support --without-openssl at configure time

Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.

Makefile.in

@@ -76,7 +76,7 @@ LIBOPENSSH_OBJS=\
 
 LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	authfd.o authfile.o bufaux.o bufbn.o buffer.o \
-	canohost.o channels.o cipher.o cipher-aes.o \
+	canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
 	cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
 	compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
 	log.o match.o md-sha256.o moduli.o nchan.o packet.o \
@@ -87,7 +87,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
 	ssh-pkcs11.o smult_curve25519_ref.o \
 	kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \
-	ssh-ed25519.o digest-openssl.o hmac.o \
+	ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \
 	sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o
 
 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \

bufbn.c

@@ -20,12 +20,15 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/types.h>
 
 #include "buffer.h"
 #include "log.h"
 #include "ssherr.h"
 
+#ifdef WITH_SSH1
 int
 buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
 {
@@ -63,6 +66,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
 	if (buffer_get_bignum_ret(buffer, value) == -1)
 		fatal("%s: buffer error", __func__);
 }
+#endif /* WITH_SSH1 */
 
 int
 buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
@@ -101,3 +105,5 @@ buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
 	if (buffer_get_bignum2_ret(buffer, value) == -1)
 		fatal("%s: buffer error", __func__);
 }
+
+#endif /* WITH_OPENSSL */

cipher-aesctr.c

@@ -18,6 +18,8 @@
 #include <sys/types.h>
 #include <string.h>
 
+#ifndef WITH_OPENSSL
+
 #include "cipher-aesctr.h"
 
 /*
@@ -76,3 +78,4 @@ aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes)
 		n = (n + 1) % AES_BLOCK_SIZE;
 	}
 }
+#endif /* !WITH_OPENSSL */

cipher-bf1.c

@@ -20,6 +20,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/types.h>
 
 #include <stdarg.h>
@@ -98,3 +100,4 @@ evp_ssh1_bf(void)
 	ssh1_bf.key_len = 32;
 	return (&ssh1_bf);
 }
+#endif /* WITH_OPENSSL */

cipher-ctr.c

@@ -16,7 +16,7 @@
  */
 #include "includes.h"
 
-#ifndef OPENSSL_HAVE_EVPCTR
+#if defined(WITH_OPENSSL) && !defined(OPENSSL_HAVE_EVPCTR)
 #include <sys/types.h>
 
 #include <stdarg.h>
@@ -143,4 +143,4 @@ evp_aes_128_ctr(void)
 	return (&aes_ctr);
 }
 
-#endif /* OPENSSL_HAVE_EVPCTR */
+#endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_HAVE_EVPCTR) */

digest-libc.c

@@ -18,15 +18,19 @@
 
 #include "includes.h"
 
+#ifndef WITH_OPENSSL
+
 #include <sys/types.h>
 #include <limits.h>
 #include <stdlib.h>
 #include <string.h>
 
+#if 0
 #include <md5.h>
 #include <rmd160.h>
 #include <sha1.h>
 #include <sha2.h>
+#endif
 
 #include "ssherr.h"
 #include "sshbuf.h"
@@ -89,30 +93,30 @@ const struct ssh_digest digests[SSH_DIGEST_MAX] = {
 		"SHA256",
 		SHA256_BLOCK_LENGTH,
 		SHA256_DIGEST_LENGTH,
-		sizeof(SHA2_CTX),
+		sizeof(SHA256_CTX),
-		(md_init_fn *) SHA256Init,
+		(md_init_fn *) SHA256_Init,
-		(md_update_fn *) SHA256Update,
+		(md_update_fn *) SHA256_Update,
-		(md_final_fn *) SHA256Final
+		(md_final_fn *) SHA256_Final
 	},
 	{
 		SSH_DIGEST_SHA384,
 		"SHA384",
 		SHA384_BLOCK_LENGTH,
 		SHA384_DIGEST_LENGTH,
-		sizeof(SHA2_CTX),
+		sizeof(SHA384_CTX),
-		(md_init_fn *) SHA384Init,
+		(md_init_fn *) SHA384_Init,
-		(md_update_fn *) SHA384Update,
+		(md_update_fn *) SHA384_Update,
-		(md_final_fn *) SHA384Final
+		(md_final_fn *) SHA384_Final
 	},
 	{
 		SSH_DIGEST_SHA512,
 		"SHA512",
 		SHA512_BLOCK_LENGTH,
 		SHA512_DIGEST_LENGTH,
-		sizeof(SHA2_CTX),
+		sizeof(SHA512_CTX),
-		(md_init_fn *) SHA512Init,
+		(md_init_fn *) SHA512_Init,
-		(md_update_fn *) SHA512Update,
+		(md_update_fn *) SHA512_Update,
-		(md_final_fn *) SHA512Final
+		(md_final_fn *) SHA512_Final
 	}
 };
 
@@ -257,3 +261,4 @@ ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen)
 {
 	return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen);
 }
+#endif /* !WITH_OPENSSL */

digest-openssl.c

@@ -17,6 +17,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/types.h>
 #include <limits.h>
 #include <stdlib.h>
@@ -200,3 +202,4 @@ ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen)
 {
 	return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen);
 }
+#endif /* WITH_OPENSSL */

entropy.c

@@ -24,6 +24,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/types.h>
 #include <sys/socket.h>
 #ifdef HAVE_SYS_UN_H
@@ -230,3 +232,13 @@ seed_rng(void)
 	if (RAND_status() != 1)
 		fatal("PRNG is not seeded");
 }
+
+#else /* WITH_OPENSSL */
+
+/* Handled in arc4random() */
+void
+seed_rng(void)
+{
+}
+
+#endif /* WITH_OPENSSL */

includes.h

@@ -167,7 +167,9 @@
 # endif
 #endif
 
+#ifdef WITH_OPENSSL
 #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
+#endif
 
 #include "defines.h"
 

kex.c

@@ -90,9 +90,9 @@ static const struct kexalg kexalgs[] = {
 # endif /* OPENSSL_HAS_NISTP521 */
 #endif /* OPENSSL_HAS_ECC */
 #endif /* WITH_OPENSSL */
-#ifdef HAVE_EVP_SHA256
+#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
 	{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
-#endif /* HAVE_EVP_SHA256 */
+#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
 	{ NULL, -1, -1, -1},
 };
 

kexdh.c

@@ -25,6 +25,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/types.h>
 
 #include <signal.h>
@@ -85,3 +87,4 @@ kex_dh_hash(
 	*hash = digest;
 	*hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
 }
+#endif /* WITH_OPENSSL */

kexdhc.c

@@ -25,6 +25,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/types.h>
 
 #include <openssl/dh.h>
@@ -159,3 +161,4 @@ kexdh_client(Kex *kex)
 	BN_clear_free(shared_secret);
 	kex_finish(kex);
 }
+#endif /* WITH_OPENSSL */

kexdhs.c

@@ -25,6 +25,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/types.h>
 
 #include <stdarg.h>
@@ -158,3 +160,4 @@ kexdh_server(Kex *kex)
 	BN_clear_free(shared_secret);
 	kex_finish(kex);
 }
+#endif /* WITH_OPENSSL */

kexecdh.c

@@ -26,7 +26,7 @@
 
 #include "includes.h"
 
-#ifdef OPENSSL_HAS_ECC
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
 
 #include <sys/types.h>
 
@@ -94,4 +94,4 @@ kex_ecdh_hash(
 	*hash = digest;
 	*hashlen = ssh_digest_bytes(hash_alg);
 }
-#endif /* OPENSSL_HAS_ECC */
+#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */

kexecdhc.c

@@ -26,6 +26,8 @@
 
 #include "includes.h"
 
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
+
 #include <sys/types.h>
 
 #include <stdio.h>
@@ -42,8 +44,6 @@
 #include "dh.h"
 #include "ssh2.h"
 
-#ifdef OPENSSL_HAS_ECC
-
 #include <openssl/ecdh.h>
 
 void
@@ -156,10 +156,4 @@ kexecdh_client(Kex *kex)
 	BN_clear_free(shared_secret);
 	kex_finish(kex);
 }
-#else /* OPENSSL_HAS_ECC */
+#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
-void
-kexecdh_client(Kex *kex)
-{
-	fatal("ECC support is not enabled");
-}
-#endif /* OPENSSL_HAS_ECC */

kexecdhs.c

@@ -26,6 +26,8 @@
 
 #include "includes.h"
 
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
+
 #include <sys/types.h>
 #include <string.h>
 #include <signal.h>
@@ -39,8 +41,6 @@
 #include "packet.h"
 #include "ssh2.h"
 
-#ifdef OPENSSL_HAS_ECC
-
 #include <openssl/ecdh.h>
 
 void
@@ -152,10 +152,4 @@ kexecdh_server(Kex *kex)
 	BN_clear_free(shared_secret);
 	kex_finish(kex);
 }
-#else /* OPENSSL_HAS_ECC */
+#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
-void
-kexecdh_server(Kex *kex)
-{
-	fatal("ECC support is not enabled");
-}
-#endif /* OPENSSL_HAS_ECC */

kexgex.c

@@ -26,6 +26,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/types.h>
 
 #include <openssl/evp.h>
@@ -96,3 +98,4 @@ kexgex_hash(
 	*hash = digest;
 	*hashlen = ssh_digest_bytes(hash_alg);
 }
+#endif /* WITH_OPENSSL */

kexgexc.c

@@ -26,6 +26,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/types.h>
 
 #include <openssl/dh.h>
@@ -205,3 +207,4 @@ kexgex_client(Kex *kex)
 
 	kex_finish(kex);
 }
+#endif /* WITH_OPENSSL */

kexgexs.c

@@ -26,6 +26,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/param.h>
 
 #include <stdarg.h>
@@ -206,3 +208,4 @@ kexgex_server(Kex *kex)
 
 	kex_finish(kex);
 }
+#endif /* WITH_OPENSSL */

krl.c

@@ -18,6 +18,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL /* XXX just fix bignums and this is good */
+
 #include <sys/types.h>
 #include <sys/param.h>
 #include <openbsd-compat/sys-tree.h>
@@ -1282,3 +1284,4 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
 		errno = oerrno;
 	return r;
 }
+#endif /* WITH_OPENSSL */

moduli.c

@@ -39,6 +39,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/param.h>
 #include <sys/types.h>
 
@@ -802,3 +804,5 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
 
 	return (res);
 }
+
+#endif /* WITH_OPENSSL */

monitor_wrap.c

@@ -151,8 +151,10 @@ mm_request_receive(int sock, Buffer *m)
 	debug3("%s entering", __func__);
 
 	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
-		if (errno == EPIPE)
+		if (errno == EPIPE) {
+			error("%s: socket closed", __func__);
 			cleanup_exit(255);
+		}
 		fatal("%s: read: %s", __func__, strerror(errno));
 	}
 	msg_len = get_u32(buf);

openbsd-compat/Makefile.in

@@ -16,7 +16,7 @@ RANLIB=@RANLIB@
 INSTALL=@INSTALL@
 LDFLAGS=-L. @LDFLAGS@
 
-OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o
+OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o
 
 COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o
 

openbsd-compat/arc4random.c

@@ -26,15 +26,19 @@
 
 #include "includes.h"
 
+#include <sys/types.h>
+
+#include <fcntl.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-#include <sys/types.h>
 
 #ifndef HAVE_ARC4RANDOM
 
+#ifdef WITH_OPENSSL
 #include <openssl/rand.h>
 #include <openssl/err.h>
+#endif
 
 #include "log.h"
 
@@ -73,14 +77,44 @@ _rs_init(u_char *buf, size_t n)
 	chacha_ivsetup(&rs, buf + KEYSZ);
 }
 
+#ifndef WITH_OPENSSL
+#define SSH_RANDOM_DEV "/dev/urandom"
+/* XXX use getrandom() if supported on Linux */
+static void
+getrnd(u_char *s, size_t len)
+{
+	int fd;
+	ssize_t r;
+	size_t o = 0;
+
+	if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1)
+		fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno));
+	while (o < len) {
+		r = read(fd, s + o, len - o);
+		if (r < 0) {
+			if (errno == EAGAIN || errno == EINTR ||
+			    errno == EWOULDBLOCK)
+				continue;
+			fatal("read %s: %s", SSH_RANDOM_DEV, strerror(errno));
+		}
+		o += r;
+	}
+	close(fd);
+}
+#endif
+
 static void
 _rs_stir(void)
 {
 	u_char rnd[KEYSZ + IVSZ];
 
+#ifdef WITH_OPENSSL
 	if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
 		fatal("Couldn't obtain random bytes (error %ld)",
 		    ERR_get_error());
+#else
+	getrnd(rnd, sizeof(rnd));
+#endif
 
 	if (!rs_initialized) {
 		rs_initialized = 1;

openbsd-compat/bcrypt_pbkdf.c

@@ -32,6 +32,9 @@
 #endif
 
 #include "crypto_api.h"
+#ifdef SHA512_DIGEST_LENGTH
+# undef SHA512_DIGEST_LENGTH
+#endif
 #define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
 
 /*

openbsd-compat/openbsd-compat.h

@@ -43,7 +43,10 @@
 #include "readpassphrase.h"
 #include "vis.h"
 #include "getrrsetbyname.h"
+#include "sha1.h"
 #include "sha2.h"
+#include "rmd160.h"
+#include "md5.h"
 #include "blf.h"
 
 #ifndef HAVE_BASENAME

openbsd-compat/openssl-compat.c

@@ -19,6 +19,8 @@
 #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <stdarg.h>
 #include <string.h>
 
@@ -78,3 +80,5 @@ ssh_OpenSSL_add_all_algorithms(void)
 	OPENSSL_config(NULL);
 }
 #endif
+
+#endif /* WITH_OPENSSL */

openbsd-compat/openssl-compat.h

@@ -20,6 +20,8 @@
 #define _OPENSSL_COMPAT_H
 
 #include "includes.h"
+#ifdef WITH_OPENSSL
+
 #include <openssl/opensslv.h>
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
@@ -90,4 +92,5 @@ void ssh_OpenSSL_add_all_algorithms(void);
 
 #endif	/* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
 
+#endif /* WITH_OPENSSL */
 #endif /* _OPENSSL_COMPAT_H */

openbsd-compat/sha2.c

@@ -38,13 +38,18 @@
 
 #include "includes.h"
 
-#include <openssl/opensslv.h>
+#ifdef WITH_OPENSSL
+# include <openssl/opensslv.h>
+# if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+#  define _NEED_SHA2 1
+# endif
+#else
+# define _NEED_SHA2 1
+#endif
+
+#if defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE)
 
-#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
-    (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-#include <sys/types.h>
 #include <string.h>
-#include "sha2.h"
 
 /*
  * UNROLLED TRANSFORM LOOP NOTE:
@@ -838,7 +843,6 @@ SHA512_Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA512_CTX *context)
 }
 
 
-#if 0
 /*** SHA-384: *********************************************************/
 void
 SHA384_Init(SHA384_CTX *context)
@@ -851,9 +855,29 @@ SHA384_Init(SHA384_CTX *context)
 	context->bitcount[0] = context->bitcount[1] = 0;
 }
 
+#if 0
 __weak_alias(SHA384_Transform, SHA512_Transform);
 __weak_alias(SHA384_Update, SHA512_Update);
 __weak_alias(SHA384_Pad, SHA512_Pad);
+#endif
+
+void
+SHA384_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
+{
+	return SHA512_Transform(state, data);
+}
+
+void
+SHA384_Update(SHA512_CTX *context, const u_int8_t *data, size_t len)
+{
+	SHA512_Update(context, data, len);
+}
+
+void
+SHA384_Pad(SHA512_CTX *context)
+{
+	SHA512_Pad(context);
+}
 
 void
 SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context)
@@ -876,7 +900,5 @@ SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context)
 	/* Zero out state data */
 	memset(context, 0, sizeof(*context));
 }
-#endif
 
-#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+#endif /* defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) */
-    (OPENSSL_VERSION_NUMBER >= 0x00907000L) */

openbsd-compat/sha2.h

@@ -41,10 +41,16 @@
 
 #include "includes.h"
 
-#include <openssl/opensslv.h>
+#ifdef WITH_OPENSSL
+# include <openssl/opensslv.h>
+# if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+#  define _NEED_SHA2 1
+# endif
+#else
+# define _NEED_SHA2 1
+#endif
 
-#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+#if defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE)
-    (OPENSSL_VERSION_NUMBER >= 0x00907000L)
 
 /*** SHA-256/384/512 Various Length Definitions ***********************/
 #define SHA256_BLOCK_LENGTH		64
@@ -70,9 +76,7 @@ typedef struct _SHA512_CTX {
 	u_int8_t	buffer[SHA512_BLOCK_LENGTH];
 } SHA512_CTX;
 
-#if 0
 typedef SHA512_CTX SHA384_CTX;
-#endif
 
 void SHA256_Init(SHA256_CTX *);
 void SHA256_Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]);
@@ -91,7 +95,6 @@ char *SHA256_Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH)));
 
-#if 0
 void SHA384_Init(SHA384_CTX *);
 void SHA384_Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]);
 void SHA384_Update(SHA384_CTX *, const u_int8_t *, size_t)
@@ -108,7 +111,6 @@ char *SHA384_FileChunk(const char *, char *, off_t, off_t)
 char *SHA384_Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH)));
-#endif /* 0 */
 
 void SHA512_Init(SHA512_CTX *);
 void SHA512_Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]);
@@ -127,7 +129,6 @@ char *SHA512_Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
 
-#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+#endif /* defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) */
-    (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
 
 #endif /* _SSHSHA2_H */

openbsd-compat/xcrypt.c

@@ -57,7 +57,7 @@
 #  include "md5crypt.h"
 # endif
 
-# if !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT)
+# if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT)
 #  include <openssl/des.h>
 #  define crypt DES_crypt
 # endif

packet.c

@@ -1612,6 +1612,7 @@ packet_get_ecpoint(const EC_GROUP *curve, EC_POINT *point)
 	buffer_get_ecpoint(&active_state->incoming_packet, curve, point);
 }
 #endif
+#endif
 
 void *
 packet_get_raw(u_int *length_ptr)
@@ -1622,7 +1623,6 @@ packet_get_raw(u_int *length_ptr)
 		*length_ptr = bytes;
 	return buffer_ptr(&active_state->incoming_packet);
 }
-#endif
 
 int
 packet_remaining(void)

ssh-add.c

@@ -70,11 +70,13 @@ extern char *__progname;
 
 /* Default files to add */
 static char *default_files[] = {
+#ifdef WITH_OPENSSL
 	_PATH_SSH_CLIENT_ID_RSA,
 	_PATH_SSH_CLIENT_ID_DSA,
 #ifdef OPENSSL_HAS_ECC
 	_PATH_SSH_CLIENT_ID_ECDSA,
 #endif
+#endif /* WITH_OPENSSL */
 	_PATH_SSH_CLIENT_ID_ED25519,
 	_PATH_SSH_CLIENT_IDENTITY,
 	NULL
@@ -440,7 +442,9 @@ main(int argc, char **argv)
 	__progname = ssh_get_progname(argv[0]);
 	seed_rng();
 
+#ifdef WITH_OPENSSL
 	OpenSSL_add_all_algorithms();
+#endif
 
 	setvbuf(stdout, NULL, _IOLBF, 0);
 

ssh-dss.c

@@ -25,6 +25,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/types.h>
 
 #include <openssl/bn.h>
@@ -217,3 +219,4 @@ ssh_dss_verify(const struct sshkey *key,
 	}
 	return ret;
 }
+#endif /* WITH_OPENSSL */

ssh-ecdsa.c

@@ -26,7 +26,7 @@
 
 #include "includes.h"
 
-#ifdef OPENSSL_HAS_ECC
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
 
 #include <sys/types.h>
 
@@ -189,4 +189,4 @@ ssh_ecdsa_verify(const struct sshkey *key,
 	return ret;
 }
 
-#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */

ssh-keygen.c

@@ -19,9 +19,11 @@
 #include <sys/stat.h>
 #include <sys/param.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include "openbsd-compat/openssl-compat.h"
+#endif
 
 #include <errno.h>
 #include <fcntl.h>
@@ -179,7 +181,9 @@ int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
 static void
 type_bits_valid(int type, u_int32_t *bitsp)
 {
+#ifdef WITH_OPENSSL
 	u_int maxbits;
+#endif
 
 	if (type == KEY_UNSPEC) {
 		fprintf(stderr, "unknown key type %s\n", key_type_name);
@@ -193,13 +197,13 @@ type_bits_valid(int type, u_int32_t *bitsp)
 		else
 			*bitsp = DEFAULT_BITS;
 	}
+#ifdef WITH_OPENSSL
 	maxbits = (type == KEY_DSA) ?
 	    OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
 	if (*bitsp > maxbits) {
 		fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
 		exit(1);
 	}
-#ifdef WITH_OPENSSL
 	if (type == KEY_DSA && *bitsp != 1024)
 		fatal("DSA keys must be 1024 bits");
 	else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
@@ -2102,10 +2106,12 @@ update_krl_from_file(struct passwd *pw, const char *file, const Key *ca,
 		fclose(krl_spec);
 	free(path);
 }
+#endif /* WITH_OPENSSL */
 
 static void
 do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
 {
+#ifdef WITH_OPENSSL
 	struct ssh_krl *krl;
 	struct stat sb;
 	Key *ca = NULL;
@@ -2155,11 +2161,15 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
 	ssh_krl_free(krl);
 	if (ca != NULL)
 		key_free(ca);
+#else /* WITH_OPENSSL */
+	fatal("KRLs not supported without OpenSSL");
+#endif /* WITH_OPENSSL */
 }
 
 static void
 do_check_krl(struct passwd *pw, int argc, char **argv)
 {
+#ifdef WITH_OPENSSL
 	int i, r, ret = 0;
 	char *comment;
 	struct ssh_krl *krl;
@@ -2182,8 +2192,10 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
 	}
 	ssh_krl_free(krl);
 	exit(ret);
+#else /* WITH_OPENSSL */
+	fatal("KRLs not supported without OpenSSL");
+#endif /* WITH_OPENSSL */
 }
-#endif
 
 static void
 usage(void)
@@ -2249,7 +2261,9 @@ main(int argc, char **argv)
 
 	__progname = ssh_get_progname(argv[0]);
 
+#ifdef WITH_OPENSSL
 	OpenSSL_add_all_algorithms();
+#endif
 	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
 
 	seed_rng();
@@ -2427,6 +2441,7 @@ main(int argc, char **argv)
 				fatal("Invalid number: %s (%s)",
 					optarg, errstr);
 			break;
+#ifdef WITH_OPENSSL
 		case 'M':
 			memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
 			if (errstr)
@@ -2454,6 +2469,7 @@ main(int argc, char **argv)
 			if (BN_hex2bn(&start, optarg) == 0)
 				fatal("Invalid start point.");
 			break;
+#endif /* WITH_OPENSSL */
 		case 'V':
 			parse_cert_times(optarg);
 			break;
@@ -2493,7 +2509,6 @@ main(int argc, char **argv)
 		printf("Cannot use -l with -H or -R.\n");
 		usage();
 	}
-#ifdef WITH_OPENSSL
 	if (gen_krl) {
 		do_gen_krl(pw, update_krl, argc, argv);
 		return (0);
@@ -2502,7 +2517,6 @@ main(int argc, char **argv)
 		do_check_krl(pw, argc, argv);
 		return (0);
 	}
-#endif
 	if (ca_key_path != NULL) {
 		if (cert_key_id == NULL)
 			fatal("Must specify key id (-I) when certifying");

ssh-keysign.c

@@ -35,9 +35,11 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include <openssl/rsa.h>
+#endif
 
 #include "xmalloc.h"
 #include "log.h"
@@ -161,7 +163,9 @@ main(int argc, char **argv)
 	u_char *signature, *data;
 	char *host, *fp;
 	u_int slen, dlen;
+#ifdef WITH_OPENSSL
 	u_int32_t rnd[256];
+#endif
 
 	/* Ensure that stdin and stdout are connected */
 	if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
@@ -204,9 +208,11 @@ main(int argc, char **argv)
 	if (found == 0)
 		fatal("could not open any host key");
 
+#ifdef WITH_OPENSSL
 	OpenSSL_add_all_algorithms();
 	arc4random_buf(rnd, sizeof(rnd));
 	RAND_seed(rnd, sizeof(rnd));
+#endif
 
 	found = 0;
 	for (i = 0; i < NUM_KEYTYPES; i++) {

ssh-rsa.c

@@ -17,6 +17,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/types.h>
 
 #include <openssl/evp.h>
@@ -263,3 +265,4 @@ done:
 	}
 	return ret;
 }
+#endif /* WITH_OPENSSL */

sshd.c

@@ -623,7 +623,9 @@ privsep_preauth_child(void)
 
 	arc4random_stir();
 	arc4random_buf(rnd, sizeof(rnd));
+#ifdef WITH_OPENSSL
 	RAND_seed(rnd, sizeof(rnd));
+#endif
 	explicit_bzero(rnd, sizeof(rnd));
 
 	/* Demote the private keys to public keys. */
@@ -758,7 +760,9 @@ privsep_postauth(Authctxt *authctxt)
 
 	arc4random_stir();
 	arc4random_buf(rnd, sizeof(rnd));
+#ifdef WITH_OPENSSL
 	RAND_seed(rnd, sizeof(rnd));
+#endif
 	explicit_bzero(rnd, sizeof(rnd));
 
 	/* Drop privileges */
@@ -988,7 +992,7 @@ send_rexec_state(int fd, Buffer *conf)
 #endif
 		buffer_put_int(&m, 0);
 
-#ifndef OPENSSL_PRNG_ONLY
+#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
 	rexec_send_rng_seed(&m);
 #endif
 
@@ -1041,7 +1045,7 @@ recv_rexec_state(int fd, Buffer *conf)
 #endif
 	}
 
-#ifndef OPENSSL_PRNG_ONLY
+#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
 	rexec_recv_rng_seed(&m);
 #endif
 
@@ -1372,7 +1376,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 			 */
 			arc4random_stir();
 			arc4random_buf(rnd, sizeof(rnd));
+#ifdef WITH_OPENSSL
 			RAND_seed(rnd, sizeof(rnd));
+#endif
 			explicit_bzero(rnd, sizeof(rnd));
 		}