From dee22129bbc61e25b1003adfa2bc584c5406ef2d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 1 Oct 2021 16:35:49 +1000 Subject: [PATCH] make OPENSSL_HAS_ECC checks more thorough ok dtucker --- ssh-pkcs11-client.c | 16 ++++++++-------- ssh-pkcs11.c | 26 +++++++++++++------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index e72473694..cfd833d74 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -163,7 +163,7 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) return (ret); } -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) static ECDSA_SIG * ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, const BIGNUM *rp, EC_KEY *ec) @@ -220,12 +220,12 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, sshbuf_free(msg); return (ret); } -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ static RSA_METHOD *helper_rsa; -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) static EC_KEY_METHOD *helper_ecdsa; -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ /* redirect private key crypto operations to the ssh-pkcs11-helper */ static void @@ -233,10 +233,10 @@ wrap_key(struct sshkey *k) { if (k->type == KEY_RSA) RSA_set_method(k->rsa, helper_rsa); -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) else if (k->type == KEY_ECDSA) EC_KEY_set_method(k->ecdsa, helper_ecdsa); -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ else fatal_f("unknown key type"); } @@ -247,7 +247,7 @@ pkcs11_start_helper_methods(void) if (helper_rsa != NULL) return (0); -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) int (*orig_sign)(int, const unsigned char *, int, unsigned char *, unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL; if (helper_ecdsa != NULL) @@ -257,7 +257,7 @@ pkcs11_start_helper_methods(void) return (-1); EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL); EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign); -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) fatal_f("RSA_meth_dup failed"); diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 37a6b1b5b..649a6d3b5 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -79,7 +79,7 @@ struct pkcs11_key { int pkcs11_interactive = 0; -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) static void ossl_error(const char *msg) { @@ -89,7 +89,7 @@ ossl_error(const char *msg) while ((e = ERR_get_error()) != 0) error_f("libcrypto error: %s", ERR_error_string(e, NULL)); } -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ int pkcs11_init(int interactive) @@ -190,10 +190,10 @@ pkcs11_del_provider(char *provider_id) static RSA_METHOD *rsa_method; static int rsa_idx = 0; -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) static EC_KEY_METHOD *ec_key_method; static int ec_key_idx = 0; -#endif +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ /* release a wrapped object */ static void @@ -507,7 +507,7 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, return (0); } -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) /* openssl callback doing the actual signing operation */ static ECDSA_SIG * ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, @@ -619,7 +619,7 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, return (0); } -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ /* remove trailing spaces */ static void @@ -694,7 +694,7 @@ pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key) return (0); } -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) static struct sshkey * pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, CK_OBJECT_HANDLE *obj) @@ -817,7 +817,7 @@ fail: return (key); } -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ static struct sshkey * pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, @@ -925,7 +925,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, #endif struct sshkey *key = NULL; int i; -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) int nid; #endif const u_char *cp; @@ -1014,7 +1014,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, key->type = KEY_RSA; key->flags |= SSHKEY_FLAG_EXT; rsa = NULL; /* now owned by key */ -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { if (EVP_PKEY_get0_EC_KEY(evp) == NULL) { error("invalid x509; no ec key"); @@ -1045,7 +1045,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, key->type = KEY_ECDSA; key->flags |= SSHKEY_FLAG_EXT; ec = NULL; /* now owned by key */ -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ } else { error("unknown certificate key type"); goto out; @@ -1269,11 +1269,11 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, case CKK_RSA: key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj); break; -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) case CKK_ECDSA: key = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj); break; -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ default: /* XXX print key type? */ key = NULL;