Fix building w/out ECC.

Ifdef out ECC specific code so that that it'll build against an OpenSSL configured w/out ECC. With & ok djm@
author: Darren Tucker <dtucker@dtucker.net> 2019-05-17 10:54:51 +1000
committer: Darren Tucker <dtucker@dtucker.net> 2019-05-17 10:54:51 +1000
commit: 97370f6c2c3b825f8c577b7e6c00b1a98d30a6cf (patch)
tree: 217d73211fcf07d34c96c7294a295bbe589d81fd
parent: 633703babf8d9a88da85f23b800e1b88dec7cdbd (diff)
3 files changed, 32 insertions, 0 deletions
diff --git a/kexecdh.c b/kexecdh.c
index 0aeab2e9b..9a3bb81b8 100644
--- a/kexecdh.c
+++ b/kexecdh.c
@@ -208,4 +208,30 @@ kex_ecdh_dec(struct kex *kex, const struct sshbuf *server_blob,
        kex->ec_client_key = NULL;
        return r;
 }
+#else
+#include "sshkey.h"
+#include "kex.h"
+#include "ssherr.h"
+int
+kex_ecdh_keypair(struct kex *kex)
+{
+        return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
+int
+kex_ecdh_enc(struct kex *kex, const struct sshbuf *client_blob,
+    struct sshbuf **server_blobp, struct sshbuf **shared_secretp)
+{
+        return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
+int
+kex_ecdh_dec(struct kex *kex, const struct sshbuf *server_blob,
+    struct sshbuf **shared_secretp)
+{
+        return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
 #endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index 807ceb660..cb873e20b 100644
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -206,6 +206,7 @@ process_sign(void)
                                        slen = ret;
                                        ok = 0;
                                }
+#ifdef OPENSSL_HAS_ECC
                        } else if (key->type == KEY_ECDSA) {
                                u_int xslen = ECDSA_size(key->ecdsa);
@@ -219,6 +220,7 @@ process_sign(void)
                                        error("%s: ECDSA_sign"
                                            " returns %d", __func__, ret);
                                slen = xslen;
+#endif /* OPENSSL_HAS_ECC */
                        } else
                                error("%s: don't know how to sign with key "
                                    "type %d", __func__, (int)key->type);
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 24bbc5873..d9413bc4f 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -916,7 +916,9 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
        X509                    *x509 = NULL;
        EVP_PKEY                *evp;
        RSA                     *rsa = NULL;
+#ifdef OPENSSL_HAS_ECC
        EC_KEY                  *ec = NULL;
+#endif
        struct sshkey           *key = NULL;
        int                      i;
 #ifdef HAVE_EC_KEY_METHOD_NEW
@@ -1043,7 +1045,9 @@ fail:
                free(cert_attr[i].pValue);
        X509_free(x509);
        RSA_free(rsa);
+#ifdef OPENSSL_HAS_ECC
        EC_KEY_free(ec);
+#endif
        return (key);
 }
author	Darren Tucker <dtucker@dtucker.net>	2019-05-17 10:54:51 +1000
committer	Darren Tucker <dtucker@dtucker.net>	2019-05-17 10:54:51 +1000
commit	97370f6c2c3b825f8c577b7e6c00b1a98d30a6cf (patch)
tree	217d73211fcf07d34c96c7294a295bbe589d81fd
parent	633703babf8d9a88da85f23b800e1b88dec7cdbd (diff)

diff --git a/kexecdh.c b/kexecdh.c index 0aeab2e9b..9a3bb81b8 100644 --- a/kexecdh.c +++ b/kexecdh.c
@@ -208,4 +208,30 @@ kex_ecdh_dec(struct kex kex, const struct sshbuf server_blob,
208	kex->ec_client_key = NULL;	208	kex->ec_client_key = NULL;
209	return r;	209	return r;
210	}	210	}
		211
		212	#else
		213
		214	#include "sshkey.h"
		215	#include "kex.h"
		216	#include "ssherr.h"
		217
		218	int
		219	kex_ecdh_keypair(struct kex *kex)
		220	{
		221	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
		222	}
		223
		224	int
		225	kex_ecdh_enc(struct kex kex, const struct sshbuf client_blob,
		226	struct sshbuf server_blobp, struct sshbuf shared_secretp)
		227	{
		228	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
		229	}
		230
		231	int
		232	kex_ecdh_dec(struct kex kex, const struct sshbuf server_blob,
		233	struct sshbuf **shared_secretp)
		234	{
		235	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
		236	}
211	#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */	237	#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */


diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index 807ceb660..cb873e20b 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c
@@ -206,6 +206,7 @@ process_sign(void)
206	slen = ret;	206	slen = ret;
207	ok = 0;	207	ok = 0;
208	}	208	}
		209	#ifdef OPENSSL_HAS_ECC
209	} else if (key->type == KEY_ECDSA) {	210	} else if (key->type == KEY_ECDSA) {
210	u_int xslen = ECDSA_size(key->ecdsa);	211	u_int xslen = ECDSA_size(key->ecdsa);
211		212
@@ -219,6 +220,7 @@ process_sign(void)
219	error("%s: ECDSA_sign"	220	error("%s: ECDSA_sign"
220	" returns %d", __func__, ret);	221	" returns %d", __func__, ret);
221	slen = xslen;	222	slen = xslen;
		223	#endif /* OPENSSL_HAS_ECC */
222	} else	224	} else
223	error("%s: don't know how to sign with key "	225	error("%s: don't know how to sign with key "
224	"type %d", __func__, (int)key->type);	226	"type %d", __func__, (int)key->type);


diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 24bbc5873..d9413bc4f 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c
@@ -916,7 +916,9 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
916	X509 *x509 = NULL;	916	X509 *x509 = NULL;
917	EVP_PKEY *evp;	917	EVP_PKEY *evp;
918	RSA *rsa = NULL;	918	RSA *rsa = NULL;
		919	#ifdef OPENSSL_HAS_ECC
919	EC_KEY *ec = NULL;	920	EC_KEY *ec = NULL;
		921	#endif
920	struct sshkey *key = NULL;	922	struct sshkey *key = NULL;
921	int i;	923	int i;
922	#ifdef HAVE_EC_KEY_METHOD_NEW	924	#ifdef HAVE_EC_KEY_METHOD_NEW
@@ -1043,7 +1045,9 @@ fail:
1043	free(cert_attr[i].pValue);	1045	free(cert_attr[i].pValue);
1044	X509_free(x509);	1046	X509_free(x509);
1045	RSA_free(rsa);	1047	RSA_free(rsa);
		1048	#ifdef OPENSSL_HAS_ECC
1046	EC_KEY_free(ec);	1049	EC_KEY_free(ec);
		1050	#endif
1047		1051
1048	return (key);	1052	return (key);
1049	}	1053	}