make compiling against OpenSSL optional (make OPENSSL=no);

reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm

1 files changed, 7 insertions, 1 deletions

diff --git a/usr.bin/ssh/hostfile.c b/usr.bin/ssh/hostfile.c
index 440363d5848..ae856382656 100644
--- a/usr.bin/ssh/hostfile.c
+++ b/usr.bin/ssh/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: hostfile.c,v 1.56 2014/04/29 18:01:49 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -179,6 +179,7 @@ static int
 hostfile_check_key(int bits, const Key *key, const char *host,
     const char *filename, u_long linenum)
 {
+#ifdef WITH_SSH1
 	if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL)
 		return 1;
 	if (bits != BN_num_bits(key->rsa->n)) {
@@ -188,6 +189,7 @@ hostfile_check_key(int bits, const Key *key, const char *host,
 		logit("Warning: replace %d with %d in %s, line %lu.",
 		    bits, BN_num_bits(key->rsa->n), filename, linenum);
 	}
+#endif
 	return 1;
 }
 
@@ -293,11 +295,15 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
 		key = key_new(KEY_UNSPEC);
 		if (!hostfile_read_key(&cp, &kbits, key)) {
 			key_free(key);
+#ifdef WITH_SSH1
 			key = key_new(KEY_RSA1);
 			if (!hostfile_read_key(&cp, &kbits, key)) {
 				key_free(key);
 				continue;
 			}
+#else
+			continue;
+#endif
 		}
 		if (!hostfile_check_key(kbits, key, host, path, linenum))
 			continue;