Bug 2388 - build fixups for --without-openssl
Summary: build fixups for --without-openssl
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Build system (show other bugs)
Version: -current
Hardware: All All
: P5 enhancement
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: V_6_9
  Show dependency treegraph
 
Reported: 2015-04-23 13:48 AEST by Reuben Hawkins
Modified: 2016-08-02 10:41 AEST (History)
3 users (show)

See Also:


Attachments
git format-patch origin/master (2.66 KB, application/x-compressed-tar)
2015-04-23 13:48 AEST, Reuben Hawkins
no flags Details
someone left off a '\' character in KEX_SERVER_ENCRYPT (1.02 KB, patch)
2015-04-25 08:11 AEST, Reuben Hawkins
no flags Details | Diff
unresolved gen_candidates and prime_test symbols (1.27 KB, patch)
2015-04-25 08:12 AEST, Reuben Hawkins
no flags Details | Diff
isolate and wrap WITH_OPENSSH options (3.47 KB, patch)
2015-04-25 08:13 AEST, Reuben Hawkins
no flags Details | Diff
make ed25519 default ssh-keygen type when no SSL (976 bytes, patch)
2015-04-25 08:15 AEST, Reuben Hawkins
no flags Details | Diff
make ed25519 default ssh-keygen type when no SSL (675 bytes, patch)
2015-05-28 14:01 AEST, Damien Miller
dtucker: ok+
Details | Diff
chop out moduli code and options when compiled !openssl (5.68 KB, patch)
2015-05-28 14:41 AEST, Damien Miller
dtucker: ok+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Reuben Hawkins 2015-04-23 13:48:15 AEST
Created attachment 2599 [details]
git format-patch origin/master

Summary:
* Fix KEX_SERVER_ENCRYPT macro in myproposal.h
* Fix unresolved symbols in ssh-keygen.c
* Isolate openssl code and extend WITH_OPENSSL wrappers around it
* Make ed25519 default key type in ssh-keygen when configured --without-openssl

The attached patches apply to master (commit id 70860b6)
Comment 1 Reuben Hawkins 2015-04-25 08:11:11 AEST
Created attachment 2603 [details]
someone left off a '\' character in KEX_SERVER_ENCRYPT

It appears that someone left off a '\' character. KEX_SERVER_ENCRYPT should
be defined as...

 #define KEX_SERVER_ENCRYPT "chacha20-poly1305@openssh.com,""aes128-ctr,aes192-ctr,aes256-ctr"

...but for formatting the string is split up on separate lines which need
to be connected with the '\' characters.
Comment 2 Reuben Hawkins 2015-04-25 08:12:13 AEST
Created attachment 2604 [details]
unresolved gen_candidates and prime_test symbols

ssh-keygen was failing to link on unresolved gen_candidates and prime_test symbols.  These functions are only available when ssh links to ssl.
Comment 3 Reuben Hawkins 2015-04-25 08:13:31 AEST
Created attachment 2605 [details]
isolate and wrap WITH_OPENSSH options

There are a number of ssh-keygen options which only apply in a with-openssl build.  These options were already partially guarded in WITH_OPENSSL macros. This change isolates and wraps the rest of those options producing a clean, warning free build with openssl disabled.
Comment 4 Reuben Hawkins 2015-04-25 08:15:04 AEST
Created attachment 2606 [details]
make ed25519 default ssh-keygen type when no SSL

The default key type was hardcoded to rsa, which isn't available in without-openssl builds.  This change makes the default ed25519 when openssl is disabled.
Comment 5 Darren Tucker 2015-04-27 10:15:04 AEST
Comment on attachment 2603 [details]
someone left off a '\' character in KEX_SERVER_ENCRYPT

>Subject: [PATCH 1/4] myproposal.h: fix newline in KEX_SERVER_ENCRYPT

This one has already been fixed in the OpenBSD tree but hasn't been pulled into Portable yet.

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/myproposal.h.diff?r1=1.42&r2=1.43
Comment 6 Darren Tucker 2015-04-27 10:17:41 AEST
Put the rest on the list for 6.9
Comment 7 Damien Miller 2015-05-28 14:01:23 AEST
Created attachment 2633 [details]
make ed25519 default ssh-keygen type when no SSL

tweaked diff
Comment 8 Damien Miller 2015-05-28 14:41:27 AEST
Created attachment 2634 [details]
chop out moduli code and options when compiled !openssl

rework the other two patches
Comment 9 Darren Tucker 2015-05-28 15:19:25 AEST
Comment on attachment 2634 [details]
chop out moduli code and options when compiled !openssl

>+		case 'T':
>+			do_screen_candidates = 1;
>+			if (strlcpy(out_file, optarg, sizeof(out_file)) >=
>+			    sizeof(out_file))
>+				fatal("Output filename too long");
>+			break;
> 		case 'S':
> 			/* XXX - also compare length against bits */
> 			if (BN_hex2bn(&start, optarg) == 0)
> 				fatal("Invalid start point.");
> 			break;

if this is supposed to be in alphabetical order then 'T' goes after 'S'.

otherwise, ok.
Comment 10 Damien Miller 2015-05-28 17:37:52 AEST
both revised diffs applied and will be in OpenSSH 6.9 - thanks!
Comment 11 Damien Miller 2016-08-02 10:41:32 AEST
Close all resolved bugs after 7.3p1 release