[openssh-commits] [openssh] 03/04: fix FIDO key support for !OPENSSL_HAS_ECC case

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Oct 1 16:36:30 AEST 2021


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 872595572b6c9a584ed754165e8b7c4c9e7e1d61
Author: Damien Miller <djm at mindrot.org>
Date:   Fri Oct 1 16:35:05 2021 +1000

    fix FIDO key support for !OPENSSL_HAS_ECC case
    
    ok dtucker
---
 sk-usbhid.c |  9 +++++++++
 ssh-sk.c    | 13 +++++++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/sk-usbhid.c b/sk-usbhid.c
index 2fdf3d94..01412b69 100644
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -31,6 +31,15 @@
 #include <sha2.h>
 #endif
 
+/*
+ * Almost every use of OpenSSL in this file is for ECDSA-NISTP256.
+ * This is strictly a larger hammer than necessary, but it reduces changes
+ * with upstream.
+ */
+#ifndef OPENSSL_HAS_ECC
+# undef WITH_OPENSSL
+#endif
+
 #ifdef WITH_OPENSSL
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
diff --git a/ssh-sk.c b/ssh-sk.c
index d254e77f..393b4ccd 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -29,10 +29,10 @@
 #include <string.h>
 #include <stdio.h>
 
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
 #include <openssl/objects.h>
 #include <openssl/ec.h>
-#endif /* WITH_OPENSSL */
+#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
 
 #include "log.h"
 #include "misc.h"
@@ -45,6 +45,15 @@
 #include "sk-api.h"
 #include "crypto_api.h"
 
+/*
+ * Almost every use of OpenSSL in this file is for ECDSA-NISTP256.
+ * This is strictly a larger hammer than necessary, but it reduces changes
+ * with upstream.
+ */
+#ifndef OPENSSL_HAS_ECC
+# undef WITH_OPENSSL
+#endif
+
 struct sshsk_provider {
 	char *path;
 	void *dlhandle;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list