crypto: Disable blowfish support by default

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>

src/kex.c

@@ -39,16 +39,24 @@
 #include "libssh/knownhosts.h"
 #include "libssh/misc.h"
 
+#ifdef WITH_BLOWFISH_CIPHER
+# if defined(HAVE_OPENSSL_BLOWFISH_H) || defined(HAVE_LIBGCRYPT) || defined(HAVE_LIBMBEDCRYPTO)
+#  define BLOWFISH "blowfish-cbc,"
+# else
+#  define BLOWFISH ""
+# endif
+#else
+# define BLOWFISH ""
+#endif
+
 #ifdef HAVE_LIBGCRYPT
-# define BLOWFISH "blowfish-cbc,"
 # define AES "aes256-gcm@openssh.com,aes128-gcm@openssh.com," \
              "aes256-ctr,aes192-ctr,aes128-ctr," \
              "aes256-cbc,aes192-cbc,aes128-cbc,"
 # define DES "3des-cbc"
 # define DES_SUPPORTED "3des-cbc"
 
-#elif defined HAVE_LIBMBEDCRYPTO
-# define BLOWFISH "blowfish-cbc,"
+#elif defined(HAVE_LIBMBEDCRYPTO)
 # ifdef MBEDTLS_GCM_C
 #  define GCM "aes256-gcm@openssh.com,aes128-gcm@openssh.com,"
 # else
@@ -60,13 +68,6 @@
 # define DES_SUPPORTED "3des-cbc"
 
 #elif defined(HAVE_LIBCRYPTO)
-
-# ifdef HAVE_OPENSSL_BLOWFISH_H
-#  define BLOWFISH "blowfish-cbc,"
-# else /* HAVE_OPENSSL_BLOWFISH_H */
-#  define BLOWFISH ""
-# endif /* HAVE_OPENSSL_BLOWFISH_H */
-
 # ifdef HAVE_OPENSSL_AES_H
 #  ifdef HAVE_OPENSSL_EVP_AES_GCM
 #   define GCM "aes256-gcm@openssh.com,aes128-gcm@openssh.com,"