diff options
| author | Damien Miller <djm@mindrot.org> | 2019-01-21 01:32:28 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-01-21 01:32:28 +0100 |
| commit | e2cb445d786f7572da2af93e3433308eaed1093a (patch) | |
| tree | e83d87ba2af9d692bb0972baf7996b192b14e7f9 /ssh-pkcs11.c | |
| parent | upstream: we use singleton pkcs#11 RSA_METHOD and EC_KEY_METHOD (diff) | |
| download | openssh-e2cb445d786f7572da2af93e3433308eaed1093a.tar.xz openssh-e2cb445d786f7572da2af93e3433308eaed1093a.zip | |
conditionalise ECDSA PKCS#11 support
Require EC_KEY_METHOD support in libcrypto, evidenced by presence
of EC_KEY_METHOD_new() function.
Diffstat (limited to 'ssh-pkcs11.c')
| -rw-r--r-- | ssh-pkcs11.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index b49034952..2b65010ce 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -409,6 +409,7 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, return (0); } +#ifdef HAVE_EC_KEY_METHOD_NEW /* openssl callback doing the actual signing operation */ static ECDSA_SIG * ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, @@ -512,6 +513,7 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, return (0); } +#endif /* HAVE_EC_KEY_METHOD_NEW */ /* remove trailing spaces */ static void @@ -582,6 +584,7 @@ pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key) return (0); } +#ifdef HAVE_EC_KEY_METHOD_NEW static struct sshkey * pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, CK_OBJECT_HANDLE *obj) @@ -704,6 +707,7 @@ fail: return (key); } +#endif /* HAVE_EC_KEY_METHOD_NEW */ static struct sshkey * pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, @@ -808,7 +812,9 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, EC_KEY *ec = NULL; struct sshkey *key = NULL; int i; +#ifdef HAVE_EC_KEY_METHOD_NEW int nid; +#endif const u_char *cp; memset(&cert_attr, 0, sizeof(cert_attr)); @@ -890,6 +896,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, key->type = KEY_RSA; key->flags |= SSHKEY_FLAG_EXT; rsa = NULL; /* now owned by key */ +#ifdef HAVE_EC_KEY_METHOD_NEW } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { if (EVP_PKEY_get0_EC_KEY(evp) == NULL) { error("invalid x509; no ec key"); @@ -920,6 +927,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, key->type = KEY_ECDSA; key->flags |= SSHKEY_FLAG_EXT; ec = NULL; /* now owned by key */ +#endif /* HAVE_EC_KEY_METHOD_NEW */ } else error("unknown certificate key type"); @@ -1103,9 +1111,11 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, case CKK_RSA: key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj); break; +#ifdef HAVE_EC_KEY_METHOD_NEW case CKK_ECDSA: key = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj); break; +#endif /* HAVE_EC_KEY_METHOD_NEW */ default: /* XXX print key type? */ error("skipping unsupported key type"); |