Add a src.conf(5) option to allow users to compile in the "NONE cipher",

which, only after authentication, disables crypto, and only for sessions
without a terminal.

Submitted by:	Jeremy Chadwick (freebsd jdc.parodius.com)
PR:		bin/163095
MFC after:	10 days
This commit is contained in:
Bjoern A. Zeeb 2013-01-17 01:51:04 +00:00
parent 4f22608e54
commit e6a64a84ea
5 changed files with 22 additions and 0 deletions

View File

@ -38,6 +38,10 @@ DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBCOM_ERR} ${LIBMD} ${
LDADD+= -lgssapi -lkrb5 -lhx509 -lasn1 -lcom_err -lmd -lroken
.endif
.if ${MK_OPENSSH_NONE_CIPHER} != "no"
CFLAGS+= -DNONE_CIPHER_ENABLED
.endif
NO_LINT=
DPADD+= ${LIBCRYPTO} ${LIBCRYPT}

View File

@ -25,6 +25,10 @@ DPADD+= ${LIBGSSAPI}
LDADD+= -lgssapi
.endif
.if ${MK_OPENSSH_NONE_CIPHER} != "no"
CFLAGS+= -DNONE_CIPHER_ENABLED
.endif
DPADD+= ${LIBCRYPT} ${LIBCRYPTO}
LDADD+= -lcrypt -lcrypto

View File

@ -40,6 +40,10 @@ DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1}
LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lasn1
.endif
.if ${MK_OPENSSH_NONE_CIPHER} != "no"
CFLAGS+= -DNONE_CIPHER_ENABLED
.endif
DPADD+= ${LIBCRYPTO} ${LIBCRYPT}
LDADD+= -lcrypto -lcrypt

View File

@ -360,6 +360,7 @@ __DEFAULT_NO_OPTIONS = \
NMTREE \
NAND \
OFED \
OPENSSH_NONE_CIPHER \
SHARED_TOOLCHAIN
#

View File

@ -0,0 +1,9 @@
.\" $FreeBSD$
Set to include the "None" cipher support in OpenSSH and its libraries.
Additional adjustments may need to be done to system configuration
files, such as
.Xr sshd_config 5 ,
to enable this cipher.
Please see
.Pa /usr/src/crypto/openssh/README.hpn
for full details.