From 872595572b6c9a584ed754165e8b7c4c9e7e1d61 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 1 Oct 2021 16:35:05 +1000
Subject: fix FIDO key support for !OPENSSL_HAS_ECC case

ok dtucker
---
 ssh-sk.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'ssh-sk.c')

diff --git a/ssh-sk.c b/ssh-sk.c
index d254e77f..393b4ccd 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -29,10 +29,10 @@
 #include <string.h>
 #include <stdio.h>
 
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
 #include <openssl/objects.h>
 #include <openssl/ec.h>
-#endif /* WITH_OPENSSL */
+#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
 
 #include "log.h"
 #include "misc.h"
@@ -45,6 +45,15 @@
 #include "sk-api.h"
 #include "crypto_api.h"
 
+/*
+ * Almost every use of OpenSSL in this file is for ECDSA-NISTP256.
+ * This is strictly a larger hammer than necessary, but it reduces changes
+ * with upstream.
+ */
+#ifndef OPENSSL_HAS_ECC
+# undef WITH_OPENSSL
+#endif
+
 struct sshsk_provider {
 	char *path;
 	void *dlhandle;
-- 
cgit v1.2.1