diff options
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/Makefile.inc | 6 | ||||
-rw-r--r-- | usr.bin/ssh/sk-usbhid.c | 12 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-sk.c | 16 |
3 files changed, 30 insertions, 4 deletions
diff --git a/usr.bin/ssh/Makefile.inc b/usr.bin/ssh/Makefile.inc index 3032ea5f2fd..7c8e4fe7b27 100644 --- a/usr.bin/ssh/Makefile.inc +++ b/usr.bin/ssh/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.78 2019/11/15 05:25:52 deraadt Exp $ +# $OpenBSD: Makefile.inc,v 1.79 2019/11/18 16:08:57 naddy Exp $ .include <bsd.own.mk> @@ -71,6 +71,8 @@ SRCS_KEY+= cipher.c SRCS_KEY+= cipher-chachapoly.c SRCS_KEY+= chacha.c SRCS_KEY+= poly1305.c +SRCS_KEY+= ssh-sk.c +SRCS_KEY+= sk-usbhid.c .if (${OPENSSL:L} == "yes") SRCS_KEY+= ssh-dss.c SRCS_KEY+= ssh-ecdsa.c @@ -78,8 +80,6 @@ SRCS_KEY+= ssh-ecdsa-sk.c SRCS_KEY+= ssh-rsa.c SRCS_KEY+= sshbuf-getput-crypto.c SRCS_KEY+= digest-openssl.c -SRCS_KEY+= ssh-sk.c -SRCS_KEY+= sk-usbhid.c .else SRCS_KEY+= cipher-aesctr.c SRCS_KEY+= rijndael.c diff --git a/usr.bin/ssh/sk-usbhid.c b/usr.bin/ssh/sk-usbhid.c index bb2414761f2..39d25aa8b5d 100644 --- a/usr.bin/ssh/sk-usbhid.c +++ b/usr.bin/ssh/sk-usbhid.c @@ -21,11 +21,13 @@ #include <stddef.h> #include <stdarg.h> +#ifdef WITH_OPENSSL #include <openssl/opensslv.h> #include <openssl/crypto.h> #include <openssl/bn.h> #include <openssl/ec.h> #include <openssl/ecdsa.h> +#endif /* WITH_OPENSSL */ #include <fido.h> @@ -267,6 +269,7 @@ find_device(const uint8_t *message, size_t message_len, const char *application, return dev; } +#ifdef WITH_OPENSSL /* * The key returned via fido_cred_pubkey_ptr() is in affine coordinates, * but the API expects a SEC1 octet string. @@ -339,6 +342,7 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) BN_clear_free(y); return ret; } +#endif /* WITH_OPENSSL */ static int pack_public_key_ed25519(fido_cred_t *cred, struct sk_enroll_response *response) @@ -375,8 +379,10 @@ static int pack_public_key(int alg, fido_cred_t *cred, struct sk_enroll_response *response) { switch(alg) { +#ifdef WITH_OPENSSL case SK_ECDSA: return pack_public_key_ecdsa(cred, response); +#endif /* WITH_OPENSSL */ case SK_ED25519: return pack_public_key_ed25519(cred, response); default: @@ -410,9 +416,11 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, } *enroll_response = NULL; switch(alg) { +#ifdef WITH_OPENSSL case SK_ECDSA: cose_alg = COSE_ES256; break; +#endif /* WITH_OPENSSL */ case SK_ED25519: cose_alg = COSE_EDDSA; break; @@ -532,6 +540,7 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, return ret; } +#ifdef WITH_OPENSSL static int pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response) { @@ -568,6 +577,7 @@ pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response) } return ret; } +#endif /* WITH_OPENSSL */ static int pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response) @@ -601,8 +611,10 @@ static int pack_sig(int alg, fido_assert_t *assert, struct sk_sign_response *response) { switch(alg) { +#ifdef WITH_OPENSSL case SK_ECDSA: return pack_sig_ecdsa(assert, response); +#endif /* WITH_OPENSSL */ case SK_ED25519: return pack_sig_ed25519(assert, response); default: diff --git a/usr.bin/ssh/ssh-sk.c b/usr.bin/ssh/ssh-sk.c index e303c540379..2bd099d13ac 100644 --- a/usr.bin/ssh/ssh-sk.c +++ b/usr.bin/ssh/ssh-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.14 2019/11/16 23:17:20 djm Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.15 2019/11/18 16:08:57 naddy Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -23,8 +23,10 @@ #include <string.h> #include <stdio.h> +#ifdef WITH_OPENSSL #include <openssl/objects.h> #include <openssl/ec.h> +#endif /* WITH_OPENSSL */ #include "log.h" #include "misc.h" @@ -155,6 +157,7 @@ sshsk_free_sign_response(struct sk_sign_response *r) freezero(r, sizeof(*r)); }; +#ifdef WITH_OPENSSL /* Assemble key from response */ static int sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) @@ -209,6 +212,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) sshbuf_free(b); return r; } +#endif /* WITH_OPENSSL */ static int sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) @@ -264,9 +268,11 @@ sshsk_enroll(int type, const char *provider_path, const char *application, if (attest) sshbuf_reset(attest); switch (type) { +#ifdef WITH_OPENSSL case KEY_ECDSA_SK: alg = SSH_SK_ECDSA; break; +#endif /* WITH_OPENSSL */ case KEY_ED25519_SK: alg = SSH_SK_ED25519; break; @@ -322,10 +328,12 @@ sshsk_enroll(int type, const char *provider_path, const char *application, goto out; } switch (type) { +#ifdef WITH_OPENSSL case KEY_ECDSA_SK: if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0) goto out; break; +#endif /* WITH_OPENSSL */ case KEY_ED25519_SK: if ((r = sshsk_ed25519_assemble(resp, &key)) != 0) goto out; @@ -374,6 +382,7 @@ sshsk_enroll(int type, const char *provider_path, const char *application, return r; } +#ifdef WITH_OPENSSL static int sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) { @@ -417,6 +426,7 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) sshbuf_free(inner_sig); return r; } +#endif /* WITH_OPENSSL */ static int sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig) @@ -466,9 +476,11 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, *lenp = 0; type = sshkey_type_plain(key->type); switch (type) { +#ifdef WITH_OPENSSL case KEY_ECDSA_SK: alg = SSH_SK_ECDSA; break; +#endif /* WITH_OPENSSL */ case KEY_ED25519_SK: alg = SSH_SK_ED25519; break; @@ -510,10 +522,12 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, goto out; } switch (type) { +#ifdef WITH_OPENSSL case KEY_ECDSA_SK: if ((r = sshsk_ecdsa_sig(resp, sig)) != 0) goto out; break; +#endif /* WITH_OPENSSL */ case KEY_ED25519_SK: if ((r = sshsk_ed25519_sig(resp, sig)) != 0) goto out; |