non-openssl build fixes

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



The attached patches fixes and cleans up the build when configured
with --without-openssl.

Summary:
* Fix KEX_SERVER_ENCRYPT macro in myproposal.h
* Fix unresolved symbols in ssh-keygen.c
* Isolate openssl code and extend WITH_OPENSSL wrappers around it
* Make ed25519 default key type in ssh-keygen when configured --without-openssl
From 96e87ab50e242a2d4a2511418185d1e855d8c793 Mon Sep 17 00:00:00 2001
From: Reuben Hawkins <rhawkins@xxxxxxxxxx>
Date: Wed, 22 Apr 2015 11:54:28 -0700
Subject: [PATCH 1/4] myproposal.h: fix newline in KEX_SERVER_ENCRYPT

It appears that someone left off a '\' character. KEX_SERVER_ENCRYPT should
be defined as...

 #define KEX_SERVER_ENCRYPT "chacha20-poly1305@xxxxxxxxxxx,""aes128-ctr,aes192-ctr,aes256-ctr"

...but for formatting the string is split up on seperate lines which need
to be connected with the '\' characters.
---
 myproposal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/myproposal.h b/myproposal.h
index 4033110..f624e3b 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -148,7 +148,7 @@
 	"ssh-ed25519-cert-v01@xxxxxxxxxxx," \
 	"ssh-ed25519"
 #define	KEX_SERVER_ENCRYPT \
-	"chacha20-poly1305@xxxxxxxxxxx,"
+	"chacha20-poly1305@xxxxxxxxxxx," \
 	"aes128-ctr,aes192-ctr,aes256-ctr"
 #define	KEX_SERVER_MAC \
 	"umac-64-etm@xxxxxxxxxxx," \
-- 
1.9.1

From 8fe240e1875e8e6eaf02a2d4d7aad01d13d5bedc Mon Sep 17 00:00:00 2001
From: Reuben Hawkins <rhawkins@xxxxxxxxxx>
Date: Wed, 22 Apr 2015 11:58:48 -0700
Subject: [PATCH 2/4] ssh-keygen.c: add needed WITH_OPENSSL gaurds

ssh-keygen was failing to link on unresolved gen_candidates and prime_test
symbols.  These functions are only available when ssh links to ssl.
---
 ssh-keygen.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 0518638..dbbfdf3 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -174,10 +174,12 @@ extern char *__progname;
 
 char hostname[NI_MAXHOST];
 
+#ifdef WITH_OPENSSL
 /* moduli.c */
 int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
 int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
     unsigned long);
+#endif
 
 static void
 type_bits_valid(int type, const char *name, u_int32_t *bitsp)
@@ -2571,6 +2573,7 @@ main(int argc, char **argv)
 		}
 	}
 
+#ifdef WITH_OPENSSL
 	if (do_gen_candidates) {
 		FILE *out = fopen(out_file, "w");
 
@@ -2610,6 +2613,7 @@ main(int argc, char **argv)
 			fatal("modulus screening failed");
 		return (0);
 	}
+#endif /* WITH_OPENSSL */
 
 	if (gen_all_hostkeys) {
 		do_gen_all_hostkeys(pw);
-- 
1.9.1

From 4ada5e536399832c0c35baa184369d3346de6172 Mon Sep 17 00:00:00 2001
From: Reuben Hawkins <rhawkins@xxxxxxxxxx>
Date: Wed, 22 Apr 2015 12:02:17 -0700
Subject: [PATCH 3/4] ssh-keygen.c: isolate ssl code, wrap in WITH_OPENSSL

There are a number of ssh-keygen options which only apply in a with-openssl
build.  These options were already partially guarded in WITH_OPENSSL macros.
This change isolates and wraps the rest of those options producing a clean,
warning free build with openssl disabled.
---
 ssh-keygen.c | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/ssh-keygen.c b/ssh-keygen.c
index dbbfdf3..c993736 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -2223,9 +2223,11 @@ usage(void)
 	    "       ssh-keygen -H [-f known_hosts_file]\n"
 	    "       ssh-keygen -R hostname [-f known_hosts_file]\n"
 	    "       ssh-keygen -r hostname [-f input_keyfile] [-g]\n"
+#ifdef WITH_OPENSSL
 	    "       ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"
 	    "       ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"
 	    "                  [-j start_line] [-K checkpt] [-W generator]\n"
+#endif
 	    "       ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n"
 	    "                  [-O option] [-V validity_interval] [-z serial_number] file ...\n"
 	    "       ssh-keygen -L [-f input_keyfile]\n"
@@ -2243,17 +2245,21 @@ int
 main(int argc, char **argv)
 {
 	char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
-	char *checkpoint = NULL;
-	char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra;
+	char *rr_hostname = NULL, *ep, *fp, *ra;
 	struct sshkey *private, *public;
 	struct passwd *pw;
 	struct stat st;
 	int r, opt, type, fd;
-	u_int32_t memory = 0, generator_wanted = 0;
+#ifdef WITH_OPENSSL
+	char out_file[PATH_MAX];
+	u_int32_t generator_wanted = 0;
+	char *checkpoint = NULL;
+	u_int32_t memory = 0;
 	int do_gen_candidates = 0, do_screen_candidates = 0;
-	int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
-	unsigned long start_lineno = 0, lines_to_process = 0;
 	BIGNUM *start = NULL;
+	unsigned long start_lineno = 0, lines_to_process = 0;
+#endif
+	int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
 	FILE *f;
 	const char *errstr;
 
@@ -2312,12 +2318,6 @@ main(int argc, char **argv)
 		case 'I':
 			cert_key_id = optarg;
 			break;
-		case 'J':
-			lines_to_process = strtoul(optarg, NULL, 10);
-                        break;
-		case 'j':
-			start_lineno = strtoul(optarg, NULL, 10);
-                        break;
 		case 'R':
 			delete_host = 1;
 			rr_hostname = optarg;
@@ -2432,6 +2432,13 @@ main(int argc, char **argv)
 		case 'r':
 			rr_hostname = optarg;
 			break;
+#ifdef WITH_OPENSSL
+		case 'j':
+			start_lineno = strtoul(optarg, NULL, 10);
+                        break;
+		case 'J':
+			lines_to_process = strtoul(optarg, NULL, 10);
+                        break;
 		case 'W':
 			generator_wanted = (u_int32_t)strtonum(optarg, 1,
 			    UINT_MAX, &errstr);
@@ -2445,7 +2452,6 @@ main(int argc, char **argv)
 				fatal("Invalid number: %s (%s)",
 					optarg, errstr);
 			break;
-#ifdef WITH_OPENSSL
 		case 'M':
 			memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
 			if (errstr)
@@ -2589,7 +2595,6 @@ main(int argc, char **argv)
 
 		return (0);
 	}
-
 	if (do_screen_candidates) {
 		FILE *in;
 		FILE *out = fopen(out_file, "a");
-- 
1.9.1

From f325b1f7f0f07d0b6bb3b5dfc36374b0d3fe1894 Mon Sep 17 00:00:00 2001
From: Reuben Hawkins <rhawkins@xxxxxxxxxx>
Date: Wed, 22 Apr 2015 12:06:24 -0700
Subject: [PATCH 4/4] ssh-keygen.c: man ed25519 default without openssl

The default key type was hardcoded to rsa, which isn't available
in without-openssl builds.  This change makes the default ed25519
when openssl is disabled.
---
 ssh-keygen.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ssh-keygen.c b/ssh-keygen.c
index c993736..d50dd11 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -2625,8 +2625,13 @@ main(int argc, char **argv)
 		return (0);
 	}
 
-	if (key_type_name == NULL)
+	if (key_type_name == NULL) {
+#ifdef WITH_OPENSSL
 		key_type_name = "rsa";
+#else
+		key_type_name = "ed25519";
+#endif /* WITH_OPENSSL */
+	}
 
 	type = sshkey_type_from_name(key_type_name);
 	type_bits_valid(type, key_type_name, &bits);
-- 
1.9.1

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux