- (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating

ecdsa keys. ok djm.

ChangeLog

@@ -1,6 +1,8 @@
 20110213
  - (djm) [misc.c] include time.h for nanosleep() prototype
  - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
+ - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
+   ecdsa keys. ok djm.
 
 20110212
  - OpenBSD CVS Sync

Makefile.in

@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.316 2011/01/13 03:06:38 tim Exp $
+# $Id: Makefile.in,v 1.317 2011/01/13 06:35:46 tim Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -326,20 +326,27 @@ install-sysconf:
 
 host-key: ssh-keygen$(EXEEXT)
 	@if [ -z "$(DESTDIR)" ] ; then \
-		if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \
-			echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \
+		if [ -f "$(sysconfdir)/ssh_host_key" ] ; then \
+			echo "$(sysconfdir)/ssh_host_key already exists, skipping." ; \
 		else \
-			./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ; \
+			./ssh-keygen -t rsa1 -f $(sysconfdir)/ssh_host_key -N "" ; \
 		fi ; \
-		if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key ] ; then \
-			echo "$(DESTDIR)$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \
+		if [ -f $(sysconfdir)/ssh_host_dsa_key ] ; then \
+			echo "$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \
 		else \
-			./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ; \
+			./ssh-keygen -t dsa -f $(sysconfdir)/ssh_host_dsa_key -N "" ; \
 		fi ; \
-		if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key ] ; then \
-			echo "$(DESTDIR)$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \
+		if [ -f $(sysconfdir)/ssh_host_rsa_key ] ; then \
+			echo "$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \
 		else \
-			./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" ; \
+			./ssh-keygen -t rsa -f $(sysconfdir)/ssh_host_rsa_key -N "" ; \
+		fi ; \
+		if [ -z "@COMMENT_OUT_ECC@" ] ; then \
+		    if [ -f $(sysconfdir)/ssh_host_ecdsa_key ] ; then \
+			echo "$(sysconfdir)/ssh_host_ecdsa_key already exists, skipping." ; \
+		    else \
+			./ssh-keygen -t ecdsa -f $(sysconfdir)/ssh_host_ecdsa_key -N "" ; \
+		    fi ; \
 		fi ; \
 	fi ;
 
@@ -347,6 +354,7 @@ host-key-force: ssh-keygen$(EXEEXT)
 	./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""
 	./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
 	./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
+@COMMENT_OUT_ECC@	./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N ""
 
 uninstallall:	uninstall
 	-rm -f $(DESTDIR)$(sysconfdir)/ssh_config

configure.ac

@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.463 2011/01/12 05:00:39 djm Exp $
+# $Id: configure.ac,v 1.464 2011/01/13 06:35:46 tim Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.463 $)
+AC_REVISION($Revision: 1.464 $)
 AC_CONFIG_SRCDIR([ssh.c])
 
 # local macros
@@ -2258,13 +2258,16 @@ int main(void) {
 		AC_DEFINE(OPENSSL_HAS_ECC, 1,
 		    [libcrypto includes complete ECC support])
 		TEST_SSH_ECC=yes
+		COMMENT_OUT_ECC=""
 	],
 	[
 		AC_MSG_RESULT(no)
 		TEST_SSH_ECC=no
+		COMMENT_OUT_ECC="#no ecc#"
 	]
 )
 AC_SUBST(TEST_SSH_ECC)
+AC_SUBST(COMMENT_OUT_ECC)
 
 saved_LIBS="$LIBS"
 AC_CHECK_LIB(iaf, ia_openinfo, [

opensshd.init.in

@@ -20,6 +20,7 @@ SSH_KEYGEN=$prefix/bin/ssh-keygen
 HOST_KEY_RSA1=$sysconfdir/ssh_host_key
 HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key
 HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key
+@COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key
 
 
 checkkeys() {
@@ -32,6 +33,9 @@ checkkeys() {
     if [ ! -f $HOST_KEY_RSA ]; then
 	${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
     fi
+@COMMENT_OUT_ECC@    if [ ! -f $HOST_KEY_ECDSA ]; then
+@COMMENT_OUT_ECC@	${SSH_KEYGEN} -t ecdsa -f ${HOST_KEY_ECDSA} -N ""
+@COMMENT_OUT_ECC@    fi
 }
 
 stop_service() {