From 836b1b889023f2139cbabc766b97b5a41ce42230 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 16 May 2024 11:35:30 -0700
Subject: [PATCH] Guards Update

1. Update the guards around the strings used to make the cannedKeyList.
   If any algorithm is disabled, leave it out of the list. (I'm looking
   at you Ed25519!)
2. Added comments to those guards.
---
 src/internal.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 507d95d2a..acddbd319 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -738,17 +738,25 @@ static const char cannedKexAlgoNames[] =
 #endif
 
 static const char cannedKeyAlgoNames[] =
+#ifndef WOLFSSH_NO_ED25519
     "ssh-ed25519,"
+#endif /* WOLFSSH_NO_ED25519 */
+#ifndef WOLFSSH_NO_RSA_SHA2_256
     "rsa-sha2-256,"
+#endif/* WOLFSSH_NO_RSA_SHA2_256 */
+#ifdef WOLFSSH_NO_ECDSA_SHA2_NISTP256
     "ecdsa-sha2-nistp256,"
+#endif /* WOLFSSH_NO_ECDSA_SHA2_NISTP256 */
 #ifdef WOLFSSH_CERTS
-    "x509v3-ecdsa-sha2-nistp256,"
+    #ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP256
+        "x509v3-ecdsa-sha2-nistp256,"
+    #endif /* WOLFSSH_NO_ECDSA_SHA2_NISTP256 */
     #ifdef WOLFSSH_NO_SHA1_SOFT_DISABLE
         "x509v3-ssh-rsa,"
     #endif /* WOLFSSH_NO_SHA1_SOFT_DISABLE */
 #endif /* WOLFSSH_CERTS */
 #ifdef WOLFSSH_NO_SHA1_SOFT_DISABLE
-        "ssh-rsa,"
+    "ssh-rsa,"
 #endif /* WOLFSSH_NO_SHA1_SOFT_DISABLE */
     "";