Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/033-without_cast128.patch
author Tomas Kuthan <tomas.kuthan@oracle.com>
Wed, 15 Jun 2016 02:07:50 -0700
changeset 6189 a95f9f39fc53
parent 5819 c5f05bd2a9bc
child 6930 31ef2580c45d
permissions -rw-r--r--
23577308 OpenSSH Makefile: -DWITHOUT_ED25519 left behind

#
# Removes cast128-cbc support.
#
# At this moment this algorithm is not listed in Approved Security
# Technologies: Standards Details at all. Eventually it will be added as
# deprecated.
#
# SunSSH did not support cast128-cbc. In this respect removing cast128-cbc from
# OpenSSH doesn't constitute a regression in functionality from SunSSH.
#
# Interoperability gain provided by cast128-cbc is negligible, because all
# relevant ssh implementations also provide several more common encryption
# algorithms (aes256-ctr, aes128-cbc, ...) on top of cast128-cbc.
#
# This is a Solaris specific patch and it is not likely to be accepted upstream.
#
diff -pur old/cipher.c new/cipher.c
--- old/cipher.c
+++ new/cipher.c
@@ -88,8 +88,10 @@ static const struct sshcipher ciphers[]
 	{ "3des-cbc",	SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
 	{ "blowfish-cbc",
 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
+#ifndef WITHOUT_CAST128
 	{ "cast128-cbc",
 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
+#endif
 	{ "arcfour",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
 	{ "arcfour128",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
 	{ "arcfour256",	SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
diff -pur old/ssh_config.5 new/ssh_config.5
--- old/ssh_config.5
+++ new/ssh_config.5
@@ -478,8 +478,6 @@ arcfour256
 .It
 blowfish-cbc
 .It
-cast128-cbc
-.It
 [email protected]
 .El
 .Pp
diff -pur old/sshd.8 new/sshd.8
--- old/sshd.8
+++ new/sshd.8
@@ -307,7 +307,7 @@ For protocol 2,
 forward security is provided through a Diffie-Hellman key agreement.
 This key agreement results in a shared session key.
 The rest of the session is encrypted using a symmetric cipher, currently
-128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
+128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES.
 The client selects the encryption algorithm
 to use from those offered by the server.
 Additionally, session integrity is provided
diff -pur old/sshd_config.5 new/sshd_config.5
--- old/sshd_config.5
+++ new/sshd_config.5
@@ -472,8 +472,6 @@ arcfour256
 .It
 blowfish-cbc
 .It
-cast128-cbc
-.It
 [email protected]
 .El
 .Pp
upstream/oracle/userland-gate