Hongxu Jia
2018-Apr-18 07:35 UTC
[PATCH] configure.ac/cipher.c: Check for OpenSSL with EVP_des_ede3_cbc
While compiling openssl with option `no-des', it caused the openssh build failure ... cipher.c:85:41: error: 'EVP_des_ede3_cbc' undeclared here (not in a function); ... Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com> --- cipher.c | 2 ++ configure.ac | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/cipher.c b/cipher.c index c3cd5dc..41dacfb 100644 --- a/cipher.c +++ b/cipher.c @@ -82,7 +82,9 @@ struct sshcipher { static const struct sshcipher ciphers[] = { #ifdef WITH_OPENSSL +#ifdef OPENSSL_HAVE_DES { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, +#endif { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc }, { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc }, { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc }, diff --git a/configure.ac b/configure.ac index 889f506..6c664ad 100644 --- a/configure.ac +++ b/configure.ac @@ -2672,6 +2672,26 @@ if test "x$openssl" = "xyes" ; then ] ) + # Check for OpenSSL with EVP_des_ede3_cbc + AC_MSG_CHECKING([whether OpenSSL has DES support]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ + #include <string.h> + #include <openssl/evp.h> + ]], [[ + exit(EVP_des_ede3_cbc() == NULL); + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([OPENSSL_HAVE_DES], [1], + [libcrypto has DES support]) + ], + [ + AC_MSG_RESULT([no]) + ] + ) + + # Check for OpenSSL with EVP_aes_*ctr AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) AC_LINK_IFELSE( -- 2.7.4
Darren Tucker
2018-Apr-18 12:00 UTC
[PATCH] configure.ac/cipher.c: Check for OpenSSL with EVP_des_ede3_cbc
On 18 April 2018 at 17:35, Hongxu Jia <hongxu.jia at windriver.com> wrote:> While compiling openssl with option `no-des', it caused the openssh > build failureOpenSSL configured that way defines OPENSSL_NO_DES (which is kind of backward, but that's how OpenSSL does it, and how OpenSSH already handles OPENSSL_NO_RC4). 3des-cbc is the only cipher that is required by RFC4253, but on the other hand building without OpenSSL will already omit it. @djm? -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
While compiling openssl with option `no-des', it caused the openssh build failure ... cipher.c:85:41: error: 'EVP_des_ede3_cbc' undeclared here (not in a function); ... OpenSSL configured that way defines OPENSSL_NO_DES to disable des Suggested by dtucker@ Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com> --- cipher.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cipher.c b/cipher.c index c3cd5dc..86558e1 100644 --- a/cipher.c +++ b/cipher.c @@ -82,7 +82,9 @@ struct sshcipher { static const struct sshcipher ciphers[] = { #ifdef WITH_OPENSSL +#ifndef OPENSSL_NO_DES { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, +#endif { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc }, { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc }, { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc }, -- 2.7.4
Damien Miller
2018-Apr-18 23:05 UTC
[PATCH] configure.ac/cipher.c: Check for OpenSSL with EVP_des_ede3_cbc
On Wed, 18 Apr 2018, Darren Tucker wrote:> On 18 April 2018 at 17:35, Hongxu Jia <hongxu.jia at windriver.com> wrote: > > While compiling openssl with option `no-des', it caused the openssh > > build failure > > OpenSSL configured that way defines OPENSSL_NO_DES (which is kind of > backward, but that's how OpenSSL does it, and how OpenSSH already > handles OPENSSL_NO_RC4). > > 3des-cbc is the only cipher that is required by RFC4253, but on the > other hand building without OpenSSL will already omit it. @djm?I have no objection to our handling OPENSSL_NO_DES and ommitting 3des-cbc. It's pretty easy to do since it doesn't appear in any default cipher lists any more... -d