcipher ciphers[] = { | ||
32 | #ifdef WITH_SSH1 | ||
33 | +#ifndef OPENSSL_NO_DES | ||
34 | { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, | ||
35 | { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, | ||
36 | +#endif /* OPENSSL_NO_DES */ | ||
37 | { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, | ||
38 | #endif /* WITH_SSH1 */ | ||
39 | #ifdef WITH_OPENSSL | ||
40 | { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, | ||
41 | +#ifndef OPENSSL_NO_DES | ||
42 | { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, | ||
43 | +#endif /* OPENSSL_NO_DES */ | ||
44 | { "blowfish-cbc", | ||
45 | SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, | ||
46 | { "cast128-cbc", | ||
47 | @@ -163,8 +169,10 @@ cipher_keylen(const struct sshcipher *c) | ||
48 | u_int | ||
49 | cipher_seclen(const struct sshcipher *c) | ||
50 | { | ||
51 | +#ifndef OPENSSL_NO_DES | ||
52 | if (strcmp("3des-cbc", c->name) == 0) | ||
53 | return 14; | ||
54 | +#endif /* OPENSSL_NO_DES */ | ||
55 | return cipher_keylen(c); | ||
56 | } | ||
57 | |||
58 | @@ -201,11 +209,13 @@ u_int | ||
59 | cipher_mask_ssh1(int client) | ||
60 | { | ||
61 | u_int mask = 0; | ||
62 | +#ifndef OPENSSL_NO_DES | ||
63 | mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ | ||
64 | mask |= 1 << SSH_CIPHER_BLOWFISH; | ||
65 | if (client) { | ||
66 | mask |= 1 << SSH_CIPHER_DES; | ||
67 | } | ||
68 | +#endif /*OPENSSL_NO_DES*/ | ||
69 | return mask; | ||
70 | } | ||
71 | |||
72 | @@ -546,7 +556,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | ||
73 | switch (c->number) { | ||
74 | #ifdef WITH_OPENSSL | ||
75 | case SSH_CIPHER_SSH2: | ||
76 | +#ifndef OPENSSL_NO_DES | ||
77 | case SSH_CIPHER_DES: | ||
78 | +#endif /* OPENSSL_NO_DES */ | ||
79 | case SSH_CIPHER_BLOWFISH: | ||
80 | evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); | ||
81 | if (evplen == 0) | ||
82 | @@ -569,8 +581,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | ||
83 | break; | ||
84 | #endif | ||
85 | #ifdef WITH_SSH1 | ||
86 | +#ifndef OPENSSL_NO_DES | ||
87 | case SSH_CIPHER_3DES: | ||
88 | return ssh1_3des_iv(&cc->evp, 0, iv, 24); | ||
89 | +#endif /* OPENSSL_NO_DES */ | ||
90 | #endif | ||
91 | default: | ||
92 | return SSH_ERR_INVALID_ARGUMENT; | ||
93 | @@ -594,7 +608,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | ||
94 | switch (c->number) { | ||
95 | #ifdef WITH_OPENSSL | ||
96 | case SSH_CIPHER_SSH2: | ||
97 | +#ifndef OPENSSL_NO_DES | ||
98 | case SSH_CIPHER_DES: | ||
99 | +#endif /* OPENSSL_NO_DES */ | ||
100 | case SSH_CIPHER_BLOWFISH: | ||
101 | evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); | ||
102 | if (evplen <= 0) | ||
103 | @@ -609,8 +625,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | ||
104 | break; | ||
105 | #endif | ||
106 | #ifdef WITH_SSH1 | ||
107 | +#ifndef OPENSSL_NO_DES | ||
108 | case SSH_CIPHER_3DES: | ||
109 | return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24); | ||
110 | +#endif /* OPENSSL_NO_DES */ | ||
111 | #endif | ||
112 | default: | ||
113 | return SSH_ERR_INVALID_ARGUMENT; | ||
114 | -- | ||
115 | 1.9.1 | ||
116 | |||