summaryrefslogtreecommitdiff
path: root/ssh-pkcs11-helper.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-pkcs11-helper.c')
-rw-r--r--ssh-pkcs11-helper.c27
1 files changed, 23 insertions, 4 deletions
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index 97fb1212c..3bcc2440b 100644
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11-helper.c,v 1.17 2019/01/23 02:01:10 djm Exp $ */ 1/* $OpenBSD: ssh-pkcs11-helper.c,v 1.21 2019/09/06 05:23:55 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * 4 *
@@ -24,6 +24,7 @@
24 24
25#include "openbsd-compat/sys-queue.h" 25#include "openbsd-compat/sys-queue.h"
26 26
27#include <stdlib.h>
27#include <errno.h> 28#include <errno.h>
28#include <poll.h> 29#include <poll.h>
29#include <stdarg.h> 30#include <stdarg.h>
@@ -41,6 +42,8 @@
41 42
42#ifdef ENABLE_PKCS11 43#ifdef ENABLE_PKCS11
43 44
45#ifdef WITH_OPENSSL
46
44/* borrows code from sftp-server and ssh-agent */ 47/* borrows code from sftp-server and ssh-agent */
45 48
46struct pkcs11_keyinfo { 49struct pkcs11_keyinfo {
@@ -195,7 +198,6 @@ process_sign(void)
195 else { 198 else {
196 if ((found = lookup_key(key)) != NULL) { 199 if ((found = lookup_key(key)) != NULL) {
197#ifdef WITH_OPENSSL 200#ifdef WITH_OPENSSL
198 u_int xslen;
199 int ret; 201 int ret;
200 202
201 if (key->type == KEY_RSA) { 203 if (key->type == KEY_RSA) {
@@ -207,8 +209,10 @@ process_sign(void)
207 slen = ret; 209 slen = ret;
208 ok = 0; 210 ok = 0;
209 } 211 }
212#ifdef OPENSSL_HAS_ECC
210 } else if (key->type == KEY_ECDSA) { 213 } else if (key->type == KEY_ECDSA) {
211 xslen = ECDSA_size(key->ecdsa); 214 u_int xslen = ECDSA_size(key->ecdsa);
215
212 signature = xmalloc(xslen); 216 signature = xmalloc(xslen);
213 /* "The parameter type is ignored." */ 217 /* "The parameter type is ignored." */
214 ret = ECDSA_sign(-1, data, dlen, signature, 218 ret = ECDSA_sign(-1, data, dlen, signature,
@@ -219,6 +223,7 @@ process_sign(void)
219 error("%s: ECDSA_sign" 223 error("%s: ECDSA_sign"
220 " returns %d", __func__, ret); 224 " returns %d", __func__, ret);
221 slen = xslen; 225 slen = xslen;
226#endif /* OPENSSL_HAS_ECC */
222 } else 227 } else
223 error("%s: don't know how to sign with key " 228 error("%s: don't know how to sign with key "
224 "type %d", __func__, (int)key->type); 229 "type %d", __func__, (int)key->type);
@@ -320,7 +325,6 @@ main(int argc, char **argv)
320 extern char *__progname; 325 extern char *__progname;
321 struct pollfd pfd[2]; 326 struct pollfd pfd[2];
322 327
323 ssh_malloc_init(); /* must be called before any mallocs */
324 __progname = ssh_get_progname(argv[0]); 328 __progname = ssh_get_progname(argv[0]);
325 seed_rng(); 329 seed_rng();
326 TAILQ_INIT(&pkcs11_keylist); 330 TAILQ_INIT(&pkcs11_keylist);
@@ -423,6 +427,21 @@ main(int argc, char **argv)
423 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 427 fatal("%s: buffer error: %s", __func__, ssh_err(r));
424 } 428 }
425} 429}
430
431#else /* WITH_OPENSSL */
432void
433cleanup_exit(int i)
434{
435 _exit(i);
436}
437
438int
439main(int argc, char **argv)
440{
441 fprintf(stderr, "PKCS#11 code is not enabled\n");
442 return 1;
443}
444#endif /* WITH_OPENSSL */
426#else /* ENABLE_PKCS11 */ 445#else /* ENABLE_PKCS11 */
427int 446int
428main(int argc, char **argv) 447main(int argc, char **argv)