Created attachment 2599 [details] git format-patch origin/master Summary: * Fix KEX_SERVER_ENCRYPT macro in myproposal.h * Fix unresolved symbols in ssh-keygen.c * Isolate openssl code and extend WITH_OPENSSL wrappers around it * Make ed25519 default key type in ssh-keygen when configured --without-openssl The attached patches apply to master (commit id 70860b6)
Created attachment 2603 [details] someone left off a '\' character in KEX_SERVER_ENCRYPT It appears that someone left off a '\' character. KEX_SERVER_ENCRYPT should be defined as... #define KEX_SERVER_ENCRYPT "chacha20-poly1305@openssh.com,""aes128-ctr,aes192-ctr,aes256-ctr" ...but for formatting the string is split up on separate lines which need to be connected with the '\' characters.
Created attachment 2604 [details] unresolved gen_candidates and prime_test symbols ssh-keygen was failing to link on unresolved gen_candidates and prime_test symbols. These functions are only available when ssh links to ssl.
Created attachment 2605 [details] isolate and wrap WITH_OPENSSH options There are a number of ssh-keygen options which only apply in a with-openssl build. These options were already partially guarded in WITH_OPENSSL macros. This change isolates and wraps the rest of those options producing a clean, warning free build with openssl disabled.
Created attachment 2606 [details] make ed25519 default ssh-keygen type when no SSL The default key type was hardcoded to rsa, which isn't available in without-openssl builds. This change makes the default ed25519 when openssl is disabled.
Comment on attachment 2603 [details] someone left off a '\' character in KEX_SERVER_ENCRYPT >Subject: [PATCH 1/4] myproposal.h: fix newline in KEX_SERVER_ENCRYPT This one has already been fixed in the OpenBSD tree but hasn't been pulled into Portable yet. http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/myproposal.h.diff?r1=1.42&r2=1.43
Put the rest on the list for 6.9
Created attachment 2633 [details] make ed25519 default ssh-keygen type when no SSL tweaked diff
Created attachment 2634 [details] chop out moduli code and options when compiled !openssl rework the other two patches
Comment on attachment 2634 [details] chop out moduli code and options when compiled !openssl >+ case 'T': >+ do_screen_candidates = 1; >+ if (strlcpy(out_file, optarg, sizeof(out_file)) >= >+ sizeof(out_file)) >+ fatal("Output filename too long"); >+ break; > case 'S': > /* XXX - also compare length against bits */ > if (BN_hex2bn(&start, optarg) == 0) > fatal("Invalid start point."); > break; if this is supposed to be in alphabetical order then 'T' goes after 'S'. otherwise, ok.
both revised diffs applied and will be in OpenSSH 6.9 - thanks!
Close all resolved bugs after 7.3p1 release