Compile ED25519 and X25519 only when building with OpenSSL 1.1

common/util.c

@@ -111,10 +111,12 @@ unsigned char get_algorithm(EVP_PKEY *key) {
           return 0;
         }
       }
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     case EVP_PKEY_ED25519:
       return YKPIV_ALGO_ED25519;
     case EVP_PKEY_X25519:
       return YKPIV_ALGO_X25519;
+#endif
     default:
       fprintf(stderr, "Unknown algorithm %d.\n", type);
       return 0;
@@ -524,10 +526,12 @@ int get_hashnid(enum enum_hash hash, unsigned char algorithm) {
         default:
           return 0;
       }
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     case YKPIV_ALGO_ED25519:
       return  NID_ED25519;
     case YKPIV_ALGO_X25519:
       return NID_X25519;
+#endif
     default:
       return 0;
   }
@@ -547,10 +551,12 @@ unsigned char get_piv_algorithm(enum enum_algorithm algorithm) {
       return YKPIV_ALGO_ECCP256;
     case algorithm_arg_ECCP384:
       return YKPIV_ALGO_ECCP384;
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     case algorithm_arg_ED25519:
       return YKPIV_ALGO_ED25519;
     case algorithm_arg_X25519:
       return YKPIV_ALGO_X25519;
+#endif
     case algorithm__NULL:
     default:
       return 0;

lib/util.c

@@ -818,8 +818,10 @@ ykpiv_rc ykpiv_util_generate_key(ykpiv_state *state, uint8_t slot, uint8_t algor
 
   case YKPIV_ALGO_ECCP256:
   case YKPIV_ALGO_ECCP384:
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
   case YKPIV_ALGO_ED25519:
   case YKPIV_ALGO_X25519:
+#endif
     if (!point || !point_len) {
       DBG("Invalid output parameter for ECC algorithm");
       return YKPIV_ARGUMENT_ERROR;

lib/ykpiv.c

@@ -1223,8 +1223,10 @@ static ykpiv_rc _general_authenticate(ykpiv_state *state,
       }
       break;
     case YKPIV_ALGO_ECCP256:
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     case YKPIV_ALGO_ED25519:
     case YKPIV_ALGO_X25519:
+#endif
       key_len = 32;
       // fall through
     case YKPIV_ALGO_ECCP384:
@@ -1969,6 +1971,7 @@ ykpiv_rc ykpiv_import_private_key(ykpiv_state *state, const unsigned char key, u
     param_tag = 0x06;
     n_params = 1;
   }
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
   else if (YKPIV_IS_25519(algorithm)) {
     elem_len = 32;
     if (ec_data == NULL)
@@ -1983,6 +1986,7 @@ ykpiv_rc ykpiv_import_private_key(ykpiv_state *state, const unsigned char key, u
     }
     n_params = 1;
   }
+#endif
   else
     return YKPIV_ALGORITHM_ERROR;
 

tool/yubico-piv-tool.c

@@ -252,11 +252,13 @@ static EVP_PKEY* wrap_public_key(ykpiv_state *state, int algorithm, EVP_PKEY *pu
       fprintf(stderr, "Failed to wrap public EC key\n");
     }
     EVP_PKEY_assign_EC_KEY(pkey, sk);
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
   } else if (algorithm == YKPIV_ALGO_ED25519) {
     EVP_PKEY_assign(pkey, EVP_PKEY_ED25519, public_key);
   } else if (algorithm == YKPIV_ALGO_X25519) {
     EVP_PKEY_assign(pkey, EVP_PKEY_X25519, public_key);
   }
+#endif
   return pkey;
 }
 #endif
@@ -372,12 +374,14 @@ static bool generate_key(ykpiv_state *state, enum enum_slot slot,
         }
       }
         break;
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
       case algorithm_arg_ED25519:
         public_key = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, point, point_len);
         break;
       case algorithm_arg_X25519:
         public_key = EVP_PKEY_new_raw_public_key(EVP_PKEY_X25519, NULL, point, point_len);
         break;
+#endif
       default:
         fprintf(stderr, "Wrong algorithm.\n");
     }
@@ -1661,12 +1665,14 @@ static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_M
     case YKPIV_ALGO_ECCP384:
       fprintf(output, "ECCP384\n");
       break;
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     case YKPIV_ALGO_ED25519:
       fprintf(output, "ED25519\n");
       break;
     case YKPIV_ALGO_X25519:
       fprintf(output, "X25519\n");
       break;
+#endif
     default:
       fprintf(output, "Unknown\n");
   }