Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / b03ebe2c22b8166e4f64c37737f4278676e3488d^! / .
commitb03ebe2c22b8166e4f64c37737f4278676e3488d[log] [tgz]
authorDamien Miller <djm@mindrot.org>Thu Jan 15 03:08:58 2015 +1100
committerDamien Miller <djm@mindrot.org>Thu Jan 15 03:08:58 2015 +1100
tree4b5e6701543cc6c79f3638759c7fc420491a4719
parentbc42cc6fe784f36df225c44c93b74830027cb5a2 [diff]
more --without-openssl

fix some regressions caused by upstream merges

enable KRLs now that they no longer require BIGNUMs

diff --git a/authfile.c b/authfile.c
index de97086..d47e005 100644
--- a/authfile.c
+++ b/authfile.c

@@ -551,12 +551,10 @@
 {
 	int r;
 
-#ifdef WITH_OPENSSL
 	r = ssh_krl_file_contains_key(revoked_keys_file, key);
 	/* If this was not a KRL to begin with then continue below */
 	if (r != SSH_ERR_KRL_BAD_MAGIC)
 		return r;
-#endif
 
 	/*
 	 * If the file is not a KRL or we can't handle KRLs then attempt to

diff --git a/krl.c b/krl.c
index b19def7..3917338 100644
--- a/krl.c
+++ b/krl.c

@@ -18,8 +18,6 @@
 
 #include "includes.h"
 
-#ifdef WITH_OPENSSL /* XXX just fix bignums and this is good */
-
 #include <sys/types.h>
 #include <sys/param.h>
 #include <openbsd-compat/sys-tree.h>
@@ -1284,4 +1282,3 @@
 		errno = oerrno;
 	return r;
 }
-#endif /* WITH_OPENSSL */

diff --git a/ssh-agent.c b/ssh-agent.c
index 4925d47..43000a4 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c

@@ -524,6 +524,7 @@
 		return (deadline - now);
 }
 
+#ifdef WITH_SSH1
 /*
  * XXX this and the corresponding serialisation function probably belongs
  * in key.c
@@ -565,6 +566,7 @@
 		sshkey_free(k);
 	return r;
 }
+#endif
 
 static void
 process_add_identity(SocketEntry *e, int version)

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 75f8e2e..7f775ff 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c

@@ -1964,7 +1964,6 @@
 	exit(0);
 }
 
-#ifdef WITH_OPENSSL
 static void
 load_krl(const char *path, struct ssh_krl **krlp)
 {
@@ -2106,12 +2105,10 @@
 		fclose(krl_spec);
 	free(path);
 }
-#endif /* WITH_OPENSSL */
 
 static void
 do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
 {
-#ifdef WITH_OPENSSL
 	struct ssh_krl *krl;
 	struct stat sb;
 	Key *ca = NULL;
@@ -2161,15 +2158,11 @@
 	ssh_krl_free(krl);
 	if (ca != NULL)
 		key_free(ca);
-#else /* WITH_OPENSSL */
-	fatal("KRLs not supported without OpenSSL");
-#endif /* WITH_OPENSSL */
 }
 
 static void
 do_check_krl(struct passwd *pw, int argc, char **argv)
 {
-#ifdef WITH_OPENSSL
 	int i, r, ret = 0;
 	char *comment;
 	struct ssh_krl *krl;
@@ -2192,9 +2185,6 @@
 	}
 	ssh_krl_free(krl);
 	exit(ret);
-#else /* WITH_OPENSSL */
-	fatal("KRLs not supported without OpenSSL");
-#endif /* WITH_OPENSSL */
 }
 
 static void

diff --git a/sshbuf.h b/sshbuf.h
index ac01919..eb0d92e 100644
--- a/sshbuf.h
+++ b/sshbuf.h

@@ -209,11 +209,11 @@
  * curve points.
  */
 int	sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len);
+int	sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
+	    const u_char **valp, size_t *lenp);
 #ifdef WITH_OPENSSL
 int	sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v);
 int	sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v);
-int	sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
-	    const u_char **valp, size_t *lenp);
 int	sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
 int	sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v);
 # ifdef OPENSSL_HAS_ECC