summaryrefslogtreecommitdiff
path: root/cipher.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2016-07-15 14:45:34 +1000
committerDamien Miller <djm@mindrot.org>2016-07-15 14:45:34 +1000
commit832b7443b7a8e181c95898bc5d73497b7190decd (patch)
tree98a1398fb2576aae9b76ce2acca6de167f927df4 /cipher.c
parent5fbe93fc6fbb2fe211e035703dec759d095e3dd8 (diff)
disable ciphers not supported by OpenSSL
bz#2466 ok dtucker@
Diffstat (limited to 'cipher.c')
-rw-r--r--cipher.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/cipher.c b/cipher.c
index 13847e5bd..031bda9ec 100644
--- a/cipher.c
+++ b/cipher.c
@@ -81,18 +81,26 @@ static const struct sshcipher ciphers[] = {
81#ifdef WITH_SSH1 81#ifdef WITH_SSH1
82 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, 82 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
83 { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, 83 { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
84# ifndef OPENSSL_NO_BF
84 { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, 85 { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
86# endif /* OPENSSL_NO_BF */
85#endif /* WITH_SSH1 */ 87#endif /* WITH_SSH1 */
86#ifdef WITH_OPENSSL 88#ifdef WITH_OPENSSL
87 { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, 89 { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
88 { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, 90 { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
91# ifndef OPENSSL_NO_BF
89 { "blowfish-cbc", 92 { "blowfish-cbc",
90 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, 93 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
94# endif /* OPENSSL_NO_BF */
95# ifndef OPENSSL_NO_CAST
91 { "cast128-cbc", 96 { "cast128-cbc",
92 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, 97 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
98# endif /* OPENSSL_NO_CAST */
99# ifndef OPENSSL_NO_RC4
93 { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 }, 100 { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
94 { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 }, 101 { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
95 { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 }, 102 { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
103# endif /* OPENSSL_NO_RC4 */
96 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc }, 104 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc },
97 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc }, 105 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc },
98 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, 106 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
@@ -625,7 +633,7 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
625int 633int
626cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat) 634cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat)
627{ 635{
628#ifdef WITH_OPENSSL 636#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
629 const struct sshcipher *c = cc->cipher; 637 const struct sshcipher *c = cc->cipher;
630 int plen = 0; 638 int plen = 0;
631 639
@@ -644,7 +652,7 @@ cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat)
644void 652void
645cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat) 653cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat)
646{ 654{
647#ifdef WITH_OPENSSL 655#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
648 const struct sshcipher *c = cc->cipher; 656 const struct sshcipher *c = cc->cipher;
649 int plen; 657 int plen;
650 658
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 15:44:34 +0000