summaryrefslogtreecommitdiff
path: root/ssh-pkcs11-client.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2019-01-21 11:32:28 +1100
committerDamien Miller <djm@mindrot.org>2019-01-21 11:32:28 +1100
commite2cb445d786f7572da2af93e3433308eaed1093a (patch)
treee83d87ba2af9d692bb0972baf7996b192b14e7f9 /ssh-pkcs11-client.c
parentfcb1b0937182d0137a3c357c89735d0dc5869d54 (diff)
conditionalise ECDSA PKCS#11 support
Require EC_KEY_METHOD support in libcrypto, evidenced by presence of EC_KEY_METHOD_new() function.
Diffstat (limited to 'ssh-pkcs11-client.c')
-rw-r--r--ssh-pkcs11-client.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index 6cecf4863..5ba33332a 100644
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -163,6 +163,7 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
163 return (ret); 163 return (ret);
164} 164}
165 165
166#ifdef HAVE_EC_KEY_METHOD_NEW
166static ECDSA_SIG * 167static ECDSA_SIG *
167ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, 168ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
168 const BIGNUM *rp, EC_KEY *ec) 169 const BIGNUM *rp, EC_KEY *ec)
@@ -219,9 +220,12 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
219 sshbuf_free(msg); 220 sshbuf_free(msg);
220 return (ret); 221 return (ret);
221} 222}
223#endif /* HAVE_EC_KEY_METHOD_NEW */
222 224
223static RSA_METHOD *helper_rsa; 225static RSA_METHOD *helper_rsa;
226#ifdef HAVE_EC_KEY_METHOD_NEW
224static EC_KEY_METHOD *helper_ecdsa; 227static EC_KEY_METHOD *helper_ecdsa;
228#endif /* HAVE_EC_KEY_METHOD_NEW */
225 229
226/* redirect private key crypto operations to the ssh-pkcs11-helper */ 230/* redirect private key crypto operations to the ssh-pkcs11-helper */
227static void 231static void
@@ -229,8 +233,10 @@ wrap_key(struct sshkey *k)
229{ 233{
230 if (k->type == KEY_RSA) 234 if (k->type == KEY_RSA)
231 RSA_set_method(k->rsa, helper_rsa); 235 RSA_set_method(k->rsa, helper_rsa);
236#ifdef HAVE_EC_KEY_METHOD_NEW
232 else if (k->type == KEY_ECDSA) 237 else if (k->type == KEY_ECDSA)
233 EC_KEY_set_method(k->ecdsa, helper_ecdsa); 238 EC_KEY_set_method(k->ecdsa, helper_ecdsa);
239#endif /* HAVE_EC_KEY_METHOD_NEW */
234 else 240 else
235 fatal("%s: unknown key type", __func__); 241 fatal("%s: unknown key type", __func__);
236} 242}
@@ -238,9 +244,10 @@ wrap_key(struct sshkey *k)
238static int 244static int
239pkcs11_start_helper_methods(void) 245pkcs11_start_helper_methods(void)
240{ 246{
241 if (helper_ecdsa != NULL) 247 if (helper_rsa != NULL)
242 return (0); 248 return (0);
243 249
250#ifdef HAVE_EC_KEY_METHOD_NEW
244 int (*orig_sign)(int, const unsigned char *, int, unsigned char *, 251 int (*orig_sign)(int, const unsigned char *, int, unsigned char *,
245 unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL; 252 unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL;
246 if (helper_ecdsa != NULL) 253 if (helper_ecdsa != NULL)
@@ -250,6 +257,7 @@ pkcs11_start_helper_methods(void)
250 return (-1); 257 return (-1);
251 EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL); 258 EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL);
252 EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign); 259 EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign);
260#endif /* HAVE_EC_KEY_METHOD_NEW */
253 261
254 if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) 262 if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
255 fatal("%s: RSA_meth_dup failed", __func__); 263 fatal("%s: RSA_meth_dup failed", __func__);