#

# Removes cast128-cbc support.

#

# At this moment this algorithm is not listed in Approved Security

# Technologies: Standards Details at all. Eventually it will be added as

# deprecated.

#

# SunSSH did not support cast128-cbc. In this respect removing cast128-cbc from

# OpenSSH doesn't constitute a regression in functionality from SunSSH.

#

# Interoperability gain provided by cast128-cbc is negligible, because all

# relevant ssh implementations also provide several more common encryption

# algorithms (aes256-ctr, aes128-cbc, ...) on top of cast128-cbc.

#

# This is a Solaris specific patch and it is not likely to be accepted upstream.

#

diff -pur old/cipher.c new/cipher.c

--- old/cipher.c

+++ new/cipher.c

@@ -88,8 +88,10 @@ static const struct sshcipher ciphers[]

 	{ "3des-cbc",	SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },

 	{ "blowfish-cbc",

 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },

+#ifndef WITHOUT_CAST128

 	{ "cast128-cbc",

 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },

+#endif

 	{ "arcfour",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },

 	{ "arcfour128",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },

 	{ "arcfour256",	SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },

diff -pur old/myproposal.h new/myproposal.h

--- old/myproposal.h

+++ new/myproposal.h

@@ -119,9 +119,16 @@

 	"aes128-ctr,aes192-ctr,aes256-ctr" \

 	AESGCM_CIPHER_MODES

+#ifdef WITHOUT_CAST128

+# define CAST128

+#else

+# define CAST128 "cast128-cbc"

+#endif

+

 #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \

 	"arcfour256,arcfour128," \

-	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \

+	"aes128-cbc,3des-cbc,blowfish-cbc," \

+	CAST128 \

 	"aes192-cbc,aes256-cbc,arcfour,[email protected]"

 #define KEX_SERVER_MAC \