2376 – Add compile time option to disable Curve25519

Bug 2376 - Add compile time option to disable Curve25519

Summary: Add compile time option to disable Curve25519

Status:	CLOSED WONTFIX

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	Build system (show other bugs)
Version:	6.8p1
Hardware:	SPARC Solaris

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-04-09 19:34 AEST by Tomas Kuthan
Modified:	2016-08-02 10:40 AEST (History)
CC List:	3 users (show)

See Also:

Attachments
Implements -DWITHOUT_ED25519 (35.20 KB, patch) 2015-04-09 19:44 AEST, Tomas Kuthan	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tomas Kuthan 2015-04-09 19:34:37 AEST

Make it possible to build OpenSSH without Curve25519 support.

Comment 1 Darren Tucker 2015-04-09 19:43:53 AEST

Err, why?  If you don't want to use it you can turn it off in the config.

Comment 2 Tomas Kuthan 2015-04-09 19:44:35 AEST

Created attachment 2579 [details]
Implements -DWITHOUT_ED25519

The patch makes it possible to build OpenSSH without Curve25519 by specifying -DWITHOUT_EC25519.

The patch doesn't modify regression tests nor man pages.

Comment 3 Tomas Kuthan 2015-04-09 19:51:25 AEST

(In reply to Darren Tucker from comment #1)
> Err, why?  If you don't want to use it you can turn it off in the
> config.

For legal reasons we are not allowed to ship OpenSSH with any elliptic curve cryptography.

Comment 4 Damien Miller 2015-04-24 13:55:25 AEST

We won't be adding this. We have too many #ifdefs at the moment, and as far as we are aware there are no patent encumbrances on ed25519.

Comment 5 Tomas Kuthan 2015-04-24 19:16:12 AEST

Fair enough. Thank you for the information.

Comment 6 Damien Miller 2016-08-02 10:40:53 AEST

Close all resolved bugs after 7.3p1 release