diff options
| author | naddy@openbsd.org <naddy@openbsd.org> | 2019-11-18 16:08:57 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-11-20 09:26:59 +1100 |
| commit | 723a5369864b338c48d22854bc2bb4ee5c083deb (patch) | |
| tree | f55fb04a9c29f05bed7eeb9ea881b7ab3b65d1cf | |
| parent | 478f4f98e4e93ae4ed1a8911dec4e5b75ea10f30 (diff) | |
upstream: add the missing WITH_OPENSSL ifdefs after the ED25519-SK
addition; ok djm@
OpenBSD-Commit-ID: a9545e1c273e506cf70e328cbb9d0129b6d62474
| -rw-r--r-- | sk-usbhid.c | 12 | ||||
| -rw-r--r-- | ssh-sk.c | 16 |
2 files changed, 27 insertions, 1 deletions
diff --git a/sk-usbhid.c b/sk-usbhid.c index 17b595367..594f5d890 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c | |||
| @@ -25,11 +25,13 @@ | |||
| 25 | #include <stddef.h> | 25 | #include <stddef.h> |
| 26 | #include <stdarg.h> | 26 | #include <stdarg.h> |
| 27 | 27 | ||
| 28 | #ifdef WITH_OPENSSL | ||
| 28 | #include <openssl/opensslv.h> | 29 | #include <openssl/opensslv.h> |
| 29 | #include <openssl/crypto.h> | 30 | #include <openssl/crypto.h> |
| 30 | #include <openssl/bn.h> | 31 | #include <openssl/bn.h> |
| 31 | #include <openssl/ec.h> | 32 | #include <openssl/ec.h> |
| 32 | #include <openssl/ecdsa.h> | 33 | #include <openssl/ecdsa.h> |
| 34 | #endif /* WITH_OPENSSL */ | ||
| 33 | 35 | ||
| 34 | #include <fido.h> | 36 | #include <fido.h> |
| 35 | 37 | ||
| @@ -271,6 +273,7 @@ find_device(const uint8_t *message, size_t message_len, const char *application, | |||
| 271 | return dev; | 273 | return dev; |
| 272 | } | 274 | } |
| 273 | 275 | ||
| 276 | #ifdef WITH_OPENSSL | ||
| 274 | /* | 277 | /* |
| 275 | * The key returned via fido_cred_pubkey_ptr() is in affine coordinates, | 278 | * The key returned via fido_cred_pubkey_ptr() is in affine coordinates, |
| 276 | * but the API expects a SEC1 octet string. | 279 | * but the API expects a SEC1 octet string. |
| @@ -343,6 +346,7 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) | |||
| 343 | BN_clear_free(y); | 346 | BN_clear_free(y); |
| 344 | return ret; | 347 | return ret; |
| 345 | } | 348 | } |
| 349 | #endif /* WITH_OPENSSL */ | ||
| 346 | 350 | ||
| 347 | static int | 351 | static int |
| 348 | pack_public_key_ed25519(fido_cred_t *cred, struct sk_enroll_response *response) | 352 | pack_public_key_ed25519(fido_cred_t *cred, struct sk_enroll_response *response) |
| @@ -379,8 +383,10 @@ static int | |||
| 379 | pack_public_key(int alg, fido_cred_t *cred, struct sk_enroll_response *response) | 383 | pack_public_key(int alg, fido_cred_t *cred, struct sk_enroll_response *response) |
| 380 | { | 384 | { |
| 381 | switch(alg) { | 385 | switch(alg) { |
| 386 | #ifdef WITH_OPENSSL | ||
| 382 | case SK_ECDSA: | 387 | case SK_ECDSA: |
| 383 | return pack_public_key_ecdsa(cred, response); | 388 | return pack_public_key_ecdsa(cred, response); |
| 389 | #endif /* WITH_OPENSSL */ | ||
| 384 | case SK_ED25519: | 390 | case SK_ED25519: |
| 385 | return pack_public_key_ed25519(cred, response); | 391 | return pack_public_key_ed25519(cred, response); |
| 386 | default: | 392 | default: |
| @@ -414,9 +420,11 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, | |||
| 414 | } | 420 | } |
| 415 | *enroll_response = NULL; | 421 | *enroll_response = NULL; |
| 416 | switch(alg) { | 422 | switch(alg) { |
| 423 | #ifdef WITH_OPENSSL | ||
| 417 | case SK_ECDSA: | 424 | case SK_ECDSA: |
| 418 | cose_alg = COSE_ES256; | 425 | cose_alg = COSE_ES256; |
| 419 | break; | 426 | break; |
| 427 | #endif /* WITH_OPENSSL */ | ||
| 420 | case SK_ED25519: | 428 | case SK_ED25519: |
| 421 | cose_alg = COSE_EDDSA; | 429 | cose_alg = COSE_EDDSA; |
| 422 | break; | 430 | break; |
| @@ -536,6 +544,7 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, | |||
| 536 | return ret; | 544 | return ret; |
| 537 | } | 545 | } |
| 538 | 546 | ||
| 547 | #ifdef WITH_OPENSSL | ||
| 539 | static int | 548 | static int |
| 540 | pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response) | 549 | pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response) |
| 541 | { | 550 | { |
| @@ -572,6 +581,7 @@ pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response) | |||
| 572 | } | 581 | } |
| 573 | return ret; | 582 | return ret; |
| 574 | } | 583 | } |
| 584 | #endif /* WITH_OPENSSL */ | ||
| 575 | 585 | ||
| 576 | static int | 586 | static int |
| 577 | pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response) | 587 | pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response) |
| @@ -605,8 +615,10 @@ static int | |||
| 605 | pack_sig(int alg, fido_assert_t *assert, struct sk_sign_response *response) | 615 | pack_sig(int alg, fido_assert_t *assert, struct sk_sign_response *response) |
| 606 | { | 616 | { |
| 607 | switch(alg) { | 617 | switch(alg) { |
| 618 | #ifdef WITH_OPENSSL | ||
| 608 | case SK_ECDSA: | 619 | case SK_ECDSA: |
| 609 | return pack_sig_ecdsa(assert, response); | 620 | return pack_sig_ecdsa(assert, response); |
| 621 | #endif /* WITH_OPENSSL */ | ||
| 610 | case SK_ED25519: | 622 | case SK_ED25519: |
| 611 | return pack_sig_ed25519(assert, response); | 623 | return pack_sig_ed25519(assert, response); |
| 612 | default: | 624 | default: |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-sk.c,v 1.14 2019/11/16 23:17:20 djm Exp $ */ | 1 | /* $OpenBSD: ssh-sk.c,v 1.15 2019/11/18 16:08:57 naddy Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
| 4 | * | 4 | * |
| @@ -27,8 +27,10 @@ | |||
| 27 | #include <string.h> | 27 | #include <string.h> |
| 28 | #include <stdio.h> | 28 | #include <stdio.h> |
| 29 | 29 | ||
| 30 | #ifdef WITH_OPENSSL | ||
| 30 | #include <openssl/objects.h> | 31 | #include <openssl/objects.h> |
| 31 | #include <openssl/ec.h> | 32 | #include <openssl/ec.h> |
| 33 | #endif /* WITH_OPENSSL */ | ||
| 32 | 34 | ||
| 33 | #include "log.h" | 35 | #include "log.h" |
| 34 | #include "misc.h" | 36 | #include "misc.h" |
| @@ -163,6 +165,7 @@ sshsk_free_sign_response(struct sk_sign_response *r) | |||
| 163 | freezero(r, sizeof(*r)); | 165 | freezero(r, sizeof(*r)); |
| 164 | }; | 166 | }; |
| 165 | 167 | ||
| 168 | #ifdef WITH_OPENSSL | ||
| 166 | /* Assemble key from response */ | 169 | /* Assemble key from response */ |
| 167 | static int | 170 | static int |
| 168 | sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) | 171 | sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) |
| @@ -217,6 +220,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) | |||
| 217 | sshbuf_free(b); | 220 | sshbuf_free(b); |
| 218 | return r; | 221 | return r; |
| 219 | } | 222 | } |
| 223 | #endif /* WITH_OPENSSL */ | ||
| 220 | 224 | ||
| 221 | static int | 225 | static int |
| 222 | sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) | 226 | sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) |
| @@ -272,9 +276,11 @@ sshsk_enroll(int type, const char *provider_path, const char *application, | |||
| 272 | if (attest) | 276 | if (attest) |
| 273 | sshbuf_reset(attest); | 277 | sshbuf_reset(attest); |
| 274 | switch (type) { | 278 | switch (type) { |
| 279 | #ifdef WITH_OPENSSL | ||
| 275 | case KEY_ECDSA_SK: | 280 | case KEY_ECDSA_SK: |
| 276 | alg = SSH_SK_ECDSA; | 281 | alg = SSH_SK_ECDSA; |
| 277 | break; | 282 | break; |
| 283 | #endif /* WITH_OPENSSL */ | ||
| 278 | case KEY_ED25519_SK: | 284 | case KEY_ED25519_SK: |
| 279 | alg = SSH_SK_ED25519; | 285 | alg = SSH_SK_ED25519; |
| 280 | break; | 286 | break; |
| @@ -330,10 +336,12 @@ sshsk_enroll(int type, const char *provider_path, const char *application, | |||
| 330 | goto out; | 336 | goto out; |
| 331 | } | 337 | } |
| 332 | switch (type) { | 338 | switch (type) { |
| 339 | #ifdef WITH_OPENSSL | ||
| 333 | case KEY_ECDSA_SK: | 340 | case KEY_ECDSA_SK: |
| 334 | if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0) | 341 | if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0) |
| 335 | goto out; | 342 | goto out; |
| 336 | break; | 343 | break; |
| 344 | #endif /* WITH_OPENSSL */ | ||
| 337 | case KEY_ED25519_SK: | 345 | case KEY_ED25519_SK: |
| 338 | if ((r = sshsk_ed25519_assemble(resp, &key)) != 0) | 346 | if ((r = sshsk_ed25519_assemble(resp, &key)) != 0) |
| 339 | goto out; | 347 | goto out; |
| @@ -382,6 +390,7 @@ sshsk_enroll(int type, const char *provider_path, const char *application, | |||
| 382 | return r; | 390 | return r; |
| 383 | } | 391 | } |
| 384 | 392 | ||
| 393 | #ifdef WITH_OPENSSL | ||
| 385 | static int | 394 | static int |
| 386 | sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) | 395 | sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) |
| 387 | { | 396 | { |
| @@ -425,6 +434,7 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) | |||
| 425 | sshbuf_free(inner_sig); | 434 | sshbuf_free(inner_sig); |
| 426 | return r; | 435 | return r; |
| 427 | } | 436 | } |
| 437 | #endif /* WITH_OPENSSL */ | ||
| 428 | 438 | ||
| 429 | static int | 439 | static int |
| 430 | sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig) | 440 | sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig) |
| @@ -474,9 +484,11 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, | |||
| 474 | *lenp = 0; | 484 | *lenp = 0; |
| 475 | type = sshkey_type_plain(key->type); | 485 | type = sshkey_type_plain(key->type); |
| 476 | switch (type) { | 486 | switch (type) { |
| 487 | #ifdef WITH_OPENSSL | ||
| 477 | case KEY_ECDSA_SK: | 488 | case KEY_ECDSA_SK: |
| 478 | alg = SSH_SK_ECDSA; | 489 | alg = SSH_SK_ECDSA; |
| 479 | break; | 490 | break; |
| 491 | #endif /* WITH_OPENSSL */ | ||
| 480 | case KEY_ED25519_SK: | 492 | case KEY_ED25519_SK: |
| 481 | alg = SSH_SK_ED25519; | 493 | alg = SSH_SK_ED25519; |
| 482 | break; | 494 | break; |
| @@ -518,10 +530,12 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, | |||
| 518 | goto out; | 530 | goto out; |
| 519 | } | 531 | } |
| 520 | switch (type) { | 532 | switch (type) { |
| 533 | #ifdef WITH_OPENSSL | ||
| 521 | case KEY_ECDSA_SK: | 534 | case KEY_ECDSA_SK: |
| 522 | if ((r = sshsk_ecdsa_sig(resp, sig)) != 0) | 535 | if ((r = sshsk_ecdsa_sig(resp, sig)) != 0) |
| 523 | goto out; | 536 | goto out; |
| 524 | break; | 537 | break; |
| 538 | #endif /* WITH_OPENSSL */ | ||
| 525 | case KEY_ED25519_SK: | 539 | case KEY_ED25519_SK: |
| 526 | if ((r = sshsk_ed25519_sig(resp, sig)) != 0) | 540 | if ((r = sshsk_ed25519_sig(resp, sig)) != 0) |
| 527 | goto out; | 541 | goto out; |