diff options
author | Damien Miller <djm@mindrot.org> | 2019-01-21 11:32:28 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-01-21 11:32:28 +1100 |
commit | e2cb445d786f7572da2af93e3433308eaed1093a (patch) | |
tree | e83d87ba2af9d692bb0972baf7996b192b14e7f9 /ssh-pkcs11-client.c | |
parent | fcb1b0937182d0137a3c357c89735d0dc5869d54 (diff) |
conditionalise ECDSA PKCS#11 support
Require EC_KEY_METHOD support in libcrypto, evidenced by presence
of EC_KEY_METHOD_new() function.
Diffstat (limited to 'ssh-pkcs11-client.c')
-rw-r--r-- | ssh-pkcs11-client.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index 6cecf4863..5ba33332a 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c | |||
@@ -163,6 +163,7 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) | |||
163 | return (ret); | 163 | return (ret); |
164 | } | 164 | } |
165 | 165 | ||
166 | #ifdef HAVE_EC_KEY_METHOD_NEW | ||
166 | static ECDSA_SIG * | 167 | static ECDSA_SIG * |
167 | ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | 168 | ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, |
168 | const BIGNUM *rp, EC_KEY *ec) | 169 | const BIGNUM *rp, EC_KEY *ec) |
@@ -219,9 +220,12 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | |||
219 | sshbuf_free(msg); | 220 | sshbuf_free(msg); |
220 | return (ret); | 221 | return (ret); |
221 | } | 222 | } |
223 | #endif /* HAVE_EC_KEY_METHOD_NEW */ | ||
222 | 224 | ||
223 | static RSA_METHOD *helper_rsa; | 225 | static RSA_METHOD *helper_rsa; |
226 | #ifdef HAVE_EC_KEY_METHOD_NEW | ||
224 | static EC_KEY_METHOD *helper_ecdsa; | 227 | static EC_KEY_METHOD *helper_ecdsa; |
228 | #endif /* HAVE_EC_KEY_METHOD_NEW */ | ||
225 | 229 | ||
226 | /* redirect private key crypto operations to the ssh-pkcs11-helper */ | 230 | /* redirect private key crypto operations to the ssh-pkcs11-helper */ |
227 | static void | 231 | static void |
@@ -229,8 +233,10 @@ wrap_key(struct sshkey *k) | |||
229 | { | 233 | { |
230 | if (k->type == KEY_RSA) | 234 | if (k->type == KEY_RSA) |
231 | RSA_set_method(k->rsa, helper_rsa); | 235 | RSA_set_method(k->rsa, helper_rsa); |
236 | #ifdef HAVE_EC_KEY_METHOD_NEW | ||
232 | else if (k->type == KEY_ECDSA) | 237 | else if (k->type == KEY_ECDSA) |
233 | EC_KEY_set_method(k->ecdsa, helper_ecdsa); | 238 | EC_KEY_set_method(k->ecdsa, helper_ecdsa); |
239 | #endif /* HAVE_EC_KEY_METHOD_NEW */ | ||
234 | else | 240 | else |
235 | fatal("%s: unknown key type", __func__); | 241 | fatal("%s: unknown key type", __func__); |
236 | } | 242 | } |
@@ -238,9 +244,10 @@ wrap_key(struct sshkey *k) | |||
238 | static int | 244 | static int |
239 | pkcs11_start_helper_methods(void) | 245 | pkcs11_start_helper_methods(void) |
240 | { | 246 | { |
241 | if (helper_ecdsa != NULL) | 247 | if (helper_rsa != NULL) |
242 | return (0); | 248 | return (0); |
243 | 249 | ||
250 | #ifdef HAVE_EC_KEY_METHOD_NEW | ||
244 | int (*orig_sign)(int, const unsigned char *, int, unsigned char *, | 251 | int (*orig_sign)(int, const unsigned char *, int, unsigned char *, |
245 | unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL; | 252 | unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL; |
246 | if (helper_ecdsa != NULL) | 253 | if (helper_ecdsa != NULL) |
@@ -250,6 +257,7 @@ pkcs11_start_helper_methods(void) | |||
250 | return (-1); | 257 | return (-1); |
251 | EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL); | 258 | EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL); |
252 | EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign); | 259 | EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign); |
260 | #endif /* HAVE_EC_KEY_METHOD_NEW */ | ||
253 | 261 | ||
254 | if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) | 262 | if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) |
255 | fatal("%s: RSA_meth_dup failed", __func__); | 263 | fatal("%s: RSA_meth_dup failed", __func__); |