1*bf801ff5Sdjm /* $OpenBSD: sshkey.h,v 1.65 2024/09/04 05:33:34 djm Exp $ */ 2811ca2d4Sdjm 3811ca2d4Sdjm /* 4811ca2d4Sdjm * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 5811ca2d4Sdjm * 6811ca2d4Sdjm * Redistribution and use in source and binary forms, with or without 7811ca2d4Sdjm * modification, are permitted provided that the following conditions 8811ca2d4Sdjm * are met: 9811ca2d4Sdjm * 1. Redistributions of source code must retain the above copyright 10811ca2d4Sdjm * notice, this list of conditions and the following disclaimer. 11811ca2d4Sdjm * 2. Redistributions in binary form must reproduce the above copyright 12811ca2d4Sdjm * notice, this list of conditions and the following disclaimer in the 13811ca2d4Sdjm * documentation and/or other materials provided with the distribution. 14811ca2d4Sdjm * 15811ca2d4Sdjm * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16811ca2d4Sdjm * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17811ca2d4Sdjm * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18811ca2d4Sdjm * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19811ca2d4Sdjm * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20811ca2d4Sdjm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21811ca2d4Sdjm * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22811ca2d4Sdjm * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23811ca2d4Sdjm * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24811ca2d4Sdjm * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25811ca2d4Sdjm */ 26811ca2d4Sdjm #ifndef SSHKEY_H 27811ca2d4Sdjm #define SSHKEY_H 28811ca2d4Sdjm 29811ca2d4Sdjm #include <sys/types.h> 30811ca2d4Sdjm 31811ca2d4Sdjm #ifdef WITH_OPENSSL 32811ca2d4Sdjm #include <openssl/rsa.h> 33811ca2d4Sdjm #include <openssl/dsa.h> 34811ca2d4Sdjm #include <openssl/ec.h> 3521f43f82Sdjm #include <openssl/ecdsa.h> 365411e769Sdjm #include <openssl/evp.h> 373dde278fSdtucker #define SSH_OPENSSL_VERSION OpenSSL_version(OPENSSL_VERSION) 38811ca2d4Sdjm #else /* OPENSSL */ 397c94020aSdjm #define BIGNUM void 40811ca2d4Sdjm #define RSA void 41811ca2d4Sdjm #define DSA void 42811ca2d4Sdjm #define EC_KEY void 43811ca2d4Sdjm #define EC_GROUP void 44811ca2d4Sdjm #define EC_POINT void 455411e769Sdjm #define EVP_PKEY void 463dde278fSdtucker #define SSH_OPENSSL_VERSION "without OpenSSL" 47811ca2d4Sdjm #endif /* WITH_OPENSSL */ 48811ca2d4Sdjm 49654a3af3Sdjm #define SSH_RSA_MINIMUM_MODULUS_SIZE 1024 50811ca2d4Sdjm #define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20) 51811ca2d4Sdjm 52811ca2d4Sdjm struct sshbuf; 53811ca2d4Sdjm 54811ca2d4Sdjm /* Key types */ 55811ca2d4Sdjm enum sshkey_types { 56811ca2d4Sdjm KEY_RSA, 57811ca2d4Sdjm KEY_DSA, 58811ca2d4Sdjm KEY_ECDSA, 59811ca2d4Sdjm KEY_ED25519, 60811ca2d4Sdjm KEY_RSA_CERT, 61811ca2d4Sdjm KEY_DSA_CERT, 62811ca2d4Sdjm KEY_ECDSA_CERT, 63811ca2d4Sdjm KEY_ED25519_CERT, 64a6be8e7cSmarkus KEY_XMSS, 65a6be8e7cSmarkus KEY_XMSS_CERT, 664f5eb3ebSdjm KEY_ECDSA_SK, 674f5eb3ebSdjm KEY_ECDSA_SK_CERT, 6859bab1bcSmarkus KEY_ED25519_SK, 6959bab1bcSmarkus KEY_ED25519_SK_CERT, 70811ca2d4Sdjm KEY_UNSPEC 71811ca2d4Sdjm }; 72811ca2d4Sdjm 733dbedef4Sdjm /* Default fingerprint hash */ 743dbedef4Sdjm #define SSH_FP_HASH_DEFAULT SSH_DIGEST_SHA256 75811ca2d4Sdjm 76811ca2d4Sdjm /* Fingerprint representation formats */ 77811ca2d4Sdjm enum sshkey_fp_rep { 783dbedef4Sdjm SSH_FP_DEFAULT = 0, 79811ca2d4Sdjm SSH_FP_HEX, 803dbedef4Sdjm SSH_FP_BASE64, 81811ca2d4Sdjm SSH_FP_BUBBLEBABBLE, 82811ca2d4Sdjm SSH_FP_RANDOMART 83811ca2d4Sdjm }; 84811ca2d4Sdjm 85a6be8e7cSmarkus /* Private key serialisation formats, used on the wire */ 86a6be8e7cSmarkus enum sshkey_serialize_rep { 87a6be8e7cSmarkus SSHKEY_SERIALIZE_DEFAULT = 0, 88d3c68393Smarkus SSHKEY_SERIALIZE_STATE = 1, /* only state is serialized */ 89d3c68393Smarkus SSHKEY_SERIALIZE_FULL = 2, /* include keys for saving to disk */ 90d3c68393Smarkus SSHKEY_SERIALIZE_SHIELD = 3, /* everything, for encrypting in ram */ 91d3c68393Smarkus SSHKEY_SERIALIZE_INFO = 254, /* minimal information */ 92a6be8e7cSmarkus }; 93a6be8e7cSmarkus 9446250577Sdjm /* Private key disk formats */ 9546250577Sdjm enum sshkey_private_format { 9646250577Sdjm SSHKEY_PRIVATE_OPENSSH = 0, 9746250577Sdjm SSHKEY_PRIVATE_PEM = 1, 9846250577Sdjm SSHKEY_PRIVATE_PKCS8 = 2, 9946250577Sdjm }; 10046250577Sdjm 101811ca2d4Sdjm /* key is stored in external hardware */ 102811ca2d4Sdjm #define SSHKEY_FLAG_EXT 0x0001 103811ca2d4Sdjm 104811ca2d4Sdjm #define SSHKEY_CERT_MAX_PRINCIPALS 256 105811ca2d4Sdjm /* XXX opaquify? */ 106811ca2d4Sdjm struct sshkey_cert { 107811ca2d4Sdjm struct sshbuf *certblob; /* Kept around for use on wire */ 108811ca2d4Sdjm u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ 109811ca2d4Sdjm u_int64_t serial; 110811ca2d4Sdjm char *key_id; 111811ca2d4Sdjm u_int nprincipals; 112811ca2d4Sdjm char **principals; 113811ca2d4Sdjm u_int64_t valid_after, valid_before; 114811ca2d4Sdjm struct sshbuf *critical; 115811ca2d4Sdjm struct sshbuf *extensions; 116811ca2d4Sdjm struct sshkey *signature_key; 1170ff10372Sdjm char *signature_type; 118811ca2d4Sdjm }; 119811ca2d4Sdjm 120811ca2d4Sdjm /* XXX opaquify? */ 121811ca2d4Sdjm struct sshkey { 122811ca2d4Sdjm int type; 123811ca2d4Sdjm int flags; 1244f5eb3ebSdjm /* KEY_DSA */ 125811ca2d4Sdjm DSA *dsa; 1264f5eb3ebSdjm /* KEY_ECDSA and KEY_ECDSA_SK */ 127811ca2d4Sdjm int ecdsa_nid; /* NID of curve */ 1285411e769Sdjm /* libcrypto-backed keys */ 1295411e769Sdjm EVP_PKEY *pkey; 13027c8f7c6Smarkus /* KEY_ED25519 and KEY_ED25519_SK */ 131811ca2d4Sdjm u_char *ed25519_sk; 132811ca2d4Sdjm u_char *ed25519_pk; 1334f5eb3ebSdjm /* KEY_XMSS */ 134a6be8e7cSmarkus char *xmss_name; 135a6be8e7cSmarkus char *xmss_filename; /* for state file updates */ 136a6be8e7cSmarkus void *xmss_state; /* depends on xmss_name, opaque */ 137a6be8e7cSmarkus u_char *xmss_sk; 138a6be8e7cSmarkus u_char *xmss_pk; 13927c8f7c6Smarkus /* KEY_ECDSA_SK and KEY_ED25519_SK */ 1404f5eb3ebSdjm char *sk_application; 1414f5eb3ebSdjm uint8_t sk_flags; 1424f5eb3ebSdjm struct sshbuf *sk_key_handle; 1434f5eb3ebSdjm struct sshbuf *sk_reserved; 1444f5eb3ebSdjm /* Certificates */ 145811ca2d4Sdjm struct sshkey_cert *cert; 1464f5eb3ebSdjm /* Private key shielding */ 147707316f9Sdjm u_char *shielded_private; 148707316f9Sdjm size_t shielded_len; 149707316f9Sdjm u_char *shield_prekey; 150707316f9Sdjm size_t shield_prekey_len; 151811ca2d4Sdjm }; 152811ca2d4Sdjm 153811ca2d4Sdjm #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES 154811ca2d4Sdjm #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES 155811ca2d4Sdjm 156493ad5b0Sdjm /* Additional fields contained in signature */ 157493ad5b0Sdjm struct sshkey_sig_details { 158493ad5b0Sdjm uint32_t sk_counter; /* U2F signature counter */ 159493ad5b0Sdjm uint8_t sk_flags; /* U2F signature flags; see ssh-sk.h */ 160493ad5b0Sdjm }; 161493ad5b0Sdjm 1629c1667dbSdjm struct sshkey_impl_funcs { 1639c1667dbSdjm u_int (*size)(const struct sshkey *); /* optional */ 1649c1667dbSdjm int (*alloc)(struct sshkey *); /* optional */ 1659c1667dbSdjm void (*cleanup)(struct sshkey *); /* optional */ 166712f5ecfSdjm int (*equal)(const struct sshkey *, const struct sshkey *); 167eefcf659Sdjm int (*serialize_public)(const struct sshkey *, struct sshbuf *, 168c8d92406Sdjm enum sshkey_serialize_rep); 169c8d92406Sdjm int (*deserialize_public)(const char *, struct sshbuf *, 170c8d92406Sdjm struct sshkey *); 171d03db38bSdjm int (*serialize_private)(const struct sshkey *, struct sshbuf *, 172d03db38bSdjm enum sshkey_serialize_rep); 173a2c931d9Sdjm int (*deserialize_private)(const char *, struct sshbuf *, 174a2c931d9Sdjm struct sshkey *); 175b6025febSdjm int (*generate)(struct sshkey *, int); /* optional */ 1760d39f001Sdjm int (*copy_public)(const struct sshkey *, struct sshkey *); 177c5c174faSdjm int (*sign)(struct sshkey *, u_char **, size_t *, 178c5c174faSdjm const u_char *, size_t, const char *, 179c5c174faSdjm const char *, const char *, u_int); /* optional */ 180c5c174faSdjm int (*verify)(const struct sshkey *, const u_char *, size_t, 181c5c174faSdjm const u_char *, size_t, const char *, u_int, 182c5c174faSdjm struct sshkey_sig_details **); 1839c1667dbSdjm }; 1849c1667dbSdjm 1859c1667dbSdjm struct sshkey_impl { 1869c1667dbSdjm const char *name; 1879c1667dbSdjm const char *shortname; 1889c1667dbSdjm const char *sigalg; 1899c1667dbSdjm int type; 1909c1667dbSdjm int nid; 1919c1667dbSdjm int cert; 1929c1667dbSdjm int sigonly; 1939c1667dbSdjm int keybits; 1949c1667dbSdjm const struct sshkey_impl_funcs *funcs; 1959c1667dbSdjm }; 1969c1667dbSdjm 197811ca2d4Sdjm struct sshkey *sshkey_new(int); 198811ca2d4Sdjm void sshkey_free(struct sshkey *); 199811ca2d4Sdjm int sshkey_equal_public(const struct sshkey *, 200811ca2d4Sdjm const struct sshkey *); 201811ca2d4Sdjm int sshkey_equal(const struct sshkey *, const struct sshkey *); 202811ca2d4Sdjm char *sshkey_fingerprint(const struct sshkey *, 2033dbedef4Sdjm int, enum sshkey_fp_rep); 204811ca2d4Sdjm int sshkey_fingerprint_raw(const struct sshkey *k, 2053dbedef4Sdjm int, u_char **retp, size_t *lenp); 206811ca2d4Sdjm const char *sshkey_type(const struct sshkey *); 207811ca2d4Sdjm const char *sshkey_cert_type(const struct sshkey *); 208b7101b40Sdjm int sshkey_format_text(const struct sshkey *, struct sshbuf *); 209811ca2d4Sdjm int sshkey_write(const struct sshkey *, FILE *); 210811ca2d4Sdjm int sshkey_read(struct sshkey *, char **); 211811ca2d4Sdjm u_int sshkey_size(const struct sshkey *); 212811ca2d4Sdjm 213811ca2d4Sdjm int sshkey_generate(int type, u_int bits, struct sshkey **keyp); 214811ca2d4Sdjm int sshkey_from_private(const struct sshkey *, struct sshkey **); 215707316f9Sdjm 216707316f9Sdjm int sshkey_is_shielded(struct sshkey *); 217707316f9Sdjm int sshkey_shield_private(struct sshkey *); 218707316f9Sdjm int sshkey_unshield_private(struct sshkey *); 219707316f9Sdjm 220811ca2d4Sdjm int sshkey_type_from_name(const char *); 221*bf801ff5Sdjm int sshkey_type_from_shortname(const char *); 222811ca2d4Sdjm int sshkey_is_cert(const struct sshkey *); 22327c8f7c6Smarkus int sshkey_is_sk(const struct sshkey *); 224811ca2d4Sdjm int sshkey_type_is_cert(int); 225811ca2d4Sdjm int sshkey_type_plain(int); 226661a795cSdjm 227661a795cSdjm /* Returns non-zero if key name match sigalgs pattern list. (handles RSA) */ 228661a795cSdjm int sshkey_match_keyname_to_sigalgs(const char *, const char *); 229661a795cSdjm 2305e456000Sdjm int sshkey_to_certified(struct sshkey *); 231811ca2d4Sdjm int sshkey_drop_cert(struct sshkey *); 232811ca2d4Sdjm int sshkey_cert_copy(const struct sshkey *, struct sshkey *); 233fb196569Sdjm int sshkey_cert_check_authority(const struct sshkey *, int, int, int, 234c31299abSdjm uint64_t, const char *, const char **); 235c31299abSdjm int sshkey_cert_check_authority_now(const struct sshkey *, int, int, int, 236811ca2d4Sdjm const char *, const char **); 237fb196569Sdjm int sshkey_cert_check_host(const struct sshkey *, const char *, 238fb196569Sdjm int , const char *, const char **); 239e0afdfdeSdjm size_t sshkey_format_cert_validity(const struct sshkey_cert *, 240e0afdfdeSdjm char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); 2414668e1f3Sdjm int sshkey_check_cert_sigtype(const struct sshkey *, const char *); 242811ca2d4Sdjm 243e3a62e69Sdjm int sshkey_certify(struct sshkey *, struct sshkey *, 2441f63d3c4Sdjm const char *, const char *, const char *); 2458705e2e1Sdjm /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ 246707316f9Sdjm typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *, 2471f63d3c4Sdjm const u_char *, size_t, const char *, const char *, const char *, 2481f63d3c4Sdjm u_int, void *); 2498705e2e1Sdjm int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, 2501f63d3c4Sdjm const char *, const char *, sshkey_certify_signer *, void *); 2518705e2e1Sdjm 252811ca2d4Sdjm int sshkey_ecdsa_nid_from_name(const char *); 253811ca2d4Sdjm int sshkey_curve_name_to_nid(const char *); 254811ca2d4Sdjm const char * sshkey_curve_nid_to_name(int); 255811ca2d4Sdjm u_int sshkey_curve_nid_to_bits(int); 256811ca2d4Sdjm int sshkey_ecdsa_bits_to_nid(int); 2575411e769Sdjm int sshkey_ecdsa_key_to_nid(const EC_KEY *); 2585411e769Sdjm int sshkey_ecdsa_pkey_to_nid(EVP_PKEY *); 259811ca2d4Sdjm int sshkey_ec_nid_to_hash_alg(int nid); 260811ca2d4Sdjm int sshkey_ec_validate_public(const EC_GROUP *, const EC_POINT *); 261811ca2d4Sdjm int sshkey_ec_validate_private(const EC_KEY *); 262811ca2d4Sdjm const char *sshkey_ssh_name(const struct sshkey *); 263811ca2d4Sdjm const char *sshkey_ssh_name_plain(const struct sshkey *); 264fd6d8a57Sdjm int sshkey_names_valid2(const char *, int, int); 26546f45969Sdjm char *sshkey_alg_list(int, int, int, char); 266811ca2d4Sdjm 267811ca2d4Sdjm int sshkey_from_blob(const u_char *, size_t, struct sshkey **); 2684736d833Sdjm int sshkey_fromb(struct sshbuf *, struct sshkey **); 2694736d833Sdjm int sshkey_froms(struct sshbuf *, struct sshkey **); 270811ca2d4Sdjm int sshkey_to_blob(const struct sshkey *, u_char **, size_t *); 2713f5e6877Sdjm int sshkey_to_base64(const struct sshkey *, char **); 2724736d833Sdjm int sshkey_putb(const struct sshkey *, struct sshbuf *); 2734736d833Sdjm int sshkey_puts(const struct sshkey *, struct sshbuf *); 274a6be8e7cSmarkus int sshkey_puts_opts(const struct sshkey *, struct sshbuf *, 275a6be8e7cSmarkus enum sshkey_serialize_rep); 276811ca2d4Sdjm int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); 2774736d833Sdjm int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); 278811ca2d4Sdjm 279707316f9Sdjm int sshkey_sign(struct sshkey *, u_char **, size_t *, 2801f63d3c4Sdjm const u_char *, size_t, const char *, const char *, const char *, u_int); 281811ca2d4Sdjm int sshkey_verify(const struct sshkey *, const u_char *, size_t, 282493ad5b0Sdjm const u_char *, size_t, const char *, u_int, struct sshkey_sig_details **); 28338a44c4dSdjm int sshkey_check_sigtype(const u_char *, size_t, const char *); 284d443285fSdjm const char *sshkey_sigalg_by_name(const char *); 28559ec76efSdjm int sshkey_get_sigtype(const u_char *, size_t, char **); 286811ca2d4Sdjm 2875411e769Sdjm /* Signing and verification backend for libcrypto-backed keys */ 2885411e769Sdjm int sshkey_pkey_digest_sign(EVP_PKEY*, int, u_char **, 2895411e769Sdjm size_t *, const u_char *, size_t); 2905411e769Sdjm int sshkey_pkey_digest_verify(EVP_PKEY *, int, const u_char *, 2915411e769Sdjm size_t, u_char *, size_t); 2925411e769Sdjm 293811ca2d4Sdjm /* for debug */ 294811ca2d4Sdjm void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); 295811ca2d4Sdjm void sshkey_dump_ec_key(const EC_KEY *); 296811ca2d4Sdjm 297811ca2d4Sdjm /* private key parsing and serialisation */ 298707316f9Sdjm int sshkey_private_serialize(struct sshkey *key, struct sshbuf *buf); 299707316f9Sdjm int sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, 300a6be8e7cSmarkus enum sshkey_serialize_rep); 301811ca2d4Sdjm int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); 302811ca2d4Sdjm 303811ca2d4Sdjm /* private key file format parsing and serialisation */ 304811ca2d4Sdjm int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, 305811ca2d4Sdjm const char *passphrase, const char *comment, 30646250577Sdjm int format, const char *openssh_format_cipher, int openssh_format_rounds); 307811ca2d4Sdjm int sshkey_parse_private_fileblob(struct sshbuf *buffer, 3080768ca3dStim const char *passphrase, struct sshkey **keyp, char **commentp); 309811ca2d4Sdjm int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, 310811ca2d4Sdjm const char *passphrase, struct sshkey **keyp, char **commentp); 311117d1613Sdjm int sshkey_parse_pubkey_from_private_fileblob_type(struct sshbuf *blob, 312117d1613Sdjm int type, struct sshkey **pubkeyp); 313811ca2d4Sdjm 3145958b96bSdjm int sshkey_check_rsa_length(const struct sshkey *, int); 3153671ebbeSdjm /* XXX should be internal, but used by ssh-keygen */ 3165411e769Sdjm int ssh_rsa_complete_crt_parameters(const BIGNUM *, const BIGNUM *, 3175411e769Sdjm const BIGNUM *, const BIGNUM *, BIGNUM **, BIGNUM **); 3183671ebbeSdjm 319a6be8e7cSmarkus /* stateful keys (e.g. XMSS) */ 320a6be8e7cSmarkus int sshkey_set_filename(struct sshkey *, const char *); 321a6be8e7cSmarkus int sshkey_enable_maxsign(struct sshkey *, u_int32_t); 322a6be8e7cSmarkus u_int32_t sshkey_signatures_left(const struct sshkey *); 32379e62715Sdtucker int sshkey_private_serialize_maxsign(struct sshkey *key, 32479e62715Sdtucker struct sshbuf *buf, u_int32_t maxsign, int); 325a6be8e7cSmarkus 326493ad5b0Sdjm void sshkey_sig_details_free(struct sshkey_sig_details *); 327493ad5b0Sdjm 3285411e769Sdjm #ifdef WITH_OPENSSL 3295411e769Sdjm int sshkey_ecdsa_fixup_group(EVP_PKEY *k); /* ssh-ecdsa.c */ 3305411e769Sdjm #endif 3315411e769Sdjm 332811ca2d4Sdjm #ifdef SSHKEY_INTERNAL 333712f5ecfSdjm int sshkey_sk_fields_equal(const struct sshkey *a, const struct sshkey *b); 334712f5ecfSdjm void sshkey_sk_cleanup(struct sshkey *k); 335eefcf659Sdjm int sshkey_serialize_sk(const struct sshkey *key, struct sshbuf *b); 3360d39f001Sdjm int sshkey_copy_public_sk(const struct sshkey *from, struct sshkey *to); 337c8d92406Sdjm int sshkey_deserialize_sk(struct sshbuf *b, struct sshkey *key); 338d03db38bSdjm int sshkey_serialize_private_sk(const struct sshkey *key, 339d03db38bSdjm struct sshbuf *buf); 340a2c931d9Sdjm int sshkey_private_deserialize_sk(struct sshbuf *buf, struct sshkey *k); 341c8d92406Sdjm #ifdef WITH_OPENSSL 342c8d92406Sdjm int check_rsa_length(const RSA *rsa); /* XXX remove */ 343c8d92406Sdjm #endif 344811ca2d4Sdjm #endif 345811ca2d4Sdjm 346811ca2d4Sdjm #ifndef WITH_OPENSSL 347811ca2d4Sdjm #undef RSA 348811ca2d4Sdjm #undef DSA 349811ca2d4Sdjm #undef EC_KEY 350811ca2d4Sdjm #undef EC_GROUP 351811ca2d4Sdjm #undef EC_POINT 3525411e769Sdjm #undef EVP_PKEY 353811ca2d4Sdjm #endif /* WITH_OPENSSL */ 354811ca2d4Sdjm 355811ca2d4Sdjm #endif /* SSHKEY_H */ 356