diff options
| author | bz <bz@FreeBSD.org> | 2013-01-17 01:51:04 +0000 |
|---|---|---|
| committer | bz <bz@FreeBSD.org> | 2013-01-17 01:51:04 +0000 |
| commit | a3df209122b2ceae76b630efea1a4d277793a540 (patch) | |
| tree | 1e12c3df6c2fb0d5dd44d02fe0f3894e6b28d882 | |
| parent | c68369b5438c9258d7f356fa9ab19aa5e3bda079 (diff) | |
| download | FreeBSD-src-a3df209122b2ceae76b630efea1a4d277793a540.zip FreeBSD-src-a3df209122b2ceae76b630efea1a4d277793a540.tar.gz | |
Add a src.conf(5) option to allow users to compile in the "NONE cipher",
which, only after authentication, disables crypto, and only for sessions
without a terminal.
Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com)
PR: bin/163095
MFC after: 10 days
| -rw-r--r-- | secure/lib/libssh/Makefile | 4 | ||||
| -rw-r--r-- | secure/usr.bin/ssh/Makefile | 4 | ||||
| -rw-r--r-- | secure/usr.sbin/sshd/Makefile | 4 | ||||
| -rw-r--r-- | share/mk/bsd.own.mk | 1 | ||||
| -rw-r--r-- | tools/build/options/WITH_OPENSSH_NONE_CIPHER | 9 |
5 files changed, 22 insertions, 0 deletions
diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index 7224823..937fa24 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -38,6 +38,10 @@ DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBCOM_ERR} ${LIBMD} ${ LDADD+= -lgssapi -lkrb5 -lhx509 -lasn1 -lcom_err -lmd -lroken .endif +.if ${MK_OPENSSH_NONE_CIPHER} != "no" +CFLAGS+= -DNONE_CIPHER_ENABLED +.endif + NO_LINT= DPADD+= ${LIBCRYPTO} ${LIBCRYPT} diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile index 9304fd5..0bee10c 100644 --- a/secure/usr.bin/ssh/Makefile +++ b/secure/usr.bin/ssh/Makefile @@ -25,6 +25,10 @@ DPADD+= ${LIBGSSAPI} LDADD+= -lgssapi .endif +.if ${MK_OPENSSH_NONE_CIPHER} != "no" +CFLAGS+= -DNONE_CIPHER_ENABLED +.endif + DPADD+= ${LIBCRYPT} ${LIBCRYPTO} LDADD+= -lcrypt -lcrypto diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index cc914c4..3fb0708 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -40,6 +40,10 @@ DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1} LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lasn1 .endif +.if ${MK_OPENSSH_NONE_CIPHER} != "no" +CFLAGS+= -DNONE_CIPHER_ENABLED +.endif + DPADD+= ${LIBCRYPTO} ${LIBCRYPT} LDADD+= -lcrypto -lcrypt diff --git a/share/mk/bsd.own.mk b/share/mk/bsd.own.mk index 24a0f92..174e0a7 100644 --- a/share/mk/bsd.own.mk +++ b/share/mk/bsd.own.mk @@ -360,6 +360,7 @@ __DEFAULT_NO_OPTIONS = \ NMTREE \ NAND \ OFED \ + OPENSSH_NONE_CIPHER \ SHARED_TOOLCHAIN # diff --git a/tools/build/options/WITH_OPENSSH_NONE_CIPHER b/tools/build/options/WITH_OPENSSH_NONE_CIPHER new file mode 100644 index 0000000..8d44cc0 --- /dev/null +++ b/tools/build/options/WITH_OPENSSH_NONE_CIPHER @@ -0,0 +1,9 @@ +.\" $FreeBSD$ +Set to include the "None" cipher support in OpenSSH and its libraries. +Additional adjustments may need to be done to system configuration +files, such as +.Xr sshd_config 5 , +to enable this cipher. +Please see +.Pa /usr/src/crypto/openssh/README.hpn +for full details. |
