[openssh-commits] [openssh] 01/01: filter PUBKEY_DEFAULT_PK_ALG for ECC algorithms

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Nov 18 22:23:22 AEDT 2019 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 6a7ef310da100f876a257b7367e3b0766dac3994
Author: Damien Miller <djm at mindrot.org>
Date:   Mon Nov 18 22:22:04 2019 +1100

    filter PUBKEY_DEFAULT_PK_ALG for ECC algorithms
    
    Remove ECC algorithms from the PUBKEY_DEFAULT_PK_ALG list when
    compiling without ECC support in libcrypto.
---
 myproposal.h | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/myproposal.h b/myproposal.h
index 90bb67bb..1d4aa297 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -31,35 +31,41 @@
 /* conditional algorithm support */
 
 #ifdef OPENSSL_HAS_ECC
-#ifdef OPENSSL_HAS_NISTP521
-# define KEX_ECDH_METHODS \
+# ifdef OPENSSL_HAS_NISTP521
+#  define KEX_ECDH_METHODS \
 	"ecdh-sha2-nistp256," \
 	"ecdh-sha2-nistp384," \
 	"ecdh-sha2-nistp521,"
-# define HOSTKEY_ECDSA_CERT_METHODS \
+#  define HOSTKEY_ECDSA_CERT_METHODS \
 	"ecdsa-sha2-nistp256-cert-v01 at openssh.com," \
 	"ecdsa-sha2-nistp384-cert-v01 at openssh.com," \
 	"ecdsa-sha2-nistp521-cert-v01 at openssh.com,"
-# define HOSTKEY_ECDSA_METHODS \
+#  define HOSTKEY_ECDSA_METHODS \
 	"ecdsa-sha2-nistp256," \
 	"ecdsa-sha2-nistp384," \
 	"ecdsa-sha2-nistp521,"
-#else
-# define KEX_ECDH_METHODS \
+# else /* OPENSSL_HAS_NISTP521 */
+#  define KEX_ECDH_METHODS \
 	"ecdh-sha2-nistp256," \
 	"ecdh-sha2-nistp384,"
-# define HOSTKEY_ECDSA_CERT_METHODS \
+#  define HOSTKEY_ECDSA_CERT_METHODS \
 	"ecdsa-sha2-nistp256-cert-v01 at openssh.com," \
 	"ecdsa-sha2-nistp384-cert-v01 at openssh.com,"
-# define HOSTKEY_ECDSA_METHODS \
+#  define HOSTKEY_ECDSA_METHODS \
 	"ecdsa-sha2-nistp256," \
 	"ecdsa-sha2-nistp384,"
-#endif
-#else
+# endif /* OPENSSL_HAS_NISTP521 */
+# define USERKEY_ECDSA_SK_CERT_METHODS \
+	"sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,"
+# define USERKEY_ECDSA_SK_METHODS \
+	"sk-ecdsa-sha2-nistp256 at openssh.com,"
+#else /* OPENSSL_HAS_ECC */
 # define KEX_ECDH_METHODS
 # define HOSTKEY_ECDSA_CERT_METHODS
 # define HOSTKEY_ECDSA_METHODS
-#endif
+# define USERKEY_ECDSA_SK_CERT_METHODS
+# define USERKEY_ECDSA_SK_METHODS
+#endif /* OPENSSL_HAS_ECC */
 
 #ifdef OPENSSL_HAVE_EVPGCM
 # define AESGCM_CIPHER_MODES \
@@ -145,7 +151,7 @@
 	"ssh-rsa"
 
 #define	PUBKEY_DEFAULT_PK_ALG	\
-	"sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com," \
+	USERKEY_ECDSA_SK_CERT_METHODS \
 	"ecdsa-sha2-nistp256-cert-v01 at openssh.com," \
 	"ecdsa-sha2-nistp384-cert-v01 at openssh.com," \
 	"ecdsa-sha2-nistp521-cert-v01 at openssh.com," \
@@ -154,7 +160,7 @@
 	"rsa-sha2-512-cert-v01 at openssh.com," \
 	"rsa-sha2-256-cert-v01 at openssh.com," \
 	"ssh-rsa-cert-v01 at openssh.com," \
-	"sk-ecdsa-sha2-nistp256 at openssh.com," \
+	USERKEY_ECDSA_SK_METHODS \
 	"ecdsa-sha2-nistp256," \
 	"ecdsa-sha2-nistp384," \
 	"ecdsa-sha2-nistp521," \

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list