1 files changed, 116 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
new file mode 100644
index 0000000000..26193c2e53
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
@@ -0,0 +1,116 @@
+From 1cd94ed4750d5392cf3c09ed64d2c162a0833bdb Mon Sep 17 00:00:00 2001
+From: Haiqing Bai <Haiqing.Bai@windriver.com>
+Date: Fri, 18 Mar 2016 15:49:31 +0800
+Subject: [PATCH 2/3] remove des in cipher.
+Upstream-status: Pending
+Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
+---
+ cipher.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+diff --git a/cipher.c b/cipher.c
+index 02dae6f..63d3c29 100644
+--- a/cipher.c
+++ b/cipher.c
+@@ -53,8 +53,10 @@
+ 
+ #ifdef WITH_SSH1
+ extern const EVP_CIPHER *evp_ssh1_bf(void);
+#ifndef OPENSSL_NO_DES
+ extern const EVP_CIPHER *evp_ssh1_3des(void);
+ extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
+#endif /* OPENSSL_NO_DES */
+ #endif
+ 
+ struct sshcipher {
+@@ -79,13 +81,17 @@ struct sshcipher {
+ 
+ static const struct sshcipher ciphers[] = {
+ #ifdef WITH_SSH1
+#ifndef OPENSSL_NO_DES
+        { "des",        SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
+        { "3des",       SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
+#endif /* OPENSSL_NO_DES */
+        { "blowfish",   SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
+ #endif /* WITH_SSH1 */
+ #ifdef WITH_OPENSSL
+        { "none",       SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
+#ifndef OPENSSL_NO_DES
+        { "3des-cbc",   SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
+#endif /* OPENSSL_NO_DES */
+        { "blowfish-cbc",
+                        SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
+        { "cast128-cbc",
+@@ -163,8 +169,10 @@ cipher_keylen(const struct sshcipher *c)
+ u_int
+ cipher_seclen(const struct sshcipher *c)
+ {
+#ifndef OPENSSL_NO_DES
+        if (strcmp("3des-cbc", c->name) == 0)
+                return 14;
+#endif /* OPENSSL_NO_DES */
+        return cipher_keylen(c);
+ }
+ 
+@@ -201,11 +209,13 @@ u_int
+ cipher_mask_ssh1(int client)
+ {
+        u_int mask = 0;
+#ifndef OPENSSL_NO_DES
+        mask |= 1 << SSH_CIPHER_3DES;           /* Mandatory */
+        mask |= 1 << SSH_CIPHER_BLOWFISH;
+        if (client) {
+                mask |= 1 << SSH_CIPHER_DES;
+        }
+#endif /*OPENSSL_NO_DES*/
+        return mask;
+ }
+ 
+@@ -546,7 +556,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
+        switch (c->number) {
+ #ifdef WITH_OPENSSL
+        case SSH_CIPHER_SSH2:
+#ifndef OPENSSL_NO_DES
+        case SSH_CIPHER_DES:
+#endif /* OPENSSL_NO_DES */
+        case SSH_CIPHER_BLOWFISH:
+                evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+                if (evplen == 0)
+@@ -569,8 +581,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
+                break;
+ #endif
+ #ifdef WITH_SSH1
+#ifndef OPENSSL_NO_DES
+        case SSH_CIPHER_3DES:
+                return ssh1_3des_iv(&cc->evp, 0, iv, 24);
+#endif /* OPENSSL_NO_DES */
+ #endif
+        default:
+                return SSH_ERR_INVALID_ARGUMENT;
+@@ -594,7 +608,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
+        switch (c->number) {
+ #ifdef WITH_OPENSSL
+        case SSH_CIPHER_SSH2:
+#ifndef OPENSSL_NO_DES
+        case SSH_CIPHER_DES:
+#endif /* OPENSSL_NO_DES */
+        case SSH_CIPHER_BLOWFISH:
+                evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+                if (evplen <= 0)
+@@ -609,8 +625,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
+                break;
+ #endif
+ #ifdef WITH_SSH1
+#ifndef OPENSSL_NO_DES
+        case SSH_CIPHER_3DES:
+                return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24);
+#endif /* OPENSSL_NO_DES */
+ #endif
+        default:
+                return SSH_ERR_INVALID_ARGUMENT;
+-- 
+1.9.1

diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch new file mode 100644 index 0000000000..26193c2e53 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
@@ -0,0 +1,116 @@
	1	From 1cd94ed4750d5392cf3c09ed64d2c162a0833bdb Mon Sep 17 00:00:00 2001
	2	From: Haiqing Bai <Haiqing.Bai@windriver.com>
	3	Date: Fri, 18 Mar 2016 15:49:31 +0800
	4	Subject: [PATCH 2/3] remove des in cipher.
	5
	6	Upstream-status: Pending
	7
	8	Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
	9
	10	---
	11	cipher.c \| 18 ++++++++++++++++++
	12	1 file changed, 18 insertions(+)
	13
	14	diff --git a/cipher.c b/cipher.c
	15	index 02dae6f..63d3c29 100644
	16	--- a/cipher.c
	17	+++ b/cipher.c
	18	@@ -53,8 +53,10 @@
	19
	20	#ifdef WITH_SSH1
	21	extern const EVP_CIPHER *evp_ssh1_bf(void);
	22	+#ifndef OPENSSL_NO_DES
	23	extern const EVP_CIPHER *evp_ssh1_3des(void);
	24	extern int ssh1_3des_iv(EVP_CIPHER_CTX , int, u_char , int);
	25	+#endif /* OPENSSL_NO_DES */
	26	#endif
	27
	28	struct sshcipher {
	29	@@ -79,13 +81,17 @@ struct sshcipher {
	30
	31	static const struct sshcipher ciphers[] = {
	32	#ifdef WITH_SSH1
	33	+#ifndef OPENSSL_NO_DES
	34	{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
	35	{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
	36	+#endif /* OPENSSL_NO_DES */
	37	{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
	38	#endif /* WITH_SSH1 */
	39	#ifdef WITH_OPENSSL
	40	{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
	41	+#ifndef OPENSSL_NO_DES
	42	{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
	43	+#endif /* OPENSSL_NO_DES */
	44	{ "blowfish-cbc",
	45	SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
	46	{ "cast128-cbc",
	47	@@ -163,8 +169,10 @@ cipher_keylen(const struct sshcipher *c)
	48	u_int
	49	cipher_seclen(const struct sshcipher *c)
	50	{
	51	+#ifndef OPENSSL_NO_DES
	52	if (strcmp("3des-cbc", c->name) == 0)
	53	return 14;
	54	+#endif /* OPENSSL_NO_DES */
	55	return cipher_keylen(c);
	56	}
	57
	58	@@ -201,11 +209,13 @@ u_int
	59	cipher_mask_ssh1(int client)
	60	{
	61	u_int mask = 0;
	62	+#ifndef OPENSSL_NO_DES
	63	mask \|= 1 << SSH_CIPHER_3DES; /* Mandatory */
	64	mask \|= 1 << SSH_CIPHER_BLOWFISH;
	65	if (client) {
	66	mask \|= 1 << SSH_CIPHER_DES;
	67	}
	68	+#endif /OPENSSL_NO_DES/
	69	return mask;
	70	}
	71
	72	@@ -546,7 +556,9 @@ cipher_get_keyiv(struct sshcipher_ctx cc, u_char iv, u_int len)
	73	switch (c->number) {
	74	#ifdef WITH_OPENSSL
	75	case SSH_CIPHER_SSH2:
	76	+#ifndef OPENSSL_NO_DES
	77	case SSH_CIPHER_DES:
	78	+#endif /* OPENSSL_NO_DES */
	79	case SSH_CIPHER_BLOWFISH:
	80	evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
	81	if (evplen == 0)
	82	@@ -569,8 +581,10 @@ cipher_get_keyiv(struct sshcipher_ctx cc, u_char iv, u_int len)
	83	break;
	84	#endif
	85	#ifdef WITH_SSH1
	86	+#ifndef OPENSSL_NO_DES
	87	case SSH_CIPHER_3DES:
	88	return ssh1_3des_iv(&cc->evp, 0, iv, 24);
	89	+#endif /* OPENSSL_NO_DES */
	90	#endif
	91	default:
	92	return SSH_ERR_INVALID_ARGUMENT;
	93	@@ -594,7 +608,9 @@ cipher_set_keyiv(struct sshcipher_ctx cc, const u_char iv)
	94	switch (c->number) {
	95	#ifdef WITH_OPENSSL
	96	case SSH_CIPHER_SSH2:
	97	+#ifndef OPENSSL_NO_DES
	98	case SSH_CIPHER_DES:
	99	+#endif /* OPENSSL_NO_DES */
	100	case SSH_CIPHER_BLOWFISH:
	101	evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
	102	if (evplen <= 0)
	103	@@ -609,8 +625,10 @@ cipher_set_keyiv(struct sshcipher_ctx cc, const u_char iv)
	104	break;
	105	#endif
	106	#ifdef WITH_SSH1
	107	+#ifndef OPENSSL_NO_DES
	108	case SSH_CIPHER_3DES:
	109	return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24);
	110	+#endif /* OPENSSL_NO_DES */
	111	#endif
	112	default:
	113	return SSH_ERR_INVALID_ARGUMENT;
	114	--
	115	1.9.1
	116