From 723a5369864b338c48d22854bc2bb4ee5c083deb Mon Sep 17 00:00:00 2001
From: "naddy@openbsd.org" <naddy@openbsd.org>
Date: Mon, 18 Nov 2019 16:08:57 +0000
Subject: upstream: add the missing WITH_OPENSSL ifdefs after the ED25519-SK

addition; ok djm@

OpenBSD-Commit-ID: a9545e1c273e506cf70e328cbb9d0129b6d62474
---
 ssh-sk.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'ssh-sk.c')

diff --git a/ssh-sk.c b/ssh-sk.c
index 187d9f0c..df2f040e 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk.c,v 1.14 2019/11/16 23:17:20 djm Exp $ */
+/* $OpenBSD: ssh-sk.c,v 1.15 2019/11/18 16:08:57 naddy Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -27,8 +27,10 @@
 #include <string.h>
 #include <stdio.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/objects.h>
 #include <openssl/ec.h>
+#endif /* WITH_OPENSSL */
 
 #include "log.h"
 #include "misc.h"
@@ -163,6 +165,7 @@ sshsk_free_sign_response(struct sk_sign_response *r)
 	freezero(r, sizeof(*r));
 };
 
+#ifdef WITH_OPENSSL
 /* Assemble key from response */
 static int
 sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
@@ -217,6 +220,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
 	sshbuf_free(b);
 	return r;
 }
+#endif /* WITH_OPENSSL */
 
 static int
 sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
@@ -272,9 +276,11 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
 	if (attest)
 		sshbuf_reset(attest);
 	switch (type) {
+#ifdef WITH_OPENSSL
 	case KEY_ECDSA_SK:
 		alg = SSH_SK_ECDSA;
 		break;
+#endif /* WITH_OPENSSL */
 	case KEY_ED25519_SK:
 		alg = SSH_SK_ED25519;
 		break;
@@ -330,10 +336,12 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
 		goto out;
 	}
 	switch (type) {
+#ifdef WITH_OPENSSL
 	case KEY_ECDSA_SK:
 		if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0)
 			goto out;
 		break;
+#endif /* WITH_OPENSSL */
 	case KEY_ED25519_SK:
 		if ((r = sshsk_ed25519_assemble(resp, &key)) != 0)
 			goto out;
@@ -382,6 +390,7 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
 	return r;
 }
 
+#ifdef WITH_OPENSSL
 static int
 sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
 {
@@ -425,6 +434,7 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
 	sshbuf_free(inner_sig);
 	return r;
 }
+#endif /* WITH_OPENSSL */
 
 static int
 sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig)
@@ -474,9 +484,11 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
 		*lenp = 0;
 	type = sshkey_type_plain(key->type);
 	switch (type) {
+#ifdef WITH_OPENSSL
 	case KEY_ECDSA_SK:
 		alg = SSH_SK_ECDSA;
 		break;
+#endif /* WITH_OPENSSL */
 	case KEY_ED25519_SK:
 		alg = SSH_SK_ED25519;
 		break;
@@ -518,10 +530,12 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
 		goto out;
 	}
 	switch (type) {
+#ifdef WITH_OPENSSL
 	case KEY_ECDSA_SK:
 		if ((r = sshsk_ecdsa_sig(resp, sig)) != 0)
 			goto out;
 		break;
+#endif /* WITH_OPENSSL */
 	case KEY_ED25519_SK:
 		if ((r = sshsk_ed25519_sig(resp, sig)) != 0)
 			goto out;
-- 
cgit v1.2.1