From f2004cd1adf34492eae0a44b1ef84e0e31b06088 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 23 Feb 2015 05:04:21 +1100 Subject: [PATCH] Repair for non-ECC OpenSSL. Ifdef out the ECC parts when building with an OpenSSL that doesn't have it. --- monitor.c | 2 ++ opacket.c | 4 ++++ ssh-keyscan.c | 2 ++ ssh_api.c | 4 ++++ sshconnect2.c | 2 ++ sshd.c | 2 ++ 6 files changed, 16 insertions(+) diff --git a/monitor.c b/monitor.c index 8f5ab7204..4f9c9fed6 100644 --- a/monitor.c +++ b/monitor.c @@ -1853,7 +1853,9 @@ monitor_apply_keystate(struct monitor *pmonitor) kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; +# ifdef OPENSSL_HAS_ECC kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +# endif #endif /* WITH_OPENSSL */ kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->load_host_public_key=&get_hostkey_public_by_type; diff --git a/opacket.c b/opacket.c index 7618eae48..dd443c331 100644 --- a/opacket.c +++ b/opacket.c @@ -93,6 +93,7 @@ ssh_packet_put_bignum2(struct ssh *ssh, BIGNUM * value) fatal("%s: %s", __func__, ssh_err(r)); } +# ifdef OPENSSL_HAS_ECC void ssh_packet_put_ecpoint(struct ssh *ssh, const EC_GROUP *curve, const EC_POINT *point) @@ -102,6 +103,7 @@ ssh_packet_put_ecpoint(struct ssh *ssh, const EC_GROUP *curve, if ((r = sshpkt_put_ec(ssh, point, curve)) != 0) fatal("%s: %s", __func__, ssh_err(r)); } +# endif #endif /* WITH_OPENSSL */ void @@ -165,6 +167,7 @@ ssh_packet_get_bignum2(struct ssh *ssh, BIGNUM * value) fatal("%s: %s", __func__, ssh_err(r)); } +# ifdef OPENSSL_HAS_ECC void ssh_packet_get_ecpoint(struct ssh *ssh, const EC_GROUP *curve, EC_POINT *point) { @@ -173,6 +176,7 @@ ssh_packet_get_ecpoint(struct ssh *ssh, const EC_GROUP *curve, EC_POINT *point) if ((r = sshpkt_get_ec(ssh, point, curve)) != 0) fatal("%s: %s", __func__, ssh_err(r)); } +# endif #endif /* WITH_OPENSSL */ void * diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 2b1303026..c5fb3b524 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -282,7 +282,9 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; +# ifdef OPENSSL_HAS_ECC c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +# endif #endif c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper); diff --git a/ssh_api.c b/ssh_api.c index ca4789b54..6c712584f 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -105,7 +105,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; +# ifdef OPENSSL_HAS_ECC ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +# endif #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server; ssh->kex->load_host_public_key=&_ssh_host_public_key; @@ -117,7 +119,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; +# ifdef OPENSSL_HAS_ECC ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +# endif #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; ssh->kex->verify_host_key =&_ssh_verify_host_key; diff --git a/sshconnect2.c b/sshconnect2.c index 804194aab..ba56f6433 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -213,7 +213,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; +# ifdef OPENSSL_HAS_ECC kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +# endif #endif kex->kex[KEX_C25519_SHA256] = kexc25519_client; kex->client_version_string=client_version_string; diff --git a/sshd.c b/sshd.c index 312dcd89e..e1c767c14 100644 --- a/sshd.c +++ b/sshd.c @@ -2570,7 +2570,9 @@ do_ssh2_kex(void) kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; +# ifdef OPENSSL_HAS_ECC kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +# endif #endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1;