Thanks, I've applied it. Matt
On 2024-04-05 3:37 pm, Peter Krefting wrote:
Fixes compile when disabling SHA-1 with #define DROPBEAR_SHA1_HMAC 0 #define DROPBEAR_RSA_SHA1 0 #define DROPBEAR_DH_GROUP14_SHA1 0 while keeping SHA-256 enabled. Should also fix the opposite, but that is not a recommended configuration. --- src/svr-runopts.c | 4 ++++ diff --git a/src/svr-runopts.c b/src/svr-runopts.c index e8e2f4e64bb..c4f83c111ae 100644 --- a/src/svr-runopts.c +++ b/src/svr-runopts.c @@ -610,8 +610,12 @@ void load_all_hostkeys() { #if DROPBEAR_RSA if (!svr_opts.delay_hostkey && !svr_opts.hostkey->rsakey) { +#if DROPBEAR_RSA_SHA256 disablekey(DROPBEAR_SIGNATURE_RSA_SHA256); +#endif +#if DROPBEAR_RSA_SHA1 disablekey(DROPBEAR_SIGNATURE_RSA_SHA1); +#endif } else { any_keys = 1; }