svn commit: r291198 - in head: crypto/openssh crypto/openssh/openbsd-compat secure/lib/libssh secure/usr.bin/ssh secure/usr.sbin/sshd share/mk tools/build/options
Dag-Erling Smørgrav
des at FreeBSD.org
Mon Nov 23 12:48:17 UTC 2015
Author: des
Date: Mon Nov 23 12:48:13 2015
New Revision: 291198
URL: https://svnweb.freebsd.org/changeset/base/291198
Log:
Retire the NONE cipher option.
Deleted:
head/tools/build/options/WITH_OPENSSH_NONE_CIPHER
Modified:
head/crypto/openssh/README.hpn
head/crypto/openssh/cipher.c
head/crypto/openssh/kex.c
head/crypto/openssh/kex.h
head/crypto/openssh/myproposal.h
head/crypto/openssh/openbsd-compat/bsd-misc.h
head/crypto/openssh/packet.c
head/crypto/openssh/packet.h
head/crypto/openssh/pathnames.h
head/crypto/openssh/readconf.c
head/crypto/openssh/readconf.h
head/crypto/openssh/servconf.c
head/crypto/openssh/servconf.h
head/crypto/openssh/ssh.c
head/crypto/openssh/sshconnect2.c
head/crypto/openssh/sshd.c
head/secure/lib/libssh/Makefile
head/secure/usr.bin/ssh/Makefile
head/secure/usr.sbin/sshd/Makefile
head/share/mk/src.opts.mk
Modified: head/crypto/openssh/README.hpn
==============================================================================
--- head/crypto/openssh/README.hpn Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/README.hpn Mon Nov 23 12:48:13 2015 (r291198)
@@ -1,14 +1,5 @@
Notes:
-NONE CIPHER:
- To use the NONE option you must have the NoneEnabled switch set on the server
- and you MUST have *both* NoneEnabled and NoneSwitch set to yes on the client.
- The NONE feature works with ALL ssh subsystems (as far as we can tell)
- as long as there is no tty allocated.
- If a user uses the -T switch to prevent a tty being created the NONE cipher
- will be disabled.
-
-
PERFORMANCE:
The performance increase will only be as good as the network and TCP stack
tuning on the reciever side of the connection allows. As a rule of thumb a
@@ -93,22 +84,6 @@ HPN SPECIFIC CONFIGURATION OPTIONS:
the throughput will be no more than n/RTT. The minimum buffer size is 1KB.
Default is the current system wide TCP receive buffer size.
-- NoneEnabled=[yes/no] client/server
- Enable or disable the use of the None cipher. Care must always be used when
- enabling this as it will allow users to send data in the clear. However, it
- is important to note that authentication information remains encrypted even
- if this option is enabled. Set to no by default.
-
-- NoneSwitch=[yes/no] client
- Switch the encryption cipher being used to the None cipher after
- authentication takes place. NoneEnabled must be enabled on both the client
- and server side of the connection. When the connection switches to the NONE
- cipher a warning is sent to STDERR. The connection attempt will fail with an
- error if a client requests a NoneSwitch from the server that does not
- explicitly have NoneEnabled set to yes.
- Note: The NONE cipher cannot be used in interactive (shell) sessions and it
- will fail silently. Set to no by default.
-
CREDITS:
Modified: head/crypto/openssh/cipher.c
==============================================================================
--- head/crypto/openssh/cipher.c Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/cipher.c Mon Nov 23 12:48:13 2015 (r291198)
@@ -36,7 +36,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/types.h>
@@ -225,12 +224,7 @@ ciphers_valid(const char *names)
for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
(p = strsep(&cp, CIPHER_SEP))) {
c = cipher_by_name(p);
-#ifdef NONE_CIPHER_ENABLED
- if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
- c->number != SSH_CIPHER_NONE)) {
-#else
- if (c == NULL || (c->number != SSH_CIPHER_SSH2)) {
-#endif
+ if (c == NULL || c->number != SSH_CIPHER_SSH2) {
debug("bad cipher %s [%s]", p, names);
free(cipher_list);
return 0;
@@ -485,9 +479,6 @@ cipher_get_keyiv(CipherContext *cc, u_ch
}
switch (c->number) {
-#ifdef NONE_CIPHER_ENABLED
- case SSH_CIPHER_NONE:
-#endif
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
@@ -527,9 +518,6 @@ cipher_set_keyiv(CipherContext *cc, u_ch
return;
switch (c->number) {
-#ifdef NONE_CIPHER_ENABLED
- case SSH_CIPHER_NONE:
-#endif
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
Modified: head/crypto/openssh/kex.c
==============================================================================
--- head/crypto/openssh/kex.c Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/kex.c Mon Nov 23 12:48:13 2015 (r291198)
@@ -24,7 +24,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/param.h>
@@ -146,13 +145,8 @@ kex_names_valid(const char *names)
return 1;
}
-/* put algorithm proposal into buffer. */
-#ifndef NONE_CIPHER_ENABLED
+/* put algorithm proposal into buffer */
static void
-#else
-/* Also used in sshconnect2.c. */
-void
-#endif
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
{
u_int i;
@@ -466,9 +460,6 @@ kex_choose_conf(Kex *kex)
int nenc, nmac, ncomp;
u_int mode, ctos, need, dh_need, authlen;
int first_kex_follows, type;
-#ifdef NONE_CIPHER_ENABLED
- int auth_flag;
-#endif
my = kex_buf2prop(&kex->my, NULL);
peer = kex_buf2prop(&kex->peer, &first_kex_follows);
@@ -492,10 +483,6 @@ kex_choose_conf(Kex *kex)
}
/* Algorithm Negotiation */
-#ifdef NONE_CIPHER_ENABLED
- auth_flag = packet_get_authentication_state();
- debug ("AUTH STATE is %d", auth_flag);
-#endif
for (mode = 0; mode < MODE_MAX; mode++) {
newkeys = xcalloc(1, sizeof(*newkeys));
kex->newkeys[mode] = newkeys;
@@ -510,17 +497,6 @@ kex_choose_conf(Kex *kex)
if (authlen == 0)
choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]);
choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
-#ifdef NONE_CIPHER_ENABLED
- debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
- if (strcmp(newkeys->enc.name, "none") == 0) {
- debug("Requesting NONE. Authflag is %d", auth_flag);
- if (auth_flag == 1)
- debug("None requested post authentication.");
- else
- fatal("Pre-authentication none cipher requests "
- "are not allowed.");
- }
-#endif
debug("kex: %s %s %s %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
Modified: head/crypto/openssh/kex.h
==============================================================================
--- head/crypto/openssh/kex.h Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/kex.h Mon Nov 23 12:48:13 2015 (r291198)
@@ -1,5 +1,4 @@
/* $OpenBSD: kex.h,v 1.62 2014/01/27 18:58:14 markus Exp $ */
-/* $FreeBSD$ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -149,10 +148,6 @@ struct Kex {
int kex_names_valid(const char *);
char *kex_alg_list(char);
-#ifdef NONE_CIPHER_ENABLED
-void kex_prop2buf(Buffer *, char *[PROPOSAL_MAX]);
-#endif
-
Kex *kex_setup(char *[PROPOSAL_MAX]);
void kex_finish(Kex *);
Modified: head/crypto/openssh/myproposal.h
==============================================================================
--- head/crypto/openssh/myproposal.h Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/myproposal.h Mon Nov 23 12:48:13 2015 (r291198)
@@ -1,5 +1,4 @@
/* $OpenBSD: myproposal.h,v 1.35 2013/12/06 13:39:49 markus Exp $ */
-/* $FreeBSD$ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -110,10 +109,6 @@
"chacha20-poly1305 at openssh.com," \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se"
-#ifdef NONE_CIPHER_ENABLED
-#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
- ",none"
-#endif
#define KEX_DEFAULT_MAC \
"hmac-md5-etm at openssh.com," \
Modified: head/crypto/openssh/openbsd-compat/bsd-misc.h
==============================================================================
--- head/crypto/openssh/openbsd-compat/bsd-misc.h Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/openbsd-compat/bsd-misc.h Mon Nov 23 12:48:13 2015 (r291198)
@@ -20,7 +20,6 @@
#define _BSD_MISC_H
#include "includes.h"
-__RCSID("$FreeBSD$");
char *ssh_get_progname(char *);
Modified: head/crypto/openssh/packet.c
==============================================================================
--- head/crypto/openssh/packet.c Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/packet.c Mon Nov 23 12:48:13 2015 (r291198)
@@ -202,9 +202,6 @@ struct session_state {
};
static struct session_state *active_state, *backup_state;
-#ifdef NONE_CIPHER_ENABLED
-static int rekey_requested = 0;
-#endif
static struct session_state *
alloc_session_state(void)
@@ -1316,7 +1313,6 @@ packet_read_poll2(u_int32_t *seqnr_p)
buffer_ptr(&active_state->input), block_size, 0, 0) != 0)
fatal("Decryption integrity check failed");
cp = buffer_ptr(&active_state->incoming_packet);
-
active_state->packlen = get_u32(cp);
if (active_state->packlen < 1 + 4 ||
active_state->packlen > PACKET_MAX_SIZE) {
@@ -1943,26 +1939,12 @@ packet_send_ignore(int nbytes)
}
}
-#ifdef NONE_CIPHER_ENABLED
-void
-packet_request_rekeying(void)
-{
- rekey_requested = 1;
-}
-#endif
-
#define MAX_PACKETS (1U<<31)
int
packet_need_rekeying(void)
{
if (datafellows & SSH_BUG_NOREKEY)
return 0;
-#ifdef NONE_CIPHER_ENABLED
- if (rekey_requested == 1) {
- rekey_requested = 0;
- return 1;
- }
-#endif
return
(active_state->p_send.packets > MAX_PACKETS) ||
(active_state->p_read.packets > MAX_PACKETS) ||
@@ -2074,11 +2056,3 @@ packet_restore_state(void)
add_recv_bytes(len);
}
}
-
-#ifdef NONE_CIPHER_ENABLED
-int
-packet_get_authentication_state(void)
-{
- return (active_state->after_authentication);
-}
-#endif
Modified: head/crypto/openssh/packet.h
==============================================================================
--- head/crypto/openssh/packet.h Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/packet.h Mon Nov 23 12:48:13 2015 (r291198)
@@ -1,5 +1,4 @@
/* $OpenBSD: packet.h,v 1.59 2013/07/12 00:19:59 djm Exp $ */
-/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -39,9 +38,6 @@ void packet_set_interactive(int, int
int packet_is_interactive(void);
void packet_set_server(void);
void packet_set_authenticated(void);
-#ifdef NONE_CIPHER_ENABLED
-int packet_get_authentication_state(void);
-#endif
void packet_start(u_char);
void packet_put_char(int ch);
@@ -119,9 +115,6 @@ do { \
} while (0)
int packet_need_rekeying(void);
-#ifdef NONE_CIPHER_ENABLED
-void packet_request_rekeying(void);
-#endif
void packet_set_rekey_limits(u_int32_t, time_t);
time_t packet_get_rekey_timeout(void);
Modified: head/crypto/openssh/pathnames.h
==============================================================================
--- head/crypto/openssh/pathnames.h Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/pathnames.h Mon Nov 23 12:48:13 2015 (r291198)
@@ -1,5 +1,4 @@
/* $OpenBSD: pathnames.h,v 1.24 2013/12/06 13:39:49 markus Exp $ */
-/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -122,7 +121,7 @@
* Default location of askpass
*/
#ifndef _PATH_SSH_ASKPASS_DEFAULT
-#define _PATH_SSH_ASKPASS_DEFAULT "/usr/local/bin/ssh-askpass"
+#define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass"
#endif
/* Location of ssh-keysign for hostbased authentication */
@@ -137,7 +136,7 @@
/* xauth for X11 forwarding */
#ifndef _PATH_XAUTH
-#define _PATH_XAUTH "/usr/local/bin/xauth"
+#define _PATH_XAUTH "/usr/X11R6/bin/xauth"
#endif
/* UNIX domain socket for X11 server; displaynum will replace %u */
Modified: head/crypto/openssh/readconf.c
==============================================================================
--- head/crypto/openssh/readconf.c Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/readconf.c Mon Nov 23 12:48:13 2015 (r291198)
@@ -154,9 +154,6 @@ typedef enum {
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
oIgnoredUnknownOption,
oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
-#ifdef NONE_CIPHER_ENABLED
- oNoneEnabled, oNoneSwitch,
-#endif
oVersionAddendum, oDeprecated, oUnsupported
} OpCodes;
@@ -274,10 +271,6 @@ static struct {
{ "hpnbuffersize", oHPNBufferSize },
{ "tcprcvbufpoll", oTcpRcvBufPoll },
{ "tcprcvbuf", oTcpRcvBuf },
-#ifdef NONE_CIPHER_ENABLED
- { "noneenabled", oNoneEnabled },
- { "noneswitch", oNoneSwitch },
-#endif
{ "versionaddendum", oVersionAddendum },
{ NULL, oBadOption }
@@ -1375,31 +1368,6 @@ parse_int:
intptr = &options->tcp_rcv_buf;
goto parse_int;
-#ifdef NONE_CIPHER_ENABLED
- case oNoneEnabled:
- intptr = &options->none_enabled;
- goto parse_flag;
-
- /*
- * We check to see if the command comes from the command line or not.
- * If it does then enable it otherwise fail. NONE must never be a
- * default configuration.
- */
- case oNoneSwitch:
- if (strcmp(filename,"command-line") == 0) {
- intptr = &options->none_switch;
- goto parse_flag;
- } else {
- debug("NoneSwitch directive found in %.200s.",
- filename);
- error("NoneSwitch is found in %.200s.\n"
- "You may only use this configuration option "
- "from the command line", filename);
- error("Continuing...");
- return 0;
- }
-#endif
-
case oVersionAddendum:
if (s == NULL)
fatal("%.200s line %d: Missing argument.", filename,
@@ -1659,10 +1627,6 @@ initialize_options(Options * options)
options->hpn_buffer_size = -1;
options->tcp_rcv_buf_poll = -1;
options->tcp_rcv_buf = -1;
-#ifdef NONE_CIPHER_ENABLED
- options->none_enabled = -1;
- options->none_switch = -1;
-#endif
}
/*
@@ -1883,11 +1847,6 @@ fill_default_options(Options * options)
options->tcp_rcv_buf *= 1024;
if (options->tcp_rcv_buf_poll == -1)
options->tcp_rcv_buf_poll = 1;
-#ifdef NONE_CIPHER_ENABLED
- /* options->none_enabled must not be set by default */
- if (options->none_switch == -1)
- options->none_switch = 0;
-#endif
}
/*
Modified: head/crypto/openssh/readconf.h
==============================================================================
--- head/crypto/openssh/readconf.h Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/readconf.h Mon Nov 23 12:48:13 2015 (r291198)
@@ -1,5 +1,4 @@
/* $OpenBSD: readconf.h,v 1.101 2014/02/23 20:11:36 djm Exp $ */
-/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -165,10 +164,6 @@ typedef struct {
* transfer. */
int tcp_rcv_buf; /* User switch to set tcp recv buffer. */
-#ifdef NONE_CIPHER_ENABLED
- int none_enabled; /* Allow none to be used */
- int none_switch; /* Use none cipher */
-#endif
} Options;
#define SSH_CANONICALISE_NO 0
Modified: head/crypto/openssh/servconf.c
==============================================================================
--- head/crypto/openssh/servconf.c Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/servconf.c Mon Nov 23 12:48:13 2015 (r291198)
@@ -158,9 +158,6 @@ initialize_server_options(ServerOptions
options->hpn_disabled = -1;
options->hpn_buffer_size = -1;
options->tcp_rcv_buf_poll = -1;
-#ifdef NONE_CIPHER_ENABLED
- options->none_enabled = -1;
-#endif
}
void
@@ -389,9 +386,6 @@ typedef enum {
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent,
sHPNDisabled, sHPNBufferSize, sTcpRcvBufPoll,
-#ifdef NONE_CIPHER_ENABLED
- sNoneEnabled,
-#endif
sDeprecated, sUnsupported
} ServerOpCodes;
@@ -521,9 +515,6 @@ static struct {
{ "hpndisabled", sHPNDisabled, SSHCFG_ALL },
{ "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
{ "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
-#ifdef NONE_CIPHER_ENABLED
- { "noneenabled", sNoneEnabled, SSHCFG_ALL },
-#endif
{ NULL, sBadOption, 0 }
};
@@ -1682,12 +1673,6 @@ process_server_config_line(ServerOptions
intptr = &options->tcp_rcv_buf_poll;
goto parse_flag;
-#ifdef NONE_CIPHER_ENABLED
- case sNoneEnabled:
- intptr = &options->none_enabled;
- goto parse_flag;
-#endif
-
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
Modified: head/crypto/openssh/servconf.h
==============================================================================
--- head/crypto/openssh/servconf.h Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/servconf.h Mon Nov 23 12:48:13 2015 (r291198)
@@ -1,5 +1,4 @@
/* $OpenBSD: servconf.h,v 1.112 2014/01/29 06:18:35 djm Exp $ */
-/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -188,10 +187,6 @@ typedef struct {
* kernels. */
u_int num_auth_methods;
char *auth_methods[MAX_AUTH_METHODS];
-
-#ifdef NONE_CIPHER_ENABLED
- int none_enabled; /* Enable NONE cipher switch. */
-#endif
} ServerOptions;
/* Information about the incoming connection as used by Match */
Modified: head/crypto/openssh/ssh.c
==============================================================================
--- head/crypto/openssh/ssh.c Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/ssh.c Mon Nov 23 12:48:13 2015 (r291198)
@@ -782,15 +782,6 @@ main(int ac, char **av)
break;
case 'T':
options.request_tty = REQUEST_TTY_NO;
-#ifdef NONE_CIPHER_ENABLED
- /*
- * Ensure that the user does not try to backdoor a
- * NONE cipher switch on an interactive session by
- * explicitly disabling it if the user asks for a
- * session without a tty.
- */
- options.none_switch = 0;
-#endif
break;
case 'o':
line = xstrdup(optarg);
Modified: head/crypto/openssh/sshconnect2.c
==============================================================================
--- head/crypto/openssh/sshconnect2.c Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/sshconnect2.c Mon Nov 23 12:48:13 2015 (r291198)
@@ -25,7 +25,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/socket.h>
@@ -80,16 +79,6 @@ __RCSID("$FreeBSD$");
extern char *client_version_string;
extern char *server_version_string;
extern Options options;
-#ifdef NONE_CIPHER_ENABLED
-extern Kex *xxx_kex;
-
-/*
- * tty_flag is set in ssh.c so we can use it here. If set then prevent
- * the switch to the null cipher.
- */
-
-extern int tty_flag;
-#endif
/*
* SSH2 key exchange
@@ -422,29 +411,6 @@ ssh_userauth2(const char *local_user, co
pubkey_cleanup(&authctxt);
dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
-#ifdef NONE_CIPHER_ENABLED
- /*
- * If the user explicitly requests to use the none cipher enable it
- * post authentication and only if the right conditions are met: both
- * of the NONE switches must be true and there must be no tty allocated.
- */
- if (options.none_switch == 1 && options.none_enabled == 1) {
- if (!tty_flag) {
- debug("Requesting none cipher re-keying...");
- myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
- myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
- kex_prop2buf(&xxx_kex->my, myproposal);
- packet_request_rekeying();
- fprintf(stderr, "WARNING: enabled NONE cipher\n");
- } else {
- /* Requested NONE cipher on an interactive session. */
- debug("Cannot switch to NONE cipher with tty "
- "allocated");
- fprintf(stderr, "NONE cipher switch disabled given "
- "a TTY is allocated\n");
- }
- }
-#endif
debug("Authentication succeeded (%s).", authctxt.method->name);
}
Modified: head/crypto/openssh/sshd.c
==============================================================================
--- head/crypto/openssh/sshd.c Mon Nov 23 12:47:08 2015 (r291197)
+++ head/crypto/openssh/sshd.c Mon Nov 23 12:48:13 2015 (r291198)
@@ -2501,12 +2501,6 @@ do_ssh2_kex(void)
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
-#ifdef NONE_CIPHER_ENABLED
- } else if (options.none_enabled == 1) {
- debug ("WARNING: None cipher enabled");
- myproposal[PROPOSAL_ENC_ALGS_CTOS] =
- myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_ENCRYPT_INCLUDE_NONE;
-#endif
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
Modified: head/secure/lib/libssh/Makefile
==============================================================================
--- head/secure/lib/libssh/Makefile Mon Nov 23 12:47:08 2015 (r291197)
+++ head/secure/lib/libssh/Makefile Mon Nov 23 12:48:13 2015 (r291198)
@@ -43,10 +43,6 @@ CFLAGS+= -I${SSHDIR} -include ssh_namesp
CFLAGS+= -include krb5_config.h
.endif
-.if ${MK_OPENSSH_NONE_CIPHER} != "no"
-CFLAGS+= -DNONE_CIPHER_ENABLED
-.endif
-
NO_LINT=
LIBADD+= crypto crypt z
Modified: head/secure/usr.bin/ssh/Makefile
==============================================================================
--- head/secure/usr.bin/ssh/Makefile Mon Nov 23 12:47:08 2015 (r291197)
+++ head/secure/usr.bin/ssh/Makefile Mon Nov 23 12:48:13 2015 (r291198)
@@ -26,10 +26,6 @@ CFLAGS+= -include krb5_config.h
LIBADD+= gssapi
.endif
-.if ${MK_OPENSSH_NONE_CIPHER} != "no"
-CFLAGS+= -DNONE_CIPHER_ENABLED
-.endif
-
LIBADD+= crypto
.if defined(LOCALBASE)
Modified: head/secure/usr.sbin/sshd/Makefile
==============================================================================
--- head/secure/usr.sbin/sshd/Makefile Mon Nov 23 12:47:08 2015 (r291197)
+++ head/secure/usr.sbin/sshd/Makefile Mon Nov 23 12:48:13 2015 (r291198)
@@ -44,10 +44,6 @@ CFLAGS+= -include krb5_config.h
LIBADD+= gssapi_krb5 gssapi krb5
.endif
-.if ${MK_OPENSSH_NONE_CIPHER} != "no"
-CFLAGS+= -DNONE_CIPHER_ENABLED
-.endif
-
LIBADD+= crypto
.if defined(LOCALBASE)
Modified: head/share/mk/src.opts.mk
==============================================================================
--- head/share/mk/src.opts.mk Mon Nov 23 12:47:08 2015 (r291197)
+++ head/share/mk/src.opts.mk Mon Nov 23 12:48:13 2015 (r291198)
@@ -184,7 +184,6 @@ __DEFAULT_NO_OPTIONS = \
NAND \
OFED \
OPENLDAP \
- OPENSSH_NONE_CIPHER \
SHARED_TOOLCHAIN \
SORT_THREADS \
SVN
More information about the svn-src-head
mailing list