From 6a7ef310da100f876a257b7367e3b0766dac3994 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 18 Nov 2019 22:22:04 +1100 Subject: filter PUBKEY_DEFAULT_PK_ALG for ECC algorithms Remove ECC algorithms from the PUBKEY_DEFAULT_PK_ALG list when compiling without ECC support in libcrypto. --- myproposal.h | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) (limited to 'myproposal.h') diff --git a/myproposal.h b/myproposal.h index 90bb67bb..1d4aa297 100644 --- a/myproposal.h +++ b/myproposal.h @@ -31,35 +31,41 @@ /* conditional algorithm support */ #ifdef OPENSSL_HAS_ECC -#ifdef OPENSSL_HAS_NISTP521 -# define KEX_ECDH_METHODS \ +# ifdef OPENSSL_HAS_NISTP521 +# define KEX_ECDH_METHODS \ "ecdh-sha2-nistp256," \ "ecdh-sha2-nistp384," \ "ecdh-sha2-nistp521," -# define HOSTKEY_ECDSA_CERT_METHODS \ +# define HOSTKEY_ECDSA_CERT_METHODS \ "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ "ecdsa-sha2-nistp521-cert-v01@openssh.com," -# define HOSTKEY_ECDSA_METHODS \ +# define HOSTKEY_ECDSA_METHODS \ "ecdsa-sha2-nistp256," \ "ecdsa-sha2-nistp384," \ "ecdsa-sha2-nistp521," -#else -# define KEX_ECDH_METHODS \ +# else /* OPENSSL_HAS_NISTP521 */ +# define KEX_ECDH_METHODS \ "ecdh-sha2-nistp256," \ "ecdh-sha2-nistp384," -# define HOSTKEY_ECDSA_CERT_METHODS \ +# define HOSTKEY_ECDSA_CERT_METHODS \ "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ "ecdsa-sha2-nistp384-cert-v01@openssh.com," -# define HOSTKEY_ECDSA_METHODS \ +# define HOSTKEY_ECDSA_METHODS \ "ecdsa-sha2-nistp256," \ "ecdsa-sha2-nistp384," -#endif -#else +# endif /* OPENSSL_HAS_NISTP521 */ +# define USERKEY_ECDSA_SK_CERT_METHODS \ + "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," +# define USERKEY_ECDSA_SK_METHODS \ + "sk-ecdsa-sha2-nistp256@openssh.com," +#else /* OPENSSL_HAS_ECC */ # define KEX_ECDH_METHODS # define HOSTKEY_ECDSA_CERT_METHODS # define HOSTKEY_ECDSA_METHODS -#endif +# define USERKEY_ECDSA_SK_CERT_METHODS +# define USERKEY_ECDSA_SK_METHODS +#endif /* OPENSSL_HAS_ECC */ #ifdef OPENSSL_HAVE_EVPGCM # define AESGCM_CIPHER_MODES \ @@ -145,7 +151,7 @@ "ssh-rsa" #define PUBKEY_DEFAULT_PK_ALG \ - "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \ + USERKEY_ECDSA_SK_CERT_METHODS \ "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ "ecdsa-sha2-nistp521-cert-v01@openssh.com," \ @@ -154,7 +160,7 @@ "rsa-sha2-512-cert-v01@openssh.com," \ "rsa-sha2-256-cert-v01@openssh.com," \ "ssh-rsa-cert-v01@openssh.com," \ - "sk-ecdsa-sha2-nistp256@openssh.com," \ + USERKEY_ECDSA_SK_METHODS \ "ecdsa-sha2-nistp256," \ "ecdsa-sha2-nistp384," \ "ecdsa-sha2-nistp521," \ -- cgit v1.2.1