diff options
| -rw-r--r-- | ssh-ecdsa-sk.c | 3 | ||||
| -rw-r--r-- | ssh-keygen.c | 4 | ||||
| -rw-r--r-- | ssh-sk-client.c | 8 | ||||
| -rw-r--r-- | sshkey.c | 4 |
4 files changed, 8 insertions, 11 deletions
diff --git a/ssh-ecdsa-sk.c b/ssh-ecdsa-sk.c index 40f0dc8c0..7a2355c1a 100644 --- a/ssh-ecdsa-sk.c +++ b/ssh-ecdsa-sk.c | |||
| @@ -29,8 +29,6 @@ | |||
| 29 | 29 | ||
| 30 | #include "includes.h" | 30 | #include "includes.h" |
| 31 | 31 | ||
| 32 | #ifdef ENABLE_SK | ||
| 33 | |||
| 34 | #include <sys/types.h> | 32 | #include <sys/types.h> |
| 35 | 33 | ||
| 36 | #include <openssl/bn.h> | 34 | #include <openssl/bn.h> |
| @@ -203,4 +201,3 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, | |||
| 203 | free(ktype); | 201 | free(ktype); |
| 204 | return ret; | 202 | return ret; |
| 205 | } | 203 | } |
| 206 | #endif /* ENABLE_SK */ | ||
diff --git a/ssh-keygen.c b/ssh-keygen.c index e90b85ffa..24e246c0b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -3303,9 +3303,6 @@ main(int argc, char **argv) | |||
| 3303 | switch (type) { | 3303 | switch (type) { |
| 3304 | case KEY_ECDSA_SK: | 3304 | case KEY_ECDSA_SK: |
| 3305 | case KEY_ED25519_SK: | 3305 | case KEY_ED25519_SK: |
| 3306 | #ifndef ENABLE_SK | ||
| 3307 | fatal("Security key support was disabled at compile time"); | ||
| 3308 | #else /* ENABLE_SK */ | ||
| 3309 | if (!quiet) { | 3306 | if (!quiet) { |
| 3310 | printf("You may need to touch your security key " | 3307 | printf("You may need to touch your security key " |
| 3311 | "to authorize key generation.\n"); | 3308 | "to authorize key generation.\n"); |
| @@ -3316,7 +3313,6 @@ main(int argc, char **argv) | |||
| 3316 | sk_flags, NULL, &private, NULL) != 0) | 3313 | sk_flags, NULL, &private, NULL) != 0) |
| 3317 | exit(1); /* error message already printed */ | 3314 | exit(1); /* error message already printed */ |
| 3318 | break; | 3315 | break; |
| 3319 | #endif /* ENABLE_SK */ | ||
| 3320 | default: | 3316 | default: |
| 3321 | if ((r = sshkey_generate(type, bits, &private)) != 0) | 3317 | if ((r = sshkey_generate(type, bits, &private)) != 0) |
| 3322 | fatal("sshkey_generate failed"); | 3318 | fatal("sshkey_generate failed"); |
diff --git a/ssh-sk-client.c b/ssh-sk-client.c index 92ac0e7e1..8a7ac97c4 100644 --- a/ssh-sk-client.c +++ b/ssh-sk-client.c | |||
| @@ -198,6 +198,10 @@ sshsk_sign(const char *provider, struct sshkey *key, | |||
| 198 | *sigp = NULL; | 198 | *sigp = NULL; |
| 199 | *lenp = 0; | 199 | *lenp = 0; |
| 200 | 200 | ||
| 201 | #ifndef ENABLE_SK | ||
| 202 | return SSH_ERR_KEY_TYPE_UNKNOWN; | ||
| 203 | #endif | ||
| 204 | |||
| 201 | if ((kbuf = sshbuf_new()) == NULL || | 205 | if ((kbuf = sshbuf_new()) == NULL || |
| 202 | (req = sshbuf_new()) == NULL) { | 206 | (req = sshbuf_new()) == NULL) { |
| 203 | r = SSH_ERR_ALLOC_FAIL; | 207 | r = SSH_ERR_ALLOC_FAIL; |
| @@ -266,6 +270,10 @@ sshsk_enroll(int type, const char *provider_path, const char *application, | |||
| 266 | if (attest != NULL) | 270 | if (attest != NULL) |
| 267 | sshbuf_reset(attest); | 271 | sshbuf_reset(attest); |
| 268 | 272 | ||
| 273 | #ifndef ENABLE_SK | ||
| 274 | return SSH_ERR_KEY_TYPE_UNKNOWN; | ||
| 275 | #endif | ||
| 276 | |||
| 269 | if (type < 0) | 277 | if (type < 0) |
| 270 | return SSH_ERR_INVALID_ARGUMENT; | 278 | return SSH_ERR_INVALID_ARGUMENT; |
| 271 | 279 | ||
| @@ -2760,7 +2760,6 @@ sshkey_sign(struct sshkey *key, | |||
| 2760 | case KEY_ED25519_CERT: | 2760 | case KEY_ED25519_CERT: |
| 2761 | r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); | 2761 | r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); |
| 2762 | break; | 2762 | break; |
| 2763 | #ifdef ENABLE_SK | ||
| 2764 | case KEY_ED25519_SK: | 2763 | case KEY_ED25519_SK: |
| 2765 | case KEY_ED25519_SK_CERT: | 2764 | case KEY_ED25519_SK_CERT: |
| 2766 | case KEY_ECDSA_SK_CERT: | 2765 | case KEY_ECDSA_SK_CERT: |
| @@ -2768,7 +2767,6 @@ sshkey_sign(struct sshkey *key, | |||
| 2768 | r = sshsk_sign(sk_provider, key, sigp, lenp, data, | 2767 | r = sshsk_sign(sk_provider, key, sigp, lenp, data, |
| 2769 | datalen, compat); | 2768 | datalen, compat); |
| 2770 | break; | 2769 | break; |
| 2771 | #endif /* ENABLE_SK */ | ||
| 2772 | #ifdef WITH_XMSS | 2770 | #ifdef WITH_XMSS |
| 2773 | case KEY_XMSS: | 2771 | case KEY_XMSS: |
| 2774 | case KEY_XMSS_CERT: | 2772 | case KEY_XMSS_CERT: |
| @@ -2807,12 +2805,10 @@ sshkey_verify(const struct sshkey *key, | |||
| 2807 | case KEY_ECDSA_CERT: | 2805 | case KEY_ECDSA_CERT: |
| 2808 | case KEY_ECDSA: | 2806 | case KEY_ECDSA: |
| 2809 | return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); | 2807 | return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); |
| 2810 | # ifdef ENABLE_SK | ||
| 2811 | case KEY_ECDSA_SK_CERT: | 2808 | case KEY_ECDSA_SK_CERT: |
| 2812 | case KEY_ECDSA_SK: | 2809 | case KEY_ECDSA_SK: |
| 2813 | return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen, | 2810 | return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen, |
| 2814 | compat, detailsp); | 2811 | compat, detailsp); |
| 2815 | # endif /* ENABLE_SK */ | ||
| 2816 | # endif /* OPENSSL_HAS_ECC */ | 2812 | # endif /* OPENSSL_HAS_ECC */ |
| 2817 | case KEY_RSA_CERT: | 2813 | case KEY_RSA_CERT: |
| 2818 | case KEY_RSA: | 2814 | case KEY_RSA: |