Tobias Ulmer
2015-Dec-14 00:44 UTC
Fix compilation if OpenSSL was configured with "no-rc4"
Fix compilation if OpenSSL was configured with "no-rc4" option.
diff --git a/cipher.c b/cipher.c
index 13847e5..00db675 100644
--- a/cipher.c
+++ b/cipher.c
@@ -90,9 +90,11 @@ static const struct sshcipher ciphers[] = {
SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
{ "cast128-cbc",
SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
+#ifndef OPENSSL_NO_RC4
{ "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
{ "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
{ "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
+#endif
{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc
},
{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc
},
{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc
},
@@ -617,7 +619,7 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
return 0;
}
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
#define EVP_X_STATE(evp) (evp).cipher_data
#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size
#endif
@@ -625,7 +627,7 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
int
cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat)
{
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
const struct sshcipher *c = cc->cipher;
int plen = 0;
@@ -644,7 +646,7 @@ cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char
*dat)
void
cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat)
{
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
const struct sshcipher *c = cc->cipher;
int plen;
Darren Tucker
2015-Dec-14 23:11 UTC
Fix compilation if OpenSSL was configured with "no-rc4"
On Mon, Dec 14, 2015 at 11:44 AM, Tobias Ulmer <tobiasu at tmux.org> wrote:> Fix compilation if OpenSSL was configured with "no-rc4" option.Thanks. Unfortunately, while this will fix the compile errors it introduces a runtime failure: the server and client will still offer the rc4 algorithms in their proposals but will die if the other end selects them. We're working on fixing this (for rc4 and a couple of other ciphers) over at https://bugzilla.mindrot.org/show_bug.cgi?id=2466 -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.