Date: Thu, 17 Jan 2013 01:51:04 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r245527 - in head: secure/lib/libssh secure/usr.bin/ssh secure/usr.sbin/sshd share/mk tools/build/options Message-ID: <201301170151.r0H1p42P045979@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Thu Jan 17 01:51:04 2013 New Revision: 245527 URL: http://svnweb.freebsd.org/changeset/base/245527 Log: Add a src.conf(5) option to allow users to compile in the "NONE cipher", which, only after authentication, disables crypto, and only for sessions without a terminal. Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days Added: head/tools/build/options/WITH_OPENSSH_NONE_CIPHER (contents, props changed) Modified: head/secure/lib/libssh/Makefile head/secure/usr.bin/ssh/Makefile head/secure/usr.sbin/sshd/Makefile head/share/mk/bsd.own.mk Modified: head/secure/lib/libssh/Makefile ============================================================================== --- head/secure/lib/libssh/Makefile Thu Jan 17 01:28:55 2013 (r245526) +++ head/secure/lib/libssh/Makefile Thu Jan 17 01:51:04 2013 (r245527) @@ -38,6 +38,10 @@ DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX5 LDADD+= -lgssapi -lkrb5 -lhx509 -lasn1 -lcom_err -lmd -lroken .endif +.if ${MK_OPENSSH_NONE_CIPHER} != "no" +CFLAGS+= -DNONE_CIPHER_ENABLED +.endif + NO_LINT= DPADD+= ${LIBCRYPTO} ${LIBCRYPT} Modified: head/secure/usr.bin/ssh/Makefile ============================================================================== --- head/secure/usr.bin/ssh/Makefile Thu Jan 17 01:28:55 2013 (r245526) +++ head/secure/usr.bin/ssh/Makefile Thu Jan 17 01:51:04 2013 (r245527) @@ -25,6 +25,10 @@ DPADD+= ${LIBGSSAPI} LDADD+= -lgssapi .endif +.if ${MK_OPENSSH_NONE_CIPHER} != "no" +CFLAGS+= -DNONE_CIPHER_ENABLED +.endif + DPADD+= ${LIBCRYPT} ${LIBCRYPTO} LDADD+= -lcrypt -lcrypto Modified: head/secure/usr.sbin/sshd/Makefile ============================================================================== --- head/secure/usr.sbin/sshd/Makefile Thu Jan 17 01:28:55 2013 (r245526) +++ head/secure/usr.sbin/sshd/Makefile Thu Jan 17 01:51:04 2013 (r245527) @@ -40,6 +40,10 @@ DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lasn1 .endif +.if ${MK_OPENSSH_NONE_CIPHER} != "no" +CFLAGS+= -DNONE_CIPHER_ENABLED +.endif + DPADD+= ${LIBCRYPTO} ${LIBCRYPT} LDADD+= -lcrypto -lcrypt Modified: head/share/mk/bsd.own.mk ============================================================================== --- head/share/mk/bsd.own.mk Thu Jan 17 01:28:55 2013 (r245526) +++ head/share/mk/bsd.own.mk Thu Jan 17 01:51:04 2013 (r245527) @@ -360,6 +360,7 @@ __DEFAULT_NO_OPTIONS = \ NMTREE \ NAND \ OFED \ + OPENSSH_NONE_CIPHER \ SHARED_TOOLCHAIN # Added: head/tools/build/options/WITH_OPENSSH_NONE_CIPHER ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tools/build/options/WITH_OPENSSH_NONE_CIPHER Thu Jan 17 01:51:04 2013 (r245527) @@ -0,0 +1,9 @@ +.\" $FreeBSD$ +Set to include the "None" cipher support in OpenSSH and its libraries. +Additional adjustments may need to be done to system configuration +files, such as +.Xr sshd_config 5 , +to enable this cipher. +Please see +.Pa /usr/src/crypto/openssh/README.hpn +for full details.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301170151.r0H1p42P045979>