- (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs

for missing headers and compiler warnings.

ChangeLog

@@ -66,6 +66,8 @@
    [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
    [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
    platforms that don't have the requisite OpenSSL support. ok dtucker@
+ - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
+   for missing headers and compiler warnings.
 
 20100831
  - OpenBSD CVS Sync

kex.h

@@ -29,7 +29,9 @@
 #include <signal.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
+#ifdef OPENSSL_HAS_ECC
 #include <openssl/ec.h>
+#endif
 
 #define KEX_COOKIE_LEN	16
 

key.c

@@ -261,7 +261,9 @@ cert_compare(struct KeyCert *a, struct KeyCert *b)
 int
 key_equal_public(const Key *a, const Key *b)
 {
+#ifdef OPENSSL_HAS_ECC
 	BN_CTX *bnctx;
+#endif
 
 	if (a == NULL || b == NULL ||
 	    key_type_plain(a->type) != key_type_plain(b->type))
@@ -656,9 +658,12 @@ key_read(Key *ret, char **cpp)
 	Key *k;
 	int success = -1;
 	char *cp, *space;
-	int len, n, type, curve_nid = -1;
+	int len, n, type;
 	u_int bits;
 	u_char *blob;
+#ifdef OPENSSL_HAS_ECC
+	int curve_nid = -1;
+#endif
 
 	cp = *cpp;
 
@@ -1437,11 +1442,12 @@ Key *
 key_from_blob(const u_char *blob, u_int blen)
 {
 	Buffer b;
-	int rlen, type, nid = -1;
+	int rlen, type;
 	char *ktype = NULL, *curve = NULL;
 	Key *key = NULL;
 #ifdef OPENSSL_HAS_ECC
 	EC_POINT *q = NULL;
+	int nid = -1;
 #endif
 
 #ifdef DEBUG_PK

packet.h

@@ -19,7 +19,9 @@
 #include <termios.h>
 
 #include <openssl/bn.h>
+#ifdef OPENSSL_HAS_ECC
 #include <openssl/ec.h>
+#endif
 
 void     packet_set_connection(int, int);
 void     packet_set_timeout(int, int);
@@ -43,7 +45,9 @@ void     packet_put_int(u_int value);
 void     packet_put_int64(u_int64_t value);
 void     packet_put_bignum(BIGNUM * value);
 void     packet_put_bignum2(BIGNUM * value);
+#ifdef OPENSSL_HAS_ECC
 void     packet_put_ecpoint(const EC_GROUP *, const EC_POINT *);
+#endif
 void     packet_put_string(const void *buf, u_int len);
 void     packet_put_cstring(const char *str);
 void     packet_put_raw(const void *buf, u_int len);
@@ -61,7 +65,9 @@ u_int	 packet_get_int(void);
 u_int64_t packet_get_int64(void);
 void     packet_get_bignum(BIGNUM * value);
 void     packet_get_bignum2(BIGNUM * value);
+#ifdef OPENSSL_HAS_ECC
 void	 packet_get_ecpoint(const EC_GROUP *, EC_POINT *);
+#endif
 void	*packet_get_raw(u_int *length_ptr);
 void	*packet_get_string(u_int *length_ptr);
 char	*packet_get_cstring(u_int *length_ptr);

ssh-agent.c

@@ -466,11 +466,12 @@ process_add_identity(SocketEntry *e, int version)
 	Idtab *tab = idtab_lookup(version);
 	Identity *id;
 	int type, success = 0, death = 0, confirm = 0;
-	char *type_name, *comment, *curve;
+	char *type_name, *comment;
 	Key *k = NULL;
 #ifdef OPENSSL_HAS_ECC
 	BIGNUM *exponent;
 	EC_POINT *q;
+	int *curve;
 #endif
 	u_char *cert;
 	u_int len;

ssh.c

@@ -849,10 +849,19 @@ main(int ac, char **av)
 	 */
 	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
 	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
-	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
+	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
+#ifdef WITH_SELINUX
+		char *scon;
+
+		matchpathcon(buf, 0700, &scon);
+		setfscreatecon(scon);
+#endif
 		if (mkdir(buf, 0700) < 0)
 			error("Could not create directory '%.200s'.", buf);
-
+#ifdef WITH_SELINUX
+		setfscreatecon(NULL);
+#endif
+	}
 	/* load options.identity_files */
 	load_public_identity_files();