- (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
for missing headers and compiler warnings.
diff --git a/ChangeLog b/ChangeLog
index 742e966..c3c18d7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -66,6 +66,8 @@
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
[ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
platforms that don't have the requisite OpenSSL support. ok dtucker@
+ - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
+ for missing headers and compiler warnings.
20100831
- OpenBSD CVS Sync
diff --git a/kex.h b/kex.h
index 0691475..3e312fb 100644
--- a/kex.h
+++ b/kex.h
@@ -29,7 +29,9 @@
#include <signal.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
+#ifdef OPENSSL_HAS_ECC
#include <openssl/ec.h>
+#endif
#define KEX_COOKIE_LEN 16
diff --git a/key.c b/key.c
index 3cda8f2..196092d 100644
--- a/key.c
+++ b/key.c
@@ -261,7 +261,9 @@
int
key_equal_public(const Key *a, const Key *b)
{
+#ifdef OPENSSL_HAS_ECC
BN_CTX *bnctx;
+#endif
if (a == NULL || b == NULL ||
key_type_plain(a->type) != key_type_plain(b->type))
@@ -656,9 +658,12 @@
Key *k;
int success = -1;
char *cp, *space;
- int len, n, type, curve_nid = -1;
+ int len, n, type;
u_int bits;
u_char *blob;
+#ifdef OPENSSL_HAS_ECC
+ int curve_nid = -1;
+#endif
cp = *cpp;
@@ -1437,11 +1442,12 @@
key_from_blob(const u_char *blob, u_int blen)
{
Buffer b;
- int rlen, type, nid = -1;
+ int rlen, type;
char *ktype = NULL, *curve = NULL;
Key *key = NULL;
#ifdef OPENSSL_HAS_ECC
EC_POINT *q = NULL;
+ int nid = -1;
#endif
#ifdef DEBUG_PK
diff --git a/packet.h b/packet.h
index 827561c..864b828 100644
--- a/packet.h
+++ b/packet.h
@@ -19,7 +19,9 @@
#include <termios.h>
#include <openssl/bn.h>
+#ifdef OPENSSL_HAS_ECC
#include <openssl/ec.h>
+#endif
void packet_set_connection(int, int);
void packet_set_timeout(int, int);
@@ -43,7 +45,9 @@
void packet_put_int64(u_int64_t value);
void packet_put_bignum(BIGNUM * value);
void packet_put_bignum2(BIGNUM * value);
+#ifdef OPENSSL_HAS_ECC
void packet_put_ecpoint(const EC_GROUP *, const EC_POINT *);
+#endif
void packet_put_string(const void *buf, u_int len);
void packet_put_cstring(const char *str);
void packet_put_raw(const void *buf, u_int len);
@@ -61,7 +65,9 @@
u_int64_t packet_get_int64(void);
void packet_get_bignum(BIGNUM * value);
void packet_get_bignum2(BIGNUM * value);
+#ifdef OPENSSL_HAS_ECC
void packet_get_ecpoint(const EC_GROUP *, EC_POINT *);
+#endif
void *packet_get_raw(u_int *length_ptr);
void *packet_get_string(u_int *length_ptr);
char *packet_get_cstring(u_int *length_ptr);
diff --git a/ssh-agent.c b/ssh-agent.c
index 8f19fb1..45c8e37 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -466,11 +466,12 @@
Idtab *tab = idtab_lookup(version);
Identity *id;
int type, success = 0, death = 0, confirm = 0;
- char *type_name, *comment, *curve;
+ char *type_name, *comment;
Key *k = NULL;
#ifdef OPENSSL_HAS_ECC
BIGNUM *exponent;
EC_POINT *q;
+ int *curve;
#endif
u_char *cert;
u_int len;
diff --git a/ssh.c b/ssh.c
index 3ade744..70c71bc 100644
--- a/ssh.c
+++ b/ssh.c
@@ -849,10 +849,19 @@
*/
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
- if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
+ if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
+#ifdef WITH_SELINUX
+ char *scon;
+
+ matchpathcon(buf, 0700, &scon);
+ setfscreatecon(scon);
+#endif
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);
-
+#ifdef WITH_SELINUX
+ setfscreatecon(NULL);
+#endif
+ }
/* load options.identity_files */
load_public_identity_files();