summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorChad Loder <cloder@cvs.openbsd.org>2005-04-05 20:46:21 +0000
committerChad Loder <cloder@cvs.openbsd.org>2005-04-05 20:46:21 +0000
commit78ffac09c80ac319aff487261743d3e5f2854966 (patch)
treea39780156cc877bfdb3943f085232667890bfc6c /sbin
parent1c426f1f218090a86478e6a9ab2db1bef88b1db7 (diff)
Always compile X509 support. Almost everyone uses it. Makes the code
much easier to read and to maintain. OK and testing by hshoexer@, more testing by me
Diffstat (limited to 'sbin')
-rw-r--r--sbin/isakmpd/GNUmakefile7
-rw-r--r--sbin/isakmpd/Makefile10
-rw-r--r--sbin/isakmpd/cert.c7
-rw-r--r--sbin/isakmpd/conf.c4
-rw-r--r--sbin/isakmpd/ike_auth.c22
-rw-r--r--sbin/isakmpd/ike_quick_mode.c11
-rw-r--r--sbin/isakmpd/ipsec.c8
-rw-r--r--sbin/isakmpd/key.c20
-rw-r--r--sbin/isakmpd/libcrypto.c6
-rw-r--r--sbin/isakmpd/libcrypto.h6
-rw-r--r--sbin/isakmpd/pf_key_v2.c6
-rw-r--r--sbin/isakmpd/x509.c5
12 files changed, 23 insertions, 89 deletions
diff --git a/sbin/isakmpd/GNUmakefile b/sbin/isakmpd/GNUmakefile
index ca2e831d454..0a31501265b 100644
--- a/sbin/isakmpd/GNUmakefile
+++ b/sbin/isakmpd/GNUmakefile
@@ -1,4 +1,4 @@
-# $OpenBSD: GNUmakefile,v 1.11 2005/02/10 15:00:36 ho Exp $
+# $OpenBSD: GNUmakefile,v 1.12 2005/04/05 20:46:20 cloder Exp $
#
# Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved.
@@ -66,7 +66,7 @@ SRCS= app.c attribute.c cert.c connection.c \
ipsec.c ipsec_fld.c ipsec_num.c isakmpd.c isakmp_doi.c \
isakmp_fld.c isakmp_num.c key.c libcrypto.c log.c message.c \
math_2n.c math_group.c prf.c sa.c sysdep.c timer.c \
- transport.c udp.c ui.c util.c virtual.c
+ transport.c udp.c ui.c util.c virtual.c x509.c
GENERATED= exchange_num.h ipsec_fld.h ipsec_num.h isakmp_fld.h \
isakmp_num.h
@@ -161,7 +161,6 @@ CFLAGS+= -DUSE_KEYNOTE
endif
ifdef USE_LIBCRYPTO
-X509= x509.c
CFLAGS+= -DUSE_LIBCRYPTO
LDADD+= -lcrypto
DPADD+= ${LIBCRYPTO}
@@ -172,7 +171,7 @@ USE_LIBCRYPTO= yes
CFLAGS+= -DUSE_RAWKEY
endif
-SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
+SRCS+= ${IPSEC_SRCS} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
${ISAKMP_CFG} ${NAT_TRAVERSAL} ${DPD}
CFLAGS+= ${IPSEC_CFLAGS}
LDADD+= ${DESLIB}
diff --git a/sbin/isakmpd/Makefile b/sbin/isakmpd/Makefile
index 9f38893b61c..53f40bbe556 100644
--- a/sbin/isakmpd/Makefile
+++ b/sbin/isakmpd/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.58 2004/11/10 22:07:46 drahn Exp $
+# $OpenBSD: Makefile,v 1.59 2005/04/05 20:46:20 cloder Exp $
# $EOM: Makefile,v 1.78 2000/10/15 21:33:42 niklas Exp $
#
@@ -46,10 +46,10 @@ OS= openbsd
# Compile-time configuration of otherwise optional features
#FEATURES= tripledes des blowfish cast aes
-#FEATURES+= policy x509 ec aggressive debug gmp
+#FEATURES+= policy ec aggressive debug gmp
#FEATURES+= rawkey isakmp_cfg dnssec privsep nat_traversal dpd
FEATURES= tripledes des blowfish cast aes
-FEATURES+= policy x509 ec aggressive debug
+FEATURES+= policy ec aggressive debug
FEATURES+= rawkey isakmp_cfg privsep nat_traversal dpd
.PATH: ${.CURDIR}/sysdep/${OS}
@@ -64,7 +64,7 @@ SRCS= app.c attribute.c cert.c connection.c constants.c conf.c \
ipsec_num.c isakmpd.c isakmp_doi.c isakmp_fld.c isakmp_num.c \
key.c libcrypto.c log.c message.c math_2n.c math_group.c \
prf.c sa.c sysdep.c timer.c transport.c virtual.c udp.c \
- ui.c util.c
+ ui.c util.c x509.c
GENERATED= exchange_num.h ipsec_fld.h ipsec_num.h isakmp_fld.h \
isakmp_num.h
@@ -156,7 +156,7 @@ LDADD+= -ldes
DPADD+= ${LIBDES}
.endif
-SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
+SRCS+= ${IPSEC_SRCS} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
${ISAKMP_CFG} ${PRIVSEP} ${DPD} ${NAT_TRAVERSAL}
CFLAGS+= ${IPSEC_CFLAGS} ${DNSSEC_CFLAGS}
diff --git a/sbin/isakmpd/cert.c b/sbin/isakmpd/cert.c
index d04b9648d7f..28cd848605f 100644
--- a/sbin/isakmpd/cert.c
+++ b/sbin/isakmpd/cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cert.c,v 1.28 2004/06/14 09:55:41 ho Exp $ */
+/* $OpenBSD: cert.c,v 1.29 2005/04/05 20:46:20 cloder Exp $ */
/* $EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $ */
/*
@@ -40,17 +40,13 @@
#include "isakmp_num.h"
#include "log.h"
#include "cert.h"
-
-#ifdef USE_X509
#include "x509.h"
-#endif
#ifdef USE_KEYNOTE
#include "policy.h"
#endif
struct cert_handler cert_handler[] = {
-#ifdef USE_X509
{
ISAKMP_CERTENC_X509_SIG,
x509_cert_init, x509_crl_init, x509_cert_get, x509_cert_validate,
@@ -59,7 +55,6 @@ struct cert_handler cert_handler[] = {
x509_cert_obtain, x509_cert_get_key, x509_cert_get_subjects,
x509_cert_dup, x509_serialize, x509_printable, x509_from_printable
},
-#endif
#ifdef USE_KEYNOTE
{
ISAKMP_CERTENC_KEYNOTE,
diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index 93f4f2278a8..ecde75a2773 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.c,v 1.77 2005/04/04 19:31:11 deraadt Exp $ */
+/* $OpenBSD: conf.c,v 1.78 2005/04/05 20:46:20 cloder Exp $ */
/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */
/*
@@ -475,7 +475,6 @@ conf_load_defaults(int tr)
conf_set(tr, "General", "Pubkey-directory", CONF_DFLT_PUBKEY_DIR, 0,
1);
-#ifdef USE_X509
conf_set(tr, "X509-certificates", "CA-directory",
CONF_DFLT_X509_CA_DIR, 0, 1);
conf_set(tr, "X509-certificates", "Cert-directory",
@@ -484,7 +483,6 @@ conf_load_defaults(int tr)
CONF_DFLT_X509_PRIVATE_KEY, 0, 1);
conf_set(tr, "X509-certificates", "CRL-directory",
CONF_DFLT_X509_CRL_DIR, 0, 1);
-#endif
#ifdef USE_KEYNOTE
conf_set(tr, "KeyNote", "Credential-directory",
diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index 494ca5f0092..19fe75e710d 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_auth.c,v 1.97 2005/02/22 16:57:48 hshoexer Exp $ */
+/* $OpenBSD: ike_auth.c,v 1.98 2005/04/05 20:46:20 cloder Exp $ */
/* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */
/*
@@ -70,9 +70,7 @@
#include "transport.h"
#include "util.h"
#include "key.h"
-#if defined (USE_X509)
#include "x509.h"
-#endif
#ifdef notyet
static u_int8_t *enc_gen_skeyid(struct exchange *, size_t *);
@@ -82,11 +80,9 @@ static u_int8_t *pre_shared_gen_skeyid(struct exchange *, size_t *);
static int pre_shared_decode_hash(struct message *);
static int pre_shared_encode_hash(struct message *);
-#if defined (USE_X509) || defined (USE_KEYNOTE)
static u_int8_t *sig_gen_skeyid(struct exchange *, size_t *);
static int rsa_sig_decode_hash(struct message *);
static int rsa_sig_encode_hash(struct message *);
-#endif
#if defined (USE_RAWKEY)
static int get_raw_key_from_file(int, u_int8_t *, size_t, RSA **);
@@ -107,13 +103,11 @@ static struct ike_auth ike_auth[] = {
pre_shared_encode_hash
},
#endif
-#if defined (USE_X509) || defined (USE_KEYNOTE)
{
IKE_AUTH_RSA_SIG, sig_gen_skeyid,
rsa_sig_decode_hash,
rsa_sig_encode_hash
},
-#endif
#ifdef notdef
{
IKE_AUTH_RSA_ENC, enc_gen_skeyid,
@@ -147,15 +141,11 @@ static void *
ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen)
{
char *key, *buf;
-#if defined (USE_X509) || defined (USE_KEYNOTE)
int fd;
char *keyfile;
-#if defined (USE_X509)
FILE *keyfp;
RSA *rsakey;
size_t fsize;
-#endif
-#endif
switch (type) {
case IKE_AUTH_PRE_SHARED:
@@ -198,7 +188,6 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen)
break;
case IKE_AUTH_RSA_SIG:
-#if defined (USE_X509) || defined (USE_KEYNOTE)
#if defined (USE_KEYNOTE)
if (local_id && (keyfile = conf_get_str("KeyNote",
"Credential-directory")) != 0) {
@@ -281,7 +270,6 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen)
}
ignorekeynote:
#endif /* USE_KEYNOTE */
-#ifdef USE_X509
/* Otherwise, try X.509 */
keyfile = conf_get_str("X509-certificates", "Private-key");
@@ -315,8 +303,6 @@ ignorekeynote:
return 0;
}
return rsakey;
-#endif /* USE_X509 */
-#endif /* USE_X509 || USE_KEYNOTE */
default:
log_print("ike_auth_get_key: unknown key type %d", type);
@@ -423,7 +409,6 @@ pre_shared_gen_skeyid(struct exchange *exchange, size_t *sz)
return skeyid;
}
-#if defined (USE_X509) || defined (USE_KEYNOTE)
/* Both DSS & RSA signature authentication use this algorithm. */
static u_int8_t *
sig_gen_skeyid(struct exchange *exchange, size_t *sz)
@@ -471,7 +456,6 @@ sig_gen_skeyid(struct exchange *exchange, size_t *sz)
prf_free(prf);
return skeyid;
}
-#endif /* USE_X509 || USE_KEYNOTE */
#ifdef notdef
/*
@@ -548,7 +532,6 @@ pre_shared_decode_hash(struct message *msg)
return 0;
}
-#if defined (USE_X509) || defined (USE_KEYNOTE)
/* Decrypt the HASH in SIG, we already need a parsed ID payload. */
static int
rsa_sig_decode_hash(struct message *msg)
@@ -824,7 +807,6 @@ rsa_sig_decode_hash(struct message *msg)
p->flags |= PL_MARK;
return 0;
}
-#endif /* USE_X509 || USE_KEYNOTE */
static int
pre_shared_encode_hash(struct message *msg)
@@ -850,7 +832,6 @@ pre_shared_encode_hash(struct message *msg)
return 0;
}
-#if defined (USE_X509) || defined (USE_KEYNOTE)
/* Encrypt the HASH into a SIG type. */
static int
rsa_sig_encode_hash(struct message *msg)
@@ -1080,7 +1061,6 @@ skipcert:
}
return 0;
}
-#endif /* USE_X509 || USE_KEYNOTE */
int
ike_auth_hash(struct exchange *exchange, u_int8_t *buf)
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c
index a40a54cb949..caf26fe81a6 100644
--- a/sbin/isakmpd/ike_quick_mode.c
+++ b/sbin/isakmpd/ike_quick_mode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_quick_mode.c,v 1.91 2005/04/04 19:31:11 deraadt Exp $ */
+/* $OpenBSD: ike_quick_mode.c,v 1.92 2005/04/05 20:46:20 cloder Exp $ */
/* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */
/*
@@ -60,10 +60,7 @@
#include "transport.h"
#include "util.h"
#include "key.h"
-
-#ifdef USE_X509
#include "x509.h"
-#endif
static void gen_g_xy(struct message *);
static int initiator_send_HASH_SA_NONCE(struct message *);
@@ -107,10 +104,8 @@ check_policy(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
int i, len, result = 0, nprinc = 0;
int *x509_ids = 0, *keynote_ids = 0;
unsigned char hashbuf[20]; /* Set to the largest digest result */
-#ifdef USE_X509
struct keynote_deckey dc;
X509_NAME *subject;
-#endif
/* Do we want to use keynote policies? */
if (ignore_policy ||
@@ -243,7 +238,6 @@ check_policy(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
break;
case ISAKMP_CERTENC_X509_SIG:
-#ifdef USE_X509
principal = calloc(2, sizeof *principal);
if (!principal) {
log_error("check_policy: calloc (2, %lu) failed",
@@ -301,7 +295,6 @@ check_policy(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
nprinc = 1;
}
break;
-#endif
/* XXX Eventually handle these. */
case ISAKMP_CERTENC_PKCS:
@@ -1739,9 +1732,7 @@ next_sa:
goto cleanup;
}
} else if (
-#if defined (USE_X509) && defined (USE_POLICY)
ignore_policy ||
-#endif
strncmp("yes", conf_get_str("General", "Use-Keynote"), 3)) {
log_print("responder_recv_HASH_SA_NONCE: peer proposed "
"invalid phase 2 IDs: %s",
diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c
index 1475fba5f70..a5a9c2b1f14 100644
--- a/sbin/isakmpd/ipsec.c
+++ b/sbin/isakmpd/ipsec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec.c,v 1.110 2005/04/04 19:31:11 deraadt Exp $ */
+/* $OpenBSD: ipsec.c,v 1.111 2005/04/05 20:46:20 cloder Exp $ */
/* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */
/*
@@ -73,9 +73,7 @@
#include "timer.h"
#include "transport.h"
#include "util.h"
-#ifdef USE_X509
#include "x509.h"
-#endif
extern int acquire_only;
@@ -2013,7 +2011,6 @@ ipsec_decode_id(char *buf, size_t size, u_int8_t *id, size_t id_len,
buf[id_len] = '\0';
break;
-#ifdef USE_X509
case IPSEC_ID_DER_ASN1_DN:
addr = x509_DN_string(id + ISAKMP_ID_DATA_OFF,
id_len - ISAKMP_ID_DATA_OFF);
@@ -2023,7 +2020,6 @@ ipsec_decode_id(char *buf, size_t size, u_int8_t *id, size_t id_len,
}
strlcpy(buf, addr, size);
break;
-#endif
default:
snprintf(buf, size, "<id type unknown: %x>", id_type);
@@ -2450,7 +2446,6 @@ ipsec_id_string(u_int8_t *id, size_t id_len)
*(buf + len + id_len) = '\0';
break;
-#ifdef USE_X509
case IPSEC_ID_DER_ASN1_DN:
strlcpy(buf, "asn1_dn/", size);
len = strlen(buf);
@@ -2462,7 +2457,6 @@ ipsec_id_string(u_int8_t *id, size_t id_len)
goto fail;
strlcpy(buf + len, addrstr, size - len);
break;
-#endif
default:
/* Unknown type. */
diff --git a/sbin/isakmpd/key.c b/sbin/isakmpd/key.c
index 57e40db70fa..71ea551bd99 100644
--- a/sbin/isakmpd/key.c
+++ b/sbin/isakmpd/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.20 2004/12/28 11:19:47 hshoexer Exp $ */
+/* $OpenBSD: key.c,v 1.21 2005/04/05 20:46:20 cloder Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
@@ -29,9 +29,7 @@
#include "libcrypto.h"
#include "log.h"
#include "util.h"
-#ifdef USE_X509
#include "x509.h"
-#endif
void
key_free(int type, int private, void *key)
@@ -41,10 +39,8 @@ key_free(int type, int private, void *key)
free(key);
break;
case ISAKMP_KEY_RSA:
-#ifdef USE_X509
RSA_free(key);
break;
-#endif
case ISAKMP_KEY_NONE:
default:
log_error("key_free: unknown/unsupportedkey type %d", type);
@@ -57,10 +53,8 @@ void
key_serialize(int type, int private, void *key, u_int8_t **data,
size_t *datalenp)
{
-#ifdef USE_X509
u_int8_t *p;
size_t datalen;
-#endif
switch (type) {
case ISAKMP_KEY_PASSPHRASE:
@@ -68,7 +62,6 @@ key_serialize(int type, int private, void *key, u_int8_t **data,
*data = (u_int8_t *)strdup((char *)key);
break;
case ISAKMP_KEY_RSA:
-#ifdef USE_X509
switch (private) {
case ISAKMP_KEYTYPE_PUBLIC:
datalen = i2d_RSAPublicKey((RSA *)key, NULL);
@@ -92,7 +85,6 @@ key_serialize(int type, int private, void *key, u_int8_t **data,
*datalenp = i2d_RSAPrivateKey((RSA *)key, &p);
break;
}
-#endif
break;
default:
log_error("key_serialize: unknown/unsupported key type %d",
@@ -105,17 +97,14 @@ key_serialize(int type, int private, void *key, u_int8_t **data,
char *
key_printable(int type, int private, u_int8_t *data, int datalen)
{
-#ifdef USE_X509
char *s;
int i;
-#endif
switch (type) {
case ISAKMP_KEY_PASSPHRASE:
return strdup((char *)data);
case ISAKMP_KEY_RSA:
-#ifdef USE_X509
s = malloc(datalen * 2 + 1);
if (!s) {
log_error("key_printable: malloc (%d) failed",
@@ -126,7 +115,6 @@ key_printable(int type, int private, u_int8_t *data, int datalen)
snprintf(s + (2 * i), 2 * (datalen - i) + 1, "%02x",
data[i]);
return s;
-#endif
default:
log_error("key_printable: unknown/unsupported key type %d",
@@ -143,7 +131,6 @@ key_internalize(int type, int private, u_int8_t *data, int datalen)
case ISAKMP_KEY_PASSPHRASE:
return strdup((char *)data);
case ISAKMP_KEY_RSA:
-#ifdef USE_X509
switch (private) {
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
case ISAKMP_KEYTYPE_PUBLIC:
@@ -164,7 +151,6 @@ key_internalize(int type, int private, u_int8_t *data, int datalen)
return 0;
}
break;
-#endif /* USE_X509 */
default:
log_error("key_internalize: unknown/unsupported key type %d",
type);
@@ -179,9 +165,7 @@ void
key_from_printable(int type, int private, char *key, u_int8_t **data,
u_int32_t *datalenp)
{
-#ifdef USE_X509
u_int32_t datalen;
-#endif
switch (type) {
case ISAKMP_KEY_PASSPHRASE:
@@ -190,7 +174,6 @@ key_from_printable(int type, int private, char *key, u_int8_t **data,
break;
case ISAKMP_KEY_RSA:
-#ifdef USE_X509
datalen = (strlen(key) + 1) / 2; /* Round up, just in case */
*data = malloc(datalen);
if (!*data) {
@@ -207,7 +190,6 @@ key_from_printable(int type, int private, char *key, u_int8_t **data,
}
*datalenp = datalen;
break;
-#endif
default:
log_error("key_from_printable: "
diff --git a/sbin/isakmpd/libcrypto.c b/sbin/isakmpd/libcrypto.c
index d66c58a47ca..00d4345ef3b 100644
--- a/sbin/isakmpd/libcrypto.c
+++ b/sbin/isakmpd/libcrypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: libcrypto.c,v 1.16 2004/04/15 18:39:26 deraadt Exp $ */
+/* $OpenBSD: libcrypto.c,v 1.17 2005/04/05 20:46:20 cloder Exp $ */
/* $EOM: libcrypto.c,v 1.14 2000/09/28 12:53:27 niklas Exp $ */
/*
@@ -36,7 +36,7 @@
void
libcrypto_init(void)
{
-#if defined (USE_X509) && defined (USE_LIBCRYPTO)
+#if defined (USE_LIBCRYPTO)
/* Add all algorithms known by SSL */
#if OPENSSL_VERSION_NUMBER >= 0x00905100L
@@ -45,5 +45,5 @@ libcrypto_init(void)
SSLeay_add_all_algorithms();
#endif
-#endif /* USE_X509 && USE_LIBCRYPTO */
+#endif /* USE_LIBCRYPTO */
}
diff --git a/sbin/isakmpd/libcrypto.h b/sbin/isakmpd/libcrypto.h
index e9581bfc1dd..03c9eb5b9c1 100644
--- a/sbin/isakmpd/libcrypto.h
+++ b/sbin/isakmpd/libcrypto.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: libcrypto.h,v 1.16 2004/04/15 18:39:26 deraadt Exp $ */
+/* $OpenBSD: libcrypto.h,v 1.17 2005/04/05 20:46:20 cloder Exp $ */
/* $EOM: libcrypto.h,v 1.16 2000/09/28 12:53:27 niklas Exp $ */
/*
@@ -33,8 +33,6 @@
#ifndef _LIBCRYPTO_H_
#define _LIBCRYPTO_H_
-#ifdef USE_X509
-
#include <stdio.h>
/* XXX I want #include <ssl/cryptall.h> but we appear to not install meth.h */
@@ -45,8 +43,6 @@
#include <openssl/x509_vfy.h>
#include <openssl/x509.h>
-#endif /* USE_X509 */
-
extern void libcrypto_init(void);
#endif /* _LIBCRYPTO_H_ */
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index 9dc78bce4ed..a2851817f9e 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.156 2005/04/04 19:31:11 deraadt Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.157 2005/04/05 20:46:20 cloder Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -1627,7 +1627,7 @@ nodid:
break;
#endif /* USE_KEYNOTE */
-#if defined (USE_X509) && defined (SADB_X_EXT_REMOTE_CREDENTIALS)
+#if defined (SADB_X_EXT_REMOTE_CREDENTIALS)
case ISAKMP_CERTENC_X509_SIG:
{
u_int8_t *data;
@@ -1666,7 +1666,7 @@ nodid:
goto cleanup;
}
break;
-#endif /* USE_X509 */
+#endif
}
}
#endif /* SADB_X_CREDTYPE_NONE */
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index 3b3d5d17c0b..3f567a62304 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.97 2005/03/15 16:49:05 mpf Exp $ */
+/* $OpenBSD: x509.c,v 1.98 2005/04/05 20:46:20 cloder Exp $ */
/* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */
/*
@@ -31,7 +31,6 @@
* This code was written under funding by Ericsson Radio Systems.
*/
-#ifdef USE_X509
#include <sys/param.h>
#include <sys/types.h>
@@ -1432,4 +1431,4 @@ x509_DN_string(u_int8_t *asn1, size_t sz)
buf[sizeof buf - 1] = '\0';
return strdup(buf);
}
-#endif /* USE_X509 */
+