Binary files ssh/.ssh-pkcs11.c.swp and ssh-/.ssh-pkcs11.c.swp differ
diff -urN ssh/Makefile.inc ssh-/Makefile.inc
--- Makefile.inc Mon Jan 21 21:38:54 2019
+++ Makefile.inc Thu Apr 18 09:50:10 2019
@@ -20,7 +20,7 @@
CDIAGFLAGS+= -Wold-style-definition
.endif
-#CDIAGFLAGS+= -Werror
+CDIAGFLAGS+= -Werror
#DEBUG=-g
#INSTALL_STRIP=
diff -urN ssh/ssh-pkcs11-client.c ssh-/ssh-pkcs11-client.c
--- ssh-pkcs11-client.c Mon Jan 21 23:53:35 2019
+++ ssh-pkcs11-client.c Thu Apr 18 09:52:09 2019
@@ -155,6 +155,7 @@
return (ret);
}
+#if 0
static ECDSA_SIG *
ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
const BIGNUM *rp, EC_KEY *ec)
@@ -211,9 +212,12 @@
sshbuf_free(msg);
return (ret);
}
+#endif
static RSA_METHOD *helper_rsa;
+#if 0
static EC_KEY_METHOD *helper_ecdsa;
+#endif
/* redirect private key crypto operations to the ssh-pkcs11-helper */
static void
@@ -221,8 +225,10 @@
{
if (k->type == KEY_RSA)
RSA_set_method(k->rsa, helper_rsa);
+#if 0
else if (k->type == KEY_ECDSA)
EC_KEY_set_method(k->ecdsa, helper_ecdsa);
+#endif
else
fatal("%s: unknown key type", __func__);
}
@@ -230,9 +236,10 @@
static int
pkcs11_start_helper_methods(void)
{
- if (helper_ecdsa != NULL)
+ if (helper_rsa != NULL)
return (0);
+#if 0
int (*orig_sign)(int, const unsigned char *, int, unsigned char *,
unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL;
if (helper_ecdsa != NULL)
@@ -242,7 +249,7 @@
return (-1);
EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL);
EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign);
-
+#endif
if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
fatal("%s: RSA_meth_dup failed", __func__);
if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") ||
diff -urN ssh/ssh-pkcs11.c ssh-/ssh-pkcs11.c
--- ssh-pkcs11.c Sat Mar 9 04:24:43 2019
+++ ssh-pkcs11.c Thu Apr 18 09:56:36 2019
@@ -68,7 +68,7 @@
int pkcs11_interactive = 0;
-#ifdef HAVE_DLOPEN
+#if 0
static void
ossl_error(const char *msg)
{
@@ -183,8 +183,10 @@
#ifdef HAVE_DLOPEN
static RSA_METHOD *rsa_method;
static int rsa_idx = 0;
+#if 0
static EC_KEY_METHOD *ec_key_method;
static int ec_key_idx = 0;
+#endif
/* release a wrapped object */
static void
@@ -474,6 +476,7 @@
return (0);
}
+#if 0
/* openssl callback doing the actual signing operation */
static ECDSA_SIG *
ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
@@ -563,6 +566,13 @@
}
static int
+pkcs11_ecdsa_start_wrapper(void)
+{
+ /* not implemented */
+ return -1;
+}
+
+static int
pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
CK_ATTRIBUTE *keyid_attrib, EC_KEY *ec)
{
@@ -585,6 +595,7 @@
return (0);
}
+#endif
/* remove trailing spaces */
static void
@@ -680,6 +691,7 @@
return (0);
}
+#if 0
static struct sshkey *
pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
CK_OBJECT_HANDLE *obj)
@@ -802,6 +814,7 @@
return (key);
}
+#endif
static struct sshkey *
pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
@@ -906,7 +919,9 @@
EC_KEY *ec = NULL;
struct sshkey *key = NULL;
int i;
+#if 0
int nid;
+#endif
const u_char *cp;
memset(&cert_attr, 0, sizeof(cert_attr));
@@ -988,6 +1003,7 @@
key->type = KEY_RSA;
key->flags |= SSHKEY_FLAG_EXT;
rsa = NULL; /* now owned by key */
+#if 0
} else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) {
if (EVP_PKEY_get0_EC_KEY(evp) == NULL) {
error("invalid x509; no ec key");
@@ -1018,6 +1034,7 @@
key->type = KEY_ECDSA;
key->flags |= SSHKEY_FLAG_EXT;
ec = NULL; /* now owned by key */
+#endif
} else
error("unknown certificate key type");
@@ -1202,9 +1219,11 @@
case CKK_RSA:
key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj);
break;
+#if 0
case CKK_ECDSA:
key = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj);
break;
+#endif
default:
/* XXX print key type? */
key = NULL;