117 lines
3.1 KiB
Diff
117 lines
3.1 KiB
Diff
From 1cd94ed4750d5392cf3c09ed64d2c162a0833bdb Mon Sep 17 00:00:00 2001
|
|
From: Haiqing Bai <Haiqing.Bai@windriver.com>
|
|
Date: Fri, 18 Mar 2016 15:49:31 +0800
|
|
Subject: [PATCH 2/3] remove des in cipher.
|
|
|
|
Upstream-status: Pending
|
|
|
|
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
|
|
|
|
---
|
|
cipher.c | 18 ++++++++++++++++++
|
|
1 file changed, 18 insertions(+)
|
|
|
|
diff --git a/cipher.c b/cipher.c
|
|
index 02dae6f..63d3c29 100644
|
|
--- a/cipher.c
|
|
+++ b/cipher.c
|
|
@@ -53,8 +53,10 @@
|
|
|
|
#ifdef WITH_SSH1
|
|
extern const EVP_CIPHER *evp_ssh1_bf(void);
|
|
+#ifndef OPENSSL_NO_DES
|
|
extern const EVP_CIPHER *evp_ssh1_3des(void);
|
|
extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
|
|
+#endif /* OPENSSL_NO_DES */
|
|
#endif
|
|
|
|
struct sshcipher {
|
|
@@ -79,13 +81,17 @@ struct sshcipher {
|
|
|
|
static const struct sshcipher ciphers[] = {
|
|
#ifdef WITH_SSH1
|
|
+#ifndef OPENSSL_NO_DES
|
|
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
|
|
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
|
|
+#endif /* OPENSSL_NO_DES */
|
|
{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
|
|
#endif /* WITH_SSH1 */
|
|
#ifdef WITH_OPENSSL
|
|
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
|
|
+#ifndef OPENSSL_NO_DES
|
|
{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
|
|
+#endif /* OPENSSL_NO_DES */
|
|
{ "blowfish-cbc",
|
|
SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
|
|
{ "cast128-cbc",
|
|
@@ -163,8 +169,10 @@ cipher_keylen(const struct sshcipher *c)
|
|
u_int
|
|
cipher_seclen(const struct sshcipher *c)
|
|
{
|
|
+#ifndef OPENSSL_NO_DES
|
|
if (strcmp("3des-cbc", c->name) == 0)
|
|
return 14;
|
|
+#endif /* OPENSSL_NO_DES */
|
|
return cipher_keylen(c);
|
|
}
|
|
|
|
@@ -201,11 +209,13 @@ u_int
|
|
cipher_mask_ssh1(int client)
|
|
{
|
|
u_int mask = 0;
|
|
+#ifndef OPENSSL_NO_DES
|
|
mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
|
|
mask |= 1 << SSH_CIPHER_BLOWFISH;
|
|
if (client) {
|
|
mask |= 1 << SSH_CIPHER_DES;
|
|
}
|
|
+#endif /*OPENSSL_NO_DES*/
|
|
return mask;
|
|
}
|
|
|
|
@@ -546,7 +556,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
|
|
switch (c->number) {
|
|
#ifdef WITH_OPENSSL
|
|
case SSH_CIPHER_SSH2:
|
|
+#ifndef OPENSSL_NO_DES
|
|
case SSH_CIPHER_DES:
|
|
+#endif /* OPENSSL_NO_DES */
|
|
case SSH_CIPHER_BLOWFISH:
|
|
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
|
|
if (evplen == 0)
|
|
@@ -569,8 +581,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
|
|
break;
|
|
#endif
|
|
#ifdef WITH_SSH1
|
|
+#ifndef OPENSSL_NO_DES
|
|
case SSH_CIPHER_3DES:
|
|
return ssh1_3des_iv(&cc->evp, 0, iv, 24);
|
|
+#endif /* OPENSSL_NO_DES */
|
|
#endif
|
|
default:
|
|
return SSH_ERR_INVALID_ARGUMENT;
|
|
@@ -594,7 +608,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
|
|
switch (c->number) {
|
|
#ifdef WITH_OPENSSL
|
|
case SSH_CIPHER_SSH2:
|
|
+#ifndef OPENSSL_NO_DES
|
|
case SSH_CIPHER_DES:
|
|
+#endif /* OPENSSL_NO_DES */
|
|
case SSH_CIPHER_BLOWFISH:
|
|
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
|
|
if (evplen <= 0)
|
|
@@ -609,8 +625,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
|
|
break;
|
|
#endif
|
|
#ifdef WITH_SSH1
|
|
+#ifndef OPENSSL_NO_DES
|
|
case SSH_CIPHER_3DES:
|
|
return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24);
|
|
+#endif /* OPENSSL_NO_DES */
|
|
#endif
|
|
default:
|
|
return SSH_ERR_INVALID_ARGUMENT;
|
|
--
|
|
1.9.1
|
|
|