#
# Removes cast128-cbc support.
#
# At this moment this algorithm is not listed in Approved Security
# Technologies: Standards Details at all. Eventually it will be added as
# deprecated.
#
# SunSSH did not support cast128-cbc. In this respect removing cast128-cbc from
# OpenSSH doesn't constitute a regression in functionality from SunSSH.
#
# Interoperability gain provided by cast128-cbc is negligible, because all
# relevant ssh implementations also provide several more common encryption
# algorithms (aes256-ctr, aes128-cbc, ...) on top of cast128-cbc.
#
# This is a Solaris specific patch and it is not likely to be accepted upstream.
#
diff -pur old/cipher.c new/cipher.c
--- old/cipher.c
+++ new/cipher.c
@@ -88,8 +88,10 @@ static const struct sshcipher ciphers[]
 	{ "3des-cbc",	SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
 	{ "blowfish-cbc",
 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
+#ifndef WITHOUT_CAST128
 	{ "cast128-cbc",
 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
+#endif
 	{ "arcfour",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
 	{ "arcfour128",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
 	{ "arcfour256",	SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
diff -pur old/myproposal.h new/myproposal.h
--- old/myproposal.h
+++ new/myproposal.h
@@ -119,9 +119,16 @@
 	"aes128-ctr,aes192-ctr,aes256-ctr" \
 	AESGCM_CIPHER_MODES
 
+#ifdef WITHOUT_CAST128
+# define CAST128
+#else
+# define CAST128 "cast128-cbc"
+#endif
+
 #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
 	"arcfour256,arcfour128," \
-	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
+	"aes128-cbc,3des-cbc,blowfish-cbc," \
+	CAST128 \
 	"aes192-cbc,aes256-cbc,arcfour,[email protected]"
 
 #define KEX_SERVER_MAC \
diff -pur old/ssh.1 new/ssh.1
--- old/ssh.1
+++ new/ssh.1
@@ -788,7 +788,7 @@ options (see above).
 Both protocols support similar authentication methods,
 but protocol 2 is the default since
 it provides additional mechanisms for confidentiality
-(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
+(the traffic is encrypted using AES, 3DES, Blowfish, or Arcfour)
 and integrity (hmac-md5, hmac-sha1,
 hmac-sha2-256, hmac-sha2-512,
 umac-64, umac-128, hmac-ripemd160).
diff -pur old/ssh_config.5 new/ssh_config.5
--- old/ssh_config.5
+++ new/ssh_config.5
@@ -408,8 +408,6 @@ arcfour256
 .It
 blowfish-cbc
 .It
-cast128-cbc
-.It
 [email protected]
 .El
 .Pp
@@ -419,7 +417,7 @@ [email protected],
 aes128-ctr,aes192-ctr,aes256-ctr,
 [email protected],[email protected],
 arcfour256,arcfour128,
-aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
+aes128-cbc,3des-cbc,blowfish-cbc,
 aes192-cbc,aes256-cbc,arcfour
 .Ed
 .Pp
diff -pur old/sshd.8 new/sshd.8
--- old/sshd.8
+++ new/sshd.8
@@ -307,7 +307,7 @@ For protocol 2,
 forward security is provided through a Diffie-Hellman key agreement.
 This key agreement results in a shared session key.
 The rest of the session is encrypted using a symmetric cipher, currently
-128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
+128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES.
 The client selects the encryption algorithm
 to use from those offered by the server.
 Additionally, session integrity is provided
diff -pur old/sshd_config.5 new/sshd_config.5
--- old/sshd_config.5
+++ new/sshd_config.5
@@ -469,8 +469,6 @@ arcfour256
 .It
 blowfish-cbc
 .It
-cast128-cbc
-.It
 [email protected]
 .El
 .Pp