diff options
| author | Damien Miller <djm@mindrot.org> | 2015-01-30 23:10:17 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-02-18 22:29:32 +1100 |
| commit | 773dda25e828c4c9a52f7bdce6e1e5924157beab (patch) | |
| tree | 831507f35a8feb0ae984a7a13f521932a0fedb61 | |
| parent | e89c780886b23600de1e1c8d74aabd1ff61f43f0 (diff) | |
repair --without-openssl; broken in refactor
| -rw-r--r-- | kex.h | 20 | ||||
| -rw-r--r-- | monitor.c | 2 | ||||
| -rw-r--r-- | packet.c | 16 | ||||
| -rw-r--r-- | packet.h | 25 | ||||
| -rw-r--r-- | ssh-keygen.c | 5 | ||||
| -rw-r--r-- | ssh_api.c | 2 |
6 files changed, 64 insertions, 6 deletions
| @@ -34,6 +34,20 @@ | |||
| 34 | #include "leakmalloc.h" | 34 | #include "leakmalloc.h" |
| 35 | #endif | 35 | #endif |
| 36 | 36 | ||
| 37 | #ifdef WITH_OPENSSL | ||
| 38 | # ifdef OPENSSL_HAS_ECC | ||
| 39 | # include <openssl/ec.h> | ||
| 40 | # else /* OPENSSL_HAS_ECC */ | ||
| 41 | # define EC_KEY void | ||
| 42 | # define EC_GROUP void | ||
| 43 | # define EC_POINT void | ||
| 44 | # endif /* OPENSSL_HAS_ECC */ | ||
| 45 | #else /* WITH_OPENSSL */ | ||
| 46 | # define EC_KEY void | ||
| 47 | # define EC_GROUP void | ||
| 48 | # define EC_POINT void | ||
| 49 | #endif /* WITH_OPENSSL */ | ||
| 50 | |||
| 37 | #define KEX_COOKIE_LEN 16 | 51 | #define KEX_COOKIE_LEN 16 |
| 38 | 52 | ||
| 39 | #define KEX_DH1 "diffie-hellman-group1-sha1" | 53 | #define KEX_DH1 "diffie-hellman-group1-sha1" |
| @@ -204,4 +218,10 @@ derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); | |||
| 204 | void dump_digest(char *, u_char *, int); | 218 | void dump_digest(char *, u_char *, int); |
| 205 | #endif | 219 | #endif |
| 206 | 220 | ||
| 221 | #if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC) | ||
| 222 | # undef EC_KEY | ||
| 223 | # undef EC_GROUP | ||
| 224 | # undef EC_POINT | ||
| 225 | #endif | ||
| 226 | |||
| 207 | #endif | 227 | #endif |
| @@ -1848,11 +1848,13 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
| 1848 | 1848 | ||
| 1849 | if ((kex = ssh->kex) != 0) { | 1849 | if ((kex = ssh->kex) != 0) { |
| 1850 | /* XXX set callbacks */ | 1850 | /* XXX set callbacks */ |
| 1851 | #ifdef WITH_OPENSSL | ||
| 1851 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 1852 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
| 1852 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | 1853 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
| 1853 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 1854 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
| 1854 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 1855 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
| 1855 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; | 1856 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
| 1857 | #endif /* WITH_OPENSSL */ | ||
| 1856 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; | 1858 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
| 1857 | kex->load_host_public_key=&get_hostkey_public_by_type; | 1859 | kex->load_host_public_key=&get_hostkey_public_by_type; |
| 1858 | kex->load_host_private_key=&get_hostkey_private_by_type; | 1860 | kex->load_host_private_key=&get_hostkey_private_by_type; |
| @@ -788,10 +788,10 @@ ssh_packet_set_compress_hooks(struct ssh *ssh, void *ctx, | |||
| 788 | * encrypted independently of each other. | 788 | * encrypted independently of each other. |
| 789 | */ | 789 | */ |
| 790 | 790 | ||
| 791 | #ifdef WITH_OPENSSL | ||
| 792 | void | 791 | void |
| 793 | ssh_packet_set_encryption_key(struct ssh *ssh, const u_char *key, u_int keylen, int number) | 792 | ssh_packet_set_encryption_key(struct ssh *ssh, const u_char *key, u_int keylen, int number) |
| 794 | { | 793 | { |
| 794 | #ifdef WITH_SSH1 | ||
| 795 | struct session_state *state = ssh->state; | 795 | struct session_state *state = ssh->state; |
| 796 | const struct sshcipher *cipher = cipher_by_number(number); | 796 | const struct sshcipher *cipher = cipher_by_number(number); |
| 797 | int r; | 797 | int r; |
| @@ -816,8 +816,8 @@ ssh_packet_set_encryption_key(struct ssh *ssh, const u_char *key, u_int keylen, | |||
| 816 | error("Warning: %s", wmsg); | 816 | error("Warning: %s", wmsg); |
| 817 | state->cipher_warning_done = 1; | 817 | state->cipher_warning_done = 1; |
| 818 | } | 818 | } |
| 819 | #endif /* WITH_SSH1 */ | ||
| 819 | } | 820 | } |
| 820 | #endif | ||
| 821 | 821 | ||
| 822 | /* | 822 | /* |
| 823 | * Finalizes and sends the packet. If the encryption key has been set, | 823 | * Finalizes and sends the packet. If the encryption key has been set, |
| @@ -2727,23 +2727,29 @@ sshpkt_put_stringb(struct ssh *ssh, const struct sshbuf *v) | |||
| 2727 | return sshbuf_put_stringb(ssh->state->outgoing_packet, v); | 2727 | return sshbuf_put_stringb(ssh->state->outgoing_packet, v); |
| 2728 | } | 2728 | } |
| 2729 | 2729 | ||
| 2730 | #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) | ||
| 2730 | int | 2731 | int |
| 2731 | sshpkt_put_ec(struct ssh *ssh, const EC_POINT *v, const EC_GROUP *g) | 2732 | sshpkt_put_ec(struct ssh *ssh, const EC_POINT *v, const EC_GROUP *g) |
| 2732 | { | 2733 | { |
| 2733 | return sshbuf_put_ec(ssh->state->outgoing_packet, v, g); | 2734 | return sshbuf_put_ec(ssh->state->outgoing_packet, v, g); |
| 2734 | } | 2735 | } |
| 2736 | #endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ | ||
| 2735 | 2737 | ||
| 2738 | #ifdef WITH_SSH1 | ||
| 2736 | int | 2739 | int |
| 2737 | sshpkt_put_bignum1(struct ssh *ssh, const BIGNUM *v) | 2740 | sshpkt_put_bignum1(struct ssh *ssh, const BIGNUM *v) |
| 2738 | { | 2741 | { |
| 2739 | return sshbuf_put_bignum1(ssh->state->outgoing_packet, v); | 2742 | return sshbuf_put_bignum1(ssh->state->outgoing_packet, v); |
| 2740 | } | 2743 | } |
| 2744 | #endif /* WITH_SSH1 */ | ||
| 2741 | 2745 | ||
| 2746 | #ifdef WITH_OPENSSL | ||
| 2742 | int | 2747 | int |
| 2743 | sshpkt_put_bignum2(struct ssh *ssh, const BIGNUM *v) | 2748 | sshpkt_put_bignum2(struct ssh *ssh, const BIGNUM *v) |
| 2744 | { | 2749 | { |
| 2745 | return sshbuf_put_bignum2(ssh->state->outgoing_packet, v); | 2750 | return sshbuf_put_bignum2(ssh->state->outgoing_packet, v); |
| 2746 | } | 2751 | } |
| 2752 | #endif /* WITH_OPENSSL */ | ||
| 2747 | 2753 | ||
| 2748 | /* fetch data from the incoming packet */ | 2754 | /* fetch data from the incoming packet */ |
| 2749 | 2755 | ||
| @@ -2789,23 +2795,29 @@ sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp) | |||
| 2789 | return sshbuf_get_cstring(ssh->state->incoming_packet, valp, lenp); | 2795 | return sshbuf_get_cstring(ssh->state->incoming_packet, valp, lenp); |
| 2790 | } | 2796 | } |
| 2791 | 2797 | ||
| 2798 | #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) | ||
| 2792 | int | 2799 | int |
| 2793 | sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g) | 2800 | sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g) |
| 2794 | { | 2801 | { |
| 2795 | return sshbuf_get_ec(ssh->state->incoming_packet, v, g); | 2802 | return sshbuf_get_ec(ssh->state->incoming_packet, v, g); |
| 2796 | } | 2803 | } |
| 2804 | #endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ | ||
| 2797 | 2805 | ||
| 2806 | #ifdef WITH_SSH1 | ||
| 2798 | int | 2807 | int |
| 2799 | sshpkt_get_bignum1(struct ssh *ssh, BIGNUM *v) | 2808 | sshpkt_get_bignum1(struct ssh *ssh, BIGNUM *v) |
| 2800 | { | 2809 | { |
| 2801 | return sshbuf_get_bignum1(ssh->state->incoming_packet, v); | 2810 | return sshbuf_get_bignum1(ssh->state->incoming_packet, v); |
| 2802 | } | 2811 | } |
| 2812 | #endif /* WITH_SSH1 */ | ||
| 2803 | 2813 | ||
| 2814 | #ifdef WITH_OPENSSL | ||
| 2804 | int | 2815 | int |
| 2805 | sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v) | 2816 | sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v) |
| 2806 | { | 2817 | { |
| 2807 | return sshbuf_get_bignum2(ssh->state->incoming_packet, v); | 2818 | return sshbuf_get_bignum2(ssh->state->incoming_packet, v); |
| 2808 | } | 2819 | } |
| 2820 | #endif /* WITH_OPENSSL */ | ||
| 2809 | 2821 | ||
| 2810 | int | 2822 | int |
| 2811 | sshpkt_get_end(struct ssh *ssh) | 2823 | sshpkt_get_end(struct ssh *ssh) |
| @@ -22,8 +22,18 @@ | |||
| 22 | # include <openssl/bn.h> | 22 | # include <openssl/bn.h> |
| 23 | # ifdef OPENSSL_HAS_ECC | 23 | # ifdef OPENSSL_HAS_ECC |
| 24 | # include <openssl/ec.h> | 24 | # include <openssl/ec.h> |
| 25 | # endif | 25 | # else /* OPENSSL_HAS_ECC */ |
| 26 | #endif | 26 | # define EC_KEY void |
| 27 | # define EC_GROUP void | ||
| 28 | # define EC_POINT void | ||
| 29 | # endif /* OPENSSL_HAS_ECC */ | ||
| 30 | #else /* WITH_OPENSSL */ | ||
| 31 | # define BIGNUM void | ||
| 32 | # define EC_KEY void | ||
| 33 | # define EC_GROUP void | ||
| 34 | # define EC_POINT void | ||
| 35 | #endif /* WITH_OPENSSL */ | ||
| 36 | |||
| 27 | #include <sys/signal.h> | 37 | #include <sys/signal.h> |
| 28 | #include <sys/queue.h> | 38 | #include <sys/queue.h> |
| 29 | 39 | ||
| @@ -182,4 +192,15 @@ const u_char *sshpkt_ptr(struct ssh *, size_t *lenp); | |||
| 182 | extern struct ssh *active_state; | 192 | extern struct ssh *active_state; |
| 183 | #include "opacket.h" | 193 | #include "opacket.h" |
| 184 | 194 | ||
| 195 | #if !defined(WITH_OPENSSL) | ||
| 196 | # undef BIGNUM | ||
| 197 | # undef EC_KEY | ||
| 198 | # undef EC_GROUP | ||
| 199 | # undef EC_POINT | ||
| 200 | #elif !defined(OPENSSL_HAS_ECC) | ||
| 201 | # undef EC_KEY | ||
| 202 | # undef EC_GROUP | ||
| 203 | # undef EC_POINT | ||
| 204 | #endif | ||
| 205 | |||
| 185 | #endif /* PACKET_H */ | 206 | #endif /* PACKET_H */ |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 9b2068254..923874825 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -192,6 +192,7 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) | |||
| 192 | exit(1); | 192 | exit(1); |
| 193 | } | 193 | } |
| 194 | if (*bitsp == 0) { | 194 | if (*bitsp == 0) { |
| 195 | #ifdef WITH_OPENSSL | ||
| 195 | if (type == KEY_DSA) | 196 | if (type == KEY_DSA) |
| 196 | *bitsp = DEFAULT_BITS_DSA; | 197 | *bitsp = DEFAULT_BITS_DSA; |
| 197 | else if (type == KEY_ECDSA) { | 198 | else if (type == KEY_ECDSA) { |
| @@ -200,8 +201,8 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) | |||
| 200 | *bitsp = sshkey_curve_nid_to_bits(nid); | 201 | *bitsp = sshkey_curve_nid_to_bits(nid); |
| 201 | if (*bitsp == 0) | 202 | if (*bitsp == 0) |
| 202 | *bitsp = DEFAULT_BITS_ECDSA; | 203 | *bitsp = DEFAULT_BITS_ECDSA; |
| 203 | } | 204 | } else |
| 204 | else | 205 | #endif |
| 205 | *bitsp = DEFAULT_BITS; | 206 | *bitsp = DEFAULT_BITS; |
| 206 | } | 207 | } |
| 207 | #ifdef WITH_OPENSSL | 208 | #ifdef WITH_OPENSSL |
| @@ -81,7 +81,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) | |||
| 81 | int r; | 81 | int r; |
| 82 | 82 | ||
| 83 | if (!called) { | 83 | if (!called) { |
| 84 | #ifdef WITH_OPENSSL | ||
| 84 | OpenSSL_add_all_algorithms(); | 85 | OpenSSL_add_all_algorithms(); |
| 86 | #endif /* WITH_OPENSSL */ | ||
| 85 | called = 1; | 87 | called = 1; |
| 86 | } | 88 | } |
| 87 | 89 | ||