Do not build the PKCS#11 when disabled

This prevents building the pkcs11-related functions and printing pkcs11-related
log messages when the libssh is built without PKCS#11 support.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
(cherry picked from commit ab24110ae0)

include/libssh/pki.h

@@ -193,8 +193,10 @@ bool ssh_key_size_allowed(ssh_session session, ssh_key key);
 int ssh_key_size(ssh_key key);
 
 /* PKCS11 URI function to check if filename is a path or a PKCS11 URI */
+#ifdef WITH_PKCS11_URI
 bool ssh_pki_is_uri(const char *filename);
 char *ssh_pki_export_pub_uri_from_priv_uri(const char *priv_uri);
+#endif /* WITH_PKCS11_URI */
 
 #ifdef __cplusplus
 }

include/libssh/pki_priv.h

@@ -168,8 +168,10 @@ ssh_key ssh_pki_openssh_privkey_import(const char *text_key,
 ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
         const char *passphrase, ssh_auth_callback auth_fn, void *auth_data);
 
+#ifdef WITH_PKCS11_URI
 /* URI Function */
 int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type);
+#endif /* WITH_PKCS11_URI */
 
 bool ssh_key_size_allowed_rsa(int min_size, ssh_key key);
 #ifdef __cplusplus

src/auth.c

@@ -1140,6 +1140,7 @@ int ssh_userauth_publickey_auto(ssh_session session,
             state->privkey = NULL;
             state->pubkey = NULL;
 
+#ifdef WITH_PKCS11_URI
             if (ssh_pki_is_uri(privkey_file)) {
                 char *pub_uri_from_priv = NULL;
                 SSH_LOG(SSH_LOG_INFO,
@@ -1152,7 +1153,9 @@ int ssh_userauth_publickey_auto(ssh_session session,
                              pub_uri_from_priv);
                     SAFE_FREE(pub_uri_from_priv);
                 }
-            } else {
+            } else
+#endif /* WITH_PKCS11_URI */
+            {
                 snprintf(pubkey_file, sizeof(pubkey_file), "%s.pub", privkey_file);
             }
 

src/pki.c

@@ -1721,6 +1721,7 @@ fail:
     return SSH_ERROR;
 }
 
+#ifdef WITH_PKCS11_URI
 /**
  *@brief Detect if the pathname in cmp is a PKCS #11 URI.
  *
@@ -1764,6 +1765,7 @@ char *ssh_pki_export_pub_uri_from_priv_uri(const char *priv_uri)
 
     return pub_uri_temp;
 }
+#endif /* WITH_PKCS11_URI */
 
 /**
  * @brief Import a public key from a file or a PKCS #11 device.

src/pki_crypto.c

@@ -3445,6 +3445,7 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
 }
 #endif /* HAVE_OPENSSL_ED25519 */
 
+#ifdef WITH_PKCS11_URI
 /**
  * @internal
  *
@@ -3612,5 +3613,6 @@ fail:
 
     return SSH_ERROR;
 }
+#endif /* WITH_PKCS11_URI */
 
 #endif /* _PKI_CRYPTO_H */

src/pki_gcrypt.c

@@ -2543,6 +2543,7 @@ int ssh_key_size(ssh_key key)
     }
 }
 
+#ifdef WITH_PKCS11_URI
 int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type)
 {
     (void) uri_name;
@@ -2552,4 +2553,5 @@ int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type)
             "gcrypt does not support PKCS #11");
     return SSH_ERROR;
 }
+#endif /* WITH_PKCS11_URI */
 #endif /* HAVE_LIBGCRYPT */

src/pki_mbedcrypto.c

@@ -1936,6 +1936,7 @@ int ssh_key_size(ssh_key key)
     }
 }
 
+#ifdef WITH_PKCS11_URI
 int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type)
 {
     (void) uri_name;
@@ -1945,4 +1946,5 @@ int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type)
             "mbedcrypto does not support PKCS #11");
     return SSH_ERROR;
 }
+#endif /* WITH_PKCS11_URI */
 #endif /* HAVE_LIBMBEDCRYPTO */