diff options
| author | Damien Miller <djm@mindrot.org> | 2015-01-15 03:08:58 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-01-15 03:08:58 +1100 |
| commit | b03ebe2c22b8166e4f64c37737f4278676e3488d (patch) | |
| tree | 4b5e6701543cc6c79f3638759c7fc420491a4719 | |
| parent | bc42cc6fe784f36df225c44c93b74830027cb5a2 (diff) | |
| download | openssh-git-b03ebe2c22b8166e4f64c37737f4278676e3488d.tar.gz | |
more --without-openssl
fix some regressions caused by upstream merges
enable KRLs now that they no longer require BIGNUMs
| -rw-r--r-- | authfile.c | 2 | ||||
| -rw-r--r-- | krl.c | 3 | ||||
| -rw-r--r-- | ssh-agent.c | 2 | ||||
| -rw-r--r-- | ssh-keygen.c | 10 | ||||
| -rw-r--r-- | sshbuf.h | 4 |
5 files changed, 4 insertions, 17 deletions
@@ -551,12 +551,10 @@ sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file) { int r; -#ifdef WITH_OPENSSL r = ssh_krl_file_contains_key(revoked_keys_file, key); /* If this was not a KRL to begin with then continue below */ if (r != SSH_ERR_KRL_BAD_MAGIC) return r; -#endif /* * If the file is not a KRL or we can't handle KRLs then attempt to @@ -18,8 +18,6 @@ #include "includes.h" -#ifdef WITH_OPENSSL /* XXX just fix bignums and this is good */ - #include <sys/types.h> #include <sys/param.h> #include <openbsd-compat/sys-tree.h> @@ -1284,4 +1282,3 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key) errno = oerrno; return r; } -#endif /* WITH_OPENSSL */ diff --git a/ssh-agent.c b/ssh-agent.c index 4925d47a..43000a42 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -524,6 +524,7 @@ reaper(void) return (deadline - now); } +#ifdef WITH_SSH1 /* * XXX this and the corresponding serialisation function probably belongs * in key.c @@ -565,6 +566,7 @@ agent_decode_rsa1(struct sshbuf *m, struct sshkey **kp) sshkey_free(k); return r; } +#endif static void process_add_identity(SocketEntry *e, int version) diff --git a/ssh-keygen.c b/ssh-keygen.c index 75f8e2e0..7f775ff1 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1964,7 +1964,6 @@ do_show_cert(struct passwd *pw) exit(0); } -#ifdef WITH_OPENSSL static void load_krl(const char *path, struct ssh_krl **krlp) { @@ -2106,12 +2105,10 @@ update_krl_from_file(struct passwd *pw, const char *file, const Key *ca, fclose(krl_spec); free(path); } -#endif /* WITH_OPENSSL */ static void do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) { -#ifdef WITH_OPENSSL struct ssh_krl *krl; struct stat sb; Key *ca = NULL; @@ -2161,15 +2158,11 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) ssh_krl_free(krl); if (ca != NULL) key_free(ca); -#else /* WITH_OPENSSL */ - fatal("KRLs not supported without OpenSSL"); -#endif /* WITH_OPENSSL */ } static void do_check_krl(struct passwd *pw, int argc, char **argv) { -#ifdef WITH_OPENSSL int i, r, ret = 0; char *comment; struct ssh_krl *krl; @@ -2192,9 +2185,6 @@ do_check_krl(struct passwd *pw, int argc, char **argv) } ssh_krl_free(krl); exit(ret); -#else /* WITH_OPENSSL */ - fatal("KRLs not supported without OpenSSL"); -#endif /* WITH_OPENSSL */ } static void @@ -209,11 +209,11 @@ int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, * curve points. */ int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len); +int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, + const u_char **valp, size_t *lenp); #ifdef WITH_OPENSSL int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v); int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v); -int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, - const u_char **valp, size_t *lenp); int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); int sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v); # ifdef OPENSSL_HAS_ECC |