bmh10 / rpms / openssh

Forked from rpms/openssh 2 days ago
Clone

Blame SOURCES/openssh-6.2p2-dont-test-ecdsa-521-keys.patch

f09e2e
diff -up openssh-6.2p2/configure.ac.ecc openssh-6.2p2/configure.ac
f09e2e
--- openssh-6.2p2/configure.ac.ecc	2013-06-12 15:53:42.507017657 +0200
f09e2e
+++ openssh-6.2p2/configure.ac	2013-06-12 15:53:42.534017598 +0200
f09e2e
@@ -2512,7 +2512,7 @@ AC_SUBST([TEST_SSH_SHA256])
f09e2e
 
f09e2e
 # Check complete ECC support in OpenSSL
f09e2e
 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
f09e2e
-AC_LINK_IFELSE(
f09e2e
+AC_RUN_IFELSE(
f09e2e
 	[AC_LANG_PROGRAM([[
f09e2e
 #include <openssl/ec.h>
f09e2e
 #include <openssl/ecdh.h>
f09e2e
@@ -2524,8 +2524,9 @@ AC_LINK_IFELSE(
f09e2e
 # error "OpenSSL < 0.9.8g has unreliable ECC code"
f09e2e
 #endif
f09e2e
 	]], [[
f09e2e
-	EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
f09e2e
+	EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
f09e2e
 	const EVP_MD *m = EVP_sha512(); /* We need this too */
f09e2e
+	exit (e == NULL || m == NULL);
f09e2e
 	]])],
f09e2e
 	[
f09e2e
 		AC_MSG_RESULT([yes])
f09e2e
diff -up openssh-6.2p2/regress/kextype.sh.ecc openssh-6.2p2/regress/kextype.sh
f09e2e
--- openssh-6.2p2/regress/kextype.sh.ecc	2013-06-12 16:06:39.718376529 +0200
f09e2e
+++ openssh-6.2p2/regress/kextype.sh	2013-06-12 16:06:47.587343883 +0200
f09e2e
@@ -8,7 +8,7 @@ cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
f09e2e
 cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
f09e2e
 
f09e2e
 if test "$TEST_SSH_ECC" = "yes"; then
f09e2e
-	kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521"
f09e2e
+	kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384"
f09e2e
 fi
f09e2e
 if test "$TEST_SSH_SHA256" = "yes"; then
f09e2e
 	kextypes="$kextypes diffie-hellman-group-exchange-sha256"
f09e2e
diff -up openssh-6.2p2/regress/keytype.sh.ecc openssh-6.2p2/regress/keytype.sh
f09e2e
--- openssh-6.2p2/regress/keytype.sh.ecc	2012-02-15 08:01:42.000000000 +0100
f09e2e
+++ openssh-6.2p2/regress/keytype.sh	2013-06-12 15:53:42.534017598 +0200
f09e2e
@@ -13,7 +13,7 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
f09e2e
 
f09e2e
 ktypes="dsa-1024 rsa-2048 rsa-3072"
f09e2e
 if test "$TEST_SSH_ECC" = "yes"; then
f09e2e
-	ktypes="$ktypes ecdsa-256 ecdsa-384 ecdsa-521"
f09e2e
+	ktypes="$ktypes ecdsa-256 ecdsa-384"
f09e2e
 fi
f09e2e
 
f09e2e
 for kt in $ktypes; do