Bugzilla – Attachment 2579 Details for
Bug 2376
Add compile time option to disable Curve25519
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Implements -DWITHOUT_ED25519
noec_patch.txt (text/plain), 35.20 KB, created by
Tomas Kuthan
on 2015-04-09 19:44:35 AEST
(
hide
)
Description:
Implements -DWITHOUT_ED25519
Filename:
MIME Type:
Creator:
Tomas Kuthan
Created:
2015-04-09 19:44:35 AEST
Size:
35.20 KB
patch
obsolete
>Binary files old/.sshkey.c.swp and new/.sshkey.c.swp differ >diff -pur old/Makefile.in new/Makefile.in >--- old/Makefile.in 2015-03-17 06:49:20.000000000 +0100 >+++ new/Makefile.in 2015-04-09 09:06:54.343179013 +0200 >@@ -152,7 +152,7 @@ $(SSHDOBJS): Makefile.in config.h > $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ > > LIBCOMPAT=openbsd-compat/libopenbsd-compat.a >-$(LIBCOMPAT): always >+$(LIBCOMPAT): always libssh.a > (cd openbsd-compat && $(MAKE)) > always: > >diff -pur old/authfd.c new/authfd.c >--- old/authfd.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/authfd.c 2015-04-07 15:59:05.202312828 +0200 >@@ -569,8 +569,10 @@ ssh_add_identity_constrained(int sock, s > case KEY_ECDSA: > case KEY_ECDSA_CERT: > #endif >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > case KEY_ED25519_CERT: >+#endif /* WITHOUT_ED25519 */ > type = constrained ? > SSH2_AGENTC_ADD_ID_CONSTRAINED : > SSH2_AGENTC_ADD_IDENTITY; >diff -pur old/authfile.c new/authfile.c >--- old/authfile.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/authfile.c 2015-04-07 15:59:42.607053633 +0200 >@@ -446,8 +446,10 @@ sshkey_load_private_cert(int type, const > case KEY_RSA: > case KEY_DSA: > case KEY_ECDSA: >- case KEY_ED25519: > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 >+ case KEY_ED25519: >+#endif /* WITHOUT_ED25519 */ > case KEY_UNSPEC: > break; > default: >diff -pur old/dns.c new/dns.c >--- old/dns.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/dns.c 2015-04-07 16:00:19.567332247 +0200 >@@ -100,11 +100,13 @@ dns_read_key(u_int8_t *algorithm, u_int8 > if (!*digest_type) > *digest_type = SSHFP_HASH_SHA256; > break; >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > *algorithm = SSHFP_KEY_ED25519; > if (!*digest_type) > *digest_type = SSHFP_HASH_SHA256; > break; >+#endif /* WITHOUT_ED25519 */ > default: > *algorithm = SSHFP_KEY_RESERVED; /* 0 */ > *digest_type = SSHFP_HASH_RESERVED; /* 0 */ >diff -pur old/dns.h new/dns.h >--- old/dns.h 2015-03-17 06:49:20.000000000 +0100 >+++ new/dns.h 2015-04-07 15:21:23.460018585 +0200 >@@ -33,7 +33,9 @@ enum sshfp_types { > SSHFP_KEY_RSA = 1, > SSHFP_KEY_DSA = 2, > SSHFP_KEY_ECDSA = 3, >+#ifndef WITHOUT_ED25519 > SSHFP_KEY_ED25519 = 4 >+#endif /* WITHOUT_ED25519 */ > }; > > enum sshfp_hashes { >diff -pur old/ed25519.c new/ed25519.c >--- old/ed25519.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/ed25519.c 2015-04-07 16:00:49.063630117 +0200 >@@ -7,6 +7,7 @@ > */ > > #include "includes.h" >+#ifndef WITHOUT_ED25519 > #include "crypto_api.h" > > #include "ge25519.h" >@@ -142,3 +143,4 @@ int crypto_sign_ed25519_open( > } > return ret; > } >+#endif /* WITHOUT_ED25519 */ >diff -pur old/fe25519.c new/fe25519.c >--- old/fe25519.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/fe25519.c 2015-04-07 16:01:04.125002810 +0200 >@@ -8,6 +8,7 @@ > > #include "includes.h" > >+#ifndef WITHOUT_ED25519 > #define WINDOWSIZE 1 /* Should be 1,2, or 4 */ > #define WINDOWMASK ((1<<WINDOWSIZE)-1) > >@@ -335,3 +336,4 @@ void fe25519_pow2523(fe25519 *r, const f > /* 2^252 - 2^2 */ fe25519_square(&t,&t); > /* 2^252 - 3 */ fe25519_mul(r,&t,x); > } >+#endif /* WITHOUT_ED25519 */ >diff -pur old/fe25519.h new/fe25519.h >--- old/fe25519.h 2015-03-17 06:49:20.000000000 +0100 >+++ new/fe25519.h 2015-04-07 15:22:12.410199222 +0200 >@@ -8,6 +8,7 @@ > > #ifndef FE25519_H > #define FE25519_H >+#ifndef WITHOUT_ED25519 > > #include "crypto_api.h" > >@@ -67,4 +68,5 @@ void fe25519_invert(fe25519 *r, const fe > > void fe25519_pow2523(fe25519 *r, const fe25519 *x); > >+#endif /* WITHOUT_ED25519 */ > #endif >diff -pur old/ge25519.c new/ge25519.c >--- old/ge25519.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/ge25519.c 2015-04-07 16:01:18.342304908 +0200 >@@ -7,6 +7,7 @@ > */ > > #include "includes.h" >+#ifndef WITHOUT_ED25519 > > #include "fe25519.h" > #include "sc25519.h" >@@ -319,3 +320,4 @@ void ge25519_scalarmult_base(ge25519_p3 > ge25519_mixadd2(r, &t); > } > } >+#endif /* WITHOUT_ED25519 */ >diff -pur old/ge25519.h new/ge25519.h >--- old/ge25519.h 2015-03-17 06:49:20.000000000 +0100 >+++ new/ge25519.h 2015-04-07 15:22:35.344587668 +0200 >@@ -8,6 +8,7 @@ > > #ifndef GE25519_H > #define GE25519_H >+#ifndef WITHOUT_ED25519 > > #include "fe25519.h" > #include "sc25519.h" >@@ -40,4 +41,5 @@ void ge25519_double_scalarmult_vartime(g > > void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); > >+#endif /* WITHOUT_ED25519 */ > #endif >diff -pur old/kex.c new/kex.c >--- old/kex.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/kex.c 2015-04-07 16:02:02.043763104 +0200 >@@ -92,9 +92,11 @@ static const struct kexalg kexalgs[] = { > # endif /* OPENSSL_HAS_NISTP521 */ > #endif /* OPENSSL_HAS_ECC */ > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL) > { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, > #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ >+#endif /* WITHOUT_ED25519 */ > { NULL, -1, -1, -1}, > }; > >diff -pur old/kex.h new/kex.h >--- old/kex.h 2015-03-17 06:49:20.000000000 +0100 >+++ new/kex.h 2015-04-08 14:41:51.816216413 +0200 >@@ -58,13 +58,17 @@ > #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" > #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" > #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" >+#ifndef WITHOUT_ED25519 > #define KEX_CURVE25519_SHA256 "curve25519-sha256@libssh.org" >+#endif /* WITHOUT_ED25519 */ > > #define COMP_NONE 0 > #define COMP_ZLIB 1 > #define COMP_DELAYED 2 > >+#ifndef WITHOUT_ED25519 > #define CURVE25519_SIZE 32 >+#endif /* WITHOUT_ED25519 */ > > enum kex_init_proposals { > PROPOSAL_KEX_ALGS, >@@ -92,7 +96,9 @@ enum kex_exchange { > KEX_DH_GEX_SHA1, > KEX_DH_GEX_SHA256, > KEX_ECDH_SHA2, >+#ifndef WITHOUT_ED25519 > KEX_C25519_SHA256, >+#endif /* WITHOUT_ED25519 */ > KEX_MAX > }; > >@@ -153,8 +159,10 @@ struct kex { > u_int min, max, nbits; /* GEX */ > EC_KEY *ec_client_key; /* ECDH */ > const EC_GROUP *ec_group; /* ECDH */ >+#ifndef WITHOUT_ED25519 > u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */ > u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ >+#endif /* WITHOUT_ED25519 */ > }; > > int kex_names_valid(const char *); >@@ -181,8 +189,10 @@ int kexgex_client(struct ssh *); > int kexgex_server(struct ssh *); > int kexecdh_client(struct ssh *); > int kexecdh_server(struct ssh *); >+#ifndef WITHOUT_ED25519 > int kexc25519_client(struct ssh *); > int kexc25519_server(struct ssh *); >+#endif /* WITHOUT_ED25519 */ > > int kex_dh_hash(const char *, const char *, > const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, >@@ -199,6 +209,7 @@ int kex_ecdh_hash(int, const EC_GROUP *, > const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, > const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); > >+#ifndef WITHOUT_ED25519 > int kex_c25519_hash(int, const char *, const char *, const char *, size_t, > const char *, size_t, const u_char *, size_t, const u_char *, const u_char *, > const u_char *, size_t, u_char *, size_t *); >@@ -210,6 +221,7 @@ int kexc25519_shared_key(const u_char ke > const u_char pub[CURVE25519_SIZE], struct sshbuf *out) > __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) > __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); >+#endif /* WITHOUT_ED25519 */ > > int > derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); >diff -pur old/kexc25519.c new/kexc25519.c >--- old/kexc25519.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/kexc25519.c 2015-04-07 16:02:27.254904701 +0200 >@@ -27,6 +27,7 @@ > > #include "includes.h" > >+#ifndef WITHOUT_ED25519 > #include <sys/types.h> > > #include <signal.h> >@@ -126,3 +127,4 @@ kex_c25519_hash( > #endif > return 0; > } >+#endif /* WITHOUT_ED25519 */ >diff -pur old/kexc25519c.c new/kexc25519c.c >--- old/kexc25519c.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/kexc25519c.c 2015-04-07 16:02:45.043212670 +0200 >@@ -27,6 +27,7 @@ > > #include "includes.h" > >+#ifndef WITHOUT_ED25519 > #include <sys/types.h> > > #include <stdio.h> >@@ -168,3 +169,4 @@ out: > sshbuf_free(shared_secret); > return r; > } >+#endif /* WITHOUT_ED25519 */ >diff -pur old/kexc25519s.c new/kexc25519s.c >--- old/kexc25519s.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/kexc25519s.c 2015-04-07 16:05:30.117669786 +0200 >@@ -26,6 +26,8 @@ > > #include "includes.h" > >+#ifndef WITHOUT_ED25519 >+ > #include <sys/types.h> > #include <string.h> > #include <signal.h> >@@ -156,3 +158,4 @@ out: > sshbuf_free(shared_secret); > return r; > } >+#endif /* WITHOUT_ED25519 */ >diff -pur old/monitor.c new/monitor.c >--- old/monitor.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/monitor.c 2015-04-07 16:05:48.061708008 +0200 >@@ -1859,7 +1859,9 @@ monitor_apply_keystate(struct monitor *p > kex->kex[KEX_ECDH_SHA2] = kexecdh_server; > # endif > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > kex->kex[KEX_C25519_SHA256] = kexc25519_server; >+#endif /* WITHOUT_ED25519 */ > kex->load_host_public_key=&get_hostkey_public_by_type; > kex->load_host_private_key=&get_hostkey_private_by_type; > kex->host_key_index=&get_hostkey_index; >diff -pur old/myproposal.h new/myproposal.h >--- old/myproposal.h 2015-03-17 06:49:20.000000000 +0100 >+++ new/myproposal.h 2015-04-08 14:28:23.242366100 +0200 >@@ -59,6 +59,18 @@ > # define HOSTKEY_ECDSA_METHODS > #endif > >+#ifndef WITHOUT_ED25519 >+# if !defined(WITH_OPENSSL) || defined(HAVE_EVP_SHA256) >+# define KEX_CURVE25519_METHODS "curve25519-sha256@libssh.org," >+# endif >+# define HOSTKEY_CURVE25519_CERT_METHODS "ssh-ed25519-cert-v01@openssh.com," >+# define HOSTKEY_CURVE25519_METHODS "ssh-ed25519," >+#else >+# define KEX_CURVE25519_METHODS >+# define HOSTKEY_CURVE25519_CERT_METHODS >+# define HOSTKEY_CURVE25519_METHODS >+#endif /* WITHOUT_ED25519 */ >+ > #ifdef OPENSSL_HAVE_EVPGCM > # define AESGCM_CIPHER_MODES \ > "aes128-gcm@openssh.com,aes256-gcm@openssh.com," >@@ -78,11 +90,6 @@ > #endif > > #ifdef WITH_OPENSSL >-# ifdef HAVE_EVP_SHA256 >-# define KEX_CURVE25519_METHODS "curve25519-sha256@libssh.org," >-# else >-# define KEX_CURVE25519_METHODS "" >-# endif > #define KEX_SERVER_KEX \ > KEX_CURVE25519_METHODS \ > KEX_ECDH_METHODS \ >@@ -95,13 +102,13 @@ > > #define KEX_DEFAULT_PK_ALG \ > HOSTKEY_ECDSA_CERT_METHODS \ >- "ssh-ed25519-cert-v01@openssh.com," \ >+ HOSTKEY_CURVE25519_CERT_METHODS \ > "ssh-rsa-cert-v01@openssh.com," \ > "ssh-dss-cert-v01@openssh.com," \ > "ssh-rsa-cert-v00@openssh.com," \ > "ssh-dss-cert-v00@openssh.com," \ > HOSTKEY_ECDSA_METHODS \ >- "ssh-ed25519," \ >+ HOSTKEY_CURVE25519_METHODS \ > "ssh-rsa," \ > "ssh-dss" > >@@ -143,10 +150,10 @@ > #else > > #define KEX_SERVER_KEX \ >- "curve25519-sha256@libssh.org" >+ KEX_CURVE25519_METHODS > #define KEX_DEFAULT_PK_ALG \ >- "ssh-ed25519-cert-v01@openssh.com," \ >- "ssh-ed25519" >+ HOSTKEY_CURVE25519_CERT_METHODS \ >+ HOSTKEY_CURVE25519_METHODS > #define KEX_SERVER_ENCRYPT \ > "aes128-ctr,aes192-ctr,aes256-ctr," \ > "chacha20-poly1305@openssh.com" >diff -pur old/openbsd-compat/Makefile.in new/openbsd-compat/Makefile.in >--- old/openbsd-compat/Makefile.in 2015-03-17 06:49:20.000000000 +0100 >+++ new/openbsd-compat/Makefile.in 2015-04-09 09:07:43.281436769 +0200 >@@ -32,7 +32,7 @@ $(OPENBSD): ../config.h > $(PORTS): ../config.h > > libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS) >- $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS) >+ $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS) ../hash.o ../blocks.o > $(RANLIB) $@ > > clean: >diff -pur old/pathnames.h new/pathnames.h >--- old/pathnames.h 2015-03-17 06:49:20.000000000 +0100 >+++ new/pathnames.h 2015-04-07 15:57:18.818281245 +0200 >@@ -39,7 +39,9 @@ > #define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key" > #define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key" > #define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key" >+#ifndef WITHOUT_ED25519 > #define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key" >+#endif /* WITHOUT_ED25519 */ > #define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" > #define _PATH_DH_MODULI SSHDIR "/moduli" > /* Backwards compatibility */ >@@ -78,7 +80,9 @@ > #define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa" > #define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa" > #define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa" >+#ifndef WITHOUT_ED25519 > #define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519" >+#endif /* WITHOUT_ED25519 */ > > /* > * Configuration file in user's home directory. This file need not be >diff -pur old/readconf.c new/readconf.c >--- old/readconf.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/readconf.c 2015-04-07 16:06:01.998839889 +0200 >@@ -1781,8 +1781,10 @@ fill_default_options(Options * options) > add_identity_file(options, "~/", > _PATH_SSH_CLIENT_ID_ECDSA, 0); > #endif >+#ifndef WITHOUT_ED25519 > add_identity_file(options, "~/", > _PATH_SSH_CLIENT_ID_ED25519, 0); >+#endif /* WITHOUT_ED25519 */ > } > } > if (options->escape_char == -1) >diff -pur old/servconf.c new/servconf.c >--- old/servconf.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/servconf.c 2015-04-07 16:06:29.477666287 +0200 >@@ -198,8 +198,10 @@ fill_default_server_options(ServerOption > options->host_key_files[options->num_host_key_files++] = > _PATH_HOST_ECDSA_KEY_FILE; > #endif >+#ifndef WITHOUT_ED25519 > options->host_key_files[options->num_host_key_files++] = > _PATH_HOST_ED25519_KEY_FILE; >+#endif /* WITHOUT_ED25519 */ > } > } > /* No certificates by default */ >diff -pur old/smult_curve25519_ref.c new/smult_curve25519_ref.c >--- old/smult_curve25519_ref.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/smult_curve25519_ref.c 2015-04-07 16:06:45.520274508 +0200 >@@ -6,6 +6,8 @@ Public domain. > Derived from public domain code by D. J. Bernstein. > */ > >+#ifndef WITHOUT_ED25519 >+ > int crypto_scalarmult_curve25519(unsigned char *, const unsigned char *, const unsigned char *); > > static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) >@@ -263,3 +265,4 @@ int crypto_scalarmult_curve25519(unsigne > for (i = 0;i < 32;++i) q[i] = work[64 + i]; > return 0; > } >+#endif /* WITHOUT_ED25519 */ >diff -pur old/ssh-add.c new/ssh-add.c >--- old/ssh-add.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/ssh-add.c 2015-04-07 16:07:11.940578261 +0200 >@@ -78,7 +78,9 @@ static char *default_files[] = { > _PATH_SSH_CLIENT_ID_ECDSA, > #endif > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > _PATH_SSH_CLIENT_ID_ED25519, >+#endif /* WITHOUT_ED25519 */ > _PATH_SSH_CLIENT_IDENTITY, > NULL > }; >diff -pur old/ssh-ed25519.c new/ssh-ed25519.c >--- old/ssh-ed25519.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/ssh-ed25519.c 2015-04-07 16:07:19.917204498 +0200 >@@ -17,6 +17,8 @@ > > #include "includes.h" > >+#ifndef WITHOUT_ED25519 >+ > #include <sys/types.h> > #include <limits.h> > >@@ -164,3 +166,4 @@ ssh_ed25519_verify(const struct sshkey * > free(ktype); > return r; > } >+#endif /* WITHOUT_ED25519 */ >diff -pur old/ssh-keygen.c new/ssh-keygen.c >--- old/ssh-keygen.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/ssh-keygen.c 2015-04-09 09:16:23.206616460 +0200 >@@ -214,7 +214,11 @@ type_bits_valid(int type, const char *na > } > if (type == KEY_DSA && *bitsp != 1024) > fatal("DSA keys must be 1024 bits"); >- else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) >+ else if (type != KEY_ECDSA && >+#ifndef WITHOUT_ED25519 >+ type != KEY_ED25519 && >+#endif /* WITHOUT_ED25519 */ >+ *bitsp < 768) > fatal("Key must at least be 768 bits"); > else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1) > fatal("Invalid ECDSA key length - valid lengths are " >@@ -251,10 +255,12 @@ ask_filename(struct passwd *pw, const ch > case KEY_RSA: > name = _PATH_SSH_CLIENT_ID_RSA; > break; >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > case KEY_ED25519_CERT: > name = _PATH_SSH_CLIENT_ID_ED25519; > break; >+#endif /* WITHOUT_ED25519 */ > default: > fprintf(stderr, "bad key type\n"); > exit(1); >@@ -954,7 +960,9 @@ do_gen_all_hostkeys(struct passwd *pw) > #ifdef OPENSSL_HAS_ECC > { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, > #endif >+#ifndef WITHOUT_ED25519 > { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, >+#endif /* WITHOUT_ED25519 */ > { NULL, NULL, NULL } > }; > >@@ -1643,7 +1651,10 @@ do_ca_sign(struct passwd *pw, int argc, > fatal("%s: unable to open \"%s\": %s", > __func__, tmp, ssh_err(r)); > if (public->type != KEY_RSA && public->type != KEY_DSA && >- public->type != KEY_ECDSA && public->type != KEY_ED25519) >+#ifndef WITHOUT_ED25519 >+ public->type != KEY_ED25519 && >+#endif /* WITHOUT_ED25519 */ >+ public->type != KEY_ECDSA) > fatal("%s: key \"%s\" type %s cannot be certified", > __func__, tmp, sshkey_type(public)); > >@@ -2558,8 +2569,10 @@ main(int argc, char **argv) > _PATH_HOST_DSA_KEY_FILE, rr_hostname); > n += do_print_resource_record(pw, > _PATH_HOST_ECDSA_KEY_FILE, rr_hostname); >+#ifndef WITHOUT_ED25519 > n += do_print_resource_record(pw, > _PATH_HOST_ED25519_KEY_FILE, rr_hostname); >+#endif /* WITHOUT_ED25519 */ > if (n == 0) > fatal("no keys found."); > exit(0); >diff -pur old/ssh-keyscan.c new/ssh-keyscan.c >--- old/ssh-keyscan.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/ssh-keyscan.c 2015-04-07 16:17:13.528143406 +0200 >@@ -286,7 +286,9 @@ keygrab_ssh2(con *c) > c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; > # endif > #endif >+#ifndef WITHOUT_ED25519 > c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; >+#endif /* WITHOUT_ED25519 */ > ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper); > /* > * do the key-exchange until an error occurs or until >@@ -609,10 +611,15 @@ do_host(char *host) > { > char *name = strnnsep(&host, " \t\n"); > int j; >+#ifndef WITHOUT_ED25519 >+ int max_kt = KT_ED25519; >+#else >+ int max_kt = KT_ECDSA; >+#endif /* WITHOUT_ED25519 */ > > if (name == NULL) > return; >- for (j = KT_RSA1; j <= KT_ED25519; j *= 2) { >+ for (j = KT_RSA1; j <= max_kt; j *= 2) { > if (get_keytypes & j) { > while (ncon >= MAXCON) > conloop(); >@@ -716,9 +723,11 @@ main(int argc, char **argv) > case KEY_RSA: > get_keytypes |= KT_RSA; > break; >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > get_keytypes |= KT_ED25519; > break; >+#endif /* WITHOUT_ED25519 */ > case KEY_UNSPEC: > fatal("unknown key type %s", tname); > } >diff -pur old/ssh-keysign.c new/ssh-keysign.c >--- old/ssh-keysign.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/ssh-keysign.c 2015-04-07 16:17:28.344899343 +0200 >@@ -189,7 +189,9 @@ main(int argc, char **argv) > i = 0; > key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); > key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); >+#ifndef WITHOUT_ED25519 > key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY); >+#endif /* WITHOUT_ED25519 */ > key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); > > original_real_uid = getuid(); /* XXX readconf.c needs this */ >diff -pur old/ssh.c new/ssh.c >--- old/ssh.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/ssh.c 2015-04-07 16:18:15.230902672 +0200 >@@ -1234,8 +1234,10 @@ main(int ac, char **av) > sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, > _PATH_HOST_ECDSA_KEY_FILE, "", NULL); > #endif >+#ifndef WITHOUT_ED25519 > sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519, > _PATH_HOST_ED25519_KEY_FILE, "", NULL); >+#endif /* WITHOUT_ED25519 */ > sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, > _PATH_HOST_RSA_KEY_FILE, "", NULL); > sensitive_data.keys[4] = key_load_private_cert(KEY_DSA, >@@ -1244,8 +1246,10 @@ main(int ac, char **av) > sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, > _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); > #endif >+#ifndef WITHOUT_ED25519 > sensitive_data.keys[6] = key_load_private_type(KEY_ED25519, > _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); >+#endif /* WITHOUT_ED25519 */ > sensitive_data.keys[7] = key_load_private_type(KEY_RSA, > _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); > sensitive_data.keys[8] = key_load_private_type(KEY_DSA, >@@ -1262,8 +1266,10 @@ main(int ac, char **av) > sensitive_data.keys[1] = key_load_cert( > _PATH_HOST_ECDSA_KEY_FILE); > #endif >+#ifndef WITHOUT_ED25519 > sensitive_data.keys[2] = key_load_cert( > _PATH_HOST_ED25519_KEY_FILE); >+#endif /* WITHOUT_ED25519 */ > sensitive_data.keys[3] = key_load_cert( > _PATH_HOST_RSA_KEY_FILE); > sensitive_data.keys[4] = key_load_cert( >@@ -1272,8 +1278,10 @@ main(int ac, char **av) > sensitive_data.keys[5] = key_load_public( > _PATH_HOST_ECDSA_KEY_FILE, NULL); > #endif >+#ifndef WITHOUT_ED25519 > sensitive_data.keys[6] = key_load_public( > _PATH_HOST_ED25519_KEY_FILE, NULL); >+#endif /* WITHOUT_ED25519 */ > sensitive_data.keys[7] = key_load_public( > _PATH_HOST_RSA_KEY_FILE, NULL); > sensitive_data.keys[8] = key_load_public( >diff -pur old/ssh_api.c new/ssh_api.c >--- old/ssh_api.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/ssh_api.c 2015-04-07 16:07:02.736150998 +0200 >@@ -109,7 +109,9 @@ ssh_init(struct ssh **sshp, int is_serve > ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; > # endif > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server; >+#endif /* WITHOUT_ED25519 */ > ssh->kex->load_host_public_key=&_ssh_host_public_key; > ssh->kex->load_host_private_key=&_ssh_host_private_key; > ssh->kex->sign=&_ssh_host_key_sign; >@@ -123,7 +125,9 @@ ssh_init(struct ssh **sshp, int is_serve > ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; > # endif > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; >+#endif /* WITHOUT_ED25519 */ > ssh->kex->verify_host_key =&_ssh_verify_host_key; > } > *sshp = ssh; >diff -pur old/sshconnect.c new/sshconnect.c >--- old/sshconnect.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/sshconnect.c 2015-04-07 16:18:28.213365878 +0200 >@@ -1391,7 +1391,9 @@ show_other_keys(struct hostkeys *hostkey > KEY_RSA, > KEY_DSA, > KEY_ECDSA, >+#ifndef WITHOUT_ED25519 > KEY_ED25519, >+#endif /* WITHOUT_ED25519 */ > -1 > }; > int i, ret = 0; >diff -pur old/sshconnect2.c new/sshconnect2.c >--- old/sshconnect2.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/sshconnect2.c 2015-04-07 16:18:41.464114482 +0200 >@@ -217,7 +217,9 @@ ssh_kex2(char *host, struct sockaddr *ho > kex->kex[KEX_ECDH_SHA2] = kexecdh_client; > # endif > #endif >+#ifndef WITHOUT_ED25519 > kex->kex[KEX_C25519_SHA256] = kexc25519_client; >+#endif /* WITHOUT_ED25519 */ > kex->client_version_string=client_version_string; > kex->server_version_string=server_version_string; > kex->verify_host_key=&verify_host_key_callback; >diff -pur old/sshd.c new/sshd.c >--- old/sshd.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/sshd.c 2015-04-07 16:19:09.762793114 +0200 >@@ -803,7 +803,9 @@ list_hostkey_types(void) > case KEY_RSA: > case KEY_DSA: > case KEY_ECDSA: >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: >+#endif /* WITHOUT_ED25519 */ > if (buffer_len(&b) > 0) > buffer_append(&b, ",", 1); > p = key_ssh_name(key); >@@ -820,7 +822,9 @@ list_hostkey_types(void) > case KEY_RSA_CERT: > case KEY_DSA_CERT: > case KEY_ECDSA_CERT: >+#ifndef WITHOUT_ED25519 > case KEY_ED25519_CERT: >+#endif /* WITHOUT_ED25519 */ > if (buffer_len(&b) > 0) > buffer_append(&b, ",", 1); > p = key_ssh_name(key); >@@ -848,7 +852,9 @@ get_hostkey_by_type(int type, int nid, i > case KEY_RSA_CERT: > case KEY_DSA_CERT: > case KEY_ECDSA_CERT: >+#ifndef WITHOUT_ED25519 > case KEY_ED25519_CERT: >+#endif /* WITHOUT_ED25519 */ > key = sensitive_data.host_certificates[i]; > break; > default: >@@ -1798,7 +1804,9 @@ main(int ac, char **av) > case KEY_RSA: > case KEY_DSA: > case KEY_ECDSA: >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: >+#endif /* WITHOUT_ED25519 */ > if (have_agent || key != NULL) > sensitive_data.have_ssh2_key = 1; > break; >@@ -2574,7 +2582,9 @@ do_ssh2_kex(void) > kex->kex[KEX_ECDH_SHA2] = kexecdh_server; > # endif > #endif >+#ifndef WITHOUT_ED25519 > kex->kex[KEX_C25519_SHA256] = kexc25519_server; >+#endif /* WITHOUT_ED25519 */ > kex->server = 1; > kex->client_version_string=client_version_string; > kex->server_version_string=server_version_string; >diff -pur old/sshkey.c new/sshkey.c >--- old/sshkey.c 2015-03-17 06:49:20.000000000 +0100 >+++ new/sshkey.c 2015-04-08 14:48:56.722508369 +0200 >@@ -85,9 +85,11 @@ struct keytype { > int cert; > }; > static const struct keytype keytypes[] = { >+#ifndef WITHOUT_ED25519 > { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, > { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", > KEY_ED25519_CERT, 0, 1 }, >+#endif /* WITHOUT_ED25519 */ > #ifdef WITH_OPENSSL > { NULL, "RSA1", KEY_RSA1, 0, 0 }, > { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, >@@ -283,8 +285,10 @@ sshkey_size(const struct sshkey *k) > case KEY_ECDSA_CERT: > return sshkey_curve_nid_to_bits(k->ecdsa_nid); > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > case KEY_ED25519_CERT: >+#endif /* WITHOUT_ED25519 */ > return 256; /* XXX */ > } > return 0; >@@ -309,7 +313,9 @@ sshkey_type_is_valid_ca(int type) > case KEY_RSA: > case KEY_DSA: > case KEY_ECDSA: >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: >+#endif /* WITHOUT_ED25519 */ > return 1; > default: > return 0; >@@ -337,8 +343,10 @@ sshkey_type_plain(int type) > return KEY_DSA; > case KEY_ECDSA_CERT: > return KEY_ECDSA; >+#ifndef WITHOUT_ED25519 > case KEY_ED25519_CERT: > return KEY_ED25519; >+#endif /* WITHOUT_ED25519 */ > default: > return type; > } >@@ -491,8 +499,10 @@ sshkey_new(int type) > k->dsa = NULL; > k->rsa = NULL; > k->cert = NULL; >+#ifndef WITHOUT_ED25519 > k->ed25519_sk = NULL; > k->ed25519_pk = NULL; >+#endif /* WITHOUT_ED25519 */ > switch (k->type) { > #ifdef WITH_OPENSSL > case KEY_RSA1: >@@ -529,10 +539,12 @@ sshkey_new(int type) > /* Cannot do anything until we know the group */ > break; > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > case KEY_ED25519_CERT: > /* no need to prealloc */ > break; >+#endif /* WITHOUT_ED25519 */ > case KEY_UNSPEC: > break; > default: >@@ -581,10 +593,12 @@ sshkey_add_private(struct sshkey *k) > /* Cannot do anything until we know the group */ > break; > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > case KEY_ED25519_CERT: > /* no need to prealloc */ > break; >+#endif /* WITHOUT_ED25519 */ > case KEY_UNSPEC: > break; > default: >@@ -638,6 +652,7 @@ sshkey_free(struct sshkey *k) > break; > # endif /* OPENSSL_HAS_ECC */ > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > case KEY_ED25519_CERT: > if (k->ed25519_pk) { >@@ -651,6 +666,7 @@ sshkey_free(struct sshkey *k) > k->ed25519_sk = NULL; > } > break; >+#endif /* WITHOUT_ED25519 */ > case KEY_UNSPEC: > break; > default: >@@ -730,10 +746,12 @@ sshkey_equal_public(const struct sshkey > return 1; > # endif /* OPENSSL_HAS_ECC */ > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > case KEY_ED25519_CERT: > return a->ed25519_pk != NULL && b->ed25519_pk != NULL && > memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0; >+#endif /* WITHOUT_ED25519 */ > default: > return 0; > } >@@ -772,12 +790,14 @@ to_blob_buf(const struct sshkey *key, st > case KEY_ECDSA_CERT: > case KEY_RSA_CERT: > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519_CERT: > /* Use the existing blob */ > /* XXX modified flag? */ > if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0) > return ret; > break; >+#endif /* WITHOUT_ED25519 */ > #ifdef WITH_OPENSSL > case KEY_DSA: > if (key->dsa == NULL) >@@ -809,6 +829,7 @@ to_blob_buf(const struct sshkey *key, st > return ret; > break; > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > if (key->ed25519_pk == NULL) > return SSH_ERR_INVALID_ARGUMENT; >@@ -817,6 +838,7 @@ to_blob_buf(const struct sshkey *key, st > key->ed25519_pk, ED25519_PK_SZ)) != 0) > return ret; > break; >+#endif /* WITHOUT_ED25519 */ > default: > return SSH_ERR_KEY_TYPE_UNKNOWN; > } >@@ -1290,13 +1312,17 @@ sshkey_read(struct sshkey *ret, char **c > case KEY_RSA: > case KEY_DSA: > case KEY_ECDSA: >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: >+#endif /* WITHOUT_ED25519 */ > case KEY_DSA_CERT_V00: > case KEY_RSA_CERT_V00: > case KEY_DSA_CERT: > case KEY_ECDSA_CERT: > case KEY_RSA_CERT: >+#ifndef WITHOUT_ED25519 > case KEY_ED25519_CERT: >+#endif /* WITHOUT_ED25519 */ > space = strchr(cp, ' '); > if (space == NULL) > return SSH_ERR_INVALID_FORMAT; >@@ -1388,6 +1414,7 @@ sshkey_read(struct sshkey *ret, char **c > } > # endif /* OPENSSL_HAS_ECC */ > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > if (sshkey_type_plain(ret->type) == KEY_ED25519) { > free(ret->ed25519_pk); > ret->ed25519_pk = k->ed25519_pk; >@@ -1396,6 +1423,7 @@ sshkey_read(struct sshkey *ret, char **c > /* XXX */ > #endif > } >+#endif /* WITHOUT_ED25519 */ > retval = 0; > /*XXXX*/ > sshkey_free(k); >@@ -1459,8 +1487,10 @@ sshkey_write(const struct sshkey *key, F > case KEY_RSA_CERT_V00: > case KEY_RSA_CERT: > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > case KEY_ED25519_CERT: >+#endif /* WITHOUT_ED25519 */ > if ((bb = sshbuf_new()) == NULL) { > ret = SSH_ERR_ALLOC_FAIL; > goto out; >@@ -1670,7 +1700,8 @@ sshkey_generate(int type, u_int bits, st > if ((k = sshkey_new(KEY_UNSPEC)) == NULL) > return SSH_ERR_ALLOC_FAIL; > switch (type) { >- case KEY_ED25519: >+#ifndef WITHOUT_ED25519 >+ case KEY_ED25519: > if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL || > (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) { > ret = SSH_ERR_ALLOC_FAIL; >@@ -1679,6 +1710,7 @@ sshkey_generate(int type, u_int bits, st > crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); > ret = 0; > break; >+#endif /* WITHOUT_ED25519 */ > #ifdef WITH_OPENSSL > case KEY_DSA: > ret = dsa_generate_private_key(bits, &k->dsa); >@@ -1816,6 +1848,7 @@ sshkey_from_private(const struct sshkey > } > break; > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > case KEY_ED25519_CERT: > if ((n = sshkey_new(k->type)) == NULL) >@@ -1828,6 +1861,7 @@ sshkey_from_private(const struct sshkey > memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); > } > break; >+#endif /* WITHOUT_ED25519 */ > default: > return SSH_ERR_KEY_TYPE_UNKNOWN; > } >@@ -2099,6 +2133,7 @@ sshkey_from_blob_internal(struct sshbuf > break; > # endif /* OPENSSL_HAS_ECC */ > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519_CERT: > /* Skip nonce */ > if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { >@@ -2120,6 +2155,7 @@ sshkey_from_blob_internal(struct sshbuf > key->ed25519_pk = pk; > pk = NULL; > break; >+#endif /* WITHOUT_ED25519 */ > case KEY_UNSPEC: > if ((key = sshkey_new(type)) == NULL) { > ret = SSH_ERR_ALLOC_FAIL; >@@ -2214,9 +2250,11 @@ sshkey_sign(const struct sshkey *key, > case KEY_RSA: > return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat); > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > case KEY_ED25519_CERT: > return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); >+#endif /* WITHOUT_ED25519 */ > default: > return SSH_ERR_KEY_TYPE_UNKNOWN; > } >@@ -2248,9 +2286,11 @@ sshkey_verify(const struct sshkey *key, > case KEY_RSA: > return ssh_rsa_verify(key, sig, siglen, data, dlen, compat); > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > case KEY_ED25519_CERT: > return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat); >+#endif /* WITHOUT_ED25519 */ > default: > return SSH_ERR_KEY_TYPE_UNKNOWN; > } >@@ -2274,8 +2314,10 @@ sshkey_demote(const struct sshkey *k, st > pk->dsa = NULL; > pk->ecdsa = NULL; > pk->rsa = NULL; >+#ifndef WITHOUT_ED25519 > pk->ed25519_pk = NULL; > pk->ed25519_sk = NULL; >+#endif /* WITHOUT_ED25519 */ > > switch (k->type) { > #ifdef WITH_OPENSSL >@@ -2327,6 +2369,7 @@ sshkey_demote(const struct sshkey *k, st > break; > # endif /* OPENSSL_HAS_ECC */ > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519_CERT: > if ((ret = sshkey_cert_copy(k, pk)) != 0) > goto fail; >@@ -2340,6 +2383,7 @@ sshkey_demote(const struct sshkey *k, st > memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); > } > break; >+#endif /* WITHOUT_ED25519 */ > default: > ret = SSH_ERR_KEY_TYPE_UNKNOWN; > fail: >@@ -2370,11 +2414,13 @@ sshkey_to_certified(struct sshkey *k, in > newtype = KEY_ECDSA_CERT; > break; > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > if (legacy) > return SSH_ERR_INVALID_ARGUMENT; > newtype = KEY_ED25519_CERT; > break; >+#endif /* WITHOUT_ED25519 */ > default: > return SSH_ERR_INVALID_ARGUMENT; > } >@@ -2457,11 +2503,13 @@ sshkey_certify(struct sshkey *k, struct > goto out; > break; > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519_CERT: > if ((ret = sshbuf_put_string(cert, > k->ed25519_pk, ED25519_PK_SZ)) != 0) > goto out; > break; >+#endif /* WITHOUT_ED25519 */ > default: > ret = SSH_ERR_INVALID_ARGUMENT; > goto out; >@@ -2656,6 +2704,7 @@ sshkey_private_serialize(const struct ss > break; > # endif /* OPENSSL_HAS_ECC */ > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > if ((r = sshbuf_put_string(b, key->ed25519_pk, > ED25519_PK_SZ)) != 0 || >@@ -2675,6 +2724,7 @@ sshkey_private_serialize(const struct ss > ED25519_SK_SZ)) != 0) > goto out; > break; >+#endif /* WITHOUT_ED25519 */ > default: > r = SSH_ERR_INVALID_ARGUMENT; > goto out; >@@ -2801,6 +2851,7 @@ sshkey_private_deserialize(struct sshbuf > goto out; > break; > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > if ((k = sshkey_new_private(type)) == NULL) { > r = SSH_ERR_ALLOC_FAIL; >@@ -2831,6 +2882,7 @@ sshkey_private_deserialize(struct sshbuf > k->ed25519_sk = ed25519_sk; > ed25519_pk = ed25519_sk = NULL; > break; >+#endif /* WITHOUT_ED25519 */ > default: > r = SSH_ERR_KEY_TYPE_UNKNOWN; > goto out; >@@ -3590,9 +3642,11 @@ sshkey_private_to_fileblob(struct sshkey > return sshkey_private_pem_to_blob(key, blob, > passphrase, comment); > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > return sshkey_private_to_blob2(key, blob, passphrase, > comment, new_format_cipher, new_format_rounds); >+#endif /* WITHOUT_ED25519 */ > default: > return SSH_ERR_KEY_TYPE_UNKNOWN; > } >@@ -3898,9 +3952,11 @@ sshkey_parse_private_fileblob_type(struc > return sshkey_parse_private_pem_fileblob(blob, type, > passphrase, keyp); > #endif /* WITH_OPENSSL */ >+#ifndef WITHOUT_ED25519 > case KEY_ED25519: > return sshkey_parse_private2(blob, type, passphrase, > keyp, commentp); >+#endif /* WITHOUT_ED25519 */ > case KEY_UNSPEC: > if ((r = sshkey_parse_private2(blob, type, passphrase, keyp, > commentp)) == 0) >diff -pur old/sshkey.h new/sshkey.h >--- old/sshkey.h 2015-03-17 06:49:20.000000000 +0100 >+++ new/sshkey.h 2015-04-07 15:58:14.361182131 +0200 >@@ -57,11 +57,15 @@ enum sshkey_types { > KEY_RSA, > KEY_DSA, > KEY_ECDSA, >+#ifndef WITHOUT_ED25519 > KEY_ED25519, >+#endif /* WITHOUT_ED25519 */ > KEY_RSA_CERT, > KEY_DSA_CERT, > KEY_ECDSA_CERT, >+#ifndef WITHOUT_ED25519 > KEY_ED25519_CERT, >+#endif /* WITHOUT_ED25519 */ > KEY_RSA_CERT_V00, > KEY_DSA_CERT_V00, > KEY_UNSPEC >@@ -105,13 +109,17 @@ struct sshkey { > DSA *dsa; > int ecdsa_nid; /* NID of curve */ > EC_KEY *ecdsa; >+#ifndef WITHOUT_ED25519 > u_char *ed25519_sk; > u_char *ed25519_pk; >+#endif /* WITHOUT_ED25519 */ > struct sshkey_cert *cert; > }; > >+#ifndef WITHOUT_ED25519 > #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES > #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES >+#endif /* WITHOUT_ED25519 */ > > struct sshkey *sshkey_new(int); > int sshkey_add_private(struct sshkey *); >@@ -209,11 +217,13 @@ int ssh_ecdsa_sign(const struct sshkey * > int ssh_ecdsa_verify(const struct sshkey *key, > const u_char *signature, size_t signaturelen, > const u_char *data, size_t datalen, u_int compat); >+#ifndef WITHOUT_ED25519 > int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, > const u_char *data, size_t datalen, u_int compat); > int ssh_ed25519_verify(const struct sshkey *key, > const u_char *signature, size_t signaturelen, > const u_char *data, size_t datalen, u_int compat); >+#endif /* WITHOUT_ED25519 */ > #endif > > #if !defined(WITH_OPENSSL)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2579">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2376
: 2579