summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/Makefile.inc6
-rw-r--r--usr.bin/ssh/sk-usbhid.c12
-rw-r--r--usr.bin/ssh/ssh-sk.c16
3 files changed, 30 insertions, 4 deletions
diff --git a/usr.bin/ssh/Makefile.inc b/usr.bin/ssh/Makefile.inc
index 3032ea5f2fd..7c8e4fe7b27 100644
--- a/usr.bin/ssh/Makefile.inc
+++ b/usr.bin/ssh/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.78 2019/11/15 05:25:52 deraadt Exp $
+# $OpenBSD: Makefile.inc,v 1.79 2019/11/18 16:08:57 naddy Exp $
.include <bsd.own.mk>
@@ -71,6 +71,8 @@ SRCS_KEY+= cipher.c
SRCS_KEY+= cipher-chachapoly.c
SRCS_KEY+= chacha.c
SRCS_KEY+= poly1305.c
+SRCS_KEY+= ssh-sk.c
+SRCS_KEY+= sk-usbhid.c
.if (${OPENSSL:L} == "yes")
SRCS_KEY+= ssh-dss.c
SRCS_KEY+= ssh-ecdsa.c
@@ -78,8 +80,6 @@ SRCS_KEY+= ssh-ecdsa-sk.c
SRCS_KEY+= ssh-rsa.c
SRCS_KEY+= sshbuf-getput-crypto.c
SRCS_KEY+= digest-openssl.c
-SRCS_KEY+= ssh-sk.c
-SRCS_KEY+= sk-usbhid.c
.else
SRCS_KEY+= cipher-aesctr.c
SRCS_KEY+= rijndael.c
diff --git a/usr.bin/ssh/sk-usbhid.c b/usr.bin/ssh/sk-usbhid.c
index bb2414761f2..39d25aa8b5d 100644
--- a/usr.bin/ssh/sk-usbhid.c
+++ b/usr.bin/ssh/sk-usbhid.c
@@ -21,11 +21,13 @@
#include <stddef.h>
#include <stdarg.h>
+#ifdef WITH_OPENSSL
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
+#endif /* WITH_OPENSSL */
#include <fido.h>
@@ -267,6 +269,7 @@ find_device(const uint8_t *message, size_t message_len, const char *application,
return dev;
}
+#ifdef WITH_OPENSSL
/*
* The key returned via fido_cred_pubkey_ptr() is in affine coordinates,
* but the API expects a SEC1 octet string.
@@ -339,6 +342,7 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response)
BN_clear_free(y);
return ret;
}
+#endif /* WITH_OPENSSL */
static int
pack_public_key_ed25519(fido_cred_t *cred, struct sk_enroll_response *response)
@@ -375,8 +379,10 @@ static int
pack_public_key(int alg, fido_cred_t *cred, struct sk_enroll_response *response)
{
switch(alg) {
+#ifdef WITH_OPENSSL
case SK_ECDSA:
return pack_public_key_ecdsa(cred, response);
+#endif /* WITH_OPENSSL */
case SK_ED25519:
return pack_public_key_ed25519(cred, response);
default:
@@ -410,9 +416,11 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
}
*enroll_response = NULL;
switch(alg) {
+#ifdef WITH_OPENSSL
case SK_ECDSA:
cose_alg = COSE_ES256;
break;
+#endif /* WITH_OPENSSL */
case SK_ED25519:
cose_alg = COSE_EDDSA;
break;
@@ -532,6 +540,7 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
return ret;
}
+#ifdef WITH_OPENSSL
static int
pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response)
{
@@ -568,6 +577,7 @@ pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response)
}
return ret;
}
+#endif /* WITH_OPENSSL */
static int
pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response)
@@ -601,8 +611,10 @@ static int
pack_sig(int alg, fido_assert_t *assert, struct sk_sign_response *response)
{
switch(alg) {
+#ifdef WITH_OPENSSL
case SK_ECDSA:
return pack_sig_ecdsa(assert, response);
+#endif /* WITH_OPENSSL */
case SK_ED25519:
return pack_sig_ed25519(assert, response);
default:
diff --git a/usr.bin/ssh/ssh-sk.c b/usr.bin/ssh/ssh-sk.c
index e303c540379..2bd099d13ac 100644
--- a/usr.bin/ssh/ssh-sk.c
+++ b/usr.bin/ssh/ssh-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk.c,v 1.14 2019/11/16 23:17:20 djm Exp $ */
+/* $OpenBSD: ssh-sk.c,v 1.15 2019/11/18 16:08:57 naddy Exp $ */
/*
* Copyright (c) 2019 Google LLC
*
@@ -23,8 +23,10 @@
#include <string.h>
#include <stdio.h>
+#ifdef WITH_OPENSSL
#include <openssl/objects.h>
#include <openssl/ec.h>
+#endif /* WITH_OPENSSL */
#include "log.h"
#include "misc.h"
@@ -155,6 +157,7 @@ sshsk_free_sign_response(struct sk_sign_response *r)
freezero(r, sizeof(*r));
};
+#ifdef WITH_OPENSSL
/* Assemble key from response */
static int
sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
@@ -209,6 +212,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
sshbuf_free(b);
return r;
}
+#endif /* WITH_OPENSSL */
static int
sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
@@ -264,9 +268,11 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
if (attest)
sshbuf_reset(attest);
switch (type) {
+#ifdef WITH_OPENSSL
case KEY_ECDSA_SK:
alg = SSH_SK_ECDSA;
break;
+#endif /* WITH_OPENSSL */
case KEY_ED25519_SK:
alg = SSH_SK_ED25519;
break;
@@ -322,10 +328,12 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
goto out;
}
switch (type) {
+#ifdef WITH_OPENSSL
case KEY_ECDSA_SK:
if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0)
goto out;
break;
+#endif /* WITH_OPENSSL */
case KEY_ED25519_SK:
if ((r = sshsk_ed25519_assemble(resp, &key)) != 0)
goto out;
@@ -374,6 +382,7 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
return r;
}
+#ifdef WITH_OPENSSL
static int
sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
{
@@ -417,6 +426,7 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
sshbuf_free(inner_sig);
return r;
}
+#endif /* WITH_OPENSSL */
static int
sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig)
@@ -466,9 +476,11 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
*lenp = 0;
type = sshkey_type_plain(key->type);
switch (type) {
+#ifdef WITH_OPENSSL
case KEY_ECDSA_SK:
alg = SSH_SK_ECDSA;
break;
+#endif /* WITH_OPENSSL */
case KEY_ED25519_SK:
alg = SSH_SK_ED25519;
break;
@@ -510,10 +522,12 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
goto out;
}
switch (type) {
+#ifdef WITH_OPENSSL
case KEY_ECDSA_SK:
if ((r = sshsk_ecdsa_sig(resp, sig)) != 0)
goto out;
break;
+#endif /* WITH_OPENSSL */
case KEY_ED25519_SK:
if ((r = sshsk_ed25519_sig(resp, sig)) != 0)
goto out;