- (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of

NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the latter actually works before using it. Fedora (at least) has NID_secp521r1 that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
author: Darren Tucker <dtucker@zip.com.au> 2013-11-09 18:39:25 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2013-11-09 18:39:25 +1100
commit: 37bcef51b3d9d496caecea6394814d2f49a1357f (patch)
tree: c564402d96ca797f8b0248552ef78f4f9408ef8c /key.c
parent: 6e2fe81f926d995bae4be4a6b5b3c88c1c525187 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/key.c b/key.c
index 90f0a0173..bc84953f3 100644
--- a/key.c
+++ b/key.c
@@ -918,7 +918,9 @@ static const struct keytype keytypes[] = {
 #ifdef OPENSSL_HAS_ECC
        { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 },
        { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 },
+# ifdef OPENSSL_HAS_NISTP521
        { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 },
+# endif
 #endif /* OPENSSL_HAS_ECC */
        { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 },
        { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 },
@@ -927,8 +929,10 @@ static const struct keytype keytypes[] = {
            KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 },
        { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT",
            KEY_ECDSA_CERT, NID_secp384r1, 1 },
+# ifdef OPENSSL_HAS_NISTP521
        { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT",
            KEY_ECDSA_CERT, NID_secp521r1, 1 },
+# endif
 #endif /* OPENSSL_HAS_ECC */
        { "ssh-rsa-cert-v00@openssh.com", "RSA-CERT-V00",
            KEY_RSA_CERT_V00, 0, 1 },
@@ -1100,8 +1104,10 @@ key_ecdsa_bits_to_nid(int bits)
                return NID_X9_62_prime256v1;
        case 384:
                return NID_secp384r1;
+# ifdef HAVE_OPENSSL_NISTP521
        case 521:
                return NID_secp521r1;
+# endif
 #endif
        default:
                return -1;
@@ -1116,7 +1122,9 @@ key_ecdsa_key_to_nid(EC_KEY *k)
        int nids[] = {
                NID_X9_62_prime256v1,
                NID_secp384r1,
+# ifdef OPENSSL_HAS_NISTP521
                NID_secp521r1,
+# endif
                -1
        };
        int nid;
@@ -2031,8 +2039,10 @@ key_curve_name_to_nid(const char *name)
                return NID_X9_62_prime256v1;
        else if (strcmp(name, "nistp384") == 0)
                return NID_secp384r1;
+# ifdef OPENSSL_HAS_NISTP521
        else if (strcmp(name, "nistp521") == 0)
                return NID_secp521r1;
+# endif
 #endif
        debug("%s: unsupported EC curve name \"%.100s\"", __func__, name);
@@ -2048,8 +2058,10 @@ key_curve_nid_to_bits(int nid)
                return 256;
        case NID_secp384r1:
                return 384;
+# ifdef OPENSSL_NAS_NISTP521
        case NID_secp521r1:
                return 521;
+# endif
 #endif
        default:
                error("%s: unsupported EC curve nid %d", __func__, nid);
@@ -2065,8 +2077,10 @@ key_curve_nid_to_name(int nid)
                return "nistp256";
        else if (nid == NID_secp384r1)
                return "nistp384";
+# ifdef OPENSSL_HAS_NISTP521
        else if (nid == NID_secp521r1)
                return "nistp521";
+# endif
 #endif
        error("%s: unsupported EC curve nid %d", __func__, nid);
        return NULL;
author	Darren Tucker <dtucker@zip.com.au>	2013-11-09 18:39:25 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2013-11-09 18:39:25 +1100
commit	37bcef51b3d9d496caecea6394814d2f49a1357f (patch)
tree	c564402d96ca797f8b0248552ef78f4f9408ef8c /key.c
parent	6e2fe81f926d995bae4be4a6b5b3c88c1c525187 (diff)