Binary files ssh/.ssh-pkcs11.c.swp and ssh-/.ssh-pkcs11.c.swp differ diff -urN ssh/Makefile.inc ssh-/Makefile.inc --- Makefile.inc Mon Jan 21 21:38:54 2019 +++ Makefile.inc Thu Apr 18 09:50:10 2019 @@ -20,7 +20,7 @@ CDIAGFLAGS+= -Wold-style-definition .endif -#CDIAGFLAGS+= -Werror +CDIAGFLAGS+= -Werror #DEBUG=-g #INSTALL_STRIP= diff -urN ssh/ssh-pkcs11-client.c ssh-/ssh-pkcs11-client.c --- ssh-pkcs11-client.c Mon Jan 21 23:53:35 2019 +++ ssh-pkcs11-client.c Thu Apr 18 09:52:09 2019 @@ -155,6 +155,7 @@ return (ret); } +#if 0 static ECDSA_SIG * ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, const BIGNUM *rp, EC_KEY *ec) @@ -211,9 +212,12 @@ sshbuf_free(msg); return (ret); } +#endif static RSA_METHOD *helper_rsa; +#if 0 static EC_KEY_METHOD *helper_ecdsa; +#endif /* redirect private key crypto operations to the ssh-pkcs11-helper */ static void @@ -221,8 +225,10 @@ { if (k->type == KEY_RSA) RSA_set_method(k->rsa, helper_rsa); +#if 0 else if (k->type == KEY_ECDSA) EC_KEY_set_method(k->ecdsa, helper_ecdsa); +#endif else fatal("%s: unknown key type", __func__); } @@ -230,9 +236,10 @@ static int pkcs11_start_helper_methods(void) { - if (helper_ecdsa != NULL) + if (helper_rsa != NULL) return (0); +#if 0 int (*orig_sign)(int, const unsigned char *, int, unsigned char *, unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL; if (helper_ecdsa != NULL) @@ -242,7 +249,7 @@ return (-1); EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL); EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign); - +#endif if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) fatal("%s: RSA_meth_dup failed", __func__); if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") || diff -urN ssh/ssh-pkcs11.c ssh-/ssh-pkcs11.c --- ssh-pkcs11.c Sat Mar 9 04:24:43 2019 +++ ssh-pkcs11.c Thu Apr 18 09:56:36 2019 @@ -68,7 +68,7 @@ int pkcs11_interactive = 0; -#ifdef HAVE_DLOPEN +#if 0 static void ossl_error(const char *msg) { @@ -183,8 +183,10 @@ #ifdef HAVE_DLOPEN static RSA_METHOD *rsa_method; static int rsa_idx = 0; +#if 0 static EC_KEY_METHOD *ec_key_method; static int ec_key_idx = 0; +#endif /* release a wrapped object */ static void @@ -474,6 +476,7 @@ return (0); } +#if 0 /* openssl callback doing the actual signing operation */ static ECDSA_SIG * ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, @@ -563,6 +566,13 @@ } static int +pkcs11_ecdsa_start_wrapper(void) +{ + /* not implemented */ + return -1; +} + +static int pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, CK_ATTRIBUTE *keyid_attrib, EC_KEY *ec) { @@ -585,6 +595,7 @@ return (0); } +#endif /* remove trailing spaces */ static void @@ -680,6 +691,7 @@ return (0); } +#if 0 static struct sshkey * pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, CK_OBJECT_HANDLE *obj) @@ -802,6 +814,7 @@ return (key); } +#endif static struct sshkey * pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, @@ -906,7 +919,9 @@ EC_KEY *ec = NULL; struct sshkey *key = NULL; int i; +#if 0 int nid; +#endif const u_char *cp; memset(&cert_attr, 0, sizeof(cert_attr)); @@ -988,6 +1003,7 @@ key->type = KEY_RSA; key->flags |= SSHKEY_FLAG_EXT; rsa = NULL; /* now owned by key */ +#if 0 } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { if (EVP_PKEY_get0_EC_KEY(evp) == NULL) { error("invalid x509; no ec key"); @@ -1018,6 +1034,7 @@ key->type = KEY_ECDSA; key->flags |= SSHKEY_FLAG_EXT; ec = NULL; /* now owned by key */ +#endif } else error("unknown certificate key type"); @@ -1202,9 +1219,11 @@ case CKK_RSA: key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj); break; +#if 0 case CKK_ECDSA: key = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj); break; +#endif default: /* XXX print key type? */ key = NULL;