Mercurial > dropbear
comparison svr-runopts.c @ 1603:0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
specified. Fixes -R now that default ecdsa key size has changed.
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 08 Mar 2018 22:25:33 +0800 |
parents | 61a793b6e471 |
children | 76189c9ffea2 |
comparison
equal
deleted
inserted
replaced
1602:0f149d63068d | 1603:0dc3103a5900 |
---|---|
524 } | 524 } |
525 | 525 |
526 | 526 |
527 void load_all_hostkeys() { | 527 void load_all_hostkeys() { |
528 int i; | 528 int i; |
529 int disable_unset_keys = 1; | |
530 int any_keys = 0; | 529 int any_keys = 0; |
530 #ifdef DROPBEAR_ECDSA | |
531 int loaded_any_ecdsa = 0; | |
532 #endif | |
531 | 533 |
532 svr_opts.hostkey = new_sign_key(); | 534 svr_opts.hostkey = new_sign_key(); |
533 | 535 |
534 for (i = 0; i < svr_opts.num_hostkey_files; i++) { | 536 for (i = 0; i < svr_opts.num_hostkey_files; i++) { |
535 char *hostkey_file = svr_opts.hostkey_files[i]; | 537 char *hostkey_file = svr_opts.hostkey_files[i]; |
550 #if DROPBEAR_ECDSA | 552 #if DROPBEAR_ECDSA |
551 loadhostkey(ECDSA_PRIV_FILENAME, 0); | 553 loadhostkey(ECDSA_PRIV_FILENAME, 0); |
552 #endif | 554 #endif |
553 } | 555 } |
554 | 556 |
555 #if DROPBEAR_DELAY_HOSTKEY | |
556 if (svr_opts.delay_hostkey) { | |
557 disable_unset_keys = 0; | |
558 } | |
559 #endif | |
560 | |
561 #if DROPBEAR_RSA | 557 #if DROPBEAR_RSA |
562 if (disable_unset_keys && !svr_opts.hostkey->rsakey) { | 558 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->rsakey) { |
563 disablekey(DROPBEAR_SIGNKEY_RSA); | 559 disablekey(DROPBEAR_SIGNKEY_RSA); |
564 } else { | 560 } else { |
565 any_keys = 1; | 561 any_keys = 1; |
566 } | 562 } |
567 #endif | 563 #endif |
568 | 564 |
569 #if DROPBEAR_DSS | 565 #if DROPBEAR_DSS |
570 if (disable_unset_keys && !svr_opts.hostkey->dsskey) { | 566 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->dsskey) { |
571 disablekey(DROPBEAR_SIGNKEY_DSS); | 567 disablekey(DROPBEAR_SIGNKEY_DSS); |
572 } else { | 568 } else { |
573 any_keys = 1; | 569 any_keys = 1; |
574 } | 570 } |
575 #endif | 571 #endif |
576 | 572 |
577 | |
578 #if DROPBEAR_ECDSA | 573 #if DROPBEAR_ECDSA |
574 /* We want to advertise a single ecdsa algorithm size. | |
575 - If there is a ecdsa hostkey at startup we choose that that size. | |
576 - If we generate at runtime we choose the default ecdsa size. | |
577 - Otherwise no ecdsa keys will be advertised */ | |
578 | |
579 /* check if any keys were loaded at startup */ | |
580 loaded_any_ecdsa = | |
581 0 | |
579 #if DROPBEAR_ECC_256 | 582 #if DROPBEAR_ECC_256 |
580 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256) | 583 || svr_opts.hostkey->ecckey256 |
581 && !svr_opts.hostkey->ecckey256) { | 584 #endif |
585 #if DROPBEAR_ECC_384 | |
586 || svr_opts.hostkey->ecckey384 | |
587 #endif | |
588 #if DROPBEAR_ECC_521 | |
589 || svr_opts.hostkey->ecckey521 | |
590 #endif | |
591 ; | |
592 any_keys |= loaded_any_ecdsa; | |
593 | |
594 /* Or an ecdsa key could be generated at runtime */ | |
595 any_keys |= svr_opts.delay_hostkey; | |
596 | |
597 /* At most one ecdsa key size will be left enabled */ | |
598 #if DROPBEAR_ECC_256 | |
599 if (!svr_opts.hostkey->ecckey256 | |
600 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 256 )) { | |
582 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); | 601 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); |
583 } else { | 602 } |
584 any_keys = 1; | 603 #endif |
585 } | |
586 #endif | |
587 | |
588 #if DROPBEAR_ECC_384 | 604 #if DROPBEAR_ECC_384 |
589 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384) | 605 if (!svr_opts.hostkey->ecckey384 |
590 && !svr_opts.hostkey->ecckey384) { | 606 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 384 )) { |
591 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); | 607 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); |
592 } else { | 608 } |
593 any_keys = 1; | 609 #endif |
594 } | |
595 #endif | |
596 | |
597 #if DROPBEAR_ECC_521 | 610 #if DROPBEAR_ECC_521 |
598 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521) | 611 if (!svr_opts.hostkey->ecckey521 |
599 && !svr_opts.hostkey->ecckey521) { | 612 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 521 )) { |
600 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); | 613 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); |
601 } else { | |
602 any_keys = 1; | |
603 } | 614 } |
604 #endif | 615 #endif |
605 #endif /* DROPBEAR_ECDSA */ | 616 #endif /* DROPBEAR_ECDSA */ |
606 | 617 |
607 if (!any_keys) { | 618 if (!any_keys) { |