summaryrefslogtreecommitdiff
path: root/sshkey.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2019-12-14 09:21:46 +1100
committerDamien Miller <djm@mindrot.org>2019-12-14 09:21:46 +1100
commit9244990ecdcfa36bb9371058111685b05f201c1e (patch)
treea068b6ce79b806f20c0159cf3306a0234ef1f387 /sshkey.c
parenta33ab1688b5c460a7e2a301418241ce1b13b2638 (diff)
remove a bunch of ENABLE_SK #ifdefs
The ssh-sk-helper client API gives us a nice place to disable security key support when it is wasn't enabled at compile time, so we don't need to check everywere. Also, verification of security key signatures can remain enabled all the time - it has no additional dependencies. So sshd can accept security key pubkeys in authorized_keys, etc regardless of the host's support for dlopen, etc.
Diffstat (limited to 'sshkey.c')
-rw-r--r--sshkey.c4
1 files changed, 0 insertions, 4 deletions
diff --git a/sshkey.c b/sshkey.c
index 674303c3..3bab2e89 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -2760,7 +2760,6 @@ sshkey_sign(struct sshkey *key,
case KEY_ED25519_CERT:
r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat);
break;
-#ifdef ENABLE_SK
case KEY_ED25519_SK:
case KEY_ED25519_SK_CERT:
case KEY_ECDSA_SK_CERT:
@@ -2768,7 +2767,6 @@ sshkey_sign(struct sshkey *key,
r = sshsk_sign(sk_provider, key, sigp, lenp, data,
datalen, compat);
break;
-#endif /* ENABLE_SK */
#ifdef WITH_XMSS
case KEY_XMSS:
case KEY_XMSS_CERT:
@@ -2807,12 +2805,10 @@ sshkey_verify(const struct sshkey *key,
case KEY_ECDSA_CERT:
case KEY_ECDSA:
return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat);
-# ifdef ENABLE_SK
case KEY_ECDSA_SK_CERT:
case KEY_ECDSA_SK:
return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen,
compat, detailsp);
-# endif /* ENABLE_SK */
# endif /* OPENSSL_HAS_ECC */
case KEY_RSA_CERT:
case KEY_RSA: