From dee22129bbc61e25b1003adfa2bc584c5406ef2d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 1 Oct 2021 16:35:49 +1000 Subject: make OPENSSL_HAS_ECC checks more thorough ok dtucker --- ssh-pkcs11.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'ssh-pkcs11.c') diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 37a6b1b5..649a6d3b 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -79,7 +79,7 @@ struct pkcs11_key { int pkcs11_interactive = 0; -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) static void ossl_error(const char *msg) { @@ -89,7 +89,7 @@ ossl_error(const char *msg) while ((e = ERR_get_error()) != 0) error_f("libcrypto error: %s", ERR_error_string(e, NULL)); } -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ int pkcs11_init(int interactive) @@ -190,10 +190,10 @@ pkcs11_del_provider(char *provider_id) static RSA_METHOD *rsa_method; static int rsa_idx = 0; -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) static EC_KEY_METHOD *ec_key_method; static int ec_key_idx = 0; -#endif +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ /* release a wrapped object */ static void @@ -507,7 +507,7 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, return (0); } -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) /* openssl callback doing the actual signing operation */ static ECDSA_SIG * ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, @@ -619,7 +619,7 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, return (0); } -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ /* remove trailing spaces */ static void @@ -694,7 +694,7 @@ pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key) return (0); } -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) static struct sshkey * pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, CK_OBJECT_HANDLE *obj) @@ -817,7 +817,7 @@ fail: return (key); } -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ static struct sshkey * pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, @@ -925,7 +925,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, #endif struct sshkey *key = NULL; int i; -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) int nid; #endif const u_char *cp; @@ -1014,7 +1014,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, key->type = KEY_RSA; key->flags |= SSHKEY_FLAG_EXT; rsa = NULL; /* now owned by key */ -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { if (EVP_PKEY_get0_EC_KEY(evp) == NULL) { error("invalid x509; no ec key"); @@ -1045,7 +1045,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, key->type = KEY_ECDSA; key->flags |= SSHKEY_FLAG_EXT; ec = NULL; /* now owned by key */ -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ } else { error("unknown certificate key type"); goto out; @@ -1269,11 +1269,11 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, case CKK_RSA: key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj); break; -#ifdef HAVE_EC_KEY_METHOD_NEW +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) case CKK_ECDSA: key = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj); break; -#endif /* HAVE_EC_KEY_METHOD_NEW */ +#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ default: /* XXX print key type? */ key = NULL; -- cgit v1.2.1