From e323ebc250bb25c51a27be4b34190bf5a371f50b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 19 Jan 2011 23:12:27 +1100 Subject: [PATCH] - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- release testing (random crashes and failure to load ECC keys). ok dtucker@ --- ChangeLog | 4 ++++ configure.ac | 10 ++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 87066031a..53c987f1b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20110119 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead of RPM so build completes. Signatures were changed to .asc since 4.1p1. + - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to + 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- + release testing (random crashes and failure to load ECC keys). + ok dtucker@ 20110117 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in diff --git a/configure.ac b/configure.ac index 233d3cfa1..208896ed8 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.467 2011/01/17 10:15:30 dtucker Exp $ +# $Id: configure.ac,v 1.468 2011/01/19 12:12:30 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.467 $) +AC_REVISION($Revision: 1.468 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -2257,8 +2257,14 @@ AC_MSG_CHECKING([whether OpenSSL has complete ECC support]) AC_LINK_IFELSE( [AC_LANG_SOURCE([[ #include +#include +#include #include #include +#include +#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ +# error "OpenSSL < 0.9.8g has unreliable ECC code" +#endif int main(void) { EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); const EVP_MD *m = EVP_sha512(); /* We need this too */