diff --git a/ChangeLog b/ChangeLog index 56a808bcd..2cc303de0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20110213 - (djm) [misc.c] include time.h for nanosleep() prototype - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm + - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating + ecdsa keys. ok djm. 20110212 - OpenBSD CVS Sync diff --git a/Makefile.in b/Makefile.in index 13b6dedea..ea6fadc4a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.316 2011/01/13 03:06:38 tim Exp $ +# $Id: Makefile.in,v 1.317 2011/01/13 06:35:46 tim Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -326,20 +326,27 @@ install-sysconf: host-key: ssh-keygen$(EXEEXT) @if [ -z "$(DESTDIR)" ] ; then \ - if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \ - echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \ + if [ -f "$(sysconfdir)/ssh_host_key" ] ; then \ + echo "$(sysconfdir)/ssh_host_key already exists, skipping." ; \ else \ - ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ; \ + ./ssh-keygen -t rsa1 -f $(sysconfdir)/ssh_host_key -N "" ; \ fi ; \ - if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key ] ; then \ - echo "$(DESTDIR)$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \ + if [ -f $(sysconfdir)/ssh_host_dsa_key ] ; then \ + echo "$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \ else \ - ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ; \ + ./ssh-keygen -t dsa -f $(sysconfdir)/ssh_host_dsa_key -N "" ; \ fi ; \ - if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key ] ; then \ - echo "$(DESTDIR)$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \ + if [ -f $(sysconfdir)/ssh_host_rsa_key ] ; then \ + echo "$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \ else \ - ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" ; \ + ./ssh-keygen -t rsa -f $(sysconfdir)/ssh_host_rsa_key -N "" ; \ + fi ; \ + if [ -z "@COMMENT_OUT_ECC@" ] ; then \ + if [ -f $(sysconfdir)/ssh_host_ecdsa_key ] ; then \ + echo "$(sysconfdir)/ssh_host_ecdsa_key already exists, skipping." ; \ + else \ + ./ssh-keygen -t ecdsa -f $(sysconfdir)/ssh_host_ecdsa_key -N "" ; \ + fi ; \ fi ; \ fi ; @@ -347,6 +354,7 @@ host-key-force: ssh-keygen$(EXEEXT) ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" +@COMMENT_OUT_ECC@ ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N "" uninstallall: uninstall -rm -f $(DESTDIR)$(sysconfdir)/ssh_config diff --git a/configure.ac b/configure.ac index 93dd22174..3d4d11c92 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.463 2011/01/12 05:00:39 djm Exp $ +# $Id: configure.ac,v 1.464 2011/01/13 06:35:46 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.463 $) +AC_REVISION($Revision: 1.464 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -2258,13 +2258,16 @@ int main(void) { AC_DEFINE(OPENSSL_HAS_ECC, 1, [libcrypto includes complete ECC support]) TEST_SSH_ECC=yes + COMMENT_OUT_ECC="" ], [ AC_MSG_RESULT(no) TEST_SSH_ECC=no + COMMENT_OUT_ECC="#no ecc#" ] ) AC_SUBST(TEST_SSH_ECC) +AC_SUBST(COMMENT_OUT_ECC) saved_LIBS="$LIBS" AC_CHECK_LIB(iaf, ia_openinfo, [ diff --git a/opensshd.init.in b/opensshd.init.in index d0aff7794..0db60caa7 100755 --- a/opensshd.init.in +++ b/opensshd.init.in @@ -20,6 +20,7 @@ SSH_KEYGEN=$prefix/bin/ssh-keygen HOST_KEY_RSA1=$sysconfdir/ssh_host_key HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key +@COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key checkkeys() { @@ -32,6 +33,9 @@ checkkeys() { if [ ! -f $HOST_KEY_RSA ]; then ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" fi +@COMMENT_OUT_ECC@ if [ ! -f $HOST_KEY_ECDSA ]; then +@COMMENT_OUT_ECC@ ${SSH_KEYGEN} -t ecdsa -f ${HOST_KEY_ECDSA} -N "" +@COMMENT_OUT_ECC@ fi } stop_service() {