more --without-openssl

fix some regressions caused by upstream merges enable KRLs now that they no longer require BIGNUMs
2025-01-22 01:12:54 +00:00 · 2015-01-15 03:08:58 +11:00 · 2015-01-15 03:08:58 +11:00 · b03ebe2c22
commit b03ebe2c22
parent bc42cc6fe7
5 changed files with 4 additions and 17 deletions
--- a/authfile.c
+++ b/authfile.c
@ -551,12 +551,10 @@ sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
 {
 	int r;

-#ifdef WITH_OPENSSL
 	r = ssh_krl_file_contains_key(revoked_keys_file, key);
 	/* If this was not a KRL to begin with then continue below */
 	if (r != SSH_ERR_KRL_BAD_MAGIC)
 		return r;
-#endif

 	/*
 	 * If the file is not a KRL or we can't handle KRLs then attempt to
--- a/krl.c
+++ b/krl.c
@ -18,8 +18,6 @@

 #include "includes.h"

-#ifdef WITH_OPENSSL /* XXX just fix bignums and this is good */
-
 #include <sys/types.h>
 #include <sys/param.h>
 #include <openbsd-compat/sys-tree.h>
@ -1284,4 +1282,3 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
 		errno = oerrno;
 	return r;
 }
-#endif /* WITH_OPENSSL */
--- a/ssh-agent.c
+++ b/ssh-agent.c
@ -524,6 +524,7 @@ reaper(void)
 		return (deadline - now);
 }

+#ifdef WITH_SSH1
 /*
 * XXX this and the corresponding serialisation function probably belongs
 * in key.c
@ -565,6 +566,7 @@ agent_decode_rsa1(struct sshbuf *m, struct sshkey **kp)
 		sshkey_free(k);
 	return r;
 }
+#endif

 static void
 process_add_identity(SocketEntry *e, int version)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@ -1964,7 +1964,6 @@ do_show_cert(struct passwd *pw)
 	exit(0);
 }

-#ifdef WITH_OPENSSL
 static void
 load_krl(const char *path, struct ssh_krl **krlp)
 {
@ -2106,12 +2105,10 @@ update_krl_from_file(struct passwd *pw, const char *file, const Key *ca,
 		fclose(krl_spec);
 	free(path);
 }
-#endif /* WITH_OPENSSL */

 static void
 do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
 {
-#ifdef WITH_OPENSSL
 	struct ssh_krl *krl;
 	struct stat sb;
 	Key *ca = NULL;
@ -2161,15 +2158,11 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
 	ssh_krl_free(krl);
 	if (ca != NULL)
 		key_free(ca);
-#else /* WITH_OPENSSL */
-	fatal("KRLs not supported without OpenSSL");
-#endif /* WITH_OPENSSL */
 }

 static void
 do_check_krl(struct passwd *pw, int argc, char **argv)
 {
-#ifdef WITH_OPENSSL
 	int i, r, ret = 0;
 	char *comment;
 	struct ssh_krl *krl;
@ -2192,9 +2185,6 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
 	}
 	ssh_krl_free(krl);
 	exit(ret);
-#else /* WITH_OPENSSL */
-	fatal("KRLs not supported without OpenSSL");
-#endif /* WITH_OPENSSL */
 }

 static void
--- a/sshbuf.h
+++ b/sshbuf.h
@ -209,11 +209,11 @@ int	sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp,
 * curve points.
 */
 int	sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
+int	sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
+	    const u_char **valp, size_t *lenp);
 #ifdef WITH_OPENSSL
 int	sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v);
 int	sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v);
-int	sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
-	    const u_char **valp, size_t *lenp);
 int	sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
 int	sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v);
 # ifdef OPENSSL_HAS_ECC