mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-27 07:44:29 +02:00
more --without-openssl
fix some regressions caused by upstream merges enable KRLs now that they no longer require BIGNUMs
This commit is contained in:
Damien Miller
parent
bc42cc6fe7
commit
b03ebe2c22
@ -551,12 +551,10 @@ sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
|
|||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
#ifdef WITH_OPENSSL
|
|
||||||
r = ssh_krl_file_contains_key(revoked_keys_file, key);
|
r = ssh_krl_file_contains_key(revoked_keys_file, key);
|
||||||
/* If this was not a KRL to begin with then continue below */
|
/* If this was not a KRL to begin with then continue below */
|
||||||
if (r != SSH_ERR_KRL_BAD_MAGIC)
|
if (r != SSH_ERR_KRL_BAD_MAGIC)
|
||||||
return r;
|
return r;
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If the file is not a KRL or we can't handle KRLs then attempt to
|
* If the file is not a KRL or we can't handle KRLs then attempt to
|
||||||
|
|||||||
3
krl.c
3
krl.c
@ -18,8 +18,6 @@
|
|||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#ifdef WITH_OPENSSL /* XXX just fix bignums and this is good */
|
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
#include <openbsd-compat/sys-tree.h>
|
#include <openbsd-compat/sys-tree.h>
|
||||||
@ -1284,4 +1282,3 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
|
|||||||
errno = oerrno;
|
errno = oerrno;
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
#endif /* WITH_OPENSSL */
|
|
||||||
|
|||||||
@ -524,6 +524,7 @@ reaper(void)
|
|||||||
return (deadline - now);
|
return (deadline - now);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef WITH_SSH1
|
||||||
/*
|
/*
|
||||||
* XXX this and the corresponding serialisation function probably belongs
|
* XXX this and the corresponding serialisation function probably belongs
|
||||||
* in key.c
|
* in key.c
|
||||||
@ -565,6 +566,7 @@ agent_decode_rsa1(struct sshbuf *m, struct sshkey **kp)
|
|||||||
sshkey_free(k);
|
sshkey_free(k);
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static void
|
static void
|
||||||
process_add_identity(SocketEntry *e, int version)
|
process_add_identity(SocketEntry *e, int version)
|
||||||
|
|||||||
10
ssh-keygen.c
10
ssh-keygen.c
@ -1964,7 +1964,6 @@ do_show_cert(struct passwd *pw)
|
|||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WITH_OPENSSL
|
|
||||||
static void
|
static void
|
||||||
load_krl(const char *path, struct ssh_krl **krlp)
|
load_krl(const char *path, struct ssh_krl **krlp)
|
||||||
{
|
{
|
||||||
@ -2106,12 +2105,10 @@ update_krl_from_file(struct passwd *pw, const char *file, const Key *ca,
|
|||||||
fclose(krl_spec);
|
fclose(krl_spec);
|
||||||
free(path);
|
free(path);
|
||||||
}
|
}
|
||||||
#endif /* WITH_OPENSSL */
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
|
do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
|
||||||
{
|
{
|
||||||
#ifdef WITH_OPENSSL
|
|
||||||
struct ssh_krl *krl;
|
struct ssh_krl *krl;
|
||||||
struct stat sb;
|
struct stat sb;
|
||||||
Key *ca = NULL;
|
Key *ca = NULL;
|
||||||
@ -2161,15 +2158,11 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
|
|||||||
ssh_krl_free(krl);
|
ssh_krl_free(krl);
|
||||||
if (ca != NULL)
|
if (ca != NULL)
|
||||||
key_free(ca);
|
key_free(ca);
|
||||||
#else /* WITH_OPENSSL */
|
|
||||||
fatal("KRLs not supported without OpenSSL");
|
|
||||||
#endif /* WITH_OPENSSL */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
do_check_krl(struct passwd *pw, int argc, char **argv)
|
do_check_krl(struct passwd *pw, int argc, char **argv)
|
||||||
{
|
{
|
||||||
#ifdef WITH_OPENSSL
|
|
||||||
int i, r, ret = 0;
|
int i, r, ret = 0;
|
||||||
char *comment;
|
char *comment;
|
||||||
struct ssh_krl *krl;
|
struct ssh_krl *krl;
|
||||||
@ -2192,9 +2185,6 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
|
|||||||
}
|
}
|
||||||
ssh_krl_free(krl);
|
ssh_krl_free(krl);
|
||||||
exit(ret);
|
exit(ret);
|
||||||
#else /* WITH_OPENSSL */
|
|
||||||
fatal("KRLs not supported without OpenSSL");
|
|
||||||
#endif /* WITH_OPENSSL */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
|||||||
4
sshbuf.h
4
sshbuf.h
@ -209,11 +209,11 @@ int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp,
|
|||||||
* curve points.
|
* curve points.
|
||||||
*/
|
*/
|
||||||
int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
|
int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
|
||||||
|
int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
|
||||||
|
const u_char **valp, size_t *lenp);
|
||||||
#ifdef WITH_OPENSSL
|
#ifdef WITH_OPENSSL
|
||||||
int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v);
|
int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v);
|
||||||
int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v);
|
int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v);
|
||||||
int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
|
|
||||||
const u_char **valp, size_t *lenp);
|
|
||||||
int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
|
int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
|
||||||
int sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v);
|
int sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v);
|
||||||
# ifdef OPENSSL_HAS_ECC
|
# ifdef OPENSSL_HAS_ECC
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user