tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: add the missing WITH_OPENSSL ifdefs after the ED25519-SK 

addition; ok djm@

OpenBSD-Commit-ID: a9545e1c273e506cf70e328cbb9d0129b6d62474
This commit is contained in:
naddy@openbsd.org 2019-11-18 16:08:57 +00:00 committed by Damien Miller
parent 478f4f98e4
commit 723a536986
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sk-usbhid.c
View File

@ -25,11 +25,13 @@
#include <stddef.h> #include <stddef.h>
#include <stdarg.h> #include <stdarg.h>
#ifdef WITH_OPENSSL
#include <openssl/opensslv.h> #include <openssl/opensslv.h>
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/ec.h> #include <openssl/ec.h>
#include <openssl/ecdsa.h> #include <openssl/ecdsa.h>
#endif /* WITH_OPENSSL */
#include <fido.h> #include <fido.h>
@ -271,6 +273,7 @@ find_device(const uint8_t *message, size_t message_len, const char *application,
return dev; return dev;
} }
#ifdef WITH_OPENSSL
/* /*
* The key returned via fido_cred_pubkey_ptr() is in affine coordinates, * The key returned via fido_cred_pubkey_ptr() is in affine coordinates,
* but the API expects a SEC1 octet string. * but the API expects a SEC1 octet string.
@ -343,6 +346,7 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response)
BN_clear_free(y); BN_clear_free(y);
return ret; return ret;
} }
#endif /* WITH_OPENSSL */
static int static int
pack_public_key_ed25519(fido_cred_t *cred, struct sk_enroll_response *response) pack_public_key_ed25519(fido_cred_t *cred, struct sk_enroll_response *response)
@ -379,8 +383,10 @@ static int
pack_public_key(int alg, fido_cred_t *cred, struct sk_enroll_response *response) pack_public_key(int alg, fido_cred_t *cred, struct sk_enroll_response *response)
{ {
switch(alg) { switch(alg) {
#ifdef WITH_OPENSSL
case SK_ECDSA: case SK_ECDSA:
return pack_public_key_ecdsa(cred, response); return pack_public_key_ecdsa(cred, response);
#endif /* WITH_OPENSSL */
case SK_ED25519: case SK_ED25519:
return pack_public_key_ed25519(cred, response); return pack_public_key_ed25519(cred, response);
default: default:
@ -414,9 +420,11 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
} }
*enroll_response = NULL; *enroll_response = NULL;
switch(alg) { switch(alg) {
#ifdef WITH_OPENSSL
case SK_ECDSA: case SK_ECDSA:
cose_alg = COSE_ES256; cose_alg = COSE_ES256;
break; break;
#endif /* WITH_OPENSSL */
case SK_ED25519: case SK_ED25519:
cose_alg = COSE_EDDSA; cose_alg = COSE_EDDSA;
break; break;
@ -536,6 +544,7 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
return ret; return ret;
} }
#ifdef WITH_OPENSSL
static int static int
pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response) pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response)
{ {
@ -572,6 +581,7 @@ pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response)
} }
return ret; return ret;
} }
#endif /* WITH_OPENSSL */
static int static int
pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response) pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response)
@ -605,8 +615,10 @@ static int
pack_sig(int alg, fido_assert_t *assert, struct sk_sign_response *response) pack_sig(int alg, fido_assert_t *assert, struct sk_sign_response *response)
{ {
switch(alg) { switch(alg) {
#ifdef WITH_OPENSSL
case SK_ECDSA: case SK_ECDSA:
return pack_sig_ecdsa(assert, response); return pack_sig_ecdsa(assert, response);
#endif /* WITH_OPENSSL */
case SK_ED25519: case SK_ED25519:
return pack_sig_ed25519(assert, response); return pack_sig_ed25519(assert, response);
default: default:

16
ssh-sk.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-sk.c,v 1.14 2019/11/16 23:17:20 djm Exp $ */ /* $OpenBSD: ssh-sk.c,v 1.15 2019/11/18 16:08:57 naddy Exp $ */
/* /*
* Copyright (c) 2019 Google LLC * Copyright (c) 2019 Google LLC
* *
@ -27,8 +27,10 @@
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#ifdef WITH_OPENSSL
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/ec.h> #include <openssl/ec.h>
#endif /* WITH_OPENSSL */
#include "log.h" #include "log.h"
#include "misc.h" #include "misc.h"
@ -163,6 +165,7 @@ sshsk_free_sign_response(struct sk_sign_response *r)
freezero(r, sizeof(*r)); freezero(r, sizeof(*r));
}; };
#ifdef WITH_OPENSSL
/* Assemble key from response */ /* Assemble key from response */
static int static int
sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
@ -217,6 +220,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
sshbuf_free(b); sshbuf_free(b);
return r; return r;
} }
#endif /* WITH_OPENSSL */
static int static int
sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
@ -272,9 +276,11 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
if (attest) if (attest)
sshbuf_reset(attest); sshbuf_reset(attest);
switch (type) { switch (type) {
#ifdef WITH_OPENSSL
case KEY_ECDSA_SK: case KEY_ECDSA_SK:
alg = SSH_SK_ECDSA; alg = SSH_SK_ECDSA;
break; break;
#endif /* WITH_OPENSSL */
case KEY_ED25519_SK: case KEY_ED25519_SK:
alg = SSH_SK_ED25519; alg = SSH_SK_ED25519;
break; break;
@ -330,10 +336,12 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
goto out; goto out;
} }
switch (type) { switch (type) {
#ifdef WITH_OPENSSL
case KEY_ECDSA_SK: case KEY_ECDSA_SK:
if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0) if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0)
goto out; goto out;
break; break;
#endif /* WITH_OPENSSL */
case KEY_ED25519_SK: case KEY_ED25519_SK:
if ((r = sshsk_ed25519_assemble(resp, &key)) != 0) if ((r = sshsk_ed25519_assemble(resp, &key)) != 0)
goto out; goto out;
@ -382,6 +390,7 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
return r; return r;
} }
#ifdef WITH_OPENSSL
static int static int
sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
{ {
@ -425,6 +434,7 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
sshbuf_free(inner_sig); sshbuf_free(inner_sig);
return r; return r;
} }
#endif /* WITH_OPENSSL */
static int static int
sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig) sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig)
@ -474,9 +484,11 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
*lenp = 0; *lenp = 0;
type = sshkey_type_plain(key->type); type = sshkey_type_plain(key->type);
switch (type) { switch (type) {
#ifdef WITH_OPENSSL
case KEY_ECDSA_SK: case KEY_ECDSA_SK:
alg = SSH_SK_ECDSA; alg = SSH_SK_ECDSA;
break; break;
#endif /* WITH_OPENSSL */
case KEY_ED25519_SK: case KEY_ED25519_SK:
alg = SSH_SK_ED25519; alg = SSH_SK_ED25519;
break; break;
@ -518,10 +530,12 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
goto out; goto out;
} }
switch (type) { switch (type) {
#ifdef WITH_OPENSSL
case KEY_ECDSA_SK: case KEY_ECDSA_SK:
if ((r = sshsk_ecdsa_sig(resp, sig)) != 0) if ((r = sshsk_ecdsa_sig(resp, sig)) != 0)
goto out; goto out;
break; break;
#endif /* WITH_OPENSSL */
case KEY_ED25519_SK: case KEY_ED25519_SK:
if ((r = sshsk_ed25519_sig(resp, sig)) != 0) if ((r = sshsk_ed25519_sig(resp, sig)) != 0)
goto out; goto out;