Thanks, I've applied it.
Matt
On 2024-04-05 3:37 pm, Peter Krefting wrote:
Fixes compile when disabling SHA-1 with
#define DROPBEAR_SHA1_HMAC 0
#define DROPBEAR_RSA_SHA1 0
#define DROPBEAR_DH_GROUP14_SHA1 0
while keeping SHA-256 enabled.
Should also fix the opposite, but that is not a recommended
configuration.
---
src/svr-runopts.c | 4 ++++
diff --git a/src/svr-runopts.c b/src/svr-runopts.c
index e8e2f4e64bb..c4f83c111ae 100644
--- a/src/svr-runopts.c
+++ b/src/svr-runopts.c
@@ -610,8 +610,12 @@ void load_all_hostkeys() {
#if DROPBEAR_RSA
if (!svr_opts.delay_hostkey && !svr_opts.hostkey->rsakey) {
+#if DROPBEAR_RSA_SHA256
disablekey(DROPBEAR_SIGNATURE_RSA_SHA256);
+#endif
+#if DROPBEAR_RSA_SHA1
disablekey(DROPBEAR_SIGNATURE_RSA_SHA1);
+#endif
} else {
any_keys = 1;
}
