From b03ebe2c22b8166e4f64c37737f4278676e3488d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 15 Jan 2015 03:08:58 +1100 Subject: [PATCH] more --without-openssl fix some regressions caused by upstream merges enable KRLs now that they no longer require BIGNUMs --- authfile.c | 2 -- krl.c | 3 --- ssh-agent.c | 2 ++ ssh-keygen.c | 10 ---------- sshbuf.h | 4 ++-- 5 files changed, 4 insertions(+), 17 deletions(-) diff --git a/authfile.c b/authfile.c index de9708607..d47e0058f 100644 --- a/authfile.c +++ b/authfile.c @@ -551,12 +551,10 @@ sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file) { int r; -#ifdef WITH_OPENSSL r = ssh_krl_file_contains_key(revoked_keys_file, key); /* If this was not a KRL to begin with then continue below */ if (r != SSH_ERR_KRL_BAD_MAGIC) return r; -#endif /* * If the file is not a KRL or we can't handle KRLs then attempt to diff --git a/krl.c b/krl.c index b19def79f..3917338f9 100644 --- a/krl.c +++ b/krl.c @@ -18,8 +18,6 @@ #include "includes.h" -#ifdef WITH_OPENSSL /* XXX just fix bignums and this is good */ - #include #include #include @@ -1284,4 +1282,3 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key) errno = oerrno; return r; } -#endif /* WITH_OPENSSL */ diff --git a/ssh-agent.c b/ssh-agent.c index 4925d47a3..43000a429 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -524,6 +524,7 @@ reaper(void) return (deadline - now); } +#ifdef WITH_SSH1 /* * XXX this and the corresponding serialisation function probably belongs * in key.c @@ -565,6 +566,7 @@ agent_decode_rsa1(struct sshbuf *m, struct sshkey **kp) sshkey_free(k); return r; } +#endif static void process_add_identity(SocketEntry *e, int version) diff --git a/ssh-keygen.c b/ssh-keygen.c index 75f8e2e09..7f775ff16 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1964,7 +1964,6 @@ do_show_cert(struct passwd *pw) exit(0); } -#ifdef WITH_OPENSSL static void load_krl(const char *path, struct ssh_krl **krlp) { @@ -2106,12 +2105,10 @@ update_krl_from_file(struct passwd *pw, const char *file, const Key *ca, fclose(krl_spec); free(path); } -#endif /* WITH_OPENSSL */ static void do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) { -#ifdef WITH_OPENSSL struct ssh_krl *krl; struct stat sb; Key *ca = NULL; @@ -2161,15 +2158,11 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) ssh_krl_free(krl); if (ca != NULL) key_free(ca); -#else /* WITH_OPENSSL */ - fatal("KRLs not supported without OpenSSL"); -#endif /* WITH_OPENSSL */ } static void do_check_krl(struct passwd *pw, int argc, char **argv) { -#ifdef WITH_OPENSSL int i, r, ret = 0; char *comment; struct ssh_krl *krl; @@ -2192,9 +2185,6 @@ do_check_krl(struct passwd *pw, int argc, char **argv) } ssh_krl_free(krl); exit(ret); -#else /* WITH_OPENSSL */ - fatal("KRLs not supported without OpenSSL"); -#endif /* WITH_OPENSSL */ } static void diff --git a/sshbuf.h b/sshbuf.h index ac0191936..eb0d92e10 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -209,11 +209,11 @@ int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, * curve points. */ int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len); +int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, + const u_char **valp, size_t *lenp); #ifdef WITH_OPENSSL int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v); int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v); -int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, - const u_char **valp, size_t *lenp); int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); int sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v); # ifdef OPENSSL_HAS_ECC