From: Max Kellermann <[email protected]> Without OpenSSL, OpenSSH can still do ed25519, which is enough for many users; and it saves a rather heavy dependency.
This requires a patch because lots of `#ifdef WITH_OPENSSL` are missing. Signed-off-by: Max Kellermann <[email protected]> --- .../openssh/openssh/fix_without-openssl.patch | 165 ++++++++++++++++++ .../openssh/openssh_7.8p1+git.bb | 6 +- 2 files changed, 170 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/openssh/openssh/fix_without-openssl.patch diff --git a/meta/recipes-connectivity/openssh/openssh/fix_without-openssl.patch b/meta/recipes-connectivity/openssh/openssh/fix_without-openssl.patch new file mode 100644 index 0000000000..6840b79a73 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/fix_without-openssl.patch @@ -0,0 +1,165 @@ +commit 14f336a04748d50e058e24b0be991b3e99f1dbfc +Author: Max Kellermann <[email protected]> +Date: Thu Sep 20 20:04:14 2018 +0200 + + auth, ...: add missing `#ifdef WITH_OPENSSL` + + Even though OpenSSH doesn't use OpenSSL when built with + `--without-openssl`, it still needs to include its headers to compile + code which is unused in this configuration. + +diff --git a/auth.h b/auth.h +index 977562f0..f68731ef 100644 +--- a/auth.h ++++ b/auth.h +@@ -30,7 +30,9 @@ + + #include <signal.h> + ++#ifdef WITH_OPENSSL + #include <openssl/rsa.h> ++#endif + + #ifdef HAVE_LOGIN_CAP + #include <login_cap.h> +diff --git a/cipher.c b/cipher.c +index 12c59888..43c2e4df 100644 +--- a/cipher.c ++++ b/cipher.c +@@ -55,7 +55,9 @@ + struct sshcipher_ctx { + int plaintext; + int encrypt; ++#ifdef WITH_OPENSSL + EVP_CIPHER_CTX *evp; ++#endif + struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ + struct aesctr_ctx ac_ctx; /* XXX union with evp? */ + const struct sshcipher *cipher; +diff --git a/cipher.h b/cipher.h +index dc1571d2..954c356a 100644 +--- a/cipher.h ++++ b/cipher.h +@@ -38,7 +38,9 @@ + #define CIPHER_H + + #include <sys/types.h> ++#ifdef WITH_OPENSSL + #include <openssl/evp.h> ++#endif + #include "cipher-chachapoly.h" + #include "cipher-aesctr.h" + +diff --git a/kexc25519.c b/kexc25519.c +index 0897b8c5..6a54cf9b 100644 +--- a/kexc25519.c ++++ b/kexc25519.c +@@ -32,8 +32,10 @@ + #include <signal.h> + #include <string.h> + ++#ifdef WITH_OPENSSL + #include <openssl/bn.h> + #include <openssl/evp.h> ++#endif + + #include "sshbuf.h" + #include "ssh2.h" +diff --git a/loginrec.c b/loginrec.c +index 9a427dec..49abe918 100644 +--- a/loginrec.c ++++ b/loginrec.c +@@ -166,6 +166,7 @@ + #include <string.h> + #include <time.h> + #include <unistd.h> ++#include <stdlib.h> + + #include "xmalloc.h" + #include "sshkey.h" +diff --git a/monitor_wrap.h b/monitor_wrap.h +index 644da081..56079d97 100644 +--- a/monitor_wrap.h ++++ b/monitor_wrap.h +@@ -40,7 +40,9 @@ struct sshauthopt; + + void mm_log_handler(LogLevel, const char *, void *); + int mm_is_monitor(void); ++#ifdef WITH_OPENSSL + DH *mm_choose_dh(int, int, int); ++#endif + int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, + const char *, u_int compat); + void mm_inform_authserv(char *, char *); +diff --git a/myproposal.h b/myproposal.h +index 27b4a15a..ad62ef80 100644 +--- a/myproposal.h ++++ b/myproposal.h +@@ -24,7 +24,9 @@ + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + ++#ifdef WITH_OPENSSL + #include <openssl/opensslv.h> ++#endif + + /* conditional algorithm support */ + +diff --git a/ssh-add.c b/ssh-add.c +index adcc4599..526eb39c 100644 +--- a/ssh-add.c ++++ b/ssh-add.c +@@ -40,7 +40,9 @@ + #include <sys/types.h> + #include <sys/stat.h> + ++#ifdef WITH_OPENSSL + #include <openssl/evp.h> ++#endif + #include "openbsd-compat/openssl-compat.h" + + #include <errno.h> +diff --git a/ssh-keyscan.c b/ssh-keyscan.c +index 38b1c548..47da5f67 100644 +--- a/ssh-keyscan.c ++++ b/ssh-keyscan.c +@@ -19,7 +19,9 @@ + #include <netinet/in.h> + #include <arpa/inet.h> + ++#ifdef WITH_OPENSSL + #include <openssl/bn.h> ++#endif + + #include <netdb.h> + #include <errno.h> +diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c +index d0d791b5..96c8e629 100644 +--- a/sshbuf-getput-crypto.c ++++ b/sshbuf-getput-crypto.c +@@ -18,6 +18,8 @@ + #define SSHBUF_INTERNAL + #include "includes.h" + ++#ifdef WITH_OPENSSL ++ + #include <sys/types.h> + #include <stdlib.h> + #include <stdio.h> +@@ -222,3 +224,4 @@ sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v) + } + #endif /* OPENSSL_HAS_ECC */ + ++#endif /* WITH_OPENSSL */ +diff --git a/sshkey.c b/sshkey.c +index 63c01ea6..c82f0fbe 100644 +--- a/sshkey.c ++++ b/sshkey.c +@@ -27,6 +27,7 @@ + + #include "includes.h" + ++#include <time.h> + #include <sys/types.h> + #include <netinet/in.h> + diff --git a/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb b/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb index f54dfb5de4..802e9c023b 100644 --- a/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb +++ b/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb @@ -8,7 +8,7 @@ SECTION = "console/network" LICENSE = "BSD" LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8" -DEPENDS = "zlib openssl" +DEPENDS = "zlib" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" SRC_URI = "git://github.com/openssh/openssh-portable;branch=master \ @@ -24,6 +24,7 @@ SRC_URI = "git://github.com/openssh/openssh-portable;branch=master \ file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ + file://fix_without-openssl.patch \ " PAM_SRC_URI = "file://sshd" @@ -71,6 +72,9 @@ CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" # We don't want to depend on libblockfile CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" +PACKAGECONFIG ??= "openssl" +PACKAGECONFIG[openssl] = ",--without-openssl,openssl" + do_configure_prepend () { export LD="${CC}" install -m 0644 ${WORKDIR}/sshd_config ${B}/ -- 2.18.0 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
