diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2019-02-09 16:58:18 +0000 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2019-02-09 16:58:18 +0000 |
commit | 02d4370ce7842a418ca27ba9307961d9ecf87397 (patch) | |
tree | 6c2ba88ae3e5d797fe317e763e789aa734f163ba | |
parent | 03c7853479d0d58afa5edff4189846e73d15a567 (diff) |
Support linking against older OpenSSLs
-rw-r--r-- | paramiko/kex_curve25519.py | 9 | ||||
-rw-r--r-- | paramiko/transport.py | 6 |
2 files changed, 13 insertions, 2 deletions
diff --git a/paramiko/kex_curve25519.py b/paramiko/kex_curve25519.py index 60fb2c7a..b092afae 100644 --- a/paramiko/kex_curve25519.py +++ b/paramiko/kex_curve25519.py @@ -1,6 +1,7 @@ import binascii import hashlib +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.primitives import constant_time, serialization from cryptography.hazmat.primitives.asymmetric.x25519 import ( X25519PrivateKey, X25519PublicKey @@ -19,6 +20,14 @@ class KexCurve25519(object): self.transport = transport self.key = None + def is_available(self): + try: + X25519PrivateKey.generate() + except UnsupportedAlgorithm: + return False + else: + return True + def _perform_exchange(self, peer_key): secret = self.key.exchange(peer_key) if constant_time.bytes_eq(secret, b"\x00" * 32): diff --git a/paramiko/transport.py b/paramiko/transport.py index 785da060..f25ef95d 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -171,7 +171,6 @@ class Transport(threading.Thread, ClosingContextManager): "ssh-dss", ) _preferred_kex = ( - "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", @@ -180,6 +179,8 @@ class Transport(threading.Thread, ClosingContextManager): "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1", ) + if KexCurve25519.is_available(): + _preferred_kex = ("curve25519-sha256@libssh.org",) + _preferred_kex _preferred_gsskex = ( "gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==", "gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==", @@ -273,8 +274,9 @@ class Transport(threading.Thread, ClosingContextManager): "ecdh-sha2-nistp256": KexNistp256, "ecdh-sha2-nistp384": KexNistp384, "ecdh-sha2-nistp521": KexNistp521, - "curve25519-sha256@libssh.org": KexCurve25519, } + if KexCurve25519.is_available(): + _kex_info["curve25519-sha256@libssh.org"] = KexCurve25519 _compression_info = { # zlib@openssh.com is just zlib, but only turned on after a successful |