svn commit: r245527 - in head: secure/lib/libssh secure/usr.bin/ssh secure/usr.sbin/sshd share/mk tools/build/options

Bjoern A. Zeeb bz at FreeBSD.org
Thu Jan 17 01:51:05 UTC 2013 

Author: bz
Date: Thu Jan 17 01:51:04 2013
New Revision: 245527
URL: http://svnweb.freebsd.org/changeset/base/245527

Log:
  Add a src.conf(5) option to allow users to compile in the "NONE cipher",
  which, only after authentication, disables crypto, and only for sessions
  without a terminal.
  
  Submitted by:	Jeremy Chadwick (freebsd jdc.parodius.com)
  PR:		bin/163095
  MFC after:	10 days

Added:
  head/tools/build/options/WITH_OPENSSH_NONE_CIPHER   (contents, props changed)
Modified:
  head/secure/lib/libssh/Makefile
  head/secure/usr.bin/ssh/Makefile
  head/secure/usr.sbin/sshd/Makefile
  head/share/mk/bsd.own.mk

Modified: head/secure/lib/libssh/Makefile
==============================================================================
--- head/secure/lib/libssh/Makefile	Thu Jan 17 01:28:55 2013	(r245526)
+++ head/secure/lib/libssh/Makefile	Thu Jan 17 01:51:04 2013	(r245527)
@@ -38,6 +38,10 @@ DPADD+=	${LIBGSSAPI} ${LIBKRB5} ${LIBHX5
 LDADD+=	-lgssapi -lkrb5 -lhx509 -lasn1 -lcom_err -lmd -lroken
 .endif
 
+.if ${MK_OPENSSH_NONE_CIPHER} != "no"
+CFLAGS+= -DNONE_CIPHER_ENABLED
+.endif
+
 NO_LINT=
 
 DPADD+=	${LIBCRYPTO} ${LIBCRYPT}

Modified: head/secure/usr.bin/ssh/Makefile
==============================================================================
--- head/secure/usr.bin/ssh/Makefile	Thu Jan 17 01:28:55 2013	(r245526)
+++ head/secure/usr.bin/ssh/Makefile	Thu Jan 17 01:51:04 2013	(r245527)
@@ -25,6 +25,10 @@ DPADD+=	 ${LIBGSSAPI}
 LDADD+=	 -lgssapi
 .endif
 
+.if ${MK_OPENSSH_NONE_CIPHER} != "no"
+CFLAGS+= -DNONE_CIPHER_ENABLED
+.endif
+
 DPADD+=	${LIBCRYPT} ${LIBCRYPTO}
 LDADD+=	-lcrypt -lcrypto
 

Modified: head/secure/usr.sbin/sshd/Makefile
==============================================================================
--- head/secure/usr.sbin/sshd/Makefile	Thu Jan 17 01:28:55 2013	(r245526)
+++ head/secure/usr.sbin/sshd/Makefile	Thu Jan 17 01:51:04 2013	(r245527)
@@ -40,6 +40,10 @@ DPADD+=	 ${LIBGSSAPI_KRB5} ${LIBGSSAPI} 
 LDADD+=	 -lgssapi_krb5 -lgssapi -lkrb5 -lasn1
 .endif
 
+.if ${MK_OPENSSH_NONE_CIPHER} != "no"
+CFLAGS+= -DNONE_CIPHER_ENABLED
+.endif
+
 DPADD+=	${LIBCRYPTO} ${LIBCRYPT}
 LDADD+=	-lcrypto -lcrypt
 

Modified: head/share/mk/bsd.own.mk
==============================================================================
--- head/share/mk/bsd.own.mk	Thu Jan 17 01:28:55 2013	(r245526)
+++ head/share/mk/bsd.own.mk	Thu Jan 17 01:51:04 2013	(r245527)
@@ -360,6 +360,7 @@ __DEFAULT_NO_OPTIONS = \
     NMTREE \
     NAND \
     OFED \
+    OPENSSH_NONE_CIPHER \
     SHARED_TOOLCHAIN
 
 #

Added: head/tools/build/options/WITH_OPENSSH_NONE_CIPHER
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tools/build/options/WITH_OPENSSH_NONE_CIPHER	Thu Jan 17 01:51:04 2013	(r245527)
@@ -0,0 +1,9 @@
+.\" $FreeBSD$
+Set to include the "None" cipher support in OpenSSH and its libraries.
+Additional adjustments may need to be done to system configuration
+files, such as
+.Xr sshd_config 5 ,
+to enable this cipher.
+Please see
+.Pa /usr/src/crypto/openssh/README.hpn
+for full details.

More information about the svn-src-head mailing list