mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-04 09:09:56 +00:00
Retire the NONE cipher option.
This commit is contained in:
parent
2e59a758fd
commit
1765946ba9
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=291198
@ -1,14 +1,5 @@
|
||||
Notes:
|
||||
|
||||
NONE CIPHER:
|
||||
To use the NONE option you must have the NoneEnabled switch set on the server
|
||||
and you MUST have *both* NoneEnabled and NoneSwitch set to yes on the client.
|
||||
The NONE feature works with ALL ssh subsystems (as far as we can tell)
|
||||
as long as there is no tty allocated.
|
||||
If a user uses the -T switch to prevent a tty being created the NONE cipher
|
||||
will be disabled.
|
||||
|
||||
|
||||
PERFORMANCE:
|
||||
The performance increase will only be as good as the network and TCP stack
|
||||
tuning on the reciever side of the connection allows. As a rule of thumb a
|
||||
@ -93,22 +84,6 @@ HPN SPECIFIC CONFIGURATION OPTIONS:
|
||||
the throughput will be no more than n/RTT. The minimum buffer size is 1KB.
|
||||
Default is the current system wide TCP receive buffer size.
|
||||
|
||||
- NoneEnabled=[yes/no] client/server
|
||||
Enable or disable the use of the None cipher. Care must always be used when
|
||||
enabling this as it will allow users to send data in the clear. However, it
|
||||
is important to note that authentication information remains encrypted even
|
||||
if this option is enabled. Set to no by default.
|
||||
|
||||
- NoneSwitch=[yes/no] client
|
||||
Switch the encryption cipher being used to the None cipher after
|
||||
authentication takes place. NoneEnabled must be enabled on both the client
|
||||
and server side of the connection. When the connection switches to the NONE
|
||||
cipher a warning is sent to STDERR. The connection attempt will fail with an
|
||||
error if a client requests a NoneSwitch from the server that does not
|
||||
explicitly have NoneEnabled set to yes.
|
||||
Note: The NONE cipher cannot be used in interactive (shell) sessions and it
|
||||
will fail silently. Set to no by default.
|
||||
|
||||
|
||||
CREDITS:
|
||||
|
||||
|
@ -36,7 +36,6 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
__RCSID("$FreeBSD$");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
@ -225,12 +224,7 @@ ciphers_valid(const char *names)
|
||||
for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
|
||||
(p = strsep(&cp, CIPHER_SEP))) {
|
||||
c = cipher_by_name(p);
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
|
||||
c->number != SSH_CIPHER_NONE)) {
|
||||
#else
|
||||
if (c == NULL || (c->number != SSH_CIPHER_SSH2)) {
|
||||
#endif
|
||||
if (c == NULL || c->number != SSH_CIPHER_SSH2) {
|
||||
debug("bad cipher %s [%s]", p, names);
|
||||
free(cipher_list);
|
||||
return 0;
|
||||
@ -485,9 +479,6 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
|
||||
}
|
||||
|
||||
switch (c->number) {
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
case SSH_CIPHER_NONE:
|
||||
#endif
|
||||
case SSH_CIPHER_SSH2:
|
||||
case SSH_CIPHER_DES:
|
||||
case SSH_CIPHER_BLOWFISH:
|
||||
@ -527,9 +518,6 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
|
||||
return;
|
||||
|
||||
switch (c->number) {
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
case SSH_CIPHER_NONE:
|
||||
#endif
|
||||
case SSH_CIPHER_SSH2:
|
||||
case SSH_CIPHER_DES:
|
||||
case SSH_CIPHER_BLOWFISH:
|
||||
|
@ -24,7 +24,6 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
__RCSID("$FreeBSD$");
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
@ -146,13 +145,8 @@ kex_names_valid(const char *names)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* put algorithm proposal into buffer. */
|
||||
#ifndef NONE_CIPHER_ENABLED
|
||||
/* put algorithm proposal into buffer */
|
||||
static void
|
||||
#else
|
||||
/* Also used in sshconnect2.c. */
|
||||
void
|
||||
#endif
|
||||
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
|
||||
{
|
||||
u_int i;
|
||||
@ -466,9 +460,6 @@ kex_choose_conf(Kex *kex)
|
||||
int nenc, nmac, ncomp;
|
||||
u_int mode, ctos, need, dh_need, authlen;
|
||||
int first_kex_follows, type;
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
int auth_flag;
|
||||
#endif
|
||||
|
||||
my = kex_buf2prop(&kex->my, NULL);
|
||||
peer = kex_buf2prop(&kex->peer, &first_kex_follows);
|
||||
@ -492,10 +483,6 @@ kex_choose_conf(Kex *kex)
|
||||
}
|
||||
|
||||
/* Algorithm Negotiation */
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
auth_flag = packet_get_authentication_state();
|
||||
debug ("AUTH STATE is %d", auth_flag);
|
||||
#endif
|
||||
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||
newkeys = xcalloc(1, sizeof(*newkeys));
|
||||
kex->newkeys[mode] = newkeys;
|
||||
@ -510,17 +497,6 @@ kex_choose_conf(Kex *kex)
|
||||
if (authlen == 0)
|
||||
choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]);
|
||||
choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
|
||||
if (strcmp(newkeys->enc.name, "none") == 0) {
|
||||
debug("Requesting NONE. Authflag is %d", auth_flag);
|
||||
if (auth_flag == 1)
|
||||
debug("None requested post authentication.");
|
||||
else
|
||||
fatal("Pre-authentication none cipher requests "
|
||||
"are not allowed.");
|
||||
}
|
||||
#endif
|
||||
debug("kex: %s %s %s %s",
|
||||
ctos ? "client->server" : "server->client",
|
||||
newkeys->enc.name,
|
||||
|
@ -1,5 +1,4 @@
|
||||
/* $OpenBSD: kex.h,v 1.62 2014/01/27 18:58:14 markus Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
@ -149,10 +148,6 @@ struct Kex {
|
||||
int kex_names_valid(const char *);
|
||||
char *kex_alg_list(char);
|
||||
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
void kex_prop2buf(Buffer *, char *[PROPOSAL_MAX]);
|
||||
#endif
|
||||
|
||||
Kex *kex_setup(char *[PROPOSAL_MAX]);
|
||||
void kex_finish(Kex *);
|
||||
|
||||
|
@ -1,5 +1,4 @@
|
||||
/* $OpenBSD: myproposal.h,v 1.35 2013/12/06 13:39:49 markus Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
@ -110,10 +109,6 @@
|
||||
"chacha20-poly1305@openssh.com," \
|
||||
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
|
||||
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
|
||||
",none"
|
||||
#endif
|
||||
|
||||
#define KEX_DEFAULT_MAC \
|
||||
"hmac-md5-etm@openssh.com," \
|
||||
|
@ -20,7 +20,6 @@
|
||||
#define _BSD_MISC_H
|
||||
|
||||
#include "includes.h"
|
||||
__RCSID("$FreeBSD$");
|
||||
|
||||
char *ssh_get_progname(char *);
|
||||
|
||||
|
@ -202,9 +202,6 @@ struct session_state {
|
||||
};
|
||||
|
||||
static struct session_state *active_state, *backup_state;
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
static int rekey_requested = 0;
|
||||
#endif
|
||||
|
||||
static struct session_state *
|
||||
alloc_session_state(void)
|
||||
@ -1316,7 +1313,6 @@ packet_read_poll2(u_int32_t *seqnr_p)
|
||||
buffer_ptr(&active_state->input), block_size, 0, 0) != 0)
|
||||
fatal("Decryption integrity check failed");
|
||||
cp = buffer_ptr(&active_state->incoming_packet);
|
||||
|
||||
active_state->packlen = get_u32(cp);
|
||||
if (active_state->packlen < 1 + 4 ||
|
||||
active_state->packlen > PACKET_MAX_SIZE) {
|
||||
@ -1943,26 +1939,12 @@ packet_send_ignore(int nbytes)
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
void
|
||||
packet_request_rekeying(void)
|
||||
{
|
||||
rekey_requested = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
#define MAX_PACKETS (1U<<31)
|
||||
int
|
||||
packet_need_rekeying(void)
|
||||
{
|
||||
if (datafellows & SSH_BUG_NOREKEY)
|
||||
return 0;
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
if (rekey_requested == 1) {
|
||||
rekey_requested = 0;
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
return
|
||||
(active_state->p_send.packets > MAX_PACKETS) ||
|
||||
(active_state->p_read.packets > MAX_PACKETS) ||
|
||||
@ -2074,11 +2056,3 @@ packet_restore_state(void)
|
||||
add_recv_bytes(len);
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
int
|
||||
packet_get_authentication_state(void)
|
||||
{
|
||||
return (active_state->after_authentication);
|
||||
}
|
||||
#endif
|
||||
|
@ -1,5 +1,4 @@
|
||||
/* $OpenBSD: packet.h,v 1.59 2013/07/12 00:19:59 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -39,9 +38,6 @@ void packet_set_interactive(int, int, int);
|
||||
int packet_is_interactive(void);
|
||||
void packet_set_server(void);
|
||||
void packet_set_authenticated(void);
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
int packet_get_authentication_state(void);
|
||||
#endif
|
||||
|
||||
void packet_start(u_char);
|
||||
void packet_put_char(int ch);
|
||||
@ -119,9 +115,6 @@ do { \
|
||||
} while (0)
|
||||
|
||||
int packet_need_rekeying(void);
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
void packet_request_rekeying(void);
|
||||
#endif
|
||||
void packet_set_rekey_limits(u_int32_t, time_t);
|
||||
time_t packet_get_rekey_timeout(void);
|
||||
|
||||
|
@ -1,5 +1,4 @@
|
||||
/* $OpenBSD: pathnames.h,v 1.24 2013/12/06 13:39:49 markus Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -122,7 +121,7 @@
|
||||
* Default location of askpass
|
||||
*/
|
||||
#ifndef _PATH_SSH_ASKPASS_DEFAULT
|
||||
#define _PATH_SSH_ASKPASS_DEFAULT "/usr/local/bin/ssh-askpass"
|
||||
#define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass"
|
||||
#endif
|
||||
|
||||
/* Location of ssh-keysign for hostbased authentication */
|
||||
@ -137,7 +136,7 @@
|
||||
|
||||
/* xauth for X11 forwarding */
|
||||
#ifndef _PATH_XAUTH
|
||||
#define _PATH_XAUTH "/usr/local/bin/xauth"
|
||||
#define _PATH_XAUTH "/usr/X11R6/bin/xauth"
|
||||
#endif
|
||||
|
||||
/* UNIX domain socket for X11 server; displaynum will replace %u */
|
||||
|
@ -154,9 +154,6 @@ typedef enum {
|
||||
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
|
||||
oIgnoredUnknownOption,
|
||||
oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
oNoneEnabled, oNoneSwitch,
|
||||
#endif
|
||||
oVersionAddendum, oDeprecated, oUnsupported
|
||||
} OpCodes;
|
||||
|
||||
@ -274,10 +271,6 @@ static struct {
|
||||
{ "hpnbuffersize", oHPNBufferSize },
|
||||
{ "tcprcvbufpoll", oTcpRcvBufPoll },
|
||||
{ "tcprcvbuf", oTcpRcvBuf },
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
{ "noneenabled", oNoneEnabled },
|
||||
{ "noneswitch", oNoneSwitch },
|
||||
#endif
|
||||
{ "versionaddendum", oVersionAddendum },
|
||||
|
||||
{ NULL, oBadOption }
|
||||
@ -1375,31 +1368,6 @@ process_config_line(Options *options, struct passwd *pw, const char *host,
|
||||
intptr = &options->tcp_rcv_buf;
|
||||
goto parse_int;
|
||||
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
case oNoneEnabled:
|
||||
intptr = &options->none_enabled;
|
||||
goto parse_flag;
|
||||
|
||||
/*
|
||||
* We check to see if the command comes from the command line or not.
|
||||
* If it does then enable it otherwise fail. NONE must never be a
|
||||
* default configuration.
|
||||
*/
|
||||
case oNoneSwitch:
|
||||
if (strcmp(filename,"command-line") == 0) {
|
||||
intptr = &options->none_switch;
|
||||
goto parse_flag;
|
||||
} else {
|
||||
debug("NoneSwitch directive found in %.200s.",
|
||||
filename);
|
||||
error("NoneSwitch is found in %.200s.\n"
|
||||
"You may only use this configuration option "
|
||||
"from the command line", filename);
|
||||
error("Continuing...");
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
case oVersionAddendum:
|
||||
if (s == NULL)
|
||||
fatal("%.200s line %d: Missing argument.", filename,
|
||||
@ -1659,10 +1627,6 @@ initialize_options(Options * options)
|
||||
options->hpn_buffer_size = -1;
|
||||
options->tcp_rcv_buf_poll = -1;
|
||||
options->tcp_rcv_buf = -1;
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
options->none_enabled = -1;
|
||||
options->none_switch = -1;
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1883,11 +1847,6 @@ fill_default_options(Options * options)
|
||||
options->tcp_rcv_buf *= 1024;
|
||||
if (options->tcp_rcv_buf_poll == -1)
|
||||
options->tcp_rcv_buf_poll = 1;
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
/* options->none_enabled must not be set by default */
|
||||
if (options->none_switch == -1)
|
||||
options->none_switch = 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1,5 +1,4 @@
|
||||
/* $OpenBSD: readconf.h,v 1.101 2014/02/23 20:11:36 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -165,10 +164,6 @@ typedef struct {
|
||||
* transfer. */
|
||||
int tcp_rcv_buf; /* User switch to set tcp recv buffer. */
|
||||
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
int none_enabled; /* Allow none to be used */
|
||||
int none_switch; /* Use none cipher */
|
||||
#endif
|
||||
} Options;
|
||||
|
||||
#define SSH_CANONICALISE_NO 0
|
||||
|
@ -158,9 +158,6 @@ initialize_server_options(ServerOptions *options)
|
||||
options->hpn_disabled = -1;
|
||||
options->hpn_buffer_size = -1;
|
||||
options->tcp_rcv_buf_poll = -1;
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
options->none_enabled = -1;
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
@ -389,9 +386,6 @@ typedef enum {
|
||||
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
|
||||
sAuthenticationMethods, sHostKeyAgent,
|
||||
sHPNDisabled, sHPNBufferSize, sTcpRcvBufPoll,
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
sNoneEnabled,
|
||||
#endif
|
||||
sDeprecated, sUnsupported
|
||||
} ServerOpCodes;
|
||||
|
||||
@ -521,9 +515,6 @@ static struct {
|
||||
{ "hpndisabled", sHPNDisabled, SSHCFG_ALL },
|
||||
{ "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
|
||||
{ "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
{ "noneenabled", sNoneEnabled, SSHCFG_ALL },
|
||||
#endif
|
||||
{ NULL, sBadOption, 0 }
|
||||
};
|
||||
|
||||
@ -1682,12 +1673,6 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
intptr = &options->tcp_rcv_buf_poll;
|
||||
goto parse_flag;
|
||||
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
case sNoneEnabled:
|
||||
intptr = &options->none_enabled;
|
||||
goto parse_flag;
|
||||
#endif
|
||||
|
||||
case sDeprecated:
|
||||
logit("%s line %d: Deprecated option %s",
|
||||
filename, linenum, arg);
|
||||
|
@ -1,5 +1,4 @@
|
||||
/* $OpenBSD: servconf.h,v 1.112 2014/01/29 06:18:35 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -188,10 +187,6 @@ typedef struct {
|
||||
* kernels. */
|
||||
u_int num_auth_methods;
|
||||
char *auth_methods[MAX_AUTH_METHODS];
|
||||
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
int none_enabled; /* Enable NONE cipher switch. */
|
||||
#endif
|
||||
} ServerOptions;
|
||||
|
||||
/* Information about the incoming connection as used by Match */
|
||||
|
@ -782,15 +782,6 @@ main(int ac, char **av)
|
||||
break;
|
||||
case 'T':
|
||||
options.request_tty = REQUEST_TTY_NO;
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
/*
|
||||
* Ensure that the user does not try to backdoor a
|
||||
* NONE cipher switch on an interactive session by
|
||||
* explicitly disabling it if the user asks for a
|
||||
* session without a tty.
|
||||
*/
|
||||
options.none_switch = 0;
|
||||
#endif
|
||||
break;
|
||||
case 'o':
|
||||
line = xstrdup(optarg);
|
||||
|
@ -25,7 +25,6 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
__RCSID("$FreeBSD$");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
@ -80,16 +79,6 @@ __RCSID("$FreeBSD$");
|
||||
extern char *client_version_string;
|
||||
extern char *server_version_string;
|
||||
extern Options options;
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
extern Kex *xxx_kex;
|
||||
|
||||
/*
|
||||
* tty_flag is set in ssh.c so we can use it here. If set then prevent
|
||||
* the switch to the null cipher.
|
||||
*/
|
||||
|
||||
extern int tty_flag;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* SSH2 key exchange
|
||||
@ -422,29 +411,6 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
|
||||
pubkey_cleanup(&authctxt);
|
||||
dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
|
||||
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
/*
|
||||
* If the user explicitly requests to use the none cipher enable it
|
||||
* post authentication and only if the right conditions are met: both
|
||||
* of the NONE switches must be true and there must be no tty allocated.
|
||||
*/
|
||||
if (options.none_switch == 1 && options.none_enabled == 1) {
|
||||
if (!tty_flag) {
|
||||
debug("Requesting none cipher re-keying...");
|
||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
|
||||
kex_prop2buf(&xxx_kex->my, myproposal);
|
||||
packet_request_rekeying();
|
||||
fprintf(stderr, "WARNING: enabled NONE cipher\n");
|
||||
} else {
|
||||
/* Requested NONE cipher on an interactive session. */
|
||||
debug("Cannot switch to NONE cipher with tty "
|
||||
"allocated");
|
||||
fprintf(stderr, "NONE cipher switch disabled given "
|
||||
"a TTY is allocated\n");
|
||||
}
|
||||
}
|
||||
#endif
|
||||
debug("Authentication succeeded (%s).", authctxt.method->name);
|
||||
}
|
||||
|
||||
|
@ -2501,12 +2501,6 @@ do_ssh2_kex(void)
|
||||
if (options.ciphers != NULL) {
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
} else if (options.none_enabled == 1) {
|
||||
debug ("WARNING: None cipher enabled");
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_ENCRYPT_INCLUDE_NONE;
|
||||
#endif
|
||||
}
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
|
||||
|
@ -43,10 +43,6 @@ CFLAGS+= -I${SSHDIR} -include ssh_namespace.h
|
||||
CFLAGS+= -include krb5_config.h
|
||||
.endif
|
||||
|
||||
.if ${MK_OPENSSH_NONE_CIPHER} != "no"
|
||||
CFLAGS+= -DNONE_CIPHER_ENABLED
|
||||
.endif
|
||||
|
||||
NO_LINT=
|
||||
|
||||
LIBADD+= crypto crypt z
|
||||
|
@ -26,10 +26,6 @@ CFLAGS+= -include krb5_config.h
|
||||
LIBADD+= gssapi
|
||||
.endif
|
||||
|
||||
.if ${MK_OPENSSH_NONE_CIPHER} != "no"
|
||||
CFLAGS+= -DNONE_CIPHER_ENABLED
|
||||
.endif
|
||||
|
||||
LIBADD+= crypto
|
||||
|
||||
.if defined(LOCALBASE)
|
||||
|
@ -44,10 +44,6 @@ CFLAGS+= -include krb5_config.h
|
||||
LIBADD+= gssapi_krb5 gssapi krb5
|
||||
.endif
|
||||
|
||||
.if ${MK_OPENSSH_NONE_CIPHER} != "no"
|
||||
CFLAGS+= -DNONE_CIPHER_ENABLED
|
||||
.endif
|
||||
|
||||
LIBADD+= crypto
|
||||
|
||||
.if defined(LOCALBASE)
|
||||
|
@ -184,7 +184,6 @@ __DEFAULT_NO_OPTIONS = \
|
||||
NAND \
|
||||
OFED \
|
||||
OPENLDAP \
|
||||
OPENSSH_NONE_CIPHER \
|
||||
SHARED_TOOLCHAIN \
|
||||
SORT_THREADS \
|
||||
SVN
|
||||
|
@ -1,9 +0,0 @@
|
||||
.\" $FreeBSD$
|
||||
Set to include the "None" cipher support in OpenSSH and its libraries.
|
||||
Additional adjustments may need to be done to system configuration
|
||||
files, such as
|
||||
.Xr sshd_config 5 ,
|
||||
to enable this cipher.
|
||||
Please see
|
||||
.Pa /usr/src/crypto/openssh/README.hpn
|
||||
for full details.
|
Loading…
Reference in New Issue
Block a user