From 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 15 May 2014 14:24:09 +1000 Subject: [PATCH] - markus@cvs.openbsd.org 2014/04/29 18:01:49 [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm --- ChangeLog | 8 ++++ auth.c | 6 ++- authfd.c | 22 ++++++--- authfile.c | 33 +++++++++++++- bufaux.c | 4 +- cipher-aesctr.c | 78 ++++++++++++++++++++++++++++++++ cipher-aesctr.h | 35 +++++++++++++++ cipher.c | 88 ++++++++++++++++++++++++++++++++---- cipher.h | 4 +- hostfile.c | 8 +++- kex.c | 18 +++++--- key.c | 115 +++++++++++++++++++++++++++++++++++++---------- mac.c | 19 +++++++- monitor.c | 23 +++++++++- monitor_wrap.c | 12 ++++- myproposal.h | 27 ++++++++++- packet.c | 6 ++- roaming_client.c | 5 +-- ssh-agent.c | 12 ++++- ssh-keygen.c | 16 ++++++- ssh-keyscan.c | 8 +++- ssh-keysign.c | 5 ++- ssh-pkcs11.h | 6 ++- ssh.c | 22 +++++++-- sshconnect.c | 6 ++- sshconnect2.c | 4 +- sshd.c | 42 +++++++++++++++-- 27 files changed, 560 insertions(+), 72 deletions(-) create mode 100644 cipher-aesctr.c create mode 100644 cipher-aesctr.h diff --git a/ChangeLog b/ChangeLog index a68a314e8..d6eb5b99f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,14 @@ bz#1818 - don't send channel success/failre replies on channels that have sent a close already; analysis and patch from Simon Tatham; ok markus@ + - markus@cvs.openbsd.org 2014/04/29 18:01:49 + [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] + [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] + [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] + [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] + make compiling against OpenSSL optional (make OPENSSL=no); + reduces algorithms to curve25519, aes-ctr, chacha, ed25519; + allows us to explore further options; with and ok djm 20140430 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already diff --git a/auth.c b/auth.c index 9a36f1dac..fcb314cbd 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.104 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -659,6 +659,7 @@ getpwnamallow(const char *user) int auth_key_is_revoked(Key *key) { +#ifdef WITH_OPENSSL char *key_fp; if (options.revoked_keys_file == NULL) @@ -671,6 +672,7 @@ auth_key_is_revoked(Key *key) default: goto revoked; } +#endif debug3("%s: treating %s as a key list", __func__, options.revoked_keys_file); switch (key_in_file(key, options.revoked_keys_file, 0)) { @@ -682,6 +684,7 @@ auth_key_is_revoked(Key *key) error("Revoked keys file is unreadable: refusing public key " "authentication"); return 1; +#ifdef WITH_OPENSSL case 1: revoked: /* Key revoked */ @@ -690,6 +693,7 @@ auth_key_is_revoked(Key *key) "%s key %s ", key_type(key), key_fp); free(key_fp); return 1; +#endif } fatal("key_in_file returned junk"); } diff --git a/authfd.c b/authfd.c index cea3f97b4..2d5a8dd5b 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.92 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: authfd.c,v 1.93 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,9 +41,6 @@ #include #include -#include -#include - #include #include #include @@ -313,8 +310,10 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi Key * ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) { +#ifdef WITH_SSH1 int keybits; u_int bits; +#endif u_char *blob; u_int blen; Key *key = NULL; @@ -328,6 +327,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio * error if the packet is too short or contains corrupt data. */ switch (version) { +#ifdef WITH_SSH1 case 1: key = key_new(KEY_RSA1); bits = buffer_get_int(&auth->identities); @@ -339,6 +339,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio logit("Warning: identity keysize mismatch: actual %d, announced %u", BN_num_bits(key->rsa->n), bits); break; +#endif case 2: blob = buffer_get_string(&auth->identities, &blen); *comment = buffer_get_string(&auth->identities, NULL); @@ -361,6 +362,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio * supported) and 1 corresponding to protocol version 1.1. */ +#ifdef WITH_SSH1 int ssh_decrypt_challenge(AuthenticationConnection *auth, Key* key, BIGNUM *challenge, @@ -410,6 +412,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, buffer_free(&buffer); return success; } +#endif /* ask agent to sign data, returns -1 on error, 0 on success */ int @@ -457,6 +460,7 @@ ssh_agent_sign(AuthenticationConnection *auth, /* Encode key for a message to the agent. */ +#ifdef WITH_SSH1 static void ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) { @@ -470,6 +474,7 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ buffer_put_cstring(b, comment); } +#endif static void ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) @@ -493,6 +498,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, buffer_init(&msg); switch (key->type) { +#ifdef WITH_SSH1 case KEY_RSA1: type = constrained ? SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : @@ -500,6 +506,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, buffer_put_char(&msg, type); ssh_encode_identity_rsa1(&msg, key->rsa, comment); break; +#endif +#ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: case KEY_RSA_CERT_V00: @@ -508,6 +516,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, case KEY_DSA_CERT_V00: case KEY_ECDSA: case KEY_ECDSA_CERT: +#endif case KEY_ED25519: case KEY_ED25519_CERT: type = constrained ? @@ -552,12 +561,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) buffer_init(&msg); +#ifdef WITH_SSH1 if (key->type == KEY_RSA1) { buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); buffer_put_int(&msg, BN_num_bits(key->rsa->n)); buffer_put_bignum(&msg, key->rsa->e); buffer_put_bignum(&msg, key->rsa->n); - } else if (key->type != KEY_UNSPEC) { + } else +#endif + if (key->type != KEY_UNSPEC) { key_to_blob(key, &blob, &blen); buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); buffer_put_string(&msg, blob, blen); diff --git a/authfile.c b/authfile.c index 44994a810..7cb901133 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.105 2014/04/28 03:09:18 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.106 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -43,9 +43,11 @@ #include #include +#ifdef WITH_OPENSSL #include #include #include +#endif /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" @@ -419,6 +421,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase, return k; } +#ifdef WITH_SSH1 /* * Serialises the authentication (private) key to a blob, encrypting it with * passphrase. The identification of the blob (lowest 64 bits of n) will @@ -508,7 +511,9 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, return 1; } +#endif +#ifdef WITH_OPENSSL /* convert SSH v2 key in OpenSSL PEM format */ static int key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, @@ -558,6 +563,7 @@ key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, BIO_free(bio); return success; } +#endif /* Save a key blob to a file */ static int @@ -588,8 +594,11 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase, int new_format_rounds) { switch (key->type) { +#ifdef WITH_SSH1 case KEY_RSA1: return key_private_rsa1_to_blob(key, blob, passphrase, comment); +#endif +#ifdef WITH_OPENSSL case KEY_DSA: case KEY_ECDSA: case KEY_RSA: @@ -598,6 +607,7 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase, comment, new_format_cipher, new_format_rounds); } return key_private_pem_to_blob(key, blob, passphrase, comment); +#endif case KEY_ED25519: return key_private_to_blob2(key, blob, passphrase, comment, new_format_cipher, new_format_rounds); @@ -627,6 +637,7 @@ key_save_private(Key *key, const char *filename, const char *passphrase, return success; } +#ifdef WITH_SSH1 /* * Parse the public, unencrypted portion of a RSA1 key. */ @@ -671,6 +682,7 @@ key_parse_public_rsa1(Buffer *blob, char **commentp) return pub; } +#endif /* Load a key from a fd into a buffer */ int @@ -727,6 +739,7 @@ key_load_file(int fd, const char *filename, Buffer *blob) return 1; } +#ifdef WITH_SSH1 /* * Loads the public part of the ssh v1 key file. Returns NULL if an error was * encountered (the file does not exist or is not readable), and the key @@ -870,7 +883,9 @@ fail: key_free(prv); return NULL; } +#endif +#ifdef WITH_OPENSSL static Key * key_parse_private_pem(Buffer *blob, int type, const char *passphrase, char **commentp) @@ -964,6 +979,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, buffer_free(&buffer); return prv; } +#endif int key_perm_ok(int fd, const char *filename) @@ -1000,18 +1016,24 @@ key_parse_private_type(Buffer *blob, int type, const char *passphrase, Key *k; switch (type) { +#ifdef WITH_SSH1 case KEY_RSA1: return key_parse_private_rsa1(blob, passphrase, commentp); +#endif +#ifdef WITH_OPENSSL case KEY_DSA: case KEY_ECDSA: case KEY_RSA: return key_parse_private_pem(blob, type, passphrase, commentp); +#endif case KEY_ED25519: return key_parse_private2(blob, type, passphrase, commentp); case KEY_UNSPEC: if ((k = key_parse_private2(blob, type, passphrase, commentp))) return k; +#ifdef WITH_OPENSSL return key_parse_private_pem(blob, type, passphrase, commentp); +#endif default: error("%s: cannot parse key type %d", __func__, type); break; @@ -1061,6 +1083,7 @@ Key * key_parse_private(Buffer *buffer, const char *filename, const char *passphrase, char **commentp) { +#ifdef WITH_SSH1 Key *pub, *prv; /* it's a SSH v1 key if the public key part is readable */ @@ -1078,6 +1101,10 @@ key_parse_private(Buffer *buffer, const char *filename, NULL); } return prv; +#else + return key_parse_private_type(buffer, KEY_UNSPEC, + passphrase, commentp); +#endif } Key * @@ -1162,6 +1189,7 @@ key_load_public(const char *filename, char **commentp) Key *pub; char file[MAXPATHLEN]; +#ifdef WITH_SSH1 /* try rsa1 private key */ pub = key_load_public_type(KEY_RSA1, filename, commentp); if (pub != NULL) @@ -1172,6 +1200,7 @@ key_load_public(const char *filename, char **commentp) if (key_try_load_public(pub, filename, commentp) == 1) return pub; key_free(pub); +#endif /* try ssh2 public key */ pub = key_new(KEY_UNSPEC); @@ -1211,9 +1240,11 @@ key_load_private_cert(int type, const char *filename, const char *passphrase, Key *key, *pub; switch (type) { +#ifdef WITH_OPENSSL case KEY_RSA: case KEY_DSA: case KEY_ECDSA: +#endif case KEY_ED25519: break; default: diff --git a/bufaux.c b/bufaux.c index 2c8f96cde..320bc2cb6 100644 --- a/bufaux.c +++ b/bufaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.c,v 1.58 2014/04/28 03:09:18 djm Exp $ */ +/* $OpenBSD: bufaux.c,v 1.59 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,8 +41,6 @@ #include -#include - #include #include #include diff --git a/cipher-aesctr.c b/cipher-aesctr.c new file mode 100644 index 000000000..a4cf61e41 --- /dev/null +++ b/cipher-aesctr.c @@ -0,0 +1,78 @@ +/* $OpenBSD: cipher-aesctr.c,v 1.1 2014/04/29 15:39:33 markus Exp $ */ +/* + * Copyright (c) 2003 Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include "cipher-aesctr.h" + +/* + * increment counter 'ctr', + * the counter is of size 'len' bytes and stored in network-byte-order. + * (LSB at ctr[len-1], MSB at ctr[0]) + */ +static __inline__ void +aesctr_inc(u8 *ctr, u32 len) +{ + ssize_t i; + +#ifndef CONSTANT_TIME_INCREMENT + for (i = len - 1; i >= 0; i--) + if (++ctr[i]) /* continue on overflow */ + return; +#else + u8 x, add = 1; + + for (i = len - 1; i >= 0; i--) { + ctr[i] += add; + /* constant time for: x = ctr[i] ? 1 : 0 */ + x = ctr[i]; + x = (x | (x >> 4)) & 0xf; + x = (x | (x >> 2)) & 0x3; + x = (x | (x >> 1)) & 0x1; + add *= (x^1); + } +#endif +} + +void +aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +{ + x->rounds = rijndaelKeySetupEnc(x->ek, k, kbits); +} + +void +aesctr_ivsetup(aesctr_ctx *x,const u8 *iv) +{ + memcpy(x->ctr, iv, AES_BLOCK_SIZE); +} + +void +aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes) +{ + u32 n = 0; + u8 buf[AES_BLOCK_SIZE]; + + while ((bytes--) > 0) { + if (n == 0) { + rijndaelEncrypt(x->ek, x->rounds, x->ctr, buf); + aesctr_inc(x->ctr, AES_BLOCK_SIZE); + } + *(c++) = *(m++) ^ buf[n]; + n = (n + 1) % AES_BLOCK_SIZE; + } +} diff --git a/cipher-aesctr.h b/cipher-aesctr.h new file mode 100644 index 000000000..85d55bba2 --- /dev/null +++ b/cipher-aesctr.h @@ -0,0 +1,35 @@ +/* $OpenBSD: cipher-aesctr.h,v 1.1 2014/04/29 15:39:33 markus Exp $ */ +/* + * Copyright (c) 2014 Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef OPENSSH_AESCTR_H +#define OPENSSH_AESCTR_H + +#include "rijndael.h" + +#define AES_BLOCK_SIZE 16 + +typedef struct aesctr_ctx { + int rounds; /* keylen-dependent #rounds */ + u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */ + u8 ctr[AES_BLOCK_SIZE]; /* counter */ +} aesctr_ctx; + +void aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits); +void aesctr_ivsetup(aesctr_ctx *x,const u8 *iv); +void aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes); + +#endif diff --git a/cipher.c b/cipher.c index 53d9b4fb7..0ea073f55 100644 --- a/cipher.c +++ b/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.98 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -53,9 +53,11 @@ /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" +#ifdef WITH_SSH1 extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); +#endif struct Cipher { char *name; @@ -68,15 +70,23 @@ struct Cipher { u_int flags; #define CFLAG_CBC (1<<0) #define CFLAG_CHACHAPOLY (1<<1) +#define CFLAG_AESCTR (1<<2) +#define CFLAG_NONE (1<<3) +#ifdef WITH_OPENSSL const EVP_CIPHER *(*evptype)(void); +#else + void *ignored; +#endif }; static const struct Cipher ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, +#ifdef WITH_SSH1 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, - +#endif +#ifdef WITH_OPENSSL + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, @@ -99,6 +109,12 @@ static const struct Cipher ciphers[] = { { "aes256-gcm@openssh.com", SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, #endif +#else /* WITH_OPENSSL */ + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, +#endif /* WITH_OPENSSL */ { "chacha20-poly1305@openssh.com", SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL } @@ -264,6 +280,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, int do_encrypt) { +#ifdef WITH_OPENSSL static int dowarn = 1; #ifdef SSH_OLD_EVP EVP_CIPHER *type; @@ -282,6 +299,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, if (keylen > 8) keylen = 8; } +#endif cc->plaintext = (cipher->number == SSH_CIPHER_NONE); cc->encrypt = do_encrypt; @@ -297,6 +315,16 @@ cipher_init(CipherContext *cc, const Cipher *cipher, chachapoly_init(&cc->cp_ctx, key, keylen); return; } +#ifndef WITH_OPENSSL + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen); + aesctr_ivsetup(&cc->ac_ctx, iv); + return; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return; + fatal("unsupported cipher"); +#else type = (*cipher->evptype)(); EVP_CIPHER_CTX_init(&cc->evp); #ifdef SSH_OLD_EVP @@ -339,6 +367,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, free(junk); free(discard); } +#endif } /* @@ -360,6 +389,20 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src, if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen, authlen, cc->encrypt); +#ifndef WITH_OPENSSL + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + if (aadlen) + memcpy(dest, src, aadlen); + aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen, + dest + aadlen, len); + return 0; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) { + memcpy(dest, src, aadlen + len); + return 0; + } + fatal("unsupported cipher"); +#else if (authlen) { u_char lastiv[1]; @@ -400,6 +443,7 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src, fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__); } return 0; +#endif } /* Extract the packet length, including any decryption necessary beforehand */ @@ -421,8 +465,12 @@ cipher_cleanup(CipherContext *cc) { if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); + else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) + explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); +#ifdef WITH_OPENSSL else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); +#endif } /* @@ -455,14 +503,16 @@ int cipher_get_keyiv_len(const CipherContext *cc) { const Cipher *c = cc->cipher; - int ivlen; + int ivlen = 0; if (c->number == SSH_CIPHER_3DES) ivlen = 24; else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) ivlen = 0; +#ifdef WITH_OPENSSL else ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp); +#endif return (ivlen); } @@ -470,15 +520,20 @@ void cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) { const Cipher *c = cc->cipher; +#ifdef WITH_OPENSSL int evplen; +#endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { if (len != 0) fatal("%s: wrong iv length %d != %d", __func__, len, 0); return; } + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return; switch (c->number) { +#ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: @@ -492,17 +547,20 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) if (c->evptype == evp_rijndael) ssh_rijndael_iv(&cc->evp, 0, iv, len); else -#endif +#endif /* USE_BUILTIN_RIJNDAEL */ #ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 0, iv, len); else -#endif +#endif /* OPENSSL_HAVE_EVPCTR */ memcpy(iv, cc->evp.iv, len); break; +#endif /* WITH_OPENSSL */ +#ifdef WITH_SSH1 case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 0, iv, 24); break; +#endif /* WITH_SSH1 */ default: fatal("%s: bad cipher %d", __func__, c->number); } @@ -512,12 +570,17 @@ void cipher_set_keyiv(CipherContext *cc, u_char *iv) { const Cipher *c = cc->cipher; +#ifdef WITH_OPENSSL int evplen = 0; +#endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) return; + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return; switch (c->number) { +#ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: @@ -528,17 +591,20 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) if (c->evptype == evp_rijndael) ssh_rijndael_iv(&cc->evp, 1, iv, evplen); else -#endif +#endif /* USE_BUILTIN_RIJNDAEL */ #ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen); else -#endif +#endif /* OPENSSL_HAVE_EVPCTR */ memcpy(cc->evp.iv, iv, evplen); break; +#endif /* WITH_OPENSSL */ +#ifdef WITH_SSH1 case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 1, iv, 24); break; +#endif /* WITH_SSH1 */ default: fatal("%s: bad cipher %d", __func__, c->number); } @@ -547,6 +613,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) int cipher_get_keycontext(const CipherContext *cc, u_char *dat) { +#ifdef WITH_OPENSSL const Cipher *c = cc->cipher; int plen = 0; @@ -557,11 +624,15 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat) memcpy(dat, EVP_X_STATE(cc->evp), plen); } return (plen); +#else + return (0); +#endif } void cipher_set_keycontext(CipherContext *cc, u_char *dat) { +#ifdef WITH_OPENSSL const Cipher *c = cc->cipher; int plen; @@ -569,4 +640,5 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat) plen = EVP_X_STATE_LEN(cc->evp); memcpy(EVP_X_STATE(cc->evp), dat, plen); } +#endif } diff --git a/cipher.h b/cipher.h index 133d2e73d..5aa778f14 100644 --- a/cipher.h +++ b/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.44 2014/01/25 10:12:50 dtucker Exp $ */ +/* $OpenBSD: cipher.h,v 1.45 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen @@ -39,6 +39,7 @@ #include #include "cipher-chachapoly.h" +#include "cipher-aesctr.h" /* * Cipher types for SSH-1. New types can be added, but old types should not @@ -69,6 +70,7 @@ struct CipherContext { int encrypt; EVP_CIPHER_CTX evp; struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ + struct aesctr_ctx ac_ctx; /* XXX union with evp? */ const Cipher *cipher; }; diff --git a/hostfile.c b/hostfile.c index 8bc9540b7..91741cab8 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: hostfile.c,v 1.56 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -182,6 +182,7 @@ static int hostfile_check_key(int bits, const Key *key, const char *host, const char *filename, u_long linenum) { +#ifdef WITH_SSH1 if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL) return 1; if (bits != BN_num_bits(key->rsa->n)) { @@ -191,6 +192,7 @@ hostfile_check_key(int bits, const Key *key, const char *host, logit("Warning: replace %d with %d in %s, line %lu.", bits, BN_num_bits(key->rsa->n), filename, linenum); } +#endif return 1; } @@ -296,11 +298,15 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path) key = key_new(KEY_UNSPEC); if (!hostfile_read_key(&cp, &kbits, key)) { key_free(key); +#ifdef WITH_SSH1 key = key_new(KEY_RSA1); if (!hostfile_read_key(&cp, &kbits, key)) { key_free(key); continue; } +#else + continue; +#endif } if (!hostfile_check_key(kbits, key, host, path, linenum)) continue; diff --git a/kex.c b/kex.c index 74e2b8682..a173e70e3 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.99 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -33,7 +33,9 @@ #include #include +#ifdef WITH_OPENSSL #include +#endif #include "xmalloc.h" #include "ssh2.h" @@ -70,12 +72,13 @@ struct kexalg { int hash_alg; }; static const struct kexalg kexalgs[] = { +#ifdef WITH_OPENSSL { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, #ifdef HAVE_EVP_SHA256 { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, -#endif +#endif /* HAVE_EVP_SHA256 */ #ifdef OPENSSL_HAS_ECC { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, @@ -84,12 +87,13 @@ static const struct kexalg kexalgs[] = { # ifdef OPENSSL_HAS_NISTP521 { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, SSH_DIGEST_SHA512 }, -# endif -#endif +# endif /* OPENSSL_HAS_NISTP521 */ +#endif /* OPENSSL_HAS_ECC */ { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, +#endif /* WITH_OPENSSL */ #ifdef HAVE_EVP_SHA256 { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, -#endif +#endif /* HAVE_EVP_SHA256 */ { NULL, -1, -1, -1}, }; @@ -615,6 +619,7 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, } } +#ifdef WITH_OPENSSL void kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) { @@ -626,6 +631,7 @@ kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) buffer_ptr(&shared_secret), buffer_len(&shared_secret)); buffer_free(&shared_secret); } +#endif Newkeys * kex_get_newkeys(int mode) @@ -637,6 +643,7 @@ kex_get_newkeys(int mode) return ret; } +#ifdef WITH_SSH1 void derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, u_int8_t cookie[8], u_int8_t id[16]) @@ -669,6 +676,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, explicit_bzero(nbuf, sizeof(nbuf)); explicit_bzero(obuf, sizeof(obuf)); } +#endif #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void diff --git a/key.c b/key.c index 168e1b7d7..e8fc5b1b8 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.116 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: key.c,v 1.117 2014/04/29 18:01:49 markus Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -80,8 +80,11 @@ Key * key_new(int type) { Key *k; +#ifdef WITH_OPENSSL RSA *rsa; DSA *dsa; +#endif + k = xcalloc(1, sizeof(*k)); k->type = type; k->ecdsa = NULL; @@ -92,6 +95,7 @@ key_new(int type) k->ed25519_sk = NULL; k->ed25519_pk = NULL; switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT_V00: @@ -124,6 +128,7 @@ key_new(int type) case KEY_ECDSA_CERT: /* Cannot do anything until we know the group */ break; +#endif #endif case KEY_ED25519: case KEY_ED25519_CERT: @@ -146,6 +151,7 @@ void key_add_private(Key *k) { switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT_V00: @@ -173,6 +179,7 @@ key_add_private(Key *k) case KEY_ECDSA_CERT: /* Cannot do anything until we know the group */ break; +#endif case KEY_ED25519: case KEY_ED25519_CERT: /* no need to prealloc */ @@ -216,6 +223,7 @@ key_free(Key *k) if (k == NULL) fatal("key_free: key is NULL"); switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT_V00: @@ -289,7 +297,7 @@ cert_compare(struct KeyCert *a, struct KeyCert *b) int key_equal_public(const Key *a, const Key *b) { -#ifdef OPENSSL_HAS_ECC +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) BN_CTX *bnctx; #endif @@ -298,6 +306,7 @@ key_equal_public(const Key *a, const Key *b) return 0; switch (a->type) { +#ifdef WITH_OPENSSL case KEY_RSA1: case KEY_RSA_CERT_V00: case KEY_RSA_CERT: @@ -333,6 +342,7 @@ key_equal_public(const Key *a, const Key *b) BN_CTX_free(bnctx); return 1; #endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: return a->ed25519_pk != NULL && b->ed25519_pk != NULL && @@ -362,7 +372,10 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, u_char *blob = NULL; u_char *retval = NULL; u_int len = 0; - int nlen, elen, hash_alg = -1; + int hash_alg = -1; +#ifdef WITH_OPENSSL + int nlen, elen; +#endif *dgst_raw_length = 0; @@ -381,6 +394,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, fatal("%s: bad digest type %d", __func__, dgst_type); } switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA1: nlen = BN_num_bytes(k->rsa->n); elen = BN_num_bytes(k->rsa->e); @@ -392,14 +406,17 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, case KEY_DSA: case KEY_ECDSA: case KEY_RSA: +#endif case KEY_ED25519: key_to_blob(k, &blob, &len); break; +#ifdef WITH_OPENSSL case KEY_DSA_CERT_V00: case KEY_RSA_CERT_V00: case KEY_DSA_CERT: case KEY_ECDSA_CERT: case KEY_RSA_CERT: +#endif case KEY_ED25519_CERT: /* We want a fingerprint of the _key_ not of the cert */ to_blob(k, &blob, &len, 1); @@ -628,6 +645,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) return retval; } +#ifdef WITH_SSH1 /* * Reads a multiple-precision integer in decimal from the buffer, and advances * the pointer. The integer must already be initialized. This function is @@ -684,6 +702,7 @@ write_bignum(FILE *f, BIGNUM *num) OPENSSL_free(buf); return 1; } +#endif /* returns 1 ok, -1 error */ int @@ -693,8 +712,10 @@ key_read(Key *ret, char **cpp) int success = -1; char *cp, *space; int len, n, type; - u_int bits; u_char *blob; +#ifdef WITH_SSH1 + u_int bits; +#endif #ifdef OPENSSL_HAS_ECC int curve_nid = -1; #endif @@ -703,6 +724,7 @@ key_read(Key *ret, char **cpp) switch (ret->type) { case KEY_RSA1: +#ifdef WITH_SSH1 /* Get number of bits. */ if (*cp < '0' || *cp > '9') return -1; /* Bad bit count... */ @@ -723,6 +745,7 @@ key_read(Key *ret, char **cpp) return -1; } success = 1; +#endif break; case KEY_UNSPEC: case KEY_RSA: @@ -805,6 +828,7 @@ key_read(Key *ret, char **cpp) ret->cert = k->cert; k->cert = NULL; } +#ifdef WITH_OPENSSL if (key_type_plain(ret->type) == KEY_RSA) { if (ret->rsa != NULL) RSA_free(ret->rsa); @@ -835,6 +859,7 @@ key_read(Key *ret, char **cpp) key_dump_ec_key(ret->ecdsa); #endif } +#endif #endif if (key_type_plain(ret->type) == KEY_ED25519) { free(ret->ed25519_pk); @@ -867,7 +892,10 @@ int key_write(const Key *key, FILE *f) { int n, success = 0; - u_int len, bits = 0; +#ifdef WITH_SSH1 + u_int bits = 0; +#endif + u_int len; u_char *blob; char *uu; @@ -883,6 +911,7 @@ key_write(const Key *key, FILE *f) } switch (key->type) { +#ifdef WITH_SSH1 case KEY_RSA1: if (key->rsa == NULL) return 0; @@ -894,6 +923,8 @@ key_write(const Key *key, FILE *f) return 1; error("key_write: failed for RSA key"); return 0; +#endif +#ifdef WITH_OPENSSL case KEY_DSA: case KEY_DSA_CERT_V00: case KEY_DSA_CERT: @@ -907,17 +938,18 @@ key_write(const Key *key, FILE *f) return 0; break; #endif - case KEY_ED25519: - case KEY_ED25519_CERT: - if (key->ed25519_pk == NULL) - return 0; - break; case KEY_RSA: case KEY_RSA_CERT_V00: case KEY_RSA_CERT: if (key->rsa == NULL) return 0; break; +#endif + case KEY_ED25519: + case KEY_ED25519_CERT: + if (key->ed25519_pk == NULL) + return 0; + break; default: return 0; } @@ -956,10 +988,12 @@ struct keytype { int cert; }; static const struct keytype keytypes[] = { +#ifdef WITH_OPENSSL +#ifdef WITH_SSH1 { NULL, "RSA1", KEY_RSA1, 0, 0 }, +#endif { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, - { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, #ifdef OPENSSL_HAS_ECC { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, @@ -983,6 +1017,8 @@ static const struct keytype keytypes[] = { KEY_RSA_CERT_V00, 0, 1 }, { "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00", KEY_DSA_CERT_V00, 0, 1 }, +#endif + { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", KEY_ED25519_CERT, 0, 1 }, { NULL, NULL, -1, -1, 0 } @@ -1107,6 +1143,7 @@ u_int key_size(const Key *k) { switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT_V00: @@ -1116,17 +1153,19 @@ key_size(const Key *k) case KEY_DSA_CERT_V00: case KEY_DSA_CERT: return BN_num_bits(k->dsa->p); - case KEY_ED25519: - return 256; /* XXX */ #ifdef OPENSSL_HAS_ECC case KEY_ECDSA: case KEY_ECDSA_CERT: return key_curve_nid_to_bits(k->ecdsa_nid); #endif +#endif + case KEY_ED25519: + return 256; /* XXX */ } return 0; } +#ifdef WITH_OPENSSL static RSA * rsa_generate_private_key(u_int bits) { @@ -1243,12 +1282,14 @@ ecdsa_generate_private_key(u_int bits, int *nid) return private; } #endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ Key * key_generate(int type, u_int bits) { Key *k = key_new(KEY_UNSPEC); switch (type) { +#ifdef WITH_OPENSSL case KEY_DSA: k->dsa = dsa_generate_private_key(bits); break; @@ -1261,16 +1302,18 @@ key_generate(int type, u_int bits) case KEY_RSA1: k->rsa = rsa_generate_private_key(bits); break; - case KEY_ED25519: - k->ed25519_pk = xmalloc(ED25519_PK_SZ); - k->ed25519_sk = xmalloc(ED25519_SK_SZ); - crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); - break; +#endif case KEY_RSA_CERT_V00: case KEY_DSA_CERT_V00: case KEY_RSA_CERT: case KEY_DSA_CERT: fatal("key_generate: cert keys cannot be generated directly"); +#endif + case KEY_ED25519: + k->ed25519_pk = xmalloc(ED25519_PK_SZ); + k->ed25519_sk = xmalloc(ED25519_SK_SZ); + crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); + break; default: fatal("key_generate: unknown type %d", type); } @@ -1328,6 +1371,7 @@ key_from_private(const Key *k) { Key *n = NULL; switch (k->type) { +#ifdef WITH_OPENSSL case KEY_DSA: case KEY_DSA_CERT_V00: case KEY_DSA_CERT: @@ -1359,6 +1403,7 @@ key_from_private(const Key *k) (BN_copy(n->rsa->e, k->rsa->e) == NULL)) fatal("key_from_private: BN_copy failed"); break; +#endif case KEY_ED25519: case KEY_ED25519_CERT: n = key_new(k->type); @@ -1556,6 +1601,7 @@ key_from_blob2(const u_char *blob, u_int blen, int allow_cert) goto out; } switch (type) { +#ifdef WITH_OPENSSL case KEY_RSA_CERT: (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ /* FALLTHROUGH */ @@ -1565,10 +1611,7 @@ key_from_blob2(const u_char *blob, u_int blen, int allow_cert) if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { error("key_from_blob: can't read rsa key"); - badkey: - key_free(key); - key = NULL; - goto out; + goto badkey; } #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); @@ -1669,6 +1712,11 @@ key_from_blob2(const u_char *blob, u_int blen, int allow_cert) #endif buffer_free(&b); return key; + + badkey: + key_free(key); + key = NULL; + goto out; } Key * @@ -1694,16 +1742,19 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) buffer_init(&b); type = force_plain ? key_type_plain(key->type) : key->type; switch (type) { +#ifdef WITH_OPENSSL case KEY_DSA_CERT_V00: case KEY_RSA_CERT_V00: case KEY_DSA_CERT: case KEY_ECDSA_CERT: case KEY_RSA_CERT: +#endif case KEY_ED25519_CERT: /* Use the existing blob */ buffer_append(&b, buffer_ptr(&key->cert->certblob), buffer_len(&key->cert->certblob)); break; +#ifdef WITH_OPENSSL case KEY_DSA: buffer_put_cstring(&b, key_ssh_name_from_type_nid(type, key->ecdsa_nid)); @@ -1727,6 +1778,7 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) buffer_put_bignum2(&b, key->rsa->e); buffer_put_bignum2(&b, key->rsa->n); break; +#endif case KEY_ED25519: buffer_put_cstring(&b, key_ssh_name_from_type_nid(type, key->ecdsa_nid)); @@ -1762,6 +1814,7 @@ key_sign( const u_char *data, u_int datalen) { switch (key->type) { +#ifdef WITH_OPENSSL case KEY_DSA_CERT_V00: case KEY_DSA_CERT: case KEY_DSA: @@ -1775,6 +1828,7 @@ key_sign( case KEY_RSA_CERT: case KEY_RSA: return ssh_rsa_sign(key, sigp, lenp, data, datalen); +#endif case KEY_ED25519: case KEY_ED25519_CERT: return ssh_ed25519_sign(key, sigp, lenp, data, datalen); @@ -1798,6 +1852,7 @@ key_verify( return -1; switch (key->type) { +#ifdef WITH_OPENSSL case KEY_DSA_CERT_V00: case KEY_DSA_CERT: case KEY_DSA: @@ -1811,6 +1866,7 @@ key_verify( case KEY_RSA_CERT: case KEY_RSA: return ssh_rsa_verify(key, signature, signaturelen, data, datalen); +#endif case KEY_ED25519: case KEY_ED25519_CERT: return ssh_ed25519_verify(key, signature, signaturelen, data, datalen); @@ -1837,6 +1893,7 @@ key_demote(const Key *k) pk->ed25519_sk = NULL; switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA_CERT_V00: case KEY_RSA_CERT: key_cert_copy(k, pk); @@ -2007,6 +2064,7 @@ key_certify(Key *k, Key *ca) /* XXX this substantially duplicates to_blob(); refactor */ switch (k->type) { +#ifdef WITH_OPENSSL case KEY_DSA_CERT_V00: case KEY_DSA_CERT: buffer_put_bignum2(&k->cert->certblob, k->dsa->p); @@ -2028,6 +2086,7 @@ key_certify(Key *k, Key *ca) buffer_put_bignum2(&k->cert->certblob, k->rsa->e); buffer_put_bignum2(&k->cert->certblob, k->rsa->n); break; +#endif case KEY_ED25519_CERT: buffer_put_string(&k->cert->certblob, k->ed25519_pk, ED25519_PK_SZ); @@ -2152,6 +2211,7 @@ key_cert_is_legacy(const Key *k) } } +#ifdef WITH_OPENSSL /* XXX: these are really begging for a table-driven approach */ int key_curve_name_to_nid(const char *name) @@ -2349,6 +2409,7 @@ key_ec_validate_private(const EC_KEY *key) BN_CTX_free(bnctx); return ret; } +#endif #if defined(DEBUG_KEXECDH) || defined(DEBUG_PK) void @@ -2400,6 +2461,7 @@ key_private_serialize(const Key *key, Buffer *b) { buffer_put_cstring(b, key_ssh_name(key)); switch (key->type) { +#ifdef WITH_OPENSSL case KEY_RSA: buffer_put_bignum2(b, key->rsa->n); buffer_put_bignum2(b, key->rsa->e); @@ -2453,6 +2515,8 @@ key_private_serialize(const Key *key, Buffer *b) buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ); buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ); break; +#endif +#endif case KEY_ED25519_CERT: if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) fatal("%s: no cert/certblob", __func__); @@ -2472,7 +2536,7 @@ key_private_deserialize(Buffer *blob) u_char *cert; u_int len, pklen, sklen; int type; -#ifdef OPENSSL_HAS_ECC +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) char *curve; BIGNUM *exponent; EC_POINT *q; @@ -2481,6 +2545,7 @@ key_private_deserialize(Buffer *blob) type_name = buffer_get_string(blob, NULL); type = key_type_from_name(type_name); switch (type) { +#ifdef WITH_OPENSSL case KEY_DSA: k = key_new_private(type); buffer_get_bignum2(blob, k->dsa->p); @@ -2575,6 +2640,8 @@ key_private_deserialize(Buffer *blob) buffer_get_bignum2(blob, k->rsa->p); buffer_get_bignum2(blob, k->rsa->q); break; +#endif +#endif case KEY_ED25519: k = key_new_private(type); k->ed25519_pk = buffer_get_string(blob, &pklen); @@ -2610,6 +2677,7 @@ key_private_deserialize(Buffer *blob) /* enable blinding */ switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT_V00: case KEY_RSA_CERT: @@ -2620,6 +2688,7 @@ key_private_deserialize(Buffer *blob) return NULL; } break; +#endif } return k; } diff --git a/mac.c b/mac.c index 097757213..fc2bd4276 100644 --- a/mac.c +++ b/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.28 2014/02/07 06:55:54 djm Exp $ */ +/* $OpenBSD: mac.c,v 1.29 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -72,8 +72,10 @@ static const struct macalg macs[] = { { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, +#ifdef WITH_OPENSSL { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, +#endif /* Encrypt-then-MAC variants */ { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, @@ -85,8 +87,10 @@ static const struct macalg macs[] = { { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, +#ifdef WITH_OPENSSL { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, +#endif { NULL, 0, 0, 0, 0, 0, 0 } }; @@ -119,9 +123,11 @@ mac_setup_by_alg(Mac *mac, const struct macalg *macalg) fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); } else { +#ifdef WITH_OPENSSL mac->mac_len = macalg->len / 8; mac->key_len = macalg->key_len / 8; mac->umac_ctx = NULL; +#endif } if (macalg->truncatebits != 0) mac->mac_len = macalg->truncatebits / 8; @@ -157,12 +163,14 @@ mac_init(Mac *mac) ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) return -1; return 0; +#ifdef WITH_OPENSSL case SSH_UMAC: mac->umac_ctx = umac_new(mac->key); return 0; case SSH_UMAC128: mac->umac_ctx = umac128_new(mac->key); return 0; +#endif default: return -1; } @@ -175,7 +183,10 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) u_char m[EVP_MAX_MD_SIZE]; u_int64_t for_align; } u; - u_char b[4], nonce[8]; + u_char b[4]; +#ifdef WITH_OPENSSL + u_char nonce[8]; +#endif if (mac->mac_len > sizeof(u)) fatal("mac_compute: mac too long %u %zu", @@ -191,6 +202,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) fatal("ssh_hmac failed"); break; +#ifdef WITH_OPENSSL case SSH_UMAC: put_u64(nonce, seqno); umac_update(mac->umac_ctx, data, datalen); @@ -201,6 +213,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) umac128_update(mac->umac_ctx, data, datalen); umac128_final(mac->umac_ctx, u.m, nonce); break; +#endif default: fatal("mac_compute: unknown MAC type"); } @@ -210,6 +223,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) void mac_clear(Mac *mac) { +#ifdef WITH_OPENSSL if (mac->type == SSH_UMAC) { if (mac->umac_ctx != NULL) umac_delete(mac->umac_ctx); @@ -217,6 +231,7 @@ mac_clear(Mac *mac) if (mac->umac_ctx != NULL) umac128_delete(mac->umac_ctx); } else if (mac->hmac_ctx != NULL) +#endif ssh_hmac_free(mac->hmac_ctx); mac->hmac_ctx = NULL; mac->umac_ctx = NULL; diff --git a/monitor.c b/monitor.c index 531c4f9a8..a38647d49 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.132 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -56,7 +56,9 @@ #include #endif +#ifdef WITH_OPENSSL #include +#endif #include "openbsd-compat/sys-queue.h" #include "atomicio.h" @@ -185,7 +187,10 @@ int mm_answer_audit_command(int, Buffer *); static int monitor_read_log(struct monitor *); static Authctxt *authctxt; + +#ifdef WITH_SSH1 static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ +#endif /* local state for key verify */ static u_char *key_blob = NULL; @@ -215,7 +220,9 @@ struct mon_table { #define MON_PERMIT 0x1000 /* Request is permitted */ struct mon_table mon_dispatch_proto20[] = { +#ifdef WITH_OPENSSL {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, +#endif {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, @@ -252,7 +259,9 @@ struct mon_table mon_dispatch_proto20[] = { }; struct mon_table mon_dispatch_postauth20[] = { +#ifdef WITH_OPENSSL {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, +#endif {MONITOR_REQ_SIGN, 0, mm_answer_sign}, {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, @@ -265,6 +274,7 @@ struct mon_table mon_dispatch_postauth20[] = { }; struct mon_table mon_dispatch_proto15[] = { +#ifdef WITH_SSH1 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, @@ -292,10 +302,12 @@ struct mon_table mon_dispatch_proto15[] = { #ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, #endif +#endif /* WITH_SSH1 */ {0, 0, NULL} }; struct mon_table mon_dispatch_postauth15[] = { +#ifdef WITH_SSH1 {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, @@ -303,6 +315,7 @@ struct mon_table mon_dispatch_postauth15[] = { {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, #endif +#endif /* WITH_SSH1 */ {0, 0, NULL} }; @@ -630,6 +643,7 @@ monitor_reset_key_state(void) hostbased_chost = NULL; } +#ifdef WITH_OPENSSL int mm_answer_moduli(int sock, Buffer *m) { @@ -664,6 +678,7 @@ mm_answer_moduli(int sock, Buffer *m) mm_request_send(sock, MONITOR_ANS_MODULI, m); return (0); } +#endif extern AuthenticationConnection *auth_conn; @@ -1166,6 +1181,7 @@ mm_answer_keyallowed(int sock, Buffer *m) cuser, chost); auth_method = "hostbased"; break; +#ifdef WITH_SSH1 case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && @@ -1175,6 +1191,7 @@ mm_answer_keyallowed(int sock, Buffer *m) auth_clear_options(); auth_method = "rsa"; break; +#endif default: fatal("%s: unknown key type %d", __func__, type); break; @@ -1511,6 +1528,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m) return (0); } +#ifdef WITH_SSH1 int mm_answer_sesskey(int sock, Buffer *m) { @@ -1688,6 +1706,7 @@ mm_answer_rsa_response(int sock, Buffer *m) return (success); } +#endif int mm_answer_term(int sock, Buffer *req) @@ -1828,11 +1847,13 @@ mm_get_kex(Buffer *m) timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0) fatal("mm_get_get: internal error: bad session id"); kex->we_need = buffer_get_int(m); +#ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +#endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1; kex->hostkey_type = buffer_get_int(m); diff --git a/monitor_wrap.c b/monitor_wrap.c index 1a47e4174..45dc16951 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.79 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.80 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -38,14 +38,18 @@ #include #include +#ifdef WITH_OPENSSL #include #include #include +#endif #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" +#ifdef WITH_OPENSSL #include "dh.h" +#endif #include "buffer.h" #include "key.h" #include "cipher.h" @@ -174,6 +178,7 @@ mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m) rtype, type); } +#ifdef WITH_OPENSSL DH * mm_choose_dh(int min, int nbits, int max) { @@ -207,6 +212,7 @@ mm_choose_dh(int min, int nbits, int max) return (dh_new_group(g, p)); } +#endif int mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) @@ -912,6 +918,7 @@ mm_terminate(void) buffer_free(&m); } +#ifdef WITH_SSH1 int mm_ssh1_session_key(BIGNUM *num) { @@ -931,6 +938,7 @@ mm_ssh1_session_key(BIGNUM *num) return (rsafail); } +#endif static void mm_chall_setup(char **name, char **infotxt, u_int *numprompts, @@ -1078,6 +1086,7 @@ mm_ssh1_session_id(u_char session_id[16]) buffer_free(&m); } +#ifdef WITH_SSH1 int mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) { @@ -1173,6 +1182,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) return (success); } +#endif #ifdef SSH_AUDIT_EVENTS void diff --git a/myproposal.h b/myproposal.h index 94d6f7061..020f35c77 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.38 2014/03/27 23:01:27 markus Exp $ */ +/* $OpenBSD: myproposal.h,v 1.39 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -77,6 +77,7 @@ # define SHA2_HMAC_MODES #endif +#ifdef WITH_OPENSSL #define KEX_SERVER_KEX \ "curve25519-sha256@libssh.org," \ KEX_ECDH_METHODS \ @@ -134,6 +135,30 @@ "hmac-sha1-96," \ "hmac-md5-96" +#else + +#define KEX_SERVER_KEX \ + "curve25519-sha256@libssh.org" +#define KEX_DEFAULT_PK_ALG \ + "ssh-ed25519-cert-v01@openssh.com," \ + "ssh-ed25519" +#define KEX_SERVER_ENCRYPT \ + "aes128-ctr,aes192-ctr,aes256-ctr," \ + "chacha20-poly1305@openssh.com" +#define KEX_SERVER_MAC \ + "hmac-sha2-256-etm@openssh.com," \ + "hmac-sha2-512-etm@openssh.com," \ + "hmac-sha2-256," \ + "hmac-sha2-512" + +#define KEX_CLIENT_KEX KEX_SERVER_KEX +#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT +#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ + "hmac-sha1-etm@openssh.com," \ + "hmac-sha1" + +#endif /* WITH_OPENSSL */ + #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_LANG "" diff --git a/packet.c b/packet.c index a70acf8b4..c7c18f308 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.194 2014/04/28 03:09:18 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.195 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -630,6 +630,7 @@ packet_put_raw(const void *buf, u_int len) buffer_append(&active_state->outgoing_packet, buf, len); } +#ifdef WITH_OPENSSL void packet_put_bignum(BIGNUM * value) { @@ -641,6 +642,7 @@ packet_put_bignum2(BIGNUM * value) { buffer_put_bignum2(&active_state->outgoing_packet, value); } +#endif #ifdef OPENSSL_HAS_ECC void @@ -1569,6 +1571,7 @@ packet_get_int64(void) * must have been initialized before this call. */ +#ifdef WITH_OPENSSL void packet_get_bignum(BIGNUM * value) { @@ -1598,6 +1601,7 @@ packet_get_raw(u_int *length_ptr) *length_ptr = bytes; return buffer_ptr(&active_state->incoming_packet); } +#endif int packet_remaining(void) diff --git a/roaming_client.c b/roaming_client.c index de049cdc1..5e5c28b2b 100644 --- a/roaming_client.c +++ b/roaming_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roaming_client.c,v 1.7 2014/01/09 23:20:00 djm Exp $ */ +/* $OpenBSD: roaming_client.c,v 1.8 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB * @@ -28,9 +28,6 @@ #include #include -#include -#include - #include "xmalloc.h" #include "buffer.h" #include "channels.h" diff --git a/ssh-agent.c b/ssh-agent.c index f4c0524cc..bc96ad705 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.184 2014/03/15 17:28:26 deraadt Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.185 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -49,8 +49,10 @@ #endif #include "openbsd-compat/sys-queue.h" +#ifdef WITH_OPENSSL #include #include "openbsd-compat/openssl-compat.h" +#endif #include #include @@ -221,9 +223,11 @@ process_request_identities(SocketEntry *e, int version) buffer_put_int(&msg, tab->nentries); TAILQ_FOREACH(id, &tab->idlist, next) { if (id->key->type == KEY_RSA1) { +#ifdef WITH_SSH1 buffer_put_int(&msg, BN_num_bits(id->key->rsa->n)); buffer_put_bignum(&msg, id->key->rsa->e); buffer_put_bignum(&msg, id->key->rsa->n); +#endif } else { u_char *blob; u_int blen; @@ -238,6 +242,7 @@ process_request_identities(SocketEntry *e, int version) buffer_free(&msg); } +#ifdef WITH_SSH1 /* ssh1 only */ static void process_authentication_challenge1(SocketEntry *e) @@ -308,6 +313,7 @@ send: BN_clear_free(challenge); buffer_free(&msg); } +#endif /* ssh2 only */ static void @@ -733,6 +739,7 @@ process_message(SocketEntry *e) case SSH_AGENTC_UNLOCK: process_lock_agent(e, type == SSH_AGENTC_LOCK); break; +#ifdef WITH_SSH1 /* ssh1 */ case SSH_AGENTC_RSA_CHALLENGE: process_authentication_challenge1(e); @@ -750,6 +757,7 @@ process_message(SocketEntry *e) case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: process_remove_all_identities(e, 1); break; +#endif /* ssh2 */ case SSH2_AGENTC_SIGN_REQUEST: process_sign_request2(e); @@ -1040,7 +1048,9 @@ main(int ac, char **av) prctl(PR_SET_DUMPABLE, 0); #endif +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); +#endif __progname = ssh_get_progname(av[0]); seed_rng(); diff --git a/ssh-keygen.c b/ssh-keygen.c index 85eaf2ef5..085f1ec55 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.245 2014/04/28 03:09:18 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.246 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -195,6 +195,7 @@ type_bits_valid(int type, u_int32_t *bitsp) fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); exit(1); } +#ifdef WITH_OPENSSL if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) @@ -202,6 +203,7 @@ type_bits_valid(int type, u_int32_t *bitsp) else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1) fatal("Invalid ECDSA key length - valid lengths are " "256, 384 or 521 bits"); +#endif } static void @@ -278,6 +280,7 @@ load_identity(char *filename) #define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" #define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb +#ifdef WITH_OPENSSL static void do_convert_to_ssh2(struct passwd *pw, Key *k) { @@ -711,6 +714,7 @@ do_convert_from(struct passwd *pw) key_free(k); exit(0); } +#endif static void do_print_public(struct passwd *pw) @@ -1589,7 +1593,9 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) } } +#ifdef ENABLE_PKCS11 pkcs11_init(1); +#endif tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); if (pkcs11provider != NULL) { if ((ca = load_pkcs11_key(tmp)) == NULL) @@ -1672,7 +1678,9 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) key_free(public); free(out); } +#ifdef ENABLE_PKCS11 pkcs11_terminate(); +#endif exit(0); } @@ -1923,6 +1931,7 @@ do_show_cert(struct passwd *pw) exit(0); } +#ifdef WITH_OPENSSL static void load_krl(const char *path, struct ssh_krl **krlp) { @@ -2145,6 +2154,7 @@ do_check_krl(struct passwd *pw, int argc, char **argv) ssh_krl_free(krl); exit(ret); } +#endif static void usage(void) @@ -2448,6 +2458,7 @@ main(int argc, char **argv) printf("Cannot use -l with -H or -R.\n"); usage(); } +#ifdef WITH_OPENSSL if (gen_krl) { do_gen_krl(pw, update_krl, argc, argv); return (0); @@ -2456,6 +2467,7 @@ main(int argc, char **argv) do_check_krl(pw, argc, argv); return (0); } +#endif if (ca_key_path != NULL) { if (cert_key_id == NULL) fatal("Must specify key id (-I) when certifying"); @@ -2473,10 +2485,12 @@ main(int argc, char **argv) do_change_passphrase(pw); if (change_comment) do_change_comment(pw); +#ifdef WITH_OPENSSL if (convert_to) do_convert_to(pw); if (convert_from) do_convert_from(pw); +#endif if (print_public) do_print_public(pw); if (rr_hostname != NULL) { diff --git a/ssh-keyscan.c b/ssh-keyscan.c index de456364b..3fabfba14 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.91 2014/03/27 23:01:27 markus Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.92 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -182,6 +182,7 @@ strnnsep(char **stringp, char *delim) return (tok); } +#ifdef WITH_SSH1 static Key * keygrab_ssh1(con *c) { @@ -215,6 +216,7 @@ keygrab_ssh1(con *c) return (rsa); } +#endif static int hostjump(Key *hostkey) @@ -253,11 +255,13 @@ keygrab_ssh2(con *c) (c->c_keytype == KT_ED25519 ? "ssh-ed25519" : "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521")); c->c_kex = kex_setup(myproposal); +#ifdef WITH_OPENSSL c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +#endif c->c_kex->kex[KEX_C25519_SHA256] = kexc25519_client; c->c_kex->verify_host_key = hostjump; @@ -507,10 +511,12 @@ conread(int s) c->c_data = xmalloc(c->c_len); c->c_status = CS_KEYS; break; +#ifdef WITH_SSH1 case CS_KEYS: keyprint(c, keygrab_ssh1(c)); confree(s); return; +#endif default: fatal("conread: invalid status %d", c->c_status); break; diff --git a/ssh-keysign.c b/ssh-keysign.c index ed24f66d1..d95bb7d9d 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.41 2014/04/19 14:53:48 tedu Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.42 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -209,8 +209,11 @@ main(int argc, char **argv) keys[i] = NULL; if (key_fd[i] == -1) continue; +#ifdef WITH_OPENSSL +/* XXX wrong api */ keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, NULL, NULL); +#endif close(key_fd[i]); if (keys[i] != NULL) found = 1; diff --git a/ssh-pkcs11.h b/ssh-pkcs11.h index 59f456adf..4d2efda13 100644 --- a/ssh-pkcs11.h +++ b/ssh-pkcs11.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.h,v 1.2 2010/02/24 06:12:53 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.h,v 1.3 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -18,3 +18,7 @@ int pkcs11_init(int); void pkcs11_terminate(void); int pkcs11_add_provider(char *, char *, Key ***); int pkcs11_del_provider(char *); + +#if !defined(WITH_OPENSSL) && defined(ENABLE_PKCS11) +#undef ENABLE_PKCS11 +#endif diff --git a/ssh.c b/ssh.c index 76040fd59..d369b68e9 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.401 2014/02/26 20:18:37 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.402 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -71,8 +71,10 @@ #include #include +#ifdef WITH_OPENSSL #include #include +#endif #include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/sys-queue.h" @@ -631,7 +633,13 @@ main(int ac, char **av) break; case 'V': fprintf(stderr, "%s, %s\n", - SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); + SSH_RELEASE, +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); if (opt == 'V') exit(0); break; @@ -828,8 +836,10 @@ main(int ac, char **av) host_arg = xstrdup(host); +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); +#endif /* Initialize the command to execute on remote host. */ buffer_init(&command); @@ -876,7 +886,13 @@ main(int ac, char **av) SYSLOG_FACILITY_USER, !use_syslog); if (debug_flag) - logit("%s, %s", SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); + logit("%s, %s", SSH_RELEASE, +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); /* Parse the configuration files */ process_config_files(pw); diff --git a/sshconnect.c b/sshconnect.c index ca6e4cc96..5d14ca6cc 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.247 2014/04/01 03:34:10 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.248 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1292,8 +1292,12 @@ ssh_login(Sensitive *sensitive, const char *orighost, ssh_kex2(host, hostaddr, port); ssh_userauth2(local_user, server_user, host, sensitive); } else { +#ifdef WITH_SSH1 ssh_kex(host, hostaddr); ssh_userauth1(local_user, server_user, host, sensitive); +#else + fatal("ssh1 is not unsupported"); +#endif } free(local_user); } diff --git a/sshconnect2.c b/sshconnect2.c index b1aa69c24..f71b7d226 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.206 2014/04/18 23:52:25 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.207 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -205,11 +205,13 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) /* start key exchange */ kex = kex_setup(myproposal); +#ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +#endif kex->kex[KEX_C25519_SHA256] = kexc25519_client; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; diff --git a/sshd.c b/sshd.c index b955f1921..6e7192cf5 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.425 2014/04/19 14:53:48 tedu Exp $ */ +/* $OpenBSD: sshd.c,v 1.426 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -72,10 +72,12 @@ #include #include +#ifdef WITH_OPENSSL #include #include #include #include "openbsd-compat/openssl-compat.h" +#endif #ifdef HAVE_SECUREWARE #include @@ -98,7 +100,6 @@ #include "digest.h" #include "key.h" #include "kex.h" -#include "dh.h" #include "myproposal.h" #include "authfile.h" #include "pathnames.h" @@ -256,7 +257,9 @@ struct passwd *privsep_pw = NULL; void destroy_sensitive_data(void); void demote_sensitive_data(void); +#ifdef WITH_SSH1 static void do_ssh1_kex(void); +#endif static void do_ssh2_kex(void); /* @@ -931,7 +934,13 @@ static void usage(void) { fprintf(stderr, "%s, %s\n", - SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); + SSH_RELEASE, +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); fprintf(stderr, "usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n" " [-E log_file] [-f config_file] [-g login_grace_time]\n" @@ -964,6 +973,7 @@ send_rexec_state(int fd, Buffer *conf) buffer_init(&m); buffer_put_cstring(&m, buffer_ptr(conf)); +#ifdef WITH_SSH1 if (sensitive_data.server_key != NULL && sensitive_data.server_key->type == KEY_RSA1) { buffer_put_int(&m, 1); @@ -974,6 +984,7 @@ send_rexec_state(int fd, Buffer *conf) buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); } else +#endif buffer_put_int(&m, 0); #ifndef OPENSSL_PRNG_ONLY @@ -1010,6 +1021,7 @@ recv_rexec_state(int fd, Buffer *conf) free(cp); if (buffer_get_int(&m)) { +#ifdef WITH_SSH1 if (sensitive_data.server_key != NULL) key_free(sensitive_data.server_key); sensitive_data.server_key = key_new_private(KEY_RSA1); @@ -1021,6 +1033,9 @@ recv_rexec_state(int fd, Buffer *conf) buffer_get_bignum(&m, sensitive_data.server_key->rsa->q); rsa_generate_additional_parameters( sensitive_data.server_key->rsa); +#else + fatal("ssh1 not supported"); +#endif } #ifndef OPENSSL_PRNG_ONLY @@ -1543,7 +1558,9 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); +#endif /* If requested, redirect the logs to the specified logfile. */ if (logfile != NULL) { @@ -1648,7 +1665,12 @@ main(int ac, char **av) } debug("sshd version %s, %s", SSH_VERSION, - SSLeay_version(SSLEAY_VERSION)); +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); /* Store privilege separation user for later use if required. */ if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { @@ -1770,6 +1792,8 @@ main(int ac, char **av) debug("host certificate: #%d type %d %s", j, key->type, key_type(key)); } + +#ifdef WITH_SSH1 /* Check certain values for sanity. */ if (options.protocol & SSH_PROTO_1) { if (options.server_key_bits < 512 || @@ -1794,6 +1818,7 @@ main(int ac, char **av) options.server_key_bits); } } +#endif if (use_privsep) { struct stat st; @@ -2077,8 +2102,12 @@ main(int ac, char **av) do_ssh2_kex(); do_authentication2(authctxt); } else { +#ifdef WITH_SSH1 do_ssh1_kex(); do_authentication(authctxt); +#else + fatal("ssh1 not supported"); +#endif } /* * If we use privilege separation, the unprivileged child transfers @@ -2162,6 +2191,7 @@ main(int ac, char **av) exit(0); } +#ifdef WITH_SSH1 /* * Decrypt session_key_int using our private server key and private host key * (key with larger modulus first). @@ -2211,6 +2241,7 @@ ssh1_session_key(BIGNUM *session_key_int) } return (rsafail); } + /* * SSH1 key exchange */ @@ -2388,6 +2419,7 @@ do_ssh1_kex(void) packet_send(); packet_write_wait(); } +#endif void sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, @@ -2450,11 +2482,13 @@ do_ssh2_kex(void) /* start key exchange */ kex = kex_setup(myproposal); +#ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +#endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1; kex->client_version_string=client_version_string;