diff options
author | Darren Tucker <dtucker@dtucker.net> | 2022-07-25 21:43:00 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2022-07-25 21:43:00 +1000 |
commit | b7c56b65c12f51fe0dbae798d19c8f58224a5d95 (patch) | |
tree | e90039b969c8b52c5bcfe02a0786dcd64b2325fa /configure.ac | |
parent | 5a4a9f7a968fbf92cc1eac519c65638e79ae9f1f (diff) | |
download | openssh-git-b7c56b65c12f51fe0dbae798d19c8f58224a5d95.tar.gz |
Remove workarounds for OpenSSL missing AES-GCM.
We have some compatibility hacks that were added to support OpenSSL
versions that do not support AES GCM mode. Since that time, however,
the minimum OpenSSL version that we support has moved to 1.0.1 which
*does* have GCM, so this is no longer needed. ok djm@
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/configure.ac b/configure.ac index 3e9fd700..f618300f 100644 --- a/configure.ac +++ b/configure.ac @@ -2892,7 +2892,6 @@ if test "x$openssl" = "xyes" ; then BN_is_prime_ex \ DES_crypt \ DSA_generate_parameters_ex \ - EVP_CIPHER_CTX_ctrl \ EVP_DigestFinal_ex \ EVP_DigestInit_ex \ EVP_MD_CTX_cleanup \ @@ -3009,35 +3008,6 @@ if test "x$openssl" = "xyes" ; then ] ) - # Check for OpenSSL with EVP_aes_*gcm - AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) - AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[ - #include <stdlib.h> - #include <string.h> - #include <openssl/evp.h> - ]], [[ - exit(EVP_aes_128_gcm() == NULL || - EVP_aes_256_gcm() == NULL || - EVP_CTRL_GCM_SET_IV_FIXED == 0 || - EVP_CTRL_GCM_IV_GEN == 0 || - EVP_CTRL_GCM_SET_TAG == 0 || - EVP_CTRL_GCM_GET_TAG == 0 || - EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); - ]])], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], - [libcrypto has EVP AES GCM]) - ], - [ - AC_MSG_RESULT([no]) - unsupported_algorithms="$unsupported_cipers \ - aes128-gcm@openssh.com \ - aes256-gcm@openssh.com" - ] - ) - AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) AC_LINK_IFELSE( [AC_LANG_PROGRAM([[ |