diff options
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch new file mode 100644 index 0000000000..26193c2e53 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch | |||
@@ -0,0 +1,116 @@ | |||
1 | From 1cd94ed4750d5392cf3c09ed64d2c162a0833bdb Mon Sep 17 00:00:00 2001 | ||
2 | From: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
3 | Date: Fri, 18 Mar 2016 15:49:31 +0800 | ||
4 | Subject: [PATCH 2/3] remove des in cipher. | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
9 | |||
10 | --- | ||
11 | cipher.c | 18 ++++++++++++++++++ | ||
12 | 1 file changed, 18 insertions(+) | ||
13 | |||
14 | diff --git a/cipher.c b/cipher.c | ||
15 | index 02dae6f..63d3c29 100644 | ||
16 | --- a/cipher.c | ||
17 | +++ b/cipher.c | ||
18 | @@ -53,8 +53,10 @@ | ||
19 | |||
20 | #ifdef WITH_SSH1 | ||
21 | extern const EVP_CIPHER *evp_ssh1_bf(void); | ||
22 | +#ifndef OPENSSL_NO_DES | ||
23 | extern const EVP_CIPHER *evp_ssh1_3des(void); | ||
24 | extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); | ||
25 | +#endif /* OPENSSL_NO_DES */ | ||
26 | #endif | ||
27 | |||
28 | struct sshcipher { | ||
29 | @@ -79,13 +81,17 @@ struct sshcipher { | ||
30 | |||
31 | static const struct sshcipher ciphers[] = { | ||
32 | #ifdef WITH_SSH1 | ||
33 | +#ifndef OPENSSL_NO_DES | ||
34 | { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, | ||
35 | { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, | ||
36 | +#endif /* OPENSSL_NO_DES */ | ||
37 | { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, | ||
38 | #endif /* WITH_SSH1 */ | ||
39 | #ifdef WITH_OPENSSL | ||
40 | { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, | ||
41 | +#ifndef OPENSSL_NO_DES | ||
42 | { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, | ||
43 | +#endif /* OPENSSL_NO_DES */ | ||
44 | { "blowfish-cbc", | ||
45 | SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, | ||
46 | { "cast128-cbc", | ||
47 | @@ -163,8 +169,10 @@ cipher_keylen(const struct sshcipher *c) | ||
48 | u_int | ||
49 | cipher_seclen(const struct sshcipher *c) | ||
50 | { | ||
51 | +#ifndef OPENSSL_NO_DES | ||
52 | if (strcmp("3des-cbc", c->name) == 0) | ||
53 | return 14; | ||
54 | +#endif /* OPENSSL_NO_DES */ | ||
55 | return cipher_keylen(c); | ||
56 | } | ||
57 | |||
58 | @@ -201,11 +209,13 @@ u_int | ||
59 | cipher_mask_ssh1(int client) | ||
60 | { | ||
61 | u_int mask = 0; | ||
62 | +#ifndef OPENSSL_NO_DES | ||
63 | mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ | ||
64 | mask |= 1 << SSH_CIPHER_BLOWFISH; | ||
65 | if (client) { | ||
66 | mask |= 1 << SSH_CIPHER_DES; | ||
67 | } | ||
68 | +#endif /*OPENSSL_NO_DES*/ | ||
69 | return mask; | ||
70 | } | ||
71 | |||
72 | @@ -546,7 +556,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | ||
73 | switch (c->number) { | ||
74 | #ifdef WITH_OPENSSL | ||
75 | case SSH_CIPHER_SSH2: | ||
76 | +#ifndef OPENSSL_NO_DES | ||
77 | case SSH_CIPHER_DES: | ||
78 | +#endif /* OPENSSL_NO_DES */ | ||
79 | case SSH_CIPHER_BLOWFISH: | ||
80 | evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); | ||
81 | if (evplen == 0) | ||
82 | @@ -569,8 +581,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | ||
83 | break; | ||
84 | #endif | ||
85 | #ifdef WITH_SSH1 | ||
86 | +#ifndef OPENSSL_NO_DES | ||
87 | case SSH_CIPHER_3DES: | ||
88 | return ssh1_3des_iv(&cc->evp, 0, iv, 24); | ||
89 | +#endif /* OPENSSL_NO_DES */ | ||
90 | #endif | ||
91 | default: | ||
92 | return SSH_ERR_INVALID_ARGUMENT; | ||
93 | @@ -594,7 +608,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | ||
94 | switch (c->number) { | ||
95 | #ifdef WITH_OPENSSL | ||
96 | case SSH_CIPHER_SSH2: | ||
97 | +#ifndef OPENSSL_NO_DES | ||
98 | case SSH_CIPHER_DES: | ||
99 | +#endif /* OPENSSL_NO_DES */ | ||
100 | case SSH_CIPHER_BLOWFISH: | ||
101 | evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); | ||
102 | if (evplen <= 0) | ||
103 | @@ -609,8 +625,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | ||
104 | break; | ||
105 | #endif | ||
106 | #ifdef WITH_SSH1 | ||
107 | +#ifndef OPENSSL_NO_DES | ||
108 | case SSH_CIPHER_3DES: | ||
109 | return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24); | ||
110 | +#endif /* OPENSSL_NO_DES */ | ||
111 | #endif | ||
112 | default: | ||
113 | return SSH_ERR_INVALID_ARGUMENT; | ||
114 | -- | ||
115 | 1.9.1 | ||
116 | |||