fix FIDO key support for !OPENSSL_HAS_ECC case

ok dtucker
author: Damien Miller <djm@mindrot.org> 2021-10-01 16:35:05 +1000
committer: Damien Miller <djm@mindrot.org> 2021-10-01 16:36:24 +1000
commit: 872595572b6c9a584ed754165e8b7c4c9e7e1d61 (patch)
tree: 4fd732f1c87d68a17393dc79619add8801b571c7 /ssh-sk.c
parent: 489741dc68366940d369ac670b210b4834a6c272 (diff)
download: openssh-git-872595572b6c9a584ed754165e8b7c4c9e7e1d61.tar.gz
1 files changed, 11 insertions, 2 deletions
diff --git a/ssh-sk.c b/ssh-sk.c
index d254e77f..393b4ccd 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -29,10 +29,10 @@
 #include <string.h>
 #include <stdio.h>
 
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
 #include <openssl/objects.h>
 #include <openssl/ec.h>
-#endif /* WITH_OPENSSL */
+#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
 
 #include "log.h"
 #include "misc.h"
@@ -45,6 +45,15 @@
 #include "sk-api.h"
 #include "crypto_api.h"
 
+/*
+ * Almost every use of OpenSSL in this file is for ECDSA-NISTP256.
+ * This is strictly a larger hammer than necessary, but it reduces changes
+ * with upstream.
+ */
+#ifndef OPENSSL_HAS_ECC
+# undef WITH_OPENSSL
+#endif
+
 struct sshsk_provider {
 	char *path;
 	void *dlhandle;
author	Damien Miller <djm@mindrot.org>	2021-10-01 16:35:05 +1000
committer	Damien Miller <djm@mindrot.org>	2021-10-01 16:36:24 +1000
commit	872595572b6c9a584ed754165e8b7c4c9e7e1d61 (patch)
tree	4fd732f1c87d68a17393dc79619add8801b571c7 /ssh-sk.c
parent	489741dc68366940d369ac670b210b4834a6c272 (diff)
download	openssh-git-872595572b6c9a584ed754165e8b7c4c9e7e1d61.tar.gz