diff --git a/sk-usbhid.c b/sk-usbhid.c index 17b595367..594f5d890 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c @@ -25,11 +25,13 @@ #include #include +#ifdef WITH_OPENSSL #include #include #include #include #include +#endif /* WITH_OPENSSL */ #include @@ -271,6 +273,7 @@ find_device(const uint8_t *message, size_t message_len, const char *application, return dev; } +#ifdef WITH_OPENSSL /* * The key returned via fido_cred_pubkey_ptr() is in affine coordinates, * but the API expects a SEC1 octet string. @@ -343,6 +346,7 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) BN_clear_free(y); return ret; } +#endif /* WITH_OPENSSL */ static int pack_public_key_ed25519(fido_cred_t *cred, struct sk_enroll_response *response) @@ -379,8 +383,10 @@ static int pack_public_key(int alg, fido_cred_t *cred, struct sk_enroll_response *response) { switch(alg) { +#ifdef WITH_OPENSSL case SK_ECDSA: return pack_public_key_ecdsa(cred, response); +#endif /* WITH_OPENSSL */ case SK_ED25519: return pack_public_key_ed25519(cred, response); default: @@ -414,9 +420,11 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, } *enroll_response = NULL; switch(alg) { +#ifdef WITH_OPENSSL case SK_ECDSA: cose_alg = COSE_ES256; break; +#endif /* WITH_OPENSSL */ case SK_ED25519: cose_alg = COSE_EDDSA; break; @@ -536,6 +544,7 @@ sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, return ret; } +#ifdef WITH_OPENSSL static int pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response) { @@ -572,6 +581,7 @@ pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response) } return ret; } +#endif /* WITH_OPENSSL */ static int pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response) @@ -605,8 +615,10 @@ static int pack_sig(int alg, fido_assert_t *assert, struct sk_sign_response *response) { switch(alg) { +#ifdef WITH_OPENSSL case SK_ECDSA: return pack_sig_ecdsa(assert, response); +#endif /* WITH_OPENSSL */ case SK_ED25519: return pack_sig_ed25519(assert, response); default: diff --git a/ssh-sk.c b/ssh-sk.c index 187d9f0ca..df2f040ef 100644 --- a/ssh-sk.c +++ b/ssh-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.14 2019/11/16 23:17:20 djm Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.15 2019/11/18 16:08:57 naddy Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -27,8 +27,10 @@ #include #include +#ifdef WITH_OPENSSL #include #include +#endif /* WITH_OPENSSL */ #include "log.h" #include "misc.h" @@ -163,6 +165,7 @@ sshsk_free_sign_response(struct sk_sign_response *r) freezero(r, sizeof(*r)); }; +#ifdef WITH_OPENSSL /* Assemble key from response */ static int sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) @@ -217,6 +220,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) sshbuf_free(b); return r; } +#endif /* WITH_OPENSSL */ static int sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) @@ -272,9 +276,11 @@ sshsk_enroll(int type, const char *provider_path, const char *application, if (attest) sshbuf_reset(attest); switch (type) { +#ifdef WITH_OPENSSL case KEY_ECDSA_SK: alg = SSH_SK_ECDSA; break; +#endif /* WITH_OPENSSL */ case KEY_ED25519_SK: alg = SSH_SK_ED25519; break; @@ -330,10 +336,12 @@ sshsk_enroll(int type, const char *provider_path, const char *application, goto out; } switch (type) { +#ifdef WITH_OPENSSL case KEY_ECDSA_SK: if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0) goto out; break; +#endif /* WITH_OPENSSL */ case KEY_ED25519_SK: if ((r = sshsk_ed25519_assemble(resp, &key)) != 0) goto out; @@ -382,6 +390,7 @@ sshsk_enroll(int type, const char *provider_path, const char *application, return r; } +#ifdef WITH_OPENSSL static int sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) { @@ -425,6 +434,7 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) sshbuf_free(inner_sig); return r; } +#endif /* WITH_OPENSSL */ static int sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig) @@ -474,9 +484,11 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, *lenp = 0; type = sshkey_type_plain(key->type); switch (type) { +#ifdef WITH_OPENSSL case KEY_ECDSA_SK: alg = SSH_SK_ECDSA; break; +#endif /* WITH_OPENSSL */ case KEY_ED25519_SK: alg = SSH_SK_ED25519; break; @@ -518,10 +530,12 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, goto out; } switch (type) { +#ifdef WITH_OPENSSL case KEY_ECDSA_SK: if ((r = sshsk_ecdsa_sig(resp, sig)) != 0) goto out; break; +#endif /* WITH_OPENSSL */ case KEY_ED25519_SK: if ((r = sshsk_ed25519_sig(resp, sig)) != 0) goto out;