From 27740c918fe5d78441bcf69e7d2eefb23ddeca4c Mon Sep 17 00:00:00 2001
From: Dengke Du <dengke.du@windriver.com>
Date: Thu, 19 Jan 2017 03:00:08 -0500
Subject: [PATCH 1/3] Remove des in cipher.

Upstream-Status: Pending

Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Dengke Du <dengke.du@windriver.com>
---
 cipher.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/cipher.c b/cipher.c
index 2def333..59f6792 100644
--- a/cipher.c
+++ b/cipher.c
@@ -53,8 +53,10 @@
 
 #ifdef WITH_SSH1
 extern const EVP_CIPHER *evp_ssh1_bf(void);
+#ifndef OPENSSL_NO_DES
 extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
+#endif /* OPENSSL_NO_DES */
 #endif
 
 struct sshcipher_ctx {
@@ -88,15 +90,19 @@ struct sshcipher {
 
 static const struct sshcipher ciphers[] = {
 #ifdef WITH_SSH1
+#ifndef OPENSSL_NO_DES
 	{ "des",	SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
 	{ "3des",	SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
+#endif /* OPENSSL_NO_DES */
 # ifndef OPENSSL_NO_BF
 	{ "blowfish",	SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
 # endif /* OPENSSL_NO_BF */
 #endif /* WITH_SSH1 */
 #ifdef WITH_OPENSSL
+#ifndef OPENSSL_NO_DES
 	{ "none",	SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
 	{ "3des-cbc",	SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
+#endif /* OPENSSL_NO_DES */
 # ifndef OPENSSL_NO_BF
 	{ "blowfish-cbc",
 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
@@ -180,8 +186,10 @@ cipher_keylen(const struct sshcipher *c)
 u_int
 cipher_seclen(const struct sshcipher *c)
 {
+#ifndef OPENSSL_NO_DES
 	if (strcmp("3des-cbc", c->name) == 0)
 		return 14;
+#endif /* OPENSSL_NO_DES */
 	return cipher_keylen(c);
 }
 
@@ -230,11 +238,13 @@ u_int
 cipher_mask_ssh1(int client)
 {
 	u_int mask = 0;
+#ifndef OPENSSL_NO_DES
 	mask |= 1 << SSH_CIPHER_3DES;		/* Mandatory */
 	mask |= 1 << SSH_CIPHER_BLOWFISH;
 	if (client) {
 		mask |= 1 << SSH_CIPHER_DES;
 	}
+#endif /*OPENSSL_NO_DES*/
 	return mask;
 }
 
@@ -606,7 +616,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
 	switch (c->number) {
 #ifdef WITH_OPENSSL
 	case SSH_CIPHER_SSH2:
+#ifndef OPENSSL_NO_DES
 	case SSH_CIPHER_DES:
+#endif /* OPENSSL_NO_DES */
 	case SSH_CIPHER_BLOWFISH:
 		evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
 		if (evplen == 0)
@@ -629,8 +641,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
 		break;
 #endif
 #ifdef WITH_SSH1
+#ifndef OPENSSL_NO_DES
 	case SSH_CIPHER_3DES:
 		return ssh1_3des_iv(cc->evp, 0, iv, 24);
+#endif /* OPENSSL_NO_DES */
 #endif
 	default:
 		return SSH_ERR_INVALID_ARGUMENT;
@@ -654,7 +668,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
 	switch (c->number) {
 #ifdef WITH_OPENSSL
 	case SSH_CIPHER_SSH2:
+#ifndef OPENSSL_NO_DES
 	case SSH_CIPHER_DES:
+#endif /* OPENSSL_NO_DES */
 	case SSH_CIPHER_BLOWFISH:
 		evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
 		if (evplen <= 0)
@@ -675,8 +691,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
 		break;
 #endif
 #ifdef WITH_SSH1
+#ifndef OPENSSL_NO_DES
 	case SSH_CIPHER_3DES:
 		return ssh1_3des_iv(cc->evp, 1, (u_char *)iv, 24);
+#endif /* OPENSSL_NO_DES */
 #endif
 	default:
 		return SSH_ERR_INVALID_ARGUMENT;
-- 
2.8.1