[openssh-commits] [openssh] 01/08: upstream: add the missing WITH_OPENSSL ifdefs after the ED25519-SK

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Nov 20 09:27:38 AEDT 2019


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 723a5369864b338c48d22854bc2bb4ee5c083deb
Author: naddy at openbsd.org <naddy at openbsd.org>
Date:   Mon Nov 18 16:08:57 2019 +0000

    upstream: add the missing WITH_OPENSSL ifdefs after the ED25519-SK
    
    addition; ok djm@
    
    OpenBSD-Commit-ID: a9545e1c273e506cf70e328cbb9d0129b6d62474
---
 sk-usbhid.c | 12 ++++++++++++
 ssh-sk.c    | 16 +++++++++++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/sk-usbhid.c b/sk-usbhid.c
index 17b59536..594f5d89 100644
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -25,11 +25,13 @@
 #include <stddef.h>
 #include <stdarg.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
+#endif /* WITH_OPENSSL */
 
 #include <fido.h>
 
@@ -271,6 +273,7 @@ find_device(const uint8_t *message, size_t message_len, const char *application,
 	return dev;
 }
 
+#ifdef WITH_OPENSSL
 /*
  * The key returned via fido_cred_pubkey_ptr() is in affine coordinates,
  * but the API expects a SEC1 octet string.
@@ -343,6 +346,7 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response)
 	BN_clear_free(y);
 	return ret;
 }
+#endif /* WITH_OPENSSL */
 
 static int
 pack_public_key_ed25519(fido_cred_t *cred, struct sk_enroll_response *response)
@@ -379,8 +383,10 @@ static int
 pack_public_key(int alg, fido_cred_t *cred, struct sk_enroll_response *response)
 {
 	switch(alg) {
+#ifdef WITH_OPENSSL
 	case SK_ECDSA:
 		return pack_public_key_ecdsa(cred, response);
+#endif /* WITH_OPENSSL */
 	case SK_ED25519:
 		return pack_public_key_ed25519(cred, response);
 	default:
@@ -414,9 +420,11 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
 	}
 	*enroll_response = NULL;
 	switch(alg) {
+#ifdef WITH_OPENSSL
 	case SK_ECDSA:
 		cose_alg = COSE_ES256;
 		break;
+#endif /* WITH_OPENSSL */
 	case SK_ED25519:
 		cose_alg = COSE_EDDSA;
 		break;
@@ -536,6 +544,7 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
 	return ret;
 }
 
+#ifdef WITH_OPENSSL
 static int
 pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response)
 {
@@ -572,6 +581,7 @@ pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response)
 	}
 	return ret;
 }
+#endif /* WITH_OPENSSL */
 
 static int
 pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response)
@@ -605,8 +615,10 @@ static int
 pack_sig(int alg, fido_assert_t *assert, struct sk_sign_response *response)
 {
 	switch(alg) {
+#ifdef WITH_OPENSSL
 	case SK_ECDSA:
 		return pack_sig_ecdsa(assert, response);
+#endif /* WITH_OPENSSL */
 	case SK_ED25519:
 		return pack_sig_ed25519(assert, response);
 	default:
diff --git a/ssh-sk.c b/ssh-sk.c
index 187d9f0c..df2f040e 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk.c,v 1.14 2019/11/16 23:17:20 djm Exp $ */
+/* $OpenBSD: ssh-sk.c,v 1.15 2019/11/18 16:08:57 naddy Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -27,8 +27,10 @@
 #include <string.h>
 #include <stdio.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/objects.h>
 #include <openssl/ec.h>
+#endif /* WITH_OPENSSL */
 
 #include "log.h"
 #include "misc.h"
@@ -163,6 +165,7 @@ sshsk_free_sign_response(struct sk_sign_response *r)
 	freezero(r, sizeof(*r));
 };
 
+#ifdef WITH_OPENSSL
 /* Assemble key from response */
 static int
 sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
@@ -217,6 +220,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
 	sshbuf_free(b);
 	return r;
 }
+#endif /* WITH_OPENSSL */
 
 static int
 sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
@@ -272,9 +276,11 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
 	if (attest)
 		sshbuf_reset(attest);
 	switch (type) {
+#ifdef WITH_OPENSSL
 	case KEY_ECDSA_SK:
 		alg = SSH_SK_ECDSA;
 		break;
+#endif /* WITH_OPENSSL */
 	case KEY_ED25519_SK:
 		alg = SSH_SK_ED25519;
 		break;
@@ -330,10 +336,12 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
 		goto out;
 	}
 	switch (type) {
+#ifdef WITH_OPENSSL
 	case KEY_ECDSA_SK:
 		if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0)
 			goto out;
 		break;
+#endif /* WITH_OPENSSL */
 	case KEY_ED25519_SK:
 		if ((r = sshsk_ed25519_assemble(resp, &key)) != 0)
 			goto out;
@@ -382,6 +390,7 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
 	return r;
 }
 
+#ifdef WITH_OPENSSL
 static int
 sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
 {
@@ -425,6 +434,7 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
 	sshbuf_free(inner_sig);
 	return r;
 }
+#endif /* WITH_OPENSSL */
 
 static int
 sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig)
@@ -474,9 +484,11 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
 		*lenp = 0;
 	type = sshkey_type_plain(key->type);
 	switch (type) {
+#ifdef WITH_OPENSSL
 	case KEY_ECDSA_SK:
 		alg = SSH_SK_ECDSA;
 		break;
+#endif /* WITH_OPENSSL */
 	case KEY_ED25519_SK:
 		alg = SSH_SK_ED25519;
 		break;
@@ -518,10 +530,12 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
 		goto out;
 	}
 	switch (type) {
+#ifdef WITH_OPENSSL
 	case KEY_ECDSA_SK:
 		if ((r = sshsk_ecdsa_sig(resp, sig)) != 0)
 			goto out;
 		break;
+#endif /* WITH_OPENSSL */
 	case KEY_ED25519_SK:
 		if ((r = sshsk_ed25519_sig(resp, sig)) != 0)
 			goto out;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list