diff options
author | Damien Miller <djm@mindrot.org> | 2016-07-15 14:45:34 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-07-15 14:45:34 +1000 |
commit | 832b7443b7a8e181c95898bc5d73497b7190decd (patch) | |
tree | 98a1398fb2576aae9b76ce2acca6de167f927df4 | |
parent | 5fbe93fc6fbb2fe211e035703dec759d095e3dd8 (diff) |
disable ciphers not supported by OpenSSL
bz#2466 ok dtucker@
-rw-r--r-- | cipher-bf1.c | 4 | ||||
-rw-r--r-- | cipher.c | 12 |
2 files changed, 12 insertions, 4 deletions
diff --git a/cipher-bf1.c b/cipher-bf1.c index ee72ac08..7d51f519 100644 --- a/cipher-bf1.c +++ b/cipher-bf1.c @@ -20,7 +20,7 @@ #include "includes.h" -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF) #include <sys/types.h> @@ -100,4 +100,4 @@ evp_ssh1_bf(void) ssh1_bf.key_len = 32; return (&ssh1_bf); } -#endif /* WITH_OPENSSL */ +#endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF) */ @@ -81,18 +81,26 @@ static const struct sshcipher ciphers[] = { #ifdef WITH_SSH1 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, +# ifndef OPENSSL_NO_BF { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, +# endif /* OPENSSL_NO_BF */ #endif /* WITH_SSH1 */ #ifdef WITH_OPENSSL { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, +# ifndef OPENSSL_NO_BF { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, +# endif /* OPENSSL_NO_BF */ +# ifndef OPENSSL_NO_CAST { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, +# endif /* OPENSSL_NO_CAST */ +# ifndef OPENSSL_NO_RC4 { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 }, { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 }, { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 }, +# endif /* OPENSSL_NO_RC4 */ { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc }, { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc }, { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, @@ -625,7 +633,7 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) int cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat) { -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4) const struct sshcipher *c = cc->cipher; int plen = 0; @@ -644,7 +652,7 @@ cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat) void cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat) { -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4) const struct sshcipher *c = cc->cipher; int plen; |