[openssh-commits] [openssh] 01/02: Bring back OPENSSL_HAS_ECC to ssh-pkcs11-client
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Jul 20 12:53:51 AEST 2023
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 51fda734e0d3c2df256fc03e8b060c4305be6e59
Author: Damien Miller <djm at mindrot.org>
Date: Thu Jul 20 12:53:21 2023 +1000
Bring back OPENSSL_HAS_ECC to ssh-pkcs11-client
---
ssh-pkcs11-client.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index 7db6c6c5..d9e3b59a 100644
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -48,6 +48,11 @@
#include "openbsd-compat/openssl-compat.h"
+#if !defined(OPENSSL_HAS_ECC) || !defined(HAVE_EC_KEY_METHOD_NEW)
+#define EC_KEY_METHOD void
+#define EC_KEY void
+#endif
+
/* borrows code from sftp-server and ssh-agent */
/*
@@ -101,6 +106,7 @@ helper_by_rsa(const RSA *rsa)
static struct helper *
helper_by_ec(const EC_KEY *ec)
{
+#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
size_t i;
const EC_KEY_METHOD *meth;
@@ -110,6 +116,7 @@ helper_by_ec(const EC_KEY *ec)
if (helpers[i] != NULL && helpers[i]->ec_meth == meth)
return helpers[i];
}
+#endif /* defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) */
return NULL;
}
@@ -141,7 +148,9 @@ helper_free(struct helper *helper)
nhelpers--;
}
free(helper->path);
+#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
EC_KEY_METHOD_free(helper->ec_meth);
+#endif
RSA_meth_free(helper->rsa_meth);
free(helper);
}
@@ -313,6 +322,7 @@ rsa_finish(RSA *rsa)
return 1;
}
+#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
static ECDSA_SIG *
ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
const BIGNUM *rp, EC_KEY *ec)
@@ -392,6 +402,7 @@ ecdsa_do_finish(EC_KEY *ec)
if (helper->nrsa == 0 && helper->nec == 0)
helper_terminate(helper);
}
+#endif /* defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) */
/* redirect private key crypto operations to the ssh-pkcs11-helper */
static void
@@ -402,10 +413,12 @@ wrap_key(struct helper *helper, struct sshkey *k)
RSA_set_method(k->rsa, helper->rsa_meth);
if (helper->nrsa++ >= INT_MAX)
fatal_f("RSA refcount error");
+#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
} else if (k->type == KEY_ECDSA) {
EC_KEY_set_method(k->ecdsa, helper->ec_meth);
if (helper->nec++ >= INT_MAX)
fatal_f("EC refcount error");
+#endif
} else
fatal_f("unknown key type");
k->flags |= SSHKEY_FLAG_EXT;
@@ -416,6 +429,9 @@ wrap_key(struct helper *helper, struct sshkey *k)
static int
pkcs11_start_helper_methods(struct helper *helper)
{
+ RSA_METHOD *rsa_meth;
+ EC_KEY_METHOD *ec_meth = NULL;
+#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
int (*ec_init)(EC_KEY *key);
int (*ec_copy)(EC_KEY *dest, const EC_KEY *src);
int (*ec_set_group)(EC_KEY *key, const EC_GROUP *grp);
@@ -423,8 +439,6 @@ pkcs11_start_helper_methods(struct helper *helper)
int (*ec_set_public)(EC_KEY *key, const EC_POINT *pub_key);
int (*ec_sign)(int, const unsigned char *, int, unsigned char *,
unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL;
- RSA_METHOD *rsa_meth;
- EC_KEY_METHOD *ec_meth;
if ((ec_meth = EC_KEY_METHOD_new(EC_KEY_OpenSSL())) == NULL)
return -1;
@@ -434,6 +448,7 @@ pkcs11_start_helper_methods(struct helper *helper)
&ec_copy, &ec_set_group, &ec_set_private, &ec_set_public);
EC_KEY_METHOD_set_init(ec_meth, ec_init, ecdsa_do_finish,
ec_copy, ec_set_group, ec_set_private, ec_set_public);
+#endif /* defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) */
if ((rsa_meth = RSA_meth_dup(RSA_get_default_method())) == NULL)
fatal_f("RSA_meth_dup failed");
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list