| Summary: | build fixups for --without-openssl | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Reuben Hawkins <reubenhwk> |
| Component: | Build system | Assignee: | Damien Miller <djm> |
| Status: | CLOSED FIXED | ||
| Severity: | enhancement | CC: | djm, dtucker, reubenhwk |
| Priority: | P5 | ||
| Version: | -current | ||
| Hardware: | All | ||
| OS: | All | ||
| Bug Depends on: | |||
| Bug Blocks: | 2360 | ||
| Attachments: | |||
Created attachment 2603 [details] someone left off a '\' character in KEX_SERVER_ENCRYPT It appears that someone left off a '\' character. KEX_SERVER_ENCRYPT should be defined as... #define KEX_SERVER_ENCRYPT "chacha20-poly1305@openssh.com,""aes128-ctr,aes192-ctr,aes256-ctr" ...but for formatting the string is split up on separate lines which need to be connected with the '\' characters. Created attachment 2604 [details]
unresolved gen_candidates and prime_test symbols
ssh-keygen was failing to link on unresolved gen_candidates and prime_test symbols. These functions are only available when ssh links to ssl.
Created attachment 2605 [details]
isolate and wrap WITH_OPENSSH options
There are a number of ssh-keygen options which only apply in a with-openssl build. These options were already partially guarded in WITH_OPENSSL macros. This change isolates and wraps the rest of those options producing a clean, warning free build with openssl disabled.
Created attachment 2606 [details]
make ed25519 default ssh-keygen type when no SSL
The default key type was hardcoded to rsa, which isn't available in without-openssl builds. This change makes the default ed25519 when openssl is disabled.
Comment on attachment 2603 [details] someone left off a '\' character in KEX_SERVER_ENCRYPT >Subject: [PATCH 1/4] myproposal.h: fix newline in KEX_SERVER_ENCRYPT This one has already been fixed in the OpenBSD tree but hasn't been pulled into Portable yet. http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/myproposal.h.diff?r1=1.42&r2=1.43 Put the rest on the list for 6.9 Created attachment 2633 [details]
make ed25519 default ssh-keygen type when no SSL
tweaked diff
Created attachment 2634 [details]
chop out moduli code and options when compiled !openssl
rework the other two patches
Comment on attachment 2634 [details] chop out moduli code and options when compiled !openssl >+ case 'T': >+ do_screen_candidates = 1; >+ if (strlcpy(out_file, optarg, sizeof(out_file)) >= >+ sizeof(out_file)) >+ fatal("Output filename too long"); >+ break; > case 'S': > /* XXX - also compare length against bits */ > if (BN_hex2bn(&start, optarg) == 0) > fatal("Invalid start point."); > break; if this is supposed to be in alphabetical order then 'T' goes after 'S'. otherwise, ok. both revised diffs applied and will be in OpenSSH 6.9 - thanks! Close all resolved bugs after 7.3p1 release |
Created attachment 2599 [details] git format-patch origin/master Summary: * Fix KEX_SERVER_ENCRYPT macro in myproposal.h * Fix unresolved symbols in ssh-keygen.c * Isolate openssl code and extend WITH_OPENSSL wrappers around it * Make ed25519 default key type in ssh-keygen when configured --without-openssl The attached patches apply to master (commit id 70860b6)