Bug 2376

Summary: Add compile time option to disable Curve25519
Product: Portable OpenSSH Reporter: Tomas Kuthan <tomas.kuthan>
Component: Build systemAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: enhancement CC: djm, dtucker, tomas.kuthan
Priority: P5    
Version: 6.8p1   
Hardware: SPARC   
OS: Solaris   
Attachments:
Description Flags
Implements -DWITHOUT_ED25519 none

Description Tomas Kuthan 2015-04-09 19:34:37 AEST 
Make it possible to build OpenSSH without Curve25519 support.
Comment 1 Darren Tucker 2015-04-09 19:43:53 AEST 
Err, why?  If you don't want to use it you can turn it off in the config.
Comment 2 Tomas Kuthan 2015-04-09 19:44:35 AEST 
Created attachment 2579 [details]
Implements -DWITHOUT_ED25519

The patch makes it possible to build OpenSSH without Curve25519 by specifying -DWITHOUT_EC25519.

The patch doesn't modify regression tests nor man pages.
Comment 3 Tomas Kuthan 2015-04-09 19:51:25 AEST 
(In reply to Darren Tucker from comment #1)
> Err, why?  If you don't want to use it you can turn it off in the
> config.

For legal reasons we are not allowed to ship OpenSSH with any elliptic curve cryptography.
Comment 4 Damien Miller 2015-04-24 13:55:25 AEST 
We won't be adding this. We have too many #ifdefs at the moment, and as far as we are aware there are no patent encumbrances on ed25519.
Comment 5 Tomas Kuthan 2015-04-24 19:16:12 AEST 
Fair enough. Thank you for the information.
Comment 6 Damien Miller 2016-08-02 10:40:53 AEST 
Close all resolved bugs after 7.3p1 release