From: Damien Miller Date: Mon, 18 Nov 2019 11:22:04 +0000 (+1100) Subject: filter PUBKEY_DEFAULT_PK_ALG for ECC algorithms X-Git-Tag: V_8_2_P1~268 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6a7ef310da100f876a257b7367e3b0766dac3994;p=thirdparty%2Fopenssh-portable.git filter PUBKEY_DEFAULT_PK_ALG for ECC algorithms Remove ECC algorithms from the PUBKEY_DEFAULT_PK_ALG list when compiling without ECC support in libcrypto. --- diff --git a/myproposal.h b/myproposal.h index 90bb67bb3..1d4aa297a 100644 --- a/myproposal.h +++ b/myproposal.h @@ -31,35 +31,41 @@ /* conditional algorithm support */ #ifdef OPENSSL_HAS_ECC -#ifdef OPENSSL_HAS_NISTP521 -# define KEX_ECDH_METHODS \ +# ifdef OPENSSL_HAS_NISTP521 +# define KEX_ECDH_METHODS \ "ecdh-sha2-nistp256," \ "ecdh-sha2-nistp384," \ "ecdh-sha2-nistp521," -# define HOSTKEY_ECDSA_CERT_METHODS \ +# define HOSTKEY_ECDSA_CERT_METHODS \ "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ "ecdsa-sha2-nistp521-cert-v01@openssh.com," -# define HOSTKEY_ECDSA_METHODS \ +# define HOSTKEY_ECDSA_METHODS \ "ecdsa-sha2-nistp256," \ "ecdsa-sha2-nistp384," \ "ecdsa-sha2-nistp521," -#else -# define KEX_ECDH_METHODS \ +# else /* OPENSSL_HAS_NISTP521 */ +# define KEX_ECDH_METHODS \ "ecdh-sha2-nistp256," \ "ecdh-sha2-nistp384," -# define HOSTKEY_ECDSA_CERT_METHODS \ +# define HOSTKEY_ECDSA_CERT_METHODS \ "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ "ecdsa-sha2-nistp384-cert-v01@openssh.com," -# define HOSTKEY_ECDSA_METHODS \ +# define HOSTKEY_ECDSA_METHODS \ "ecdsa-sha2-nistp256," \ "ecdsa-sha2-nistp384," -#endif -#else +# endif /* OPENSSL_HAS_NISTP521 */ +# define USERKEY_ECDSA_SK_CERT_METHODS \ + "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," +# define USERKEY_ECDSA_SK_METHODS \ + "sk-ecdsa-sha2-nistp256@openssh.com," +#else /* OPENSSL_HAS_ECC */ # define KEX_ECDH_METHODS # define HOSTKEY_ECDSA_CERT_METHODS # define HOSTKEY_ECDSA_METHODS -#endif +# define USERKEY_ECDSA_SK_CERT_METHODS +# define USERKEY_ECDSA_SK_METHODS +#endif /* OPENSSL_HAS_ECC */ #ifdef OPENSSL_HAVE_EVPGCM # define AESGCM_CIPHER_MODES \ @@ -145,7 +151,7 @@ "ssh-rsa" #define PUBKEY_DEFAULT_PK_ALG \ - "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \ + USERKEY_ECDSA_SK_CERT_METHODS \ "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ "ecdsa-sha2-nistp521-cert-v01@openssh.com," \ @@ -154,7 +160,7 @@ "rsa-sha2-512-cert-v01@openssh.com," \ "rsa-sha2-256-cert-v01@openssh.com," \ "ssh-rsa-cert-v01@openssh.com," \ - "sk-ecdsa-sha2-nistp256@openssh.com," \ + USERKEY_ECDSA_SK_METHODS \ "ecdsa-sha2-nistp256," \ "ecdsa-sha2-nistp384," \ "ecdsa-sha2-nistp521," \