Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/external/bsd/openssh/dist re-enable the none cipher, ...



details:   https://anonhg.NetBSD.org/src/rev/7639d47fa957
branches:  trunk
changeset: 803286:7639d47fa957
user:      christos <christos%NetBSD.org@localhost>
date:      Mon Oct 20 18:14:37 2014 +0000

description:
re-enable the none cipher, now that it has been tested.

diffstat:

 crypto/external/bsd/openssh/dist/myproposal.h  |  17 ++++++++++-------
 crypto/external/bsd/openssh/dist/sshconnect2.c |   7 +++----
 2 files changed, 13 insertions(+), 11 deletions(-)

diffs (88 lines):

diff -r 863470d18546 -r 7639d47fa957 crypto/external/bsd/openssh/dist/myproposal.h
--- a/crypto/external/bsd/openssh/dist/myproposal.h     Mon Oct 20 17:46:33 2014 +0000
+++ b/crypto/external/bsd/openssh/dist/myproposal.h     Mon Oct 20 18:14:37 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: myproposal.h,v 1.8 2014/10/19 16:30:58 christos Exp $  */
+/*     $NetBSD: myproposal.h,v 1.9 2014/10/20 18:14:37 christos Exp $  */
 /* $OpenBSD: myproposal.h,v 1.41 2014/07/11 13:54:34 tedu Exp $ */
 
 /*
@@ -64,8 +64,6 @@
        "arcfour256,arcfour128," \
        "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
        "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc%lysator.liu.se@localhost"
-#define KEX_CLIENT_ENCRYPT_INCLUDE_NONE KEX_CLIENT_ENCRYPT \
-       ",none"
 
 #define        KEX_SERVER_MAC \
        "umac-64-etm%openssh.com@localhost," \
@@ -118,14 +116,19 @@
 
 #endif /* WITH_OPENSSL */
 
+#define KEX_CLIENT_ENCRYPT_INCLUDE_NONE KEX_CLIENT_ENCRYPT \
+       ",none"
+#define KEX_SERVER_ENCRYPT_INCLUDE_NONE KEX_SERVER_ENCRYPT \
+       ",none"
+
 #define        KEX_DEFAULT_COMP        "none,zlib%openssh.com@localhost,zlib"
 #define        KEX_DEFAULT_LANG        ""
 
 #define KEX_CLIENT \
        KEX_CLIENT_KEX, \
        KEX_DEFAULT_PK_ALG, \
-       KEX_CLIENT_ENCRYPT, \
-       KEX_CLIENT_ENCRYPT, \
+       KEX_CLIENT_ENCRYPT_INCLUDE_NONE, \
+       KEX_CLIENT_ENCRYPT_INCLUDE_NONE, \
        KEX_CLIENT_MAC, \
        KEX_CLIENT_MAC, \
        KEX_DEFAULT_COMP, \
@@ -136,8 +139,8 @@
 #define KEX_SERVER \
        KEX_SERVER_KEX, \
        KEX_DEFAULT_PK_ALG, \
-       KEX_SERVER_ENCRYPT, \
-       KEX_SERVER_ENCRYPT, \
+       KEX_SERVER_ENCRYPT_INCLUDE_NONE, \
+       KEX_SERVER_ENCRYPT_INCLUDE_NONE, \
        KEX_SERVER_MAC, \
        KEX_SERVER_MAC, \
        KEX_DEFAULT_COMP, \
diff -r 863470d18546 -r 7639d47fa957 crypto/external/bsd/openssh/dist/sshconnect2.c
--- a/crypto/external/bsd/openssh/dist/sshconnect2.c    Mon Oct 20 17:46:33 2014 +0000
+++ b/crypto/external/bsd/openssh/dist/sshconnect2.c    Mon Oct 20 18:14:37 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sshconnect2.c,v 1.17 2014/10/20 03:05:13 christos Exp $        */
+/*     $NetBSD: sshconnect2.c,v 1.18 2014/10/20 18:14:37 christos Exp $        */
 /* $OpenBSD: sshconnect2.c,v 1.210 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshconnect2.c,v 1.17 2014/10/20 03:05:13 christos Exp $");
+__RCSID("$NetBSD: sshconnect2.c,v 1.18 2014/10/20 18:14:37 christos Exp $");
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/wait.h>
@@ -435,9 +435,9 @@
        /* tty allocated */
        if ((options.none_switch == 1) && (options.none_enabled == 1)) 
        {
-#ifdef notyet
                if (!tty_flag) /* no null on tty sessions */
                {
+                       const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
                        debug("Requesting none rekeying...");
                        myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
                        myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
@@ -451,7 +451,6 @@
                        debug("Cannot switch to NONE cipher with tty allocated");
                        fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
                }
-#endif
        }
        debug("Authentication succeeded (%s).", authctxt.method->name);
 }



Home | Main Index | Thread Index | Old Index