summaryrefslogtreecommitdiff
path: root/ssh-sk-client.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2019-12-14 09:21:46 +1100
committerDamien Miller <djm@mindrot.org>2019-12-14 09:21:46 +1100
commit9244990ecdcfa36bb9371058111685b05f201c1e (patch)
treea068b6ce79b806f20c0159cf3306a0234ef1f387 /ssh-sk-client.c
parenta33ab1688b5c460a7e2a301418241ce1b13b2638 (diff)
remove a bunch of ENABLE_SK #ifdefs
The ssh-sk-helper client API gives us a nice place to disable security key support when it is wasn't enabled at compile time, so we don't need to check everywere. Also, verification of security key signatures can remain enabled all the time - it has no additional dependencies. So sshd can accept security key pubkeys in authorized_keys, etc regardless of the host's support for dlopen, etc.
Diffstat (limited to 'ssh-sk-client.c')
-rw-r--r--ssh-sk-client.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/ssh-sk-client.c b/ssh-sk-client.c
index 92ac0e7e1..8a7ac97c4 100644
--- a/ssh-sk-client.c
+++ b/ssh-sk-client.c
@@ -198,6 +198,10 @@ sshsk_sign(const char *provider, struct sshkey *key,
198 *sigp = NULL; 198 *sigp = NULL;
199 *lenp = 0; 199 *lenp = 0;
200 200
201#ifndef ENABLE_SK
202 return SSH_ERR_KEY_TYPE_UNKNOWN;
203#endif
204
201 if ((kbuf = sshbuf_new()) == NULL || 205 if ((kbuf = sshbuf_new()) == NULL ||
202 (req = sshbuf_new()) == NULL) { 206 (req = sshbuf_new()) == NULL) {
203 r = SSH_ERR_ALLOC_FAIL; 207 r = SSH_ERR_ALLOC_FAIL;
@@ -266,6 +270,10 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
266 if (attest != NULL) 270 if (attest != NULL)
267 sshbuf_reset(attest); 271 sshbuf_reset(attest);
268 272
273#ifndef ENABLE_SK
274 return SSH_ERR_KEY_TYPE_UNKNOWN;
275#endif
276
269 if (type < 0) 277 if (type < 0)
270 return SSH_ERR_INVALID_ARGUMENT; 278 return SSH_ERR_INVALID_ARGUMENT;
271 279