diff options
| author | Damien Miller <djm@mindrot.org> | 2019-11-01 13:34:49 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-11-01 13:35:34 +1100 |
| commit | 764d51e04460ec0da12e05e4777bc90c116accb9 (patch) | |
| tree | 7bd6cd697ffcf62cea723059bebd1968cef8cb32 /ssh-keygen.c | |
| parent | 45f17a159acfc5a8e450bfbcc2cffe72950ed7a3 (diff) | |
autoconf pieces for U2F support
Mostly following existing logic for PKCS#11 - turning off support
when either libcrypto or dlopen(3) are unavailable.
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 0d0586576..1d2a93f66 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -2783,7 +2783,6 @@ main(int argc, char **argv) | |||
| 2783 | unsigned long long ull, cert_serial = 0; | 2783 | unsigned long long ull, cert_serial = 0; |
| 2784 | char *identity_comment = NULL, *ca_key_path = NULL; | 2784 | char *identity_comment = NULL, *ca_key_path = NULL; |
| 2785 | u_int32_t bits = 0; | 2785 | u_int32_t bits = 0; |
| 2786 | uint8_t sk_flags = SSH_SK_USER_PRESENCE_REQD; | ||
| 2787 | FILE *f; | 2786 | FILE *f; |
| 2788 | const char *errstr; | 2787 | const char *errstr; |
| 2789 | int log_level = SYSLOG_LEVEL_INFO; | 2788 | int log_level = SYSLOG_LEVEL_INFO; |
| @@ -2796,6 +2795,9 @@ main(int argc, char **argv) | |||
| 2796 | unsigned long start_lineno = 0, lines_to_process = 0; | 2795 | unsigned long start_lineno = 0, lines_to_process = 0; |
| 2797 | BIGNUM *start = NULL; | 2796 | BIGNUM *start = NULL; |
| 2798 | #endif | 2797 | #endif |
| 2798 | #ifdef ENABLE_SK | ||
| 2799 | uint8_t sk_flags = SSH_SK_USER_PRESENCE_REQD; | ||
| 2800 | #endif | ||
| 2799 | 2801 | ||
| 2800 | extern int optind; | 2802 | extern int optind; |
| 2801 | extern char *optarg; | 2803 | extern char *optarg; |
| @@ -2991,7 +2993,9 @@ main(int argc, char **argv) | |||
| 2991 | "number", optarg); | 2993 | "number", optarg); |
| 2992 | if (ull > 0xff) | 2994 | if (ull > 0xff) |
| 2993 | fatal("Invalid security key flags 0x%llx", ull); | 2995 | fatal("Invalid security key flags 0x%llx", ull); |
| 2996 | #ifdef ENABLE_SK | ||
| 2994 | sk_flags = (uint8_t)ull; | 2997 | sk_flags = (uint8_t)ull; |
| 2998 | #endif | ||
| 2995 | break; | 2999 | break; |
| 2996 | case 'z': | 3000 | case 'z': |
| 2997 | errno = 0; | 3001 | errno = 0; |
| @@ -3250,10 +3254,14 @@ main(int argc, char **argv) | |||
| 3250 | printf("Generating public/private %s key pair.\n", | 3254 | printf("Generating public/private %s key pair.\n", |
| 3251 | key_type_name); | 3255 | key_type_name); |
| 3252 | if (type == KEY_ECDSA_SK) { | 3256 | if (type == KEY_ECDSA_SK) { |
| 3257 | #ifndef ENABLE_SK | ||
| 3258 | fatal("Security key support was disabled at compile time"); | ||
| 3259 | #else /* ENABLE_SK */ | ||
| 3253 | if (sshsk_enroll(sk_provider, | 3260 | if (sshsk_enroll(sk_provider, |
| 3254 | cert_key_id == NULL ? "ssh:" : cert_key_id, | 3261 | cert_key_id == NULL ? "ssh:" : cert_key_id, |
| 3255 | sk_flags, NULL, &private, NULL) != 0) | 3262 | sk_flags, NULL, &private, NULL) != 0) |
| 3256 | exit(1); /* error message already printed */ | 3263 | exit(1); /* error message already printed */ |
| 3264 | #endif /* ENABLE_SK */ | ||
| 3257 | } else if ((r = sshkey_generate(type, bits, &private)) != 0) | 3265 | } else if ((r = sshkey_generate(type, bits, &private)) != 0) |
| 3258 | fatal("sshkey_generate failed"); | 3266 | fatal("sshkey_generate failed"); |
| 3259 | if ((r = sshkey_from_private(private, &public)) != 0) | 3267 | if ((r = sshkey_from_private(private, &public)) != 0) |