tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

filter PUBKEY_DEFAULT_PK_ALG for ECC algorithms 

Remove ECC algorithms from the PUBKEY_DEFAULT_PK_ALG list when
compiling without ECC support in libcrypto.
This commit is contained in:
Damien Miller 2019-11-18 22:22:04 +11:00
parent 64f56f1d1a
commit 6a7ef310da
1 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
myproposal.h
View File

@ -31,35 +31,41 @@
/* conditional algorithm support */ /* conditional algorithm support */
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
#ifdef OPENSSL_HAS_NISTP521 # ifdef OPENSSL_HAS_NISTP521
# define KEX_ECDH_METHODS \ # define KEX_ECDH_METHODS \
"ecdh-sha2-nistp256," \ "ecdh-sha2-nistp256," \
"ecdh-sha2-nistp384," \ "ecdh-sha2-nistp384," \
"ecdh-sha2-nistp521," "ecdh-sha2-nistp521,"
# define HOSTKEY_ECDSA_CERT_METHODS \ # define HOSTKEY_ECDSA_CERT_METHODS \
"ecdsa-sha2-nistp256-cert-v01@openssh.com," \ "ecdsa-sha2-nistp256-cert-v01@openssh.com," \
"ecdsa-sha2-nistp384-cert-v01@openssh.com," \ "ecdsa-sha2-nistp384-cert-v01@openssh.com," \
"ecdsa-sha2-nistp521-cert-v01@openssh.com," "ecdsa-sha2-nistp521-cert-v01@openssh.com,"
# define HOSTKEY_ECDSA_METHODS \ # define HOSTKEY_ECDSA_METHODS \
"ecdsa-sha2-nistp256," \ "ecdsa-sha2-nistp256," \
"ecdsa-sha2-nistp384," \ "ecdsa-sha2-nistp384," \
"ecdsa-sha2-nistp521," "ecdsa-sha2-nistp521,"
#else # else /* OPENSSL_HAS_NISTP521 */
# define KEX_ECDH_METHODS \ # define KEX_ECDH_METHODS \
"ecdh-sha2-nistp256," \ "ecdh-sha2-nistp256," \
"ecdh-sha2-nistp384," "ecdh-sha2-nistp384,"
# define HOSTKEY_ECDSA_CERT_METHODS \ # define HOSTKEY_ECDSA_CERT_METHODS \
"ecdsa-sha2-nistp256-cert-v01@openssh.com," \ "ecdsa-sha2-nistp256-cert-v01@openssh.com," \
"ecdsa-sha2-nistp384-cert-v01@openssh.com," "ecdsa-sha2-nistp384-cert-v01@openssh.com,"
# define HOSTKEY_ECDSA_METHODS \ # define HOSTKEY_ECDSA_METHODS \
"ecdsa-sha2-nistp256," \ "ecdsa-sha2-nistp256," \
"ecdsa-sha2-nistp384," "ecdsa-sha2-nistp384,"
#endif # endif /* OPENSSL_HAS_NISTP521 */
#else # define USERKEY_ECDSA_SK_CERT_METHODS \
"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,"
# define USERKEY_ECDSA_SK_METHODS \
"sk-ecdsa-sha2-nistp256@openssh.com,"
#else /* OPENSSL_HAS_ECC */
# define KEX_ECDH_METHODS # define KEX_ECDH_METHODS
# define HOSTKEY_ECDSA_CERT_METHODS # define HOSTKEY_ECDSA_CERT_METHODS
# define HOSTKEY_ECDSA_METHODS # define HOSTKEY_ECDSA_METHODS
#endif # define USERKEY_ECDSA_SK_CERT_METHODS
# define USERKEY_ECDSA_SK_METHODS
#endif /* OPENSSL_HAS_ECC */
#ifdef OPENSSL_HAVE_EVPGCM #ifdef OPENSSL_HAVE_EVPGCM
# define AESGCM_CIPHER_MODES \ # define AESGCM_CIPHER_MODES \
@ -145,7 +151,7 @@
"ssh-rsa" "ssh-rsa"
#define PUBKEY_DEFAULT_PK_ALG \ #define PUBKEY_DEFAULT_PK_ALG \
"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \ USERKEY_ECDSA_SK_CERT_METHODS \
"ecdsa-sha2-nistp256-cert-v01@openssh.com," \ "ecdsa-sha2-nistp256-cert-v01@openssh.com," \
"ecdsa-sha2-nistp384-cert-v01@openssh.com," \ "ecdsa-sha2-nistp384-cert-v01@openssh.com," \
"ecdsa-sha2-nistp521-cert-v01@openssh.com," \ "ecdsa-sha2-nistp521-cert-v01@openssh.com," \
@ -154,7 +160,7 @@
"rsa-sha2-512-cert-v01@openssh.com," \ "rsa-sha2-512-cert-v01@openssh.com," \
"rsa-sha2-256-cert-v01@openssh.com," \ "rsa-sha2-256-cert-v01@openssh.com," \
"ssh-rsa-cert-v01@openssh.com," \ "ssh-rsa-cert-v01@openssh.com," \
"sk-ecdsa-sha2-nistp256@openssh.com," \ USERKEY_ECDSA_SK_METHODS \
"ecdsa-sha2-nistp256," \ "ecdsa-sha2-nistp256," \
"ecdsa-sha2-nistp384," \ "ecdsa-sha2-nistp384," \
"ecdsa-sha2-nistp521," \ "ecdsa-sha2-nistp521," \