if (client_params->u.dh.public_key)
BN_free(client_params->u.dh.public_key);
}
+#ifdef HAVE_OPENSSL
if (client_params->keyex == USE_ECDH) {
if (client_params->u.ecdh.key)
EC_KEY_free(client_params->u.ecdh.key);
if (client_params->u.ecdh.public_key)
EC_KEY_free(client_params->u.ecdh.public_key);
}
+#endif
krb5_free_keyblock_contents(context, &client_params->reply_key);
if (client_params->dh_group_name)
free(client_params->dh_group_name);
goto out;
}
ret = 0;
+#ifdef HAVE_OPENSSL
} else if (client_params->keyex == USE_ECDH) {
if (client_params->u.ecdh.public_key == NULL) {
EC_KEY_get0_public_key(client_params->u.ecdh.public_key),
client_params->u.ecdh.key, NULL);
ret = 0;
+#endif
} else {
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret,
return ret;
}
+#ifdef HAVE_OPENSSL
static krb5_error_code
get_ecdh_param(krb5_context context,
krb5_kdc_configuration *config,
free_ECParameters(&ecp);
return ret;
}
+#endif
krb5_error_code
_kdc_pk_rd_padata(krb5_context context,
client_params->keyex = USE_DH;
ret = get_dh_param(context, config,
ap.clientPublicValue, client_params);
+#ifdef HAVE_OPENSSL
} else if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_ecPublicKey) == 0) {
client_params->keyex = USE_ECDH;
ret = get_ecdh_param(context, config,
ap.clientPublicValue, client_params);
+#endif
} else {
ret = KRB5_BADMSGTYPE;
krb5_set_error_message(context, ret, "PKINIT unknown DH mechanism");