summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-05-15 14:24:09 +1000
committerDamien Miller <djm@mindrot.org>2014-05-15 14:24:09 +1000
commit1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 (patch)
treeae708c2a25f84a04bcb04f2dbf3e8039e0f692bc
parentc5893785564498cea73cb60d2cf199490483e080 (diff)
- markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
-rw-r--r--ChangeLog8
-rw-r--r--auth.c6
-rw-r--r--authfd.c22
-rw-r--r--authfile.c33
-rw-r--r--bufaux.c4
-rw-r--r--cipher-aesctr.c78
-rw-r--r--cipher-aesctr.h35
-rw-r--r--cipher.c88
-rw-r--r--cipher.h4
-rw-r--r--hostfile.c8
-rw-r--r--kex.c18
-rw-r--r--key.c115
-rw-r--r--mac.c19
-rw-r--r--monitor.c23
-rw-r--r--monitor_wrap.c12
-rw-r--r--myproposal.h27
-rw-r--r--packet.c6
-rw-r--r--roaming_client.c5
-rw-r--r--ssh-agent.c12
-rw-r--r--ssh-keygen.c16
-rw-r--r--ssh-keyscan.c8
-rw-r--r--ssh-keysign.c5
-rw-r--r--ssh-pkcs11.h6
-rw-r--r--ssh.c22
-rw-r--r--sshconnect.c6
-rw-r--r--sshconnect2.c4
-rw-r--r--sshd.c42
27 files changed, 560 insertions, 72 deletions
diff --git a/ChangeLog b/ChangeLog
index a68a314e8..d6eb5b99f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,6 +36,14 @@
36 bz#1818 - don't send channel success/failre replies on channels that 36 bz#1818 - don't send channel success/failre replies on channels that
37 have sent a close already; analysis and patch from Simon Tatham; 37 have sent a close already; analysis and patch from Simon Tatham;
38 ok markus@ 38 ok markus@
39 - markus@cvs.openbsd.org 2014/04/29 18:01:49
40 [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
41 [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
42 [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
43 [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
44 make compiling against OpenSSL optional (make OPENSSL=no);
45 reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
46 allows us to explore further options; with and ok djm
39 47
4020140430 4820140430
41 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already 49 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already
diff --git a/auth.c b/auth.c
index 9a36f1dac..fcb314cbd 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */ 1/* $OpenBSD: auth.c,v 1.104 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -659,6 +659,7 @@ getpwnamallow(const char *user)
659int 659int
660auth_key_is_revoked(Key *key) 660auth_key_is_revoked(Key *key)
661{ 661{
662#ifdef WITH_OPENSSL
662 char *key_fp; 663 char *key_fp;
663 664
664 if (options.revoked_keys_file == NULL) 665 if (options.revoked_keys_file == NULL)
@@ -671,6 +672,7 @@ auth_key_is_revoked(Key *key)
671 default: 672 default:
672 goto revoked; 673 goto revoked;
673 } 674 }
675#endif
674 debug3("%s: treating %s as a key list", __func__, 676 debug3("%s: treating %s as a key list", __func__,
675 options.revoked_keys_file); 677 options.revoked_keys_file);
676 switch (key_in_file(key, options.revoked_keys_file, 0)) { 678 switch (key_in_file(key, options.revoked_keys_file, 0)) {
@@ -682,6 +684,7 @@ auth_key_is_revoked(Key *key)
682 error("Revoked keys file is unreadable: refusing public key " 684 error("Revoked keys file is unreadable: refusing public key "
683 "authentication"); 685 "authentication");
684 return 1; 686 return 1;
687#ifdef WITH_OPENSSL
685 case 1: 688 case 1:
686 revoked: 689 revoked:
687 /* Key revoked */ 690 /* Key revoked */
@@ -690,6 +693,7 @@ auth_key_is_revoked(Key *key)
690 "%s key %s ", key_type(key), key_fp); 693 "%s key %s ", key_type(key), key_fp);
691 free(key_fp); 694 free(key_fp);
692 return 1; 695 return 1;
696#endif
693 } 697 }
694 fatal("key_in_file returned junk"); 698 fatal("key_in_file returned junk");
695} 699}
diff --git a/authfd.c b/authfd.c
index cea3f97b4..2d5a8dd5b 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfd.c,v 1.92 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: authfd.c,v 1.93 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -41,9 +41,6 @@
41#include <sys/un.h> 41#include <sys/un.h>
42#include <sys/socket.h> 42#include <sys/socket.h>
43 43
44#include <openssl/evp.h>
45#include <openssl/crypto.h>
46
47#include <fcntl.h> 44#include <fcntl.h>
48#include <stdlib.h> 45#include <stdlib.h>
49#include <signal.h> 46#include <signal.h>
@@ -313,8 +310,10 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi
313Key * 310Key *
314ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) 311ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version)
315{ 312{
313#ifdef WITH_SSH1
316 int keybits; 314 int keybits;
317 u_int bits; 315 u_int bits;
316#endif
318 u_char *blob; 317 u_char *blob;
319 u_int blen; 318 u_int blen;
320 Key *key = NULL; 319 Key *key = NULL;
@@ -328,6 +327,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
328 * error if the packet is too short or contains corrupt data. 327 * error if the packet is too short or contains corrupt data.
329 */ 328 */
330 switch (version) { 329 switch (version) {
330#ifdef WITH_SSH1
331 case 1: 331 case 1:
332 key = key_new(KEY_RSA1); 332 key = key_new(KEY_RSA1);
333 bits = buffer_get_int(&auth->identities); 333 bits = buffer_get_int(&auth->identities);
@@ -339,6 +339,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
339 logit("Warning: identity keysize mismatch: actual %d, announced %u", 339 logit("Warning: identity keysize mismatch: actual %d, announced %u",
340 BN_num_bits(key->rsa->n), bits); 340 BN_num_bits(key->rsa->n), bits);
341 break; 341 break;
342#endif
342 case 2: 343 case 2:
343 blob = buffer_get_string(&auth->identities, &blen); 344 blob = buffer_get_string(&auth->identities, &blen);
344 *comment = buffer_get_string(&auth->identities, NULL); 345 *comment = buffer_get_string(&auth->identities, NULL);
@@ -361,6 +362,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
361 * supported) and 1 corresponding to protocol version 1.1. 362 * supported) and 1 corresponding to protocol version 1.1.
362 */ 363 */
363 364
365#ifdef WITH_SSH1
364int 366int
365ssh_decrypt_challenge(AuthenticationConnection *auth, 367ssh_decrypt_challenge(AuthenticationConnection *auth,
366 Key* key, BIGNUM *challenge, 368 Key* key, BIGNUM *challenge,
@@ -410,6 +412,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
410 buffer_free(&buffer); 412 buffer_free(&buffer);
411 return success; 413 return success;
412} 414}
415#endif
413 416
414/* ask agent to sign data, returns -1 on error, 0 on success */ 417/* ask agent to sign data, returns -1 on error, 0 on success */
415int 418int
@@ -457,6 +460,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
457 460
458/* Encode key for a message to the agent. */ 461/* Encode key for a message to the agent. */
459 462
463#ifdef WITH_SSH1
460static void 464static void
461ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) 465ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
462{ 466{
@@ -470,6 +474,7 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
470 buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ 474 buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */
471 buffer_put_cstring(b, comment); 475 buffer_put_cstring(b, comment);
472} 476}
477#endif
473 478
474static void 479static void
475ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) 480ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
@@ -493,6 +498,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
493 buffer_init(&msg); 498 buffer_init(&msg);
494 499
495 switch (key->type) { 500 switch (key->type) {
501#ifdef WITH_SSH1
496 case KEY_RSA1: 502 case KEY_RSA1:
497 type = constrained ? 503 type = constrained ?
498 SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : 504 SSH_AGENTC_ADD_RSA_ID_CONSTRAINED :
@@ -500,6 +506,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
500 buffer_put_char(&msg, type); 506 buffer_put_char(&msg, type);
501 ssh_encode_identity_rsa1(&msg, key->rsa, comment); 507 ssh_encode_identity_rsa1(&msg, key->rsa, comment);
502 break; 508 break;
509#endif
510#ifdef WITH_OPENSSL
503 case KEY_RSA: 511 case KEY_RSA:
504 case KEY_RSA_CERT: 512 case KEY_RSA_CERT:
505 case KEY_RSA_CERT_V00: 513 case KEY_RSA_CERT_V00:
@@ -508,6 +516,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
508 case KEY_DSA_CERT_V00: 516 case KEY_DSA_CERT_V00:
509 case KEY_ECDSA: 517 case KEY_ECDSA:
510 case KEY_ECDSA_CERT: 518 case KEY_ECDSA_CERT:
519#endif
511 case KEY_ED25519: 520 case KEY_ED25519:
512 case KEY_ED25519_CERT: 521 case KEY_ED25519_CERT:
513 type = constrained ? 522 type = constrained ?
@@ -552,12 +561,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
552 561
553 buffer_init(&msg); 562 buffer_init(&msg);
554 563
564#ifdef WITH_SSH1
555 if (key->type == KEY_RSA1) { 565 if (key->type == KEY_RSA1) {
556 buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); 566 buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY);
557 buffer_put_int(&msg, BN_num_bits(key->rsa->n)); 567 buffer_put_int(&msg, BN_num_bits(key->rsa->n));
558 buffer_put_bignum(&msg, key->rsa->e); 568 buffer_put_bignum(&msg, key->rsa->e);
559 buffer_put_bignum(&msg, key->rsa->n); 569 buffer_put_bignum(&msg, key->rsa->n);
560 } else if (key->type != KEY_UNSPEC) { 570 } else
571#endif
572 if (key->type != KEY_UNSPEC) {
561 key_to_blob(key, &blob, &blen); 573 key_to_blob(key, &blob, &blen);
562 buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); 574 buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
563 buffer_put_string(&msg, blob, blen); 575 buffer_put_string(&msg, blob, blen);
diff --git a/authfile.c b/authfile.c
index 44994a810..7cb901133 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.105 2014/04/28 03:09:18 djm Exp $ */ 1/* $OpenBSD: authfile.c,v 1.106 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -43,9 +43,11 @@
43#include <sys/param.h> 43#include <sys/param.h>
44#include <sys/uio.h> 44#include <sys/uio.h>
45 45
46#ifdef WITH_OPENSSL
46#include <openssl/err.h> 47#include <openssl/err.h>
47#include <openssl/evp.h> 48#include <openssl/evp.h>
48#include <openssl/pem.h> 49#include <openssl/pem.h>
50#endif
49 51
50/* compatibility with old or broken OpenSSL versions */ 52/* compatibility with old or broken OpenSSL versions */
51#include "openbsd-compat/openssl-compat.h" 53#include "openbsd-compat/openssl-compat.h"
@@ -419,6 +421,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase,
419 return k; 421 return k;
420} 422}
421 423
424#ifdef WITH_SSH1
422/* 425/*
423 * Serialises the authentication (private) key to a blob, encrypting it with 426 * Serialises the authentication (private) key to a blob, encrypting it with
424 * passphrase. The identification of the blob (lowest 64 bits of n) will 427 * passphrase. The identification of the blob (lowest 64 bits of n) will
@@ -508,7 +511,9 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
508 511
509 return 1; 512 return 1;
510} 513}
514#endif
511 515
516#ifdef WITH_OPENSSL
512/* convert SSH v2 key in OpenSSL PEM format */ 517/* convert SSH v2 key in OpenSSL PEM format */
513static int 518static int
514key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, 519key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase,
@@ -558,6 +563,7 @@ key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase,
558 BIO_free(bio); 563 BIO_free(bio);
559 return success; 564 return success;
560} 565}
566#endif
561 567
562/* Save a key blob to a file */ 568/* Save a key blob to a file */
563static int 569static int
@@ -588,8 +594,11 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase,
588 int new_format_rounds) 594 int new_format_rounds)
589{ 595{
590 switch (key->type) { 596 switch (key->type) {
597#ifdef WITH_SSH1
591 case KEY_RSA1: 598 case KEY_RSA1:
592 return key_private_rsa1_to_blob(key, blob, passphrase, comment); 599 return key_private_rsa1_to_blob(key, blob, passphrase, comment);
600#endif
601#ifdef WITH_OPENSSL
593 case KEY_DSA: 602 case KEY_DSA:
594 case KEY_ECDSA: 603 case KEY_ECDSA:
595 case KEY_RSA: 604 case KEY_RSA:
@@ -598,6 +607,7 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase,
598 comment, new_format_cipher, new_format_rounds); 607 comment, new_format_cipher, new_format_rounds);
599 } 608 }
600 return key_private_pem_to_blob(key, blob, passphrase, comment); 609 return key_private_pem_to_blob(key, blob, passphrase, comment);
610#endif
601 case KEY_ED25519: 611 case KEY_ED25519:
602 return key_private_to_blob2(key, blob, passphrase, 612 return key_private_to_blob2(key, blob, passphrase,
603 comment, new_format_cipher, new_format_rounds); 613 comment, new_format_cipher, new_format_rounds);
@@ -627,6 +637,7 @@ key_save_private(Key *key, const char *filename, const char *passphrase,
627 return success; 637 return success;
628} 638}
629 639
640#ifdef WITH_SSH1
630/* 641/*
631 * Parse the public, unencrypted portion of a RSA1 key. 642 * Parse the public, unencrypted portion of a RSA1 key.
632 */ 643 */
@@ -671,6 +682,7 @@ key_parse_public_rsa1(Buffer *blob, char **commentp)
671 682
672 return pub; 683 return pub;
673} 684}
685#endif
674 686
675/* Load a key from a fd into a buffer */ 687/* Load a key from a fd into a buffer */
676int 688int
@@ -727,6 +739,7 @@ key_load_file(int fd, const char *filename, Buffer *blob)
727 return 1; 739 return 1;
728} 740}
729 741
742#ifdef WITH_SSH1
730/* 743/*
731 * Loads the public part of the ssh v1 key file. Returns NULL if an error was 744 * Loads the public part of the ssh v1 key file. Returns NULL if an error was
732 * encountered (the file does not exist or is not readable), and the key 745 * encountered (the file does not exist or is not readable), and the key
@@ -870,7 +883,9 @@ fail:
870 key_free(prv); 883 key_free(prv);
871 return NULL; 884 return NULL;
872} 885}
886#endif
873 887
888#ifdef WITH_OPENSSL
874static Key * 889static Key *
875key_parse_private_pem(Buffer *blob, int type, const char *passphrase, 890key_parse_private_pem(Buffer *blob, int type, const char *passphrase,
876 char **commentp) 891 char **commentp)
@@ -964,6 +979,7 @@ key_load_private_pem(int fd, int type, const char *passphrase,
964 buffer_free(&buffer); 979 buffer_free(&buffer);
965 return prv; 980 return prv;
966} 981}
982#endif
967 983
968int 984int
969key_perm_ok(int fd, const char *filename) 985key_perm_ok(int fd, const char *filename)
@@ -1000,18 +1016,24 @@ key_parse_private_type(Buffer *blob, int type, const char *passphrase,
1000 Key *k; 1016 Key *k;
1001 1017
1002 switch (type) { 1018 switch (type) {
1019#ifdef WITH_SSH1
1003 case KEY_RSA1: 1020 case KEY_RSA1:
1004 return key_parse_private_rsa1(blob, passphrase, commentp); 1021 return key_parse_private_rsa1(blob, passphrase, commentp);
1022#endif
1023#ifdef WITH_OPENSSL
1005 case KEY_DSA: 1024 case KEY_DSA:
1006 case KEY_ECDSA: 1025 case KEY_ECDSA:
1007 case KEY_RSA: 1026 case KEY_RSA:
1008 return key_parse_private_pem(blob, type, passphrase, commentp); 1027 return key_parse_private_pem(blob, type, passphrase, commentp);
1028#endif
1009 case KEY_ED25519: 1029 case KEY_ED25519:
1010 return key_parse_private2(blob, type, passphrase, commentp); 1030 return key_parse_private2(blob, type, passphrase, commentp);
1011 case KEY_UNSPEC: 1031 case KEY_UNSPEC:
1012 if ((k = key_parse_private2(blob, type, passphrase, commentp))) 1032 if ((k = key_parse_private2(blob, type, passphrase, commentp)))
1013 return k; 1033 return k;
1034#ifdef WITH_OPENSSL
1014 return key_parse_private_pem(blob, type, passphrase, commentp); 1035 return key_parse_private_pem(blob, type, passphrase, commentp);
1036#endif
1015 default: 1037 default:
1016 error("%s: cannot parse key type %d", __func__, type); 1038 error("%s: cannot parse key type %d", __func__, type);
1017 break; 1039 break;
@@ -1061,6 +1083,7 @@ Key *
1061key_parse_private(Buffer *buffer, const char *filename, 1083key_parse_private(Buffer *buffer, const char *filename,
1062 const char *passphrase, char **commentp) 1084 const char *passphrase, char **commentp)
1063{ 1085{
1086#ifdef WITH_SSH1
1064 Key *pub, *prv; 1087 Key *pub, *prv;
1065 1088
1066 /* it's a SSH v1 key if the public key part is readable */ 1089 /* it's a SSH v1 key if the public key part is readable */
@@ -1078,6 +1101,10 @@ key_parse_private(Buffer *buffer, const char *filename,
1078 NULL); 1101 NULL);
1079 } 1102 }
1080 return prv; 1103 return prv;
1104#else
1105 return key_parse_private_type(buffer, KEY_UNSPEC,
1106 passphrase, commentp);
1107#endif
1081} 1108}
1082 1109
1083Key * 1110Key *
@@ -1162,6 +1189,7 @@ key_load_public(const char *filename, char **commentp)
1162 Key *pub; 1189 Key *pub;
1163 char file[MAXPATHLEN]; 1190 char file[MAXPATHLEN];
1164 1191
1192#ifdef WITH_SSH1
1165 /* try rsa1 private key */ 1193 /* try rsa1 private key */
1166 pub = key_load_public_type(KEY_RSA1, filename, commentp); 1194 pub = key_load_public_type(KEY_RSA1, filename, commentp);
1167 if (pub != NULL) 1195 if (pub != NULL)
@@ -1172,6 +1200,7 @@ key_load_public(const char *filename, char **commentp)
1172 if (key_try_load_public(pub, filename, commentp) == 1) 1200 if (key_try_load_public(pub, filename, commentp) == 1)
1173 return pub; 1201 return pub;
1174 key_free(pub); 1202 key_free(pub);
1203#endif
1175 1204
1176 /* try ssh2 public key */ 1205 /* try ssh2 public key */
1177 pub = key_new(KEY_UNSPEC); 1206 pub = key_new(KEY_UNSPEC);
@@ -1211,9 +1240,11 @@ key_load_private_cert(int type, const char *filename, const char *passphrase,
1211 Key *key, *pub; 1240 Key *key, *pub;
1212 1241
1213 switch (type) { 1242 switch (type) {
1243#ifdef WITH_OPENSSL
1214 case KEY_RSA: 1244 case KEY_RSA:
1215 case KEY_DSA: 1245 case KEY_DSA:
1216 case KEY_ECDSA: 1246 case KEY_ECDSA:
1247#endif
1217 case KEY_ED25519: 1248 case KEY_ED25519:
1218 break; 1249 break;
1219 default: 1250 default:
diff --git a/bufaux.c b/bufaux.c
index 2c8f96cde..320bc2cb6 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bufaux.c,v 1.58 2014/04/28 03:09:18 djm Exp $ */ 1/* $OpenBSD: bufaux.c,v 1.59 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -41,8 +41,6 @@
41 41
42#include <sys/types.h> 42#include <sys/types.h>
43 43
44#include <openssl/bn.h>
45
46#include <string.h> 44#include <string.h>
47#include <stdarg.h> 45#include <stdarg.h>
48#include <stdlib.h> 46#include <stdlib.h>
diff --git a/cipher-aesctr.c b/cipher-aesctr.c
new file mode 100644
index 000000000..a4cf61e41
--- /dev/null
+++ b/cipher-aesctr.c
@@ -0,0 +1,78 @@
1/* $OpenBSD: cipher-aesctr.c,v 1.1 2014/04/29 15:39:33 markus Exp $ */
2/*
3 * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <string.h>
20
21#include "cipher-aesctr.h"
22
23/*
24 * increment counter 'ctr',
25 * the counter is of size 'len' bytes and stored in network-byte-order.
26 * (LSB at ctr[len-1], MSB at ctr[0])
27 */
28static __inline__ void
29aesctr_inc(u8 *ctr, u32 len)
30{
31 ssize_t i;
32
33#ifndef CONSTANT_TIME_INCREMENT
34 for (i = len - 1; i >= 0; i--)
35 if (++ctr[i]) /* continue on overflow */
36 return;
37#else
38 u8 x, add = 1;
39
40 for (i = len - 1; i >= 0; i--) {
41 ctr[i] += add;
42 /* constant time for: x = ctr[i] ? 1 : 0 */
43 x = ctr[i];
44 x = (x | (x >> 4)) & 0xf;
45 x = (x | (x >> 2)) & 0x3;
46 x = (x | (x >> 1)) & 0x1;
47 add *= (x^1);
48 }
49#endif
50}
51
52void
53aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
54{
55 x->rounds = rijndaelKeySetupEnc(x->ek, k, kbits);
56}
57
58void
59aesctr_ivsetup(aesctr_ctx *x,const u8 *iv)
60{
61 memcpy(x->ctr, iv, AES_BLOCK_SIZE);
62}
63
64void
65aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes)
66{
67 u32 n = 0;
68 u8 buf[AES_BLOCK_SIZE];
69
70 while ((bytes--) > 0) {
71 if (n == 0) {
72 rijndaelEncrypt(x->ek, x->rounds, x->ctr, buf);
73 aesctr_inc(x->ctr, AES_BLOCK_SIZE);
74 }
75 *(c++) = *(m++) ^ buf[n];
76 n = (n + 1) % AES_BLOCK_SIZE;
77 }
78}
diff --git a/cipher-aesctr.h b/cipher-aesctr.h
new file mode 100644
index 000000000..85d55bba2
--- /dev/null
+++ b/cipher-aesctr.h
@@ -0,0 +1,35 @@
1/* $OpenBSD: cipher-aesctr.h,v 1.1 2014/04/29 15:39:33 markus Exp $ */
2/*
3 * Copyright (c) 2014 Markus Friedl
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef OPENSSH_AESCTR_H
19#define OPENSSH_AESCTR_H
20
21#include "rijndael.h"
22
23#define AES_BLOCK_SIZE 16
24
25typedef struct aesctr_ctx {
26 int rounds; /* keylen-dependent #rounds */
27 u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */
28 u8 ctr[AES_BLOCK_SIZE]; /* counter */
29} aesctr_ctx;
30
31void aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits);
32void aesctr_ivsetup(aesctr_ctx *x,const u8 *iv);
33void aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes);
34
35#endif
diff --git a/cipher.c b/cipher.c
index 53d9b4fb7..0ea073f55 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */ 1/* $OpenBSD: cipher.c,v 1.98 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -53,9 +53,11 @@
53/* compatibility with old or broken OpenSSL versions */ 53/* compatibility with old or broken OpenSSL versions */
54#include "openbsd-compat/openssl-compat.h" 54#include "openbsd-compat/openssl-compat.h"
55 55
56#ifdef WITH_SSH1
56extern const EVP_CIPHER *evp_ssh1_bf(void); 57extern const EVP_CIPHER *evp_ssh1_bf(void);
57extern const EVP_CIPHER *evp_ssh1_3des(void); 58extern const EVP_CIPHER *evp_ssh1_3des(void);
58extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); 59extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
60#endif
59 61
60struct Cipher { 62struct Cipher {
61 char *name; 63 char *name;
@@ -68,15 +70,23 @@ struct Cipher {
68 u_int flags; 70 u_int flags;
69#define CFLAG_CBC (1<<0) 71#define CFLAG_CBC (1<<0)
70#define CFLAG_CHACHAPOLY (1<<1) 72#define CFLAG_CHACHAPOLY (1<<1)
73#define CFLAG_AESCTR (1<<2)
74#define CFLAG_NONE (1<<3)
75#ifdef WITH_OPENSSL
71 const EVP_CIPHER *(*evptype)(void); 76 const EVP_CIPHER *(*evptype)(void);
77#else
78 void *ignored;
79#endif
72}; 80};
73 81
74static const struct Cipher ciphers[] = { 82static const struct Cipher ciphers[] = {
75 { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, 83#ifdef WITH_SSH1
76 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, 84 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
77 { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, 85 { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
78 { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, 86 { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
79 87#endif
88#ifdef WITH_OPENSSL
89 { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
80 { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, 90 { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
81 { "blowfish-cbc", 91 { "blowfish-cbc",
82 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, 92 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
@@ -99,6 +109,12 @@ static const struct Cipher ciphers[] = {
99 { "aes256-gcm@openssh.com", 109 { "aes256-gcm@openssh.com",
100 SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, 110 SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
101#endif 111#endif
112#else /* WITH_OPENSSL */
113 { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL },
114 { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL },
115 { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL },
116 { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL },
117#endif /* WITH_OPENSSL */
102 { "chacha20-poly1305@openssh.com", 118 { "chacha20-poly1305@openssh.com",
103 SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, 119 SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL },
104 { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL } 120 { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL }
@@ -264,6 +280,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
264 const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, 280 const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,
265 int do_encrypt) 281 int do_encrypt)
266{ 282{
283#ifdef WITH_OPENSSL
267 static int dowarn = 1; 284 static int dowarn = 1;
268#ifdef SSH_OLD_EVP 285#ifdef SSH_OLD_EVP
269 EVP_CIPHER *type; 286 EVP_CIPHER *type;
@@ -282,6 +299,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
282 if (keylen > 8) 299 if (keylen > 8)
283 keylen = 8; 300 keylen = 8;
284 } 301 }
302#endif
285 cc->plaintext = (cipher->number == SSH_CIPHER_NONE); 303 cc->plaintext = (cipher->number == SSH_CIPHER_NONE);
286 cc->encrypt = do_encrypt; 304 cc->encrypt = do_encrypt;
287 305
@@ -297,6 +315,16 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
297 chachapoly_init(&cc->cp_ctx, key, keylen); 315 chachapoly_init(&cc->cp_ctx, key, keylen);
298 return; 316 return;
299 } 317 }
318#ifndef WITH_OPENSSL
319 if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {
320 aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen);
321 aesctr_ivsetup(&cc->ac_ctx, iv);
322 return;
323 }
324 if ((cc->cipher->flags & CFLAG_NONE) != 0)
325 return;
326 fatal("unsupported cipher");
327#else
300 type = (*cipher->evptype)(); 328 type = (*cipher->evptype)();
301 EVP_CIPHER_CTX_init(&cc->evp); 329 EVP_CIPHER_CTX_init(&cc->evp);
302#ifdef SSH_OLD_EVP 330#ifdef SSH_OLD_EVP
@@ -339,6 +367,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
339 free(junk); 367 free(junk);
340 free(discard); 368 free(discard);
341 } 369 }
370#endif
342} 371}
343 372
344/* 373/*
@@ -360,6 +389,20 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,
360 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) 389 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
361 return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, 390 return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len,
362 aadlen, authlen, cc->encrypt); 391 aadlen, authlen, cc->encrypt);
392#ifndef WITH_OPENSSL
393 if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {
394 if (aadlen)
395 memcpy(dest, src, aadlen);
396 aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen,
397 dest + aadlen, len);
398 return 0;
399 }
400 if ((cc->cipher->flags & CFLAG_NONE) != 0) {
401 memcpy(dest, src, aadlen + len);
402 return 0;
403 }
404 fatal("unsupported cipher");
405#else
363 if (authlen) { 406 if (authlen) {
364 u_char lastiv[1]; 407 u_char lastiv[1];
365 408
@@ -400,6 +443,7 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,
400 fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__); 443 fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__);
401 } 444 }
402 return 0; 445 return 0;
446#endif
403} 447}
404 448
405/* Extract the packet length, including any decryption necessary beforehand */ 449/* Extract the packet length, including any decryption necessary beforehand */
@@ -421,8 +465,12 @@ cipher_cleanup(CipherContext *cc)
421{ 465{
422 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) 466 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
423 explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); 467 explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
468 else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)
469 explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx));
470#ifdef WITH_OPENSSL
424 else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) 471 else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
425 error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); 472 error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
473#endif
426} 474}
427 475
428/* 476/*
@@ -455,14 +503,16 @@ int
455cipher_get_keyiv_len(const CipherContext *cc) 503cipher_get_keyiv_len(const CipherContext *cc)
456{ 504{
457 const Cipher *c = cc->cipher; 505 const Cipher *c = cc->cipher;
458 int ivlen; 506 int ivlen = 0;
459 507
460 if (c->number == SSH_CIPHER_3DES) 508 if (c->number == SSH_CIPHER_3DES)
461 ivlen = 24; 509 ivlen = 24;
462 else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) 510 else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
463 ivlen = 0; 511 ivlen = 0;
512#ifdef WITH_OPENSSL
464 else 513 else
465 ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp); 514 ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp);
515#endif
466 return (ivlen); 516 return (ivlen);
467} 517}
468 518
@@ -470,15 +520,20 @@ void
470cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) 520cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
471{ 521{
472 const Cipher *c = cc->cipher; 522 const Cipher *c = cc->cipher;
523#ifdef WITH_OPENSSL
473 int evplen; 524 int evplen;
525#endif
474 526
475 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { 527 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
476 if (len != 0) 528 if (len != 0)
477 fatal("%s: wrong iv length %d != %d", __func__, len, 0); 529 fatal("%s: wrong iv length %d != %d", __func__, len, 0);
478 return; 530 return;
479 } 531 }
532 if ((cc->cipher->flags & CFLAG_NONE) != 0)
533 return;
480 534
481 switch (c->number) { 535 switch (c->number) {
536#ifdef WITH_OPENSSL
482 case SSH_CIPHER_SSH2: 537 case SSH_CIPHER_SSH2:
483 case SSH_CIPHER_DES: 538 case SSH_CIPHER_DES:
484 case SSH_CIPHER_BLOWFISH: 539 case SSH_CIPHER_BLOWFISH:
@@ -492,17 +547,20 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
492 if (c->evptype == evp_rijndael) 547 if (c->evptype == evp_rijndael)
493 ssh_rijndael_iv(&cc->evp, 0, iv, len); 548 ssh_rijndael_iv(&cc->evp, 0, iv, len);
494 else 549 else
495#endif 550#endif /* USE_BUILTIN_RIJNDAEL */
496#ifndef OPENSSL_HAVE_EVPCTR 551#ifndef OPENSSL_HAVE_EVPCTR
497 if (c->evptype == evp_aes_128_ctr) 552 if (c->evptype == evp_aes_128_ctr)
498 ssh_aes_ctr_iv(&cc->evp, 0, iv, len); 553 ssh_aes_ctr_iv(&cc->evp, 0, iv, len);
499 else 554 else
500#endif 555#endif /* OPENSSL_HAVE_EVPCTR */
501 memcpy(iv, cc->evp.iv, len); 556 memcpy(iv, cc->evp.iv, len);
502 break; 557 break;
558#endif /* WITH_OPENSSL */
559#ifdef WITH_SSH1
503 case SSH_CIPHER_3DES: 560 case SSH_CIPHER_3DES:
504 ssh1_3des_iv(&cc->evp, 0, iv, 24); 561 ssh1_3des_iv(&cc->evp, 0, iv, 24);
505 break; 562 break;
563#endif /* WITH_SSH1 */
506 default: 564 default:
507 fatal("%s: bad cipher %d", __func__, c->number); 565 fatal("%s: bad cipher %d", __func__, c->number);
508 } 566 }
@@ -512,12 +570,17 @@ void
512cipher_set_keyiv(CipherContext *cc, u_char *iv) 570cipher_set_keyiv(CipherContext *cc, u_char *iv)
513{ 571{
514 const Cipher *c = cc->cipher; 572 const Cipher *c = cc->cipher;
573#ifdef WITH_OPENSSL
515 int evplen = 0; 574 int evplen = 0;
575#endif
516 576
517 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) 577 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
518 return; 578 return;
579 if ((cc->cipher->flags & CFLAG_NONE) != 0)
580 return;
519 581
520 switch (c->number) { 582 switch (c->number) {
583#ifdef WITH_OPENSSL
521 case SSH_CIPHER_SSH2: 584 case SSH_CIPHER_SSH2:
522 case SSH_CIPHER_DES: 585 case SSH_CIPHER_DES:
523 case SSH_CIPHER_BLOWFISH: 586 case SSH_CIPHER_BLOWFISH:
@@ -528,17 +591,20 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
528 if (c->evptype == evp_rijndael) 591 if (c->evptype == evp_rijndael)
529 ssh_rijndael_iv(&cc->evp, 1, iv, evplen); 592 ssh_rijndael_iv(&cc->evp, 1, iv, evplen);
530 else 593 else
531#endif 594#endif /* USE_BUILTIN_RIJNDAEL */
532#ifndef OPENSSL_HAVE_EVPCTR 595#ifndef OPENSSL_HAVE_EVPCTR
533 if (c->evptype == evp_aes_128_ctr) 596 if (c->evptype == evp_aes_128_ctr)
534 ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen); 597 ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen);
535 else 598 else
536#endif 599#endif /* OPENSSL_HAVE_EVPCTR */
537 memcpy(cc->evp.iv, iv, evplen); 600 memcpy(cc->evp.iv, iv, evplen);
538 break; 601 break;
602#endif /* WITH_OPENSSL */
603#ifdef WITH_SSH1
539 case SSH_CIPHER_3DES: 604 case SSH_CIPHER_3DES:
540 ssh1_3des_iv(&cc->evp, 1, iv, 24); 605 ssh1_3des_iv(&cc->evp, 1, iv, 24);
541 break; 606 break;
607#endif /* WITH_SSH1 */
542 default: 608 default:
543 fatal("%s: bad cipher %d", __func__, c->number); 609 fatal("%s: bad cipher %d", __func__, c->number);
544 } 610 }
@@ -547,6 +613,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
547int 613int
548cipher_get_keycontext(const CipherContext *cc, u_char *dat) 614cipher_get_keycontext(const CipherContext *cc, u_char *dat)
549{ 615{
616#ifdef WITH_OPENSSL
550 const Cipher *c = cc->cipher; 617 const Cipher *c = cc->cipher;
551 int plen = 0; 618 int plen = 0;
552 619
@@ -557,11 +624,15 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat)
557 memcpy(dat, EVP_X_STATE(cc->evp), plen); 624 memcpy(dat, EVP_X_STATE(cc->evp), plen);
558 } 625 }
559 return (plen); 626 return (plen);
627#else
628 return (0);
629#endif
560} 630}
561 631
562void 632void
563cipher_set_keycontext(CipherContext *cc, u_char *dat) 633cipher_set_keycontext(CipherContext *cc, u_char *dat)
564{ 634{
635#ifdef WITH_OPENSSL
565 const Cipher *c = cc->cipher; 636 const Cipher *c = cc->cipher;
566 int plen; 637 int plen;
567 638
@@ -569,4 +640,5 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat)
569 plen = EVP_X_STATE_LEN(cc->evp); 640 plen = EVP_X_STATE_LEN(cc->evp);
570 memcpy(EVP_X_STATE(cc->evp), dat, plen); 641 memcpy(EVP_X_STATE(cc->evp), dat, plen);
571 } 642 }
643#endif
572} 644}
diff --git a/cipher.h b/cipher.h
index 133d2e73d..5aa778f14 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher.h,v 1.44 2014/01/25 10:12:50 dtucker Exp $ */ 1/* $OpenBSD: cipher.h,v 1.45 2014/04/29 18:01:49 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -39,6 +39,7 @@
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41#include "cipher-chachapoly.h" 41#include "cipher-chachapoly.h"
42#include "cipher-aesctr.h"
42 43
43/* 44/*
44 * Cipher types for SSH-1. New types can be added, but old types should not 45 * Cipher types for SSH-1. New types can be added, but old types should not
@@ -69,6 +70,7 @@ struct CipherContext {
69 int encrypt; 70 int encrypt;
70 EVP_CIPHER_CTX evp; 71 EVP_CIPHER_CTX evp;
71 struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ 72 struct chachapoly_ctx cp_ctx; /* XXX union with evp? */
73 struct aesctr_ctx ac_ctx; /* XXX union with evp? */
72 const Cipher *cipher; 74 const Cipher *cipher;
73}; 75};
74 76
diff --git a/hostfile.c b/hostfile.c
index 8bc9540b7..91741cab8 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hostfile.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: hostfile.c,v 1.56 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -182,6 +182,7 @@ static int
182hostfile_check_key(int bits, const Key *key, const char *host, 182hostfile_check_key(int bits, const Key *key, const char *host,
183 const char *filename, u_long linenum) 183 const char *filename, u_long linenum)
184{ 184{
185#ifdef WITH_SSH1
185 if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL) 186 if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL)
186 return 1; 187 return 1;
187 if (bits != BN_num_bits(key->rsa->n)) { 188 if (bits != BN_num_bits(key->rsa->n)) {
@@ -191,6 +192,7 @@ hostfile_check_key(int bits, const Key *key, const char *host,
191 logit("Warning: replace %d with %d in %s, line %lu.", 192 logit("Warning: replace %d with %d in %s, line %lu.",
192 bits, BN_num_bits(key->rsa->n), filename, linenum); 193 bits, BN_num_bits(key->rsa->n), filename, linenum);
193 } 194 }
195#endif
194 return 1; 196 return 1;
195} 197}
196 198
@@ -296,11 +298,15 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
296 key = key_new(KEY_UNSPEC); 298 key = key_new(KEY_UNSPEC);
297 if (!hostfile_read_key(&cp, &kbits, key)) { 299 if (!hostfile_read_key(&cp, &kbits, key)) {
298 key_free(key); 300 key_free(key);
301#ifdef WITH_SSH1
299 key = key_new(KEY_RSA1); 302 key = key_new(KEY_RSA1);
300 if (!hostfile_read_key(&cp, &kbits, key)) { 303 if (!hostfile_read_key(&cp, &kbits, key)) {
301 key_free(key); 304 key_free(key);
302 continue; 305 continue;
303 } 306 }
307#else
308 continue;
309#endif
304 } 310 }
305 if (!hostfile_check_key(kbits, key, host, path, linenum)) 311 if (!hostfile_check_key(kbits, key, host, path, linenum))
306 continue; 312 continue;
diff --git a/kex.c b/kex.c
index 74e2b8682..a173e70e3 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.99 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -33,7 +33,9 @@
33#include <stdlib.h> 33#include <stdlib.h>
34#include <string.h> 34#include <string.h>
35 35
36#ifdef WITH_OPENSSL
36#include <openssl/crypto.h> 37#include <openssl/crypto.h>
38#endif
37 39
38#include "xmalloc.h" 40#include "xmalloc.h"
39#include "ssh2.h" 41#include "ssh2.h"
@@ -70,12 +72,13 @@ struct kexalg {
70 int hash_alg; 72 int hash_alg;
71}; 73};
72static const struct kexalg kexalgs[] = { 74static const struct kexalg kexalgs[] = {
75#ifdef WITH_OPENSSL
73 { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, 76 { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
74 { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, 77 { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
75 { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, 78 { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
76#ifdef HAVE_EVP_SHA256 79#ifdef HAVE_EVP_SHA256
77 { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, 80 { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
78#endif 81#endif /* HAVE_EVP_SHA256 */
79#ifdef OPENSSL_HAS_ECC 82#ifdef OPENSSL_HAS_ECC
80 { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, 83 { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2,
81 NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, 84 NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
@@ -84,12 +87,13 @@ static const struct kexalg kexalgs[] = {
84# ifdef OPENSSL_HAS_NISTP521 87# ifdef OPENSSL_HAS_NISTP521
85 { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, 88 { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1,
86 SSH_DIGEST_SHA512 }, 89 SSH_DIGEST_SHA512 },
87# endif 90# endif /* OPENSSL_HAS_NISTP521 */
88#endif 91#endif /* OPENSSL_HAS_ECC */
89 { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, 92 { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
93#endif /* WITH_OPENSSL */
90#ifdef HAVE_EVP_SHA256 94#ifdef HAVE_EVP_SHA256
91 { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, 95 { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
92#endif 96#endif /* HAVE_EVP_SHA256 */
93 { NULL, -1, -1, -1}, 97 { NULL, -1, -1, -1},
94}; 98};
95 99
@@ -615,6 +619,7 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen,
615 } 619 }
616} 620}
617 621
622#ifdef WITH_OPENSSL
618void 623void
619kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) 624kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret)
620{ 625{
@@ -626,6 +631,7 @@ kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret)
626 buffer_ptr(&shared_secret), buffer_len(&shared_secret)); 631 buffer_ptr(&shared_secret), buffer_len(&shared_secret));
627 buffer_free(&shared_secret); 632 buffer_free(&shared_secret);
628} 633}
634#endif
629 635
630Newkeys * 636Newkeys *
631kex_get_newkeys(int mode) 637kex_get_newkeys(int mode)
@@ -637,6 +643,7 @@ kex_get_newkeys(int mode)
637 return ret; 643 return ret;
638} 644}
639 645
646#ifdef WITH_SSH1
640void 647void
641derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, 648derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
642 u_int8_t cookie[8], u_int8_t id[16]) 649 u_int8_t cookie[8], u_int8_t id[16])
@@ -669,6 +676,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
669 explicit_bzero(nbuf, sizeof(nbuf)); 676 explicit_bzero(nbuf, sizeof(nbuf));
670 explicit_bzero(obuf, sizeof(obuf)); 677 explicit_bzero(obuf, sizeof(obuf));
671} 678}
679#endif
672 680
673#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) 681#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
674void 682void
diff --git a/key.c b/key.c
index 168e1b7d7..e8fc5b1b8 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.c,v 1.116 2014/02/02 03:44:31 djm Exp $ */ 1/* $OpenBSD: key.c,v 1.117 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * read_bignum(): 3 * read_bignum():
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -80,8 +80,11 @@ Key *
80key_new(int type) 80key_new(int type)
81{ 81{
82 Key *k; 82 Key *k;
83#ifdef WITH_OPENSSL
83 RSA *rsa; 84 RSA *rsa;
84 DSA *dsa; 85 DSA *dsa;
86#endif
87
85 k = xcalloc(1, sizeof(*k)); 88 k = xcalloc(1, sizeof(*k));
86 k->type = type; 89 k->type = type;
87 k->ecdsa = NULL; 90 k->ecdsa = NULL;
@@ -92,6 +95,7 @@ key_new(int type)
92 k->ed25519_sk = NULL; 95 k->ed25519_sk = NULL;
93 k->ed25519_pk = NULL; 96 k->ed25519_pk = NULL;
94 switch (k->type) { 97 switch (k->type) {
98#ifdef WITH_OPENSSL
95 case KEY_RSA1: 99 case KEY_RSA1:
96 case KEY_RSA: 100 case KEY_RSA:
97 case KEY_RSA_CERT_V00: 101 case KEY_RSA_CERT_V00:
@@ -125,6 +129,7 @@ key_new(int type)
125 /* Cannot do anything until we know the group */ 129 /* Cannot do anything until we know the group */
126 break; 130 break;
127#endif 131#endif
132#endif
128 case KEY_ED25519: 133 case KEY_ED25519:
129 case KEY_ED25519_CERT: 134 case KEY_ED25519_CERT:
130 /* no need to prealloc */ 135 /* no need to prealloc */
@@ -146,6 +151,7 @@ void
146key_add_private(Key *k) 151key_add_private(Key *k)
147{ 152{
148 switch (k->type) { 153 switch (k->type) {
154#ifdef WITH_OPENSSL
149 case KEY_RSA1: 155 case KEY_RSA1:
150 case KEY_RSA: 156 case KEY_RSA:
151 case KEY_RSA_CERT_V00: 157 case KEY_RSA_CERT_V00:
@@ -173,6 +179,7 @@ key_add_private(Key *k)
173 case KEY_ECDSA_CERT: 179 case KEY_ECDSA_CERT:
174 /* Cannot do anything until we know the group */ 180 /* Cannot do anything until we know the group */
175 break; 181 break;
182#endif
176 case KEY_ED25519: 183 case KEY_ED25519:
177 case KEY_ED25519_CERT: 184 case KEY_ED25519_CERT:
178 /* no need to prealloc */ 185 /* no need to prealloc */
@@ -216,6 +223,7 @@ key_free(Key *k)
216 if (k == NULL) 223 if (k == NULL)
217 fatal("key_free: key is NULL"); 224 fatal("key_free: key is NULL");
218 switch (k->type) { 225 switch (k->type) {
226#ifdef WITH_OPENSSL
219 case KEY_RSA1: 227 case KEY_RSA1:
220 case KEY_RSA: 228 case KEY_RSA:
221 case KEY_RSA_CERT_V00: 229 case KEY_RSA_CERT_V00:
@@ -289,7 +297,7 @@ cert_compare(struct KeyCert *a, struct KeyCert *b)
289int 297int
290key_equal_public(const Key *a, const Key *b) 298key_equal_public(const Key *a, const Key *b)
291{ 299{
292#ifdef OPENSSL_HAS_ECC 300#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
293 BN_CTX *bnctx; 301 BN_CTX *bnctx;
294#endif 302#endif
295 303
@@ -298,6 +306,7 @@ key_equal_public(const Key *a, const Key *b)
298 return 0; 306 return 0;
299 307
300 switch (a->type) { 308 switch (a->type) {
309#ifdef WITH_OPENSSL
301 case KEY_RSA1: 310 case KEY_RSA1:
302 case KEY_RSA_CERT_V00: 311 case KEY_RSA_CERT_V00:
303 case KEY_RSA_CERT: 312 case KEY_RSA_CERT:
@@ -333,6 +342,7 @@ key_equal_public(const Key *a, const Key *b)
333 BN_CTX_free(bnctx); 342 BN_CTX_free(bnctx);
334 return 1; 343 return 1;
335#endif /* OPENSSL_HAS_ECC */ 344#endif /* OPENSSL_HAS_ECC */
345#endif /* WITH_OPENSSL */
336 case KEY_ED25519: 346 case KEY_ED25519:
337 case KEY_ED25519_CERT: 347 case KEY_ED25519_CERT:
338 return a->ed25519_pk != NULL && b->ed25519_pk != NULL && 348 return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
@@ -362,7 +372,10 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
362 u_char *blob = NULL; 372 u_char *blob = NULL;
363 u_char *retval = NULL; 373 u_char *retval = NULL;
364 u_int len = 0; 374 u_int len = 0;
365 int nlen, elen, hash_alg = -1; 375 int hash_alg = -1;
376#ifdef WITH_OPENSSL
377 int nlen, elen;
378#endif
366 379
367 *dgst_raw_length = 0; 380 *dgst_raw_length = 0;
368 381
@@ -381,6 +394,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
381 fatal("%s: bad digest type %d", __func__, dgst_type); 394 fatal("%s: bad digest type %d", __func__, dgst_type);
382 } 395 }
383 switch (k->type) { 396 switch (k->type) {
397#ifdef WITH_OPENSSL
384 case KEY_RSA1: 398 case KEY_RSA1:
385 nlen = BN_num_bytes(k->rsa->n); 399 nlen = BN_num_bytes(k->rsa->n);
386 elen = BN_num_bytes(k->rsa->e); 400 elen = BN_num_bytes(k->rsa->e);
@@ -392,14 +406,17 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
392 case KEY_DSA: 406 case KEY_DSA:
393 case KEY_ECDSA: 407 case KEY_ECDSA:
394 case KEY_RSA: 408 case KEY_RSA:
409#endif
395 case KEY_ED25519: 410 case KEY_ED25519:
396 key_to_blob(k, &blob, &len); 411 key_to_blob(k, &blob, &len);
397 break; 412 break;
413#ifdef WITH_OPENSSL
398 case KEY_DSA_CERT_V00: 414 case KEY_DSA_CERT_V00:
399 case KEY_RSA_CERT_V00: 415 case KEY_RSA_CERT_V00:
400 case KEY_DSA_CERT: 416 case KEY_DSA_CERT:
401 case KEY_ECDSA_CERT: 417 case KEY_ECDSA_CERT:
402 case KEY_RSA_CERT: 418 case KEY_RSA_CERT:
419#endif
403 case KEY_ED25519_CERT: 420 case KEY_ED25519_CERT:
404 /* We want a fingerprint of the _key_ not of the cert */ 421 /* We want a fingerprint of the _key_ not of the cert */
405 to_blob(k, &blob, &len, 1); 422 to_blob(k, &blob, &len, 1);
@@ -628,6 +645,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
628 return retval; 645 return retval;
629} 646}
630 647
648#ifdef WITH_SSH1
631/* 649/*
632 * Reads a multiple-precision integer in decimal from the buffer, and advances 650 * Reads a multiple-precision integer in decimal from the buffer, and advances
633 * the pointer. The integer must already be initialized. This function is 651 * the pointer. The integer must already be initialized. This function is
@@ -684,6 +702,7 @@ write_bignum(FILE *f, BIGNUM *num)
684 OPENSSL_free(buf); 702 OPENSSL_free(buf);
685 return 1; 703 return 1;
686} 704}
705#endif
687 706
688/* returns 1 ok, -1 error */ 707/* returns 1 ok, -1 error */
689int 708int
@@ -693,8 +712,10 @@ key_read(Key *ret, char **cpp)
693 int success = -1; 712 int success = -1;
694 char *cp, *space; 713 char *cp, *space;
695 int len, n, type; 714 int len, n, type;
696 u_int bits;
697 u_char *blob; 715 u_char *blob;
716#ifdef WITH_SSH1
717 u_int bits;
718#endif
698#ifdef OPENSSL_HAS_ECC 719#ifdef OPENSSL_HAS_ECC
699 int curve_nid = -1; 720 int curve_nid = -1;
700#endif 721#endif
@@ -703,6 +724,7 @@ key_read(Key *ret, char **cpp)
703 724
704 switch (ret->type) { 725 switch (ret->type) {
705 case KEY_RSA1: 726 case KEY_RSA1:
727#ifdef WITH_SSH1
706 /* Get number of bits. */ 728 /* Get number of bits. */
707 if (*cp < '0' || *cp > '9') 729 if (*cp < '0' || *cp > '9')
708 return -1; /* Bad bit count... */ 730 return -1; /* Bad bit count... */
@@ -723,6 +745,7 @@ key_read(Key *ret, char **cpp)
723 return -1; 745 return -1;
724 } 746 }
725 success = 1; 747 success = 1;
748#endif
726 break; 749 break;
727 case KEY_UNSPEC: 750 case KEY_UNSPEC:
728 case KEY_RSA: 751 case KEY_RSA:
@@ -805,6 +828,7 @@ key_read(Key *ret, char **cpp)
805 ret->cert = k->cert; 828 ret->cert = k->cert;
806 k->cert = NULL; 829 k->cert = NULL;
807 } 830 }
831#ifdef WITH_OPENSSL
808 if (key_type_plain(ret->type) == KEY_RSA) { 832 if (key_type_plain(ret->type) == KEY_RSA) {
809 if (ret->rsa != NULL) 833 if (ret->rsa != NULL)
810 RSA_free(ret->rsa); 834 RSA_free(ret->rsa);
@@ -836,6 +860,7 @@ key_read(Key *ret, char **cpp)
836#endif 860#endif
837 } 861 }
838#endif 862#endif
863#endif
839 if (key_type_plain(ret->type) == KEY_ED25519) { 864 if (key_type_plain(ret->type) == KEY_ED25519) {
840 free(ret->ed25519_pk); 865 free(ret->ed25519_pk);
841 ret->ed25519_pk = k->ed25519_pk; 866 ret->ed25519_pk = k->ed25519_pk;
@@ -867,7 +892,10 @@ int
867key_write(const Key *key, FILE *f) 892key_write(const Key *key, FILE *f)
868{ 893{
869 int n, success = 0; 894 int n, success = 0;
870 u_int len, bits = 0; 895#ifdef WITH_SSH1
896 u_int bits = 0;
897#endif
898 u_int len;
871 u_char *blob; 899 u_char *blob;
872 char *uu; 900 char *uu;
873 901
@@ -883,6 +911,7 @@ key_write(const Key *key, FILE *f)
883 } 911 }
884 912
885 switch (key->type) { 913 switch (key->type) {
914#ifdef WITH_SSH1
886 case KEY_RSA1: 915 case KEY_RSA1:
887 if (key->rsa == NULL) 916 if (key->rsa == NULL)
888 return 0; 917 return 0;
@@ -894,6 +923,8 @@ key_write(const Key *key, FILE *f)
894 return 1; 923 return 1;
895 error("key_write: failed for RSA key"); 924 error("key_write: failed for RSA key");
896 return 0; 925 return 0;
926#endif
927#ifdef WITH_OPENSSL
897 case KEY_DSA: 928 case KEY_DSA:
898 case KEY_DSA_CERT_V00: 929 case KEY_DSA_CERT_V00:
899 case KEY_DSA_CERT: 930 case KEY_DSA_CERT:
@@ -907,17 +938,18 @@ key_write(const Key *key, FILE *f)
907 return 0; 938 return 0;
908 break; 939 break;
909#endif 940#endif
910 case KEY_ED25519:
911 case KEY_ED25519_CERT:
912 if (key->ed25519_pk == NULL)
913 return 0;
914 break;
915 case KEY_RSA: 941 case KEY_RSA:
916 case KEY_RSA_CERT_V00: 942 case KEY_RSA_CERT_V00:
917 case KEY_RSA_CERT: 943 case KEY_RSA_CERT:
918 if (key->rsa == NULL) 944 if (key->rsa == NULL)
919 return 0; 945 return 0;
920 break; 946 break;
947#endif
948 case KEY_ED25519:
949 case KEY_ED25519_CERT:
950 if (key->ed25519_pk == NULL)
951 return 0;
952 break;
921 default: 953 default:
922 return 0; 954 return 0;
923 } 955 }
@@ -956,10 +988,12 @@ struct keytype {
956 int cert; 988 int cert;
957}; 989};
958static const struct keytype keytypes[] = { 990static const struct keytype keytypes[] = {
991#ifdef WITH_OPENSSL
992#ifdef WITH_SSH1
959 { NULL, "RSA1", KEY_RSA1, 0, 0 }, 993 { NULL, "RSA1", KEY_RSA1, 0, 0 },
994#endif
960 { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, 995 { "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
961 { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, 996 { "ssh-dss", "DSA", KEY_DSA, 0, 0 },
962 { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },
963#ifdef OPENSSL_HAS_ECC 997#ifdef OPENSSL_HAS_ECC
964 { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, 998 { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 },
965 { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, 999 { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 },
@@ -983,6 +1017,8 @@ static const struct keytype keytypes[] = {
983 KEY_RSA_CERT_V00, 0, 1 }, 1017 KEY_RSA_CERT_V00, 0, 1 },
984 { "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00", 1018 { "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00",
985 KEY_DSA_CERT_V00, 0, 1 }, 1019 KEY_DSA_CERT_V00, 0, 1 },
1020#endif
1021 { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },
986 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", 1022 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",
987 KEY_ED25519_CERT, 0, 1 }, 1023 KEY_ED25519_CERT, 0, 1 },
988 { NULL, NULL, -1, -1, 0 } 1024 { NULL, NULL, -1, -1, 0 }
@@ -1107,6 +1143,7 @@ u_int
1107key_size(const Key *k) 1143key_size(const Key *k)
1108{ 1144{
1109 switch (k->type) { 1145 switch (k->type) {
1146#ifdef WITH_OPENSSL
1110 case KEY_RSA1: 1147 case KEY_RSA1:
1111 case KEY_RSA: 1148 case KEY_RSA:
1112 case KEY_RSA_CERT_V00: 1149 case KEY_RSA_CERT_V00:
@@ -1116,17 +1153,19 @@ key_size(const Key *k)
1116 case KEY_DSA_CERT_V00: 1153 case KEY_DSA_CERT_V00:
1117 case KEY_DSA_CERT: 1154 case KEY_DSA_CERT:
1118 return BN_num_bits(k->dsa->p); 1155 return BN_num_bits(k->dsa->p);
1119 case KEY_ED25519:
1120 return 256; /* XXX */
1121#ifdef OPENSSL_HAS_ECC 1156#ifdef OPENSSL_HAS_ECC
1122 case KEY_ECDSA: 1157 case KEY_ECDSA:
1123 case KEY_ECDSA_CERT: 1158 case KEY_ECDSA_CERT:
1124 return key_curve_nid_to_bits(k->ecdsa_nid); 1159 return key_curve_nid_to_bits(k->ecdsa_nid);
1125#endif 1160#endif
1161#endif
1162 case KEY_ED25519:
1163 return 256; /* XXX */
1126 } 1164 }
1127 return 0; 1165 return 0;
1128} 1166}
1129 1167
1168#ifdef WITH_OPENSSL
1130static RSA * 1169static RSA *
1131rsa_generate_private_key(u_int bits) 1170rsa_generate_private_key(u_int bits)
1132{ 1171{
@@ -1243,12 +1282,14 @@ ecdsa_generate_private_key(u_int bits, int *nid)
1243 return private; 1282 return private;
1244} 1283}
1245#endif /* OPENSSL_HAS_ECC */ 1284#endif /* OPENSSL_HAS_ECC */
1285#endif /* WITH_OPENSSL */
1246 1286
1247Key * 1287Key *
1248key_generate(int type, u_int bits) 1288key_generate(int type, u_int bits)
1249{ 1289{
1250 Key *k = key_new(KEY_UNSPEC); 1290 Key *k = key_new(KEY_UNSPEC);
1251 switch (type) { 1291 switch (type) {
1292#ifdef WITH_OPENSSL
1252 case KEY_DSA: 1293 case KEY_DSA:
1253 k->dsa = dsa_generate_private_key(bits); 1294 k->dsa = dsa_generate_private_key(bits);
1254 break; 1295 break;
@@ -1261,16 +1302,18 @@ key_generate(int type, u_int bits)
1261 case KEY_RSA1: 1302 case KEY_RSA1:
1262 k->rsa = rsa_generate_private_key(bits); 1303 k->rsa = rsa_generate_private_key(bits);
1263 break; 1304 break;
1264 case KEY_ED25519: 1305#endif
1265 k->ed25519_pk = xmalloc(ED25519_PK_SZ);
1266 k->ed25519_sk = xmalloc(ED25519_SK_SZ);
1267 crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);
1268 break;
1269 case KEY_RSA_CERT_V00: 1306 case KEY_RSA_CERT_V00:
1270 case KEY_DSA_CERT_V00: 1307 case KEY_DSA_CERT_V00:
1271 case KEY_RSA_CERT: 1308 case KEY_RSA_CERT:
1272 case KEY_DSA_CERT: 1309 case KEY_DSA_CERT:
1273 fatal("key_generate: cert keys cannot be generated directly"); 1310 fatal("key_generate: cert keys cannot be generated directly");
1311#endif
1312 case KEY_ED25519:
1313 k->ed25519_pk = xmalloc(ED25519_PK_SZ);
1314 k->ed25519_sk = xmalloc(ED25519_SK_SZ);
1315 crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);
1316 break;
1274 default: 1317 default:
1275 fatal("key_generate: unknown type %d", type); 1318 fatal("key_generate: unknown type %d", type);
1276 } 1319 }
@@ -1328,6 +1371,7 @@ key_from_private(const Key *k)
1328{ 1371{
1329 Key *n = NULL; 1372 Key *n = NULL;
1330 switch (k->type) { 1373 switch (k->type) {
1374#ifdef WITH_OPENSSL
1331 case KEY_DSA: 1375 case KEY_DSA:
1332 case KEY_DSA_CERT_V00: 1376 case KEY_DSA_CERT_V00:
1333 case KEY_DSA_CERT: 1377 case KEY_DSA_CERT:
@@ -1359,6 +1403,7 @@ key_from_private(const Key *k)
1359 (BN_copy(n->rsa->e, k->rsa->e) == NULL)) 1403 (BN_copy(n->rsa->e, k->rsa->e) == NULL))
1360 fatal("key_from_private: BN_copy failed"); 1404 fatal("key_from_private: BN_copy failed");
1361 break; 1405 break;
1406#endif
1362 case KEY_ED25519: 1407 case KEY_ED25519:
1363 case KEY_ED25519_CERT: 1408 case KEY_ED25519_CERT:
1364 n = key_new(k->type); 1409 n = key_new(k->type);
@@ -1556,6 +1601,7 @@ key_from_blob2(const u_char *blob, u_int blen, int allow_cert)
1556 goto out; 1601 goto out;
1557 } 1602 }
1558 switch (type) { 1603 switch (type) {
1604#ifdef WITH_OPENSSL
1559 case KEY_RSA_CERT: 1605 case KEY_RSA_CERT:
1560 (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ 1606 (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */
1561 /* FALLTHROUGH */ 1607 /* FALLTHROUGH */
@@ -1565,10 +1611,7 @@ key_from_blob2(const u_char *blob, u_int blen, int allow_cert)
1565 if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || 1611 if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 ||
1566 buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { 1612 buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
1567 error("key_from_blob: can't read rsa key"); 1613 error("key_from_blob: can't read rsa key");
1568 badkey: 1614 goto badkey;
1569 key_free(key);
1570 key = NULL;
1571 goto out;
1572 } 1615 }
1573#ifdef DEBUG_PK 1616#ifdef DEBUG_PK
1574 RSA_print_fp(stderr, key->rsa, 8); 1617 RSA_print_fp(stderr, key->rsa, 8);
@@ -1669,6 +1712,11 @@ key_from_blob2(const u_char *blob, u_int blen, int allow_cert)
1669#endif 1712#endif
1670 buffer_free(&b); 1713 buffer_free(&b);
1671 return key; 1714 return key;
1715
1716 badkey:
1717 key_free(key);
1718 key = NULL;
1719 goto out;
1672} 1720}
1673 1721
1674Key * 1722Key *
@@ -1694,16 +1742,19 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain)
1694 buffer_init(&b); 1742 buffer_init(&b);
1695 type = force_plain ? key_type_plain(key->type) : key->type; 1743 type = force_plain ? key_type_plain(key->type) : key->type;
1696 switch (type) { 1744 switch (type) {
1745#ifdef WITH_OPENSSL
1697 case KEY_DSA_CERT_V00: 1746 case KEY_DSA_CERT_V00:
1698 case KEY_RSA_CERT_V00: 1747 case KEY_RSA_CERT_V00:
1699 case KEY_DSA_CERT: 1748 case KEY_DSA_CERT:
1700 case KEY_ECDSA_CERT: 1749 case KEY_ECDSA_CERT:
1701 case KEY_RSA_CERT: 1750 case KEY_RSA_CERT:
1751#endif
1702 case KEY_ED25519_CERT: 1752 case KEY_ED25519_CERT:
1703 /* Use the existing blob */ 1753 /* Use the existing blob */
1704 buffer_append(&b, buffer_ptr(&key->cert->certblob), 1754 buffer_append(&b, buffer_ptr(&key->cert->certblob),
1705 buffer_len(&key->cert->certblob)); 1755 buffer_len(&key->cert->certblob));
1706 break; 1756 break;
1757#ifdef WITH_OPENSSL
1707 case KEY_DSA: 1758 case KEY_DSA:
1708 buffer_put_cstring(&b, 1759 buffer_put_cstring(&b,
1709 key_ssh_name_from_type_nid(type, key->ecdsa_nid)); 1760 key_ssh_name_from_type_nid(type, key->ecdsa_nid));
@@ -1727,6 +1778,7 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain)
1727 buffer_put_bignum2(&b, key->rsa->e); 1778 buffer_put_bignum2(&b, key->rsa->e);
1728 buffer_put_bignum2(&b, key->rsa->n); 1779 buffer_put_bignum2(&b, key->rsa->n);
1729 break; 1780 break;
1781#endif
1730 case KEY_ED25519: 1782 case KEY_ED25519:
1731 buffer_put_cstring(&b, 1783 buffer_put_cstring(&b,
1732 key_ssh_name_from_type_nid(type, key->ecdsa_nid)); 1784 key_ssh_name_from_type_nid(type, key->ecdsa_nid));
@@ -1762,6 +1814,7 @@ key_sign(
1762 const u_char *data, u_int datalen) 1814 const u_char *data, u_int datalen)
1763{ 1815{
1764 switch (key->type) { 1816 switch (key->type) {
1817#ifdef WITH_OPENSSL
1765 case KEY_DSA_CERT_V00: 1818 case KEY_DSA_CERT_V00:
1766 case KEY_DSA_CERT: 1819 case KEY_DSA_CERT:
1767 case KEY_DSA: 1820 case KEY_DSA:
@@ -1775,6 +1828,7 @@ key_sign(
1775 case KEY_RSA_CERT: 1828 case KEY_RSA_CERT:
1776 case KEY_RSA: 1829 case KEY_RSA:
1777 return ssh_rsa_sign(key, sigp, lenp, data, datalen); 1830 return ssh_rsa_sign(key, sigp, lenp, data, datalen);
1831#endif
1778 case KEY_ED25519: 1832 case KEY_ED25519:
1779 case KEY_ED25519_CERT: 1833 case KEY_ED25519_CERT:
1780 return ssh_ed25519_sign(key, sigp, lenp, data, datalen); 1834 return ssh_ed25519_sign(key, sigp, lenp, data, datalen);
@@ -1798,6 +1852,7 @@ key_verify(
1798 return -1; 1852 return -1;
1799 1853
1800 switch (key->type) { 1854 switch (key->type) {
1855#ifdef WITH_OPENSSL
1801 case KEY_DSA_CERT_V00: 1856 case KEY_DSA_CERT_V00:
1802 case KEY_DSA_CERT: 1857 case KEY_DSA_CERT:
1803 case KEY_DSA: 1858 case KEY_DSA:
@@ -1811,6 +1866,7 @@ key_verify(
1811 case KEY_RSA_CERT: 1866 case KEY_RSA_CERT:
1812 case KEY_RSA: 1867 case KEY_RSA:
1813 return ssh_rsa_verify(key, signature, signaturelen, data, datalen); 1868 return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
1869#endif
1814 case KEY_ED25519: 1870 case KEY_ED25519:
1815 case KEY_ED25519_CERT: 1871 case KEY_ED25519_CERT:
1816 return ssh_ed25519_verify(key, signature, signaturelen, data, datalen); 1872 return ssh_ed25519_verify(key, signature, signaturelen, data, datalen);
@@ -1837,6 +1893,7 @@ key_demote(const Key *k)
1837 pk->ed25519_sk = NULL; 1893 pk->ed25519_sk = NULL;
1838 1894
1839 switch (k->type) { 1895 switch (k->type) {
1896#ifdef WITH_OPENSSL
1840 case KEY_RSA_CERT_V00: 1897 case KEY_RSA_CERT_V00:
1841 case KEY_RSA_CERT: 1898 case KEY_RSA_CERT:
1842 key_cert_copy(k, pk); 1899 key_cert_copy(k, pk);
@@ -2007,6 +2064,7 @@ key_certify(Key *k, Key *ca)
2007 2064
2008 /* XXX this substantially duplicates to_blob(); refactor */ 2065 /* XXX this substantially duplicates to_blob(); refactor */
2009 switch (k->type) { 2066 switch (k->type) {
2067#ifdef WITH_OPENSSL
2010 case KEY_DSA_CERT_V00: 2068 case KEY_DSA_CERT_V00:
2011 case KEY_DSA_CERT: 2069 case KEY_DSA_CERT:
2012 buffer_put_bignum2(&k->cert->certblob, k->dsa->p); 2070 buffer_put_bignum2(&k->cert->certblob, k->dsa->p);
@@ -2028,6 +2086,7 @@ key_certify(Key *k, Key *ca)
2028 buffer_put_bignum2(&k->cert->certblob, k->rsa->e); 2086 buffer_put_bignum2(&k->cert->certblob, k->rsa->e);
2029 buffer_put_bignum2(&k->cert->certblob, k->rsa->n); 2087 buffer_put_bignum2(&k->cert->certblob, k->rsa->n);
2030 break; 2088 break;
2089#endif
2031 case KEY_ED25519_CERT: 2090 case KEY_ED25519_CERT:
2032 buffer_put_string(&k->cert->certblob, 2091 buffer_put_string(&k->cert->certblob,
2033 k->ed25519_pk, ED25519_PK_SZ); 2092 k->ed25519_pk, ED25519_PK_SZ);
@@ -2152,6 +2211,7 @@ key_cert_is_legacy(const Key *k)
2152 } 2211 }
2153} 2212}
2154 2213
2214#ifdef WITH_OPENSSL
2155/* XXX: these are really begging for a table-driven approach */ 2215/* XXX: these are really begging for a table-driven approach */
2156int 2216int
2157key_curve_name_to_nid(const char *name) 2217key_curve_name_to_nid(const char *name)
@@ -2349,6 +2409,7 @@ key_ec_validate_private(const EC_KEY *key)
2349 BN_CTX_free(bnctx); 2409 BN_CTX_free(bnctx);
2350 return ret; 2410 return ret;
2351} 2411}
2412#endif
2352 2413
2353#if defined(DEBUG_KEXECDH) || defined(DEBUG_PK) 2414#if defined(DEBUG_KEXECDH) || defined(DEBUG_PK)
2354void 2415void
@@ -2400,6 +2461,7 @@ key_private_serialize(const Key *key, Buffer *b)
2400{ 2461{
2401 buffer_put_cstring(b, key_ssh_name(key)); 2462 buffer_put_cstring(b, key_ssh_name(key));
2402 switch (key->type) { 2463 switch (key->type) {
2464#ifdef WITH_OPENSSL
2403 case KEY_RSA: 2465 case KEY_RSA:
2404 buffer_put_bignum2(b, key->rsa->n); 2466 buffer_put_bignum2(b, key->rsa->n);
2405 buffer_put_bignum2(b, key->rsa->e); 2467 buffer_put_bignum2(b, key->rsa->e);
@@ -2453,6 +2515,8 @@ key_private_serialize(const Key *key, Buffer *b)
2453 buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ); 2515 buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
2454 buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ); 2516 buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);
2455 break; 2517 break;
2518#endif
2519#endif
2456 case KEY_ED25519_CERT: 2520 case KEY_ED25519_CERT:
2457 if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) 2521 if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
2458 fatal("%s: no cert/certblob", __func__); 2522 fatal("%s: no cert/certblob", __func__);
@@ -2472,7 +2536,7 @@ key_private_deserialize(Buffer *blob)
2472 u_char *cert; 2536 u_char *cert;
2473 u_int len, pklen, sklen; 2537 u_int len, pklen, sklen;
2474 int type; 2538 int type;
2475#ifdef OPENSSL_HAS_ECC 2539#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
2476 char *curve; 2540 char *curve;
2477 BIGNUM *exponent; 2541 BIGNUM *exponent;
2478 EC_POINT *q; 2542 EC_POINT *q;
@@ -2481,6 +2545,7 @@ key_private_deserialize(Buffer *blob)
2481 type_name = buffer_get_string(blob, NULL); 2545 type_name = buffer_get_string(blob, NULL);
2482 type = key_type_from_name(type_name); 2546 type = key_type_from_name(type_name);
2483 switch (type) { 2547 switch (type) {
2548#ifdef WITH_OPENSSL
2484 case KEY_DSA: 2549 case KEY_DSA:
2485 k = key_new_private(type); 2550 k = key_new_private(type);
2486 buffer_get_bignum2(blob, k->dsa->p); 2551 buffer_get_bignum2(blob, k->dsa->p);
@@ -2575,6 +2640,8 @@ key_private_deserialize(Buffer *blob)
2575 buffer_get_bignum2(blob, k->rsa->p); 2640 buffer_get_bignum2(blob, k->rsa->p);
2576 buffer_get_bignum2(blob, k->rsa->q); 2641 buffer_get_bignum2(blob, k->rsa->q);
2577 break; 2642 break;
2643#endif
2644#endif
2578 case KEY_ED25519: 2645 case KEY_ED25519:
2579 k = key_new_private(type); 2646 k = key_new_private(type);
2580 k->ed25519_pk = buffer_get_string(blob, &pklen); 2647 k->ed25519_pk = buffer_get_string(blob, &pklen);
@@ -2610,6 +2677,7 @@ key_private_deserialize(Buffer *blob)
2610 2677
2611 /* enable blinding */ 2678 /* enable blinding */
2612 switch (k->type) { 2679 switch (k->type) {
2680#ifdef WITH_OPENSSL
2613 case KEY_RSA: 2681 case KEY_RSA:
2614 case KEY_RSA_CERT_V00: 2682 case KEY_RSA_CERT_V00:
2615 case KEY_RSA_CERT: 2683 case KEY_RSA_CERT:
@@ -2620,6 +2688,7 @@ key_private_deserialize(Buffer *blob)
2620 return NULL; 2688 return NULL;
2621 } 2689 }
2622 break; 2690 break;
2691#endif
2623 } 2692 }
2624 return k; 2693 return k;
2625} 2694}
diff --git a/mac.c b/mac.c
index 097757213..fc2bd4276 100644
--- a/mac.c
+++ b/mac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mac.c,v 1.28 2014/02/07 06:55:54 djm Exp $ */ 1/* $OpenBSD: mac.c,v 1.29 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -72,8 +72,10 @@ static const struct macalg macs[] = {
72 { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, 72 { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
73 { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, 73 { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
74 { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, 74 { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
75#ifdef WITH_OPENSSL
75 { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, 76 { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 },
76 { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, 77 { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 },
78#endif
77 79
78 /* Encrypt-then-MAC variants */ 80 /* Encrypt-then-MAC variants */
79 { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, 81 { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
@@ -85,8 +87,10 @@ static const struct macalg macs[] = {
85 { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, 87 { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
86 { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, 88 { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
87 { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, 89 { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 },
90#ifdef WITH_OPENSSL
88 { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, 91 { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 },
89 { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, 92 { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 },
93#endif
90 94
91 { NULL, 0, 0, 0, 0, 0, 0 } 95 { NULL, 0, 0, 0, 0, 0, 0 }
92}; 96};
@@ -119,9 +123,11 @@ mac_setup_by_alg(Mac *mac, const struct macalg *macalg)
119 fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); 123 fatal("ssh_hmac_start(alg=%d) failed", macalg->alg);
120 mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); 124 mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg);
121 } else { 125 } else {
126#ifdef WITH_OPENSSL
122 mac->mac_len = macalg->len / 8; 127 mac->mac_len = macalg->len / 8;
123 mac->key_len = macalg->key_len / 8; 128 mac->key_len = macalg->key_len / 8;
124 mac->umac_ctx = NULL; 129 mac->umac_ctx = NULL;
130#endif
125 } 131 }
126 if (macalg->truncatebits != 0) 132 if (macalg->truncatebits != 0)
127 mac->mac_len = macalg->truncatebits / 8; 133 mac->mac_len = macalg->truncatebits / 8;
@@ -157,12 +163,14 @@ mac_init(Mac *mac)
157 ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) 163 ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0)
158 return -1; 164 return -1;
159 return 0; 165 return 0;
166#ifdef WITH_OPENSSL
160 case SSH_UMAC: 167 case SSH_UMAC:
161 mac->umac_ctx = umac_new(mac->key); 168 mac->umac_ctx = umac_new(mac->key);
162 return 0; 169 return 0;
163 case SSH_UMAC128: 170 case SSH_UMAC128:
164 mac->umac_ctx = umac128_new(mac->key); 171 mac->umac_ctx = umac128_new(mac->key);
165 return 0; 172 return 0;
173#endif
166 default: 174 default:
167 return -1; 175 return -1;
168 } 176 }
@@ -175,7 +183,10 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
175 u_char m[EVP_MAX_MD_SIZE]; 183 u_char m[EVP_MAX_MD_SIZE];
176 u_int64_t for_align; 184 u_int64_t for_align;
177 } u; 185 } u;
178 u_char b[4], nonce[8]; 186 u_char b[4];
187#ifdef WITH_OPENSSL
188 u_char nonce[8];
189#endif
179 190
180 if (mac->mac_len > sizeof(u)) 191 if (mac->mac_len > sizeof(u))
181 fatal("mac_compute: mac too long %u %zu", 192 fatal("mac_compute: mac too long %u %zu",
@@ -191,6 +202,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
191 ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) 202 ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
192 fatal("ssh_hmac failed"); 203 fatal("ssh_hmac failed");
193 break; 204 break;
205#ifdef WITH_OPENSSL
194 case SSH_UMAC: 206 case SSH_UMAC:
195 put_u64(nonce, seqno); 207 put_u64(nonce, seqno);
196 umac_update(mac->umac_ctx, data, datalen); 208 umac_update(mac->umac_ctx, data, datalen);
@@ -201,6 +213,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
201 umac128_update(mac->umac_ctx, data, datalen); 213 umac128_update(mac->umac_ctx, data, datalen);
202 umac128_final(mac->umac_ctx, u.m, nonce); 214 umac128_final(mac->umac_ctx, u.m, nonce);
203 break; 215 break;
216#endif
204 default: 217 default:
205 fatal("mac_compute: unknown MAC type"); 218 fatal("mac_compute: unknown MAC type");
206 } 219 }
@@ -210,6 +223,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
210void 223void
211mac_clear(Mac *mac) 224mac_clear(Mac *mac)
212{ 225{
226#ifdef WITH_OPENSSL
213 if (mac->type == SSH_UMAC) { 227 if (mac->type == SSH_UMAC) {
214 if (mac->umac_ctx != NULL) 228 if (mac->umac_ctx != NULL)
215 umac_delete(mac->umac_ctx); 229 umac_delete(mac->umac_ctx);
@@ -217,6 +231,7 @@ mac_clear(Mac *mac)
217 if (mac->umac_ctx != NULL) 231 if (mac->umac_ctx != NULL)
218 umac128_delete(mac->umac_ctx); 232 umac128_delete(mac->umac_ctx);
219 } else if (mac->hmac_ctx != NULL) 233 } else if (mac->hmac_ctx != NULL)
234#endif
220 ssh_hmac_free(mac->hmac_ctx); 235 ssh_hmac_free(mac->hmac_ctx);
221 mac->hmac_ctx = NULL; 236 mac->hmac_ctx = NULL;
222 mac->umac_ctx = NULL; 237 mac->umac_ctx = NULL;
diff --git a/monitor.c b/monitor.c
index 531c4f9a8..a38647d49 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.132 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -56,7 +56,9 @@
56#include <skey.h> 56#include <skey.h>
57#endif 57#endif
58 58
59#ifdef WITH_OPENSSL
59#include <openssl/dh.h> 60#include <openssl/dh.h>
61#endif
60 62
61#include "openbsd-compat/sys-queue.h" 63#include "openbsd-compat/sys-queue.h"
62#include "atomicio.h" 64#include "atomicio.h"
@@ -185,7 +187,10 @@ int mm_answer_audit_command(int, Buffer *);
185static int monitor_read_log(struct monitor *); 187static int monitor_read_log(struct monitor *);
186 188
187static Authctxt *authctxt; 189static Authctxt *authctxt;
190
191#ifdef WITH_SSH1
188static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ 192static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
193#endif
189 194
190/* local state for key verify */ 195/* local state for key verify */
191static u_char *key_blob = NULL; 196static u_char *key_blob = NULL;
@@ -215,7 +220,9 @@ struct mon_table {
215#define MON_PERMIT 0x1000 /* Request is permitted */ 220#define MON_PERMIT 0x1000 /* Request is permitted */
216 221
217struct mon_table mon_dispatch_proto20[] = { 222struct mon_table mon_dispatch_proto20[] = {
223#ifdef WITH_OPENSSL
218 {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, 224 {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
225#endif
219 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 226 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
220 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 227 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
221 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 228 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -252,7 +259,9 @@ struct mon_table mon_dispatch_proto20[] = {
252}; 259};
253 260
254struct mon_table mon_dispatch_postauth20[] = { 261struct mon_table mon_dispatch_postauth20[] = {
262#ifdef WITH_OPENSSL
255 {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, 263 {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
264#endif
256 {MONITOR_REQ_SIGN, 0, mm_answer_sign}, 265 {MONITOR_REQ_SIGN, 0, mm_answer_sign},
257 {MONITOR_REQ_PTY, 0, mm_answer_pty}, 266 {MONITOR_REQ_PTY, 0, mm_answer_pty},
258 {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, 267 {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
@@ -265,6 +274,7 @@ struct mon_table mon_dispatch_postauth20[] = {
265}; 274};
266 275
267struct mon_table mon_dispatch_proto15[] = { 276struct mon_table mon_dispatch_proto15[] = {
277#ifdef WITH_SSH1
268 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 278 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
269 {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, 279 {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},
270 {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, 280 {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},
@@ -292,10 +302,12 @@ struct mon_table mon_dispatch_proto15[] = {
292#ifdef SSH_AUDIT_EVENTS 302#ifdef SSH_AUDIT_EVENTS
293 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 303 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
294#endif 304#endif
305#endif /* WITH_SSH1 */
295 {0, 0, NULL} 306 {0, 0, NULL}
296}; 307};
297 308
298struct mon_table mon_dispatch_postauth15[] = { 309struct mon_table mon_dispatch_postauth15[] = {
310#ifdef WITH_SSH1
299 {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, 311 {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
300 {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, 312 {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
301 {MONITOR_REQ_TERM, 0, mm_answer_term}, 313 {MONITOR_REQ_TERM, 0, mm_answer_term},
@@ -303,6 +315,7 @@ struct mon_table mon_dispatch_postauth15[] = {
303 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 315 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
304 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, 316 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
305#endif 317#endif
318#endif /* WITH_SSH1 */
306 {0, 0, NULL} 319 {0, 0, NULL}
307}; 320};
308 321
@@ -630,6 +643,7 @@ monitor_reset_key_state(void)
630 hostbased_chost = NULL; 643 hostbased_chost = NULL;
631} 644}
632 645
646#ifdef WITH_OPENSSL
633int 647int
634mm_answer_moduli(int sock, Buffer *m) 648mm_answer_moduli(int sock, Buffer *m)
635{ 649{
@@ -664,6 +678,7 @@ mm_answer_moduli(int sock, Buffer *m)
664 mm_request_send(sock, MONITOR_ANS_MODULI, m); 678 mm_request_send(sock, MONITOR_ANS_MODULI, m);
665 return (0); 679 return (0);
666} 680}
681#endif
667 682
668extern AuthenticationConnection *auth_conn; 683extern AuthenticationConnection *auth_conn;
669 684
@@ -1166,6 +1181,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
1166 cuser, chost); 1181 cuser, chost);
1167 auth_method = "hostbased"; 1182 auth_method = "hostbased";
1168 break; 1183 break;
1184#ifdef WITH_SSH1
1169 case MM_RSAHOSTKEY: 1185 case MM_RSAHOSTKEY:
1170 key->type = KEY_RSA1; /* XXX */ 1186 key->type = KEY_RSA1; /* XXX */
1171 allowed = options.rhosts_rsa_authentication && 1187 allowed = options.rhosts_rsa_authentication &&
@@ -1175,6 +1191,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
1175 auth_clear_options(); 1191 auth_clear_options();
1176 auth_method = "rsa"; 1192 auth_method = "rsa";
1177 break; 1193 break;
1194#endif
1178 default: 1195 default:
1179 fatal("%s: unknown key type %d", __func__, type); 1196 fatal("%s: unknown key type %d", __func__, type);
1180 break; 1197 break;
@@ -1511,6 +1528,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m)
1511 return (0); 1528 return (0);
1512} 1529}
1513 1530
1531#ifdef WITH_SSH1
1514int 1532int
1515mm_answer_sesskey(int sock, Buffer *m) 1533mm_answer_sesskey(int sock, Buffer *m)
1516{ 1534{
@@ -1688,6 +1706,7 @@ mm_answer_rsa_response(int sock, Buffer *m)
1688 1706
1689 return (success); 1707 return (success);
1690} 1708}
1709#endif
1691 1710
1692int 1711int
1693mm_answer_term(int sock, Buffer *req) 1712mm_answer_term(int sock, Buffer *req)
@@ -1828,11 +1847,13 @@ mm_get_kex(Buffer *m)
1828 timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0) 1847 timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0)
1829 fatal("mm_get_get: internal error: bad session id"); 1848 fatal("mm_get_get: internal error: bad session id");
1830 kex->we_need = buffer_get_int(m); 1849 kex->we_need = buffer_get_int(m);
1850#ifdef WITH_OPENSSL
1831 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 1851 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
1832 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 1852 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
1833 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 1853 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
1834 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 1854 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
1835 kex->kex[KEX_ECDH_SHA2] = kexecdh_server; 1855 kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
1856#endif
1836 kex->kex[KEX_C25519_SHA256] = kexc25519_server; 1857 kex->kex[KEX_C25519_SHA256] = kexc25519_server;
1837 kex->server = 1; 1858 kex->server = 1;
1838 kex->hostkey_type = buffer_get_int(m); 1859 kex->hostkey_type = buffer_get_int(m);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 1a47e4174..45dc16951 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.79 2014/02/02 03:44:31 djm Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.80 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -38,14 +38,18 @@
38#include <string.h> 38#include <string.h>
39#include <unistd.h> 39#include <unistd.h>
40 40
41#ifdef WITH_OPENSSL
41#include <openssl/bn.h> 42#include <openssl/bn.h>
42#include <openssl/dh.h> 43#include <openssl/dh.h>
43#include <openssl/evp.h> 44#include <openssl/evp.h>
45#endif
44 46
45#include "openbsd-compat/sys-queue.h" 47#include "openbsd-compat/sys-queue.h"
46#include "xmalloc.h" 48#include "xmalloc.h"
47#include "ssh.h" 49#include "ssh.h"
50#ifdef WITH_OPENSSL
48#include "dh.h" 51#include "dh.h"
52#endif
49#include "buffer.h" 53#include "buffer.h"
50#include "key.h" 54#include "key.h"
51#include "cipher.h" 55#include "cipher.h"
@@ -174,6 +178,7 @@ mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m)
174 rtype, type); 178 rtype, type);
175} 179}
176 180
181#ifdef WITH_OPENSSL
177DH * 182DH *
178mm_choose_dh(int min, int nbits, int max) 183mm_choose_dh(int min, int nbits, int max)
179{ 184{
@@ -207,6 +212,7 @@ mm_choose_dh(int min, int nbits, int max)
207 212
208 return (dh_new_group(g, p)); 213 return (dh_new_group(g, p));
209} 214}
215#endif
210 216
211int 217int
212mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) 218mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
@@ -912,6 +918,7 @@ mm_terminate(void)
912 buffer_free(&m); 918 buffer_free(&m);
913} 919}
914 920
921#ifdef WITH_SSH1
915int 922int
916mm_ssh1_session_key(BIGNUM *num) 923mm_ssh1_session_key(BIGNUM *num)
917{ 924{
@@ -931,6 +938,7 @@ mm_ssh1_session_key(BIGNUM *num)
931 938
932 return (rsafail); 939 return (rsafail);
933} 940}
941#endif
934 942
935static void 943static void
936mm_chall_setup(char **name, char **infotxt, u_int *numprompts, 944mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
@@ -1078,6 +1086,7 @@ mm_ssh1_session_id(u_char session_id[16])
1078 buffer_free(&m); 1086 buffer_free(&m);
1079} 1087}
1080 1088
1089#ifdef WITH_SSH1
1081int 1090int
1082mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) 1091mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
1083{ 1092{
@@ -1173,6 +1182,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
1173 1182
1174 return (success); 1183 return (success);
1175} 1184}
1185#endif
1176 1186
1177#ifdef SSH_AUDIT_EVENTS 1187#ifdef SSH_AUDIT_EVENTS
1178void 1188void
diff --git a/myproposal.h b/myproposal.h
index 94d6f7061..020f35c77 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: myproposal.h,v 1.38 2014/03/27 23:01:27 markus Exp $ */ 1/* $OpenBSD: myproposal.h,v 1.39 2014/04/29 18:01:49 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -77,6 +77,7 @@
77# define SHA2_HMAC_MODES 77# define SHA2_HMAC_MODES
78#endif 78#endif
79 79
80#ifdef WITH_OPENSSL
80#define KEX_SERVER_KEX \ 81#define KEX_SERVER_KEX \
81 "curve25519-sha256@libssh.org," \ 82 "curve25519-sha256@libssh.org," \
82 KEX_ECDH_METHODS \ 83 KEX_ECDH_METHODS \
@@ -134,6 +135,30 @@
134 "hmac-sha1-96," \ 135 "hmac-sha1-96," \
135 "hmac-md5-96" 136 "hmac-md5-96"
136 137
138#else
139
140#define KEX_SERVER_KEX \
141 "curve25519-sha256@libssh.org"
142#define KEX_DEFAULT_PK_ALG \
143 "ssh-ed25519-cert-v01@openssh.com," \
144 "ssh-ed25519"
145#define KEX_SERVER_ENCRYPT \
146 "aes128-ctr,aes192-ctr,aes256-ctr," \
147 "chacha20-poly1305@openssh.com"
148#define KEX_SERVER_MAC \
149 "hmac-sha2-256-etm@openssh.com," \
150 "hmac-sha2-512-etm@openssh.com," \
151 "hmac-sha2-256," \
152 "hmac-sha2-512"
153
154#define KEX_CLIENT_KEX KEX_SERVER_KEX
155#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
156#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \
157 "hmac-sha1-etm@openssh.com," \
158 "hmac-sha1"
159
160#endif /* WITH_OPENSSL */
161
137#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" 162#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
138#define KEX_DEFAULT_LANG "" 163#define KEX_DEFAULT_LANG ""
139 164
diff --git a/packet.c b/packet.c
index a70acf8b4..c7c18f308 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.194 2014/04/28 03:09:18 djm Exp $ */ 1/* $OpenBSD: packet.c,v 1.195 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -630,6 +630,7 @@ packet_put_raw(const void *buf, u_int len)
630 buffer_append(&active_state->outgoing_packet, buf, len); 630 buffer_append(&active_state->outgoing_packet, buf, len);
631} 631}
632 632
633#ifdef WITH_OPENSSL
633void 634void
634packet_put_bignum(BIGNUM * value) 635packet_put_bignum(BIGNUM * value)
635{ 636{
@@ -641,6 +642,7 @@ packet_put_bignum2(BIGNUM * value)
641{ 642{
642 buffer_put_bignum2(&active_state->outgoing_packet, value); 643 buffer_put_bignum2(&active_state->outgoing_packet, value);
643} 644}
645#endif
644 646
645#ifdef OPENSSL_HAS_ECC 647#ifdef OPENSSL_HAS_ECC
646void 648void
@@ -1569,6 +1571,7 @@ packet_get_int64(void)
1569 * must have been initialized before this call. 1571 * must have been initialized before this call.
1570 */ 1572 */
1571 1573
1574#ifdef WITH_OPENSSL
1572void 1575void
1573packet_get_bignum(BIGNUM * value) 1576packet_get_bignum(BIGNUM * value)
1574{ 1577{
@@ -1598,6 +1601,7 @@ packet_get_raw(u_int *length_ptr)
1598 *length_ptr = bytes; 1601 *length_ptr = bytes;
1599 return buffer_ptr(&active_state->incoming_packet); 1602 return buffer_ptr(&active_state->incoming_packet);
1600} 1603}
1604#endif
1601 1605
1602int 1606int
1603packet_remaining(void) 1607packet_remaining(void)
diff --git a/roaming_client.c b/roaming_client.c
index de049cdc1..5e5c28b2b 100644
--- a/roaming_client.c
+++ b/roaming_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: roaming_client.c,v 1.7 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: roaming_client.c,v 1.8 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2004-2009 AppGate Network Security AB 3 * Copyright (c) 2004-2009 AppGate Network Security AB
4 * 4 *
@@ -28,9 +28,6 @@
28#include <string.h> 28#include <string.h>
29#include <unistd.h> 29#include <unistd.h>
30 30
31#include <openssl/crypto.h>
32#include <openssl/sha.h>
33
34#include "xmalloc.h" 31#include "xmalloc.h"
35#include "buffer.h" 32#include "buffer.h"
36#include "channels.h" 33#include "channels.h"
diff --git a/ssh-agent.c b/ssh-agent.c
index f4c0524cc..bc96ad705 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.184 2014/03/15 17:28:26 deraadt Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.185 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -49,8 +49,10 @@
49#endif 49#endif
50#include "openbsd-compat/sys-queue.h" 50#include "openbsd-compat/sys-queue.h"
51 51
52#ifdef WITH_OPENSSL
52#include <openssl/evp.h> 53#include <openssl/evp.h>
53#include "openbsd-compat/openssl-compat.h" 54#include "openbsd-compat/openssl-compat.h"
55#endif
54 56
55#include <errno.h> 57#include <errno.h>
56#include <fcntl.h> 58#include <fcntl.h>
@@ -221,9 +223,11 @@ process_request_identities(SocketEntry *e, int version)
221 buffer_put_int(&msg, tab->nentries); 223 buffer_put_int(&msg, tab->nentries);
222 TAILQ_FOREACH(id, &tab->idlist, next) { 224 TAILQ_FOREACH(id, &tab->idlist, next) {
223 if (id->key->type == KEY_RSA1) { 225 if (id->key->type == KEY_RSA1) {
226#ifdef WITH_SSH1
224 buffer_put_int(&msg, BN_num_bits(id->key->rsa->n)); 227 buffer_put_int(&msg, BN_num_bits(id->key->rsa->n));
225 buffer_put_bignum(&msg, id->key->rsa->e); 228 buffer_put_bignum(&msg, id->key->rsa->e);
226 buffer_put_bignum(&msg, id->key->rsa->n); 229 buffer_put_bignum(&msg, id->key->rsa->n);
230#endif
227 } else { 231 } else {
228 u_char *blob; 232 u_char *blob;
229 u_int blen; 233 u_int blen;
@@ -238,6 +242,7 @@ process_request_identities(SocketEntry *e, int version)
238 buffer_free(&msg); 242 buffer_free(&msg);
239} 243}
240 244
245#ifdef WITH_SSH1
241/* ssh1 only */ 246/* ssh1 only */
242static void 247static void
243process_authentication_challenge1(SocketEntry *e) 248process_authentication_challenge1(SocketEntry *e)
@@ -308,6 +313,7 @@ send:
308 BN_clear_free(challenge); 313 BN_clear_free(challenge);
309 buffer_free(&msg); 314 buffer_free(&msg);
310} 315}
316#endif
311 317
312/* ssh2 only */ 318/* ssh2 only */
313static void 319static void
@@ -733,6 +739,7 @@ process_message(SocketEntry *e)
733 case SSH_AGENTC_UNLOCK: 739 case SSH_AGENTC_UNLOCK:
734 process_lock_agent(e, type == SSH_AGENTC_LOCK); 740 process_lock_agent(e, type == SSH_AGENTC_LOCK);
735 break; 741 break;
742#ifdef WITH_SSH1
736 /* ssh1 */ 743 /* ssh1 */
737 case SSH_AGENTC_RSA_CHALLENGE: 744 case SSH_AGENTC_RSA_CHALLENGE:
738 process_authentication_challenge1(e); 745 process_authentication_challenge1(e);
@@ -750,6 +757,7 @@ process_message(SocketEntry *e)
750 case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: 757 case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
751 process_remove_all_identities(e, 1); 758 process_remove_all_identities(e, 1);
752 break; 759 break;
760#endif
753 /* ssh2 */ 761 /* ssh2 */
754 case SSH2_AGENTC_SIGN_REQUEST: 762 case SSH2_AGENTC_SIGN_REQUEST:
755 process_sign_request2(e); 763 process_sign_request2(e);
@@ -1040,7 +1048,9 @@ main(int ac, char **av)
1040 prctl(PR_SET_DUMPABLE, 0); 1048 prctl(PR_SET_DUMPABLE, 0);
1041#endif 1049#endif
1042 1050
1051#ifdef WITH_OPENSSL
1043 OpenSSL_add_all_algorithms(); 1052 OpenSSL_add_all_algorithms();
1053#endif
1044 1054
1045 __progname = ssh_get_progname(av[0]); 1055 __progname = ssh_get_progname(av[0]);
1046 seed_rng(); 1056 seed_rng();
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 85eaf2ef5..085f1ec55 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.245 2014/04/28 03:09:18 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.246 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -195,6 +195,7 @@ type_bits_valid(int type, u_int32_t *bitsp)
195 fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); 195 fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
196 exit(1); 196 exit(1);
197 } 197 }
198#ifdef WITH_OPENSSL
198 if (type == KEY_DSA && *bitsp != 1024) 199 if (type == KEY_DSA && *bitsp != 1024)
199 fatal("DSA keys must be 1024 bits"); 200 fatal("DSA keys must be 1024 bits");
200 else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) 201 else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
@@ -202,6 +203,7 @@ type_bits_valid(int type, u_int32_t *bitsp)
202 else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1) 203 else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1)
203 fatal("Invalid ECDSA key length - valid lengths are " 204 fatal("Invalid ECDSA key length - valid lengths are "
204 "256, 384 or 521 bits"); 205 "256, 384 or 521 bits");
206#endif
205} 207}
206 208
207static void 209static void
@@ -278,6 +280,7 @@ load_identity(char *filename)
278#define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" 280#define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"
279#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb 281#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb
280 282
283#ifdef WITH_OPENSSL
281static void 284static void
282do_convert_to_ssh2(struct passwd *pw, Key *k) 285do_convert_to_ssh2(struct passwd *pw, Key *k)
283{ 286{
@@ -711,6 +714,7 @@ do_convert_from(struct passwd *pw)
711 key_free(k); 714 key_free(k);
712 exit(0); 715 exit(0);
713} 716}
717#endif
714 718
715static void 719static void
716do_print_public(struct passwd *pw) 720do_print_public(struct passwd *pw)
@@ -1589,7 +1593,9 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1589 } 1593 }
1590 } 1594 }
1591 1595
1596#ifdef ENABLE_PKCS11
1592 pkcs11_init(1); 1597 pkcs11_init(1);
1598#endif
1593 tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); 1599 tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
1594 if (pkcs11provider != NULL) { 1600 if (pkcs11provider != NULL) {
1595 if ((ca = load_pkcs11_key(tmp)) == NULL) 1601 if ((ca = load_pkcs11_key(tmp)) == NULL)
@@ -1672,7 +1678,9 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1672 key_free(public); 1678 key_free(public);
1673 free(out); 1679 free(out);
1674 } 1680 }
1681#ifdef ENABLE_PKCS11
1675 pkcs11_terminate(); 1682 pkcs11_terminate();
1683#endif
1676 exit(0); 1684 exit(0);
1677} 1685}
1678 1686
@@ -1923,6 +1931,7 @@ do_show_cert(struct passwd *pw)
1923 exit(0); 1931 exit(0);
1924} 1932}
1925 1933
1934#ifdef WITH_OPENSSL
1926static void 1935static void
1927load_krl(const char *path, struct ssh_krl **krlp) 1936load_krl(const char *path, struct ssh_krl **krlp)
1928{ 1937{
@@ -2145,6 +2154,7 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
2145 ssh_krl_free(krl); 2154 ssh_krl_free(krl);
2146 exit(ret); 2155 exit(ret);
2147} 2156}
2157#endif
2148 2158
2149static void 2159static void
2150usage(void) 2160usage(void)
@@ -2448,6 +2458,7 @@ main(int argc, char **argv)
2448 printf("Cannot use -l with -H or -R.\n"); 2458 printf("Cannot use -l with -H or -R.\n");
2449 usage(); 2459 usage();
2450 } 2460 }
2461#ifdef WITH_OPENSSL
2451 if (gen_krl) { 2462 if (gen_krl) {
2452 do_gen_krl(pw, update_krl, argc, argv); 2463 do_gen_krl(pw, update_krl, argc, argv);
2453 return (0); 2464 return (0);
@@ -2456,6 +2467,7 @@ main(int argc, char **argv)
2456 do_check_krl(pw, argc, argv); 2467 do_check_krl(pw, argc, argv);
2457 return (0); 2468 return (0);
2458 } 2469 }
2470#endif
2459 if (ca_key_path != NULL) { 2471 if (ca_key_path != NULL) {
2460 if (cert_key_id == NULL) 2472 if (cert_key_id == NULL)
2461 fatal("Must specify key id (-I) when certifying"); 2473 fatal("Must specify key id (-I) when certifying");
@@ -2473,10 +2485,12 @@ main(int argc, char **argv)
2473 do_change_passphrase(pw); 2485 do_change_passphrase(pw);
2474 if (change_comment) 2486 if (change_comment)
2475 do_change_comment(pw); 2487 do_change_comment(pw);
2488#ifdef WITH_OPENSSL
2476 if (convert_to) 2489 if (convert_to)
2477 do_convert_to(pw); 2490 do_convert_to(pw);
2478 if (convert_from) 2491 if (convert_from)
2479 do_convert_from(pw); 2492 do_convert_from(pw);
2493#endif
2480 if (print_public) 2494 if (print_public)
2481 do_print_public(pw); 2495 do_print_public(pw);
2482 if (rr_hostname != NULL) { 2496 if (rr_hostname != NULL) {
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index de456364b..3fabfba14 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.91 2014/03/27 23:01:27 markus Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.92 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -182,6 +182,7 @@ strnnsep(char **stringp, char *delim)
182 return (tok); 182 return (tok);
183} 183}
184 184
185#ifdef WITH_SSH1
185static Key * 186static Key *
186keygrab_ssh1(con *c) 187keygrab_ssh1(con *c)
187{ 188{
@@ -215,6 +216,7 @@ keygrab_ssh1(con *c)
215 216
216 return (rsa); 217 return (rsa);
217} 218}
219#endif
218 220
219static int 221static int
220hostjump(Key *hostkey) 222hostjump(Key *hostkey)
@@ -253,11 +255,13 @@ keygrab_ssh2(con *c)
253 (c->c_keytype == KT_ED25519 ? "ssh-ed25519" : 255 (c->c_keytype == KT_ED25519 ? "ssh-ed25519" :
254 "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521")); 256 "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"));
255 c->c_kex = kex_setup(myproposal); 257 c->c_kex = kex_setup(myproposal);
258#ifdef WITH_OPENSSL
256 c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 259 c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
257 c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 260 c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
258 c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 261 c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
259 c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 262 c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
260 c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client; 263 c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
264#endif
261 c->c_kex->kex[KEX_C25519_SHA256] = kexc25519_client; 265 c->c_kex->kex[KEX_C25519_SHA256] = kexc25519_client;
262 c->c_kex->verify_host_key = hostjump; 266 c->c_kex->verify_host_key = hostjump;
263 267
@@ -507,10 +511,12 @@ conread(int s)
507 c->c_data = xmalloc(c->c_len); 511 c->c_data = xmalloc(c->c_len);
508 c->c_status = CS_KEYS; 512 c->c_status = CS_KEYS;
509 break; 513 break;
514#ifdef WITH_SSH1
510 case CS_KEYS: 515 case CS_KEYS:
511 keyprint(c, keygrab_ssh1(c)); 516 keyprint(c, keygrab_ssh1(c));
512 confree(s); 517 confree(s);
513 return; 518 return;
519#endif
514 default: 520 default:
515 fatal("conread: invalid status %d", c->c_status); 521 fatal("conread: invalid status %d", c->c_status);
516 break; 522 break;
diff --git a/ssh-keysign.c b/ssh-keysign.c
index ed24f66d1..d95bb7d9d 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keysign.c,v 1.41 2014/04/19 14:53:48 tedu Exp $ */ 1/* $OpenBSD: ssh-keysign.c,v 1.42 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -209,8 +209,11 @@ main(int argc, char **argv)
209 keys[i] = NULL; 209 keys[i] = NULL;
210 if (key_fd[i] == -1) 210 if (key_fd[i] == -1)
211 continue; 211 continue;
212#ifdef WITH_OPENSSL
213/* XXX wrong api */
212 keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, 214 keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
213 NULL, NULL); 215 NULL, NULL);
216#endif
214 close(key_fd[i]); 217 close(key_fd[i]);
215 if (keys[i] != NULL) 218 if (keys[i] != NULL)
216 found = 1; 219 found = 1;
diff --git a/ssh-pkcs11.h b/ssh-pkcs11.h
index 59f456adf..4d2efda13 100644
--- a/ssh-pkcs11.h
+++ b/ssh-pkcs11.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11.h,v 1.2 2010/02/24 06:12:53 djm Exp $ */ 1/* $OpenBSD: ssh-pkcs11.h,v 1.3 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * 4 *
@@ -18,3 +18,7 @@ int pkcs11_init(int);
18void pkcs11_terminate(void); 18void pkcs11_terminate(void);
19int pkcs11_add_provider(char *, char *, Key ***); 19int pkcs11_add_provider(char *, char *, Key ***);
20int pkcs11_del_provider(char *); 20int pkcs11_del_provider(char *);
21
22#if !defined(WITH_OPENSSL) && defined(ENABLE_PKCS11)
23#undef ENABLE_PKCS11
24#endif
diff --git a/ssh.c b/ssh.c
index 76040fd59..d369b68e9 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.401 2014/02/26 20:18:37 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.402 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -71,8 +71,10 @@
71#include <netinet/in.h> 71#include <netinet/in.h>
72#include <arpa/inet.h> 72#include <arpa/inet.h>
73 73
74#ifdef WITH_OPENSSL
74#include <openssl/evp.h> 75#include <openssl/evp.h>
75#include <openssl/err.h> 76#include <openssl/err.h>
77#endif
76#include "openbsd-compat/openssl-compat.h" 78#include "openbsd-compat/openssl-compat.h"
77#include "openbsd-compat/sys-queue.h" 79#include "openbsd-compat/sys-queue.h"
78 80
@@ -631,7 +633,13 @@ main(int ac, char **av)
631 break; 633 break;
632 case 'V': 634 case 'V':
633 fprintf(stderr, "%s, %s\n", 635 fprintf(stderr, "%s, %s\n",
634 SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); 636 SSH_RELEASE,
637#ifdef WITH_OPENSSL
638 SSLeay_version(SSLEAY_VERSION)
639#else
640 "without OpenSSL"
641#endif
642 );
635 if (opt == 'V') 643 if (opt == 'V')
636 exit(0); 644 exit(0);
637 break; 645 break;
@@ -828,8 +836,10 @@ main(int ac, char **av)
828 836
829 host_arg = xstrdup(host); 837 host_arg = xstrdup(host);
830 838
839#ifdef WITH_OPENSSL
831 OpenSSL_add_all_algorithms(); 840 OpenSSL_add_all_algorithms();
832 ERR_load_crypto_strings(); 841 ERR_load_crypto_strings();
842#endif
833 843
834 /* Initialize the command to execute on remote host. */ 844 /* Initialize the command to execute on remote host. */
835 buffer_init(&command); 845 buffer_init(&command);
@@ -876,7 +886,13 @@ main(int ac, char **av)
876 SYSLOG_FACILITY_USER, !use_syslog); 886 SYSLOG_FACILITY_USER, !use_syslog);
877 887
878 if (debug_flag) 888 if (debug_flag)
879 logit("%s, %s", SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); 889 logit("%s, %s", SSH_RELEASE,
890#ifdef WITH_OPENSSL
891 SSLeay_version(SSLEAY_VERSION)
892#else
893 "without OpenSSL"
894#endif
895 );
880 896
881 /* Parse the configuration files */ 897 /* Parse the configuration files */
882 process_config_files(pw); 898 process_config_files(pw);
diff --git a/sshconnect.c b/sshconnect.c
index ca6e4cc96..5d14ca6cc 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.247 2014/04/01 03:34:10 djm Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.248 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1292,8 +1292,12 @@ ssh_login(Sensitive *sensitive, const char *orighost,
1292 ssh_kex2(host, hostaddr, port); 1292 ssh_kex2(host, hostaddr, port);
1293 ssh_userauth2(local_user, server_user, host, sensitive); 1293 ssh_userauth2(local_user, server_user, host, sensitive);
1294 } else { 1294 } else {
1295#ifdef WITH_SSH1
1295 ssh_kex(host, hostaddr); 1296 ssh_kex(host, hostaddr);
1296 ssh_userauth1(local_user, server_user, host, sensitive); 1297 ssh_userauth1(local_user, server_user, host, sensitive);
1298#else
1299 fatal("ssh1 is not unsupported");
1300#endif
1297 } 1301 }
1298 free(local_user); 1302 free(local_user);
1299} 1303}
diff --git a/sshconnect2.c b/sshconnect2.c
index b1aa69c24..f71b7d226 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.206 2014/04/18 23:52:25 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.207 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -205,11 +205,13 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
205 205
206 /* start key exchange */ 206 /* start key exchange */
207 kex = kex_setup(myproposal); 207 kex = kex_setup(myproposal);
208#ifdef WITH_OPENSSL
208 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 209 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
209 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 210 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
210 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 211 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
211 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 212 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
212 kex->kex[KEX_ECDH_SHA2] = kexecdh_client; 213 kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
214#endif
213 kex->kex[KEX_C25519_SHA256] = kexc25519_client; 215 kex->kex[KEX_C25519_SHA256] = kexc25519_client;
214 kex->client_version_string=client_version_string; 216 kex->client_version_string=client_version_string;
215 kex->server_version_string=server_version_string; 217 kex->server_version_string=server_version_string;
diff --git a/sshd.c b/sshd.c
index b955f1921..6e7192cf5 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.425 2014/04/19 14:53:48 tedu Exp $ */ 1/* $OpenBSD: sshd.c,v 1.426 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -72,10 +72,12 @@
72#include <string.h> 72#include <string.h>
73#include <unistd.h> 73#include <unistd.h>
74 74
75#ifdef WITH_OPENSSL
75#include <openssl/dh.h> 76#include <openssl/dh.h>
76#include <openssl/bn.h> 77#include <openssl/bn.h>
77#include <openssl/rand.h> 78#include <openssl/rand.h>
78#include "openbsd-compat/openssl-compat.h" 79#include "openbsd-compat/openssl-compat.h"
80#endif
79 81
80#ifdef HAVE_SECUREWARE 82#ifdef HAVE_SECUREWARE
81#include <sys/security.h> 83#include <sys/security.h>
@@ -98,7 +100,6 @@
98#include "digest.h" 100#include "digest.h"
99#include "key.h" 101#include "key.h"
100#include "kex.h" 102#include "kex.h"
101#include "dh.h"
102#include "myproposal.h" 103#include "myproposal.h"
103#include "authfile.h" 104#include "authfile.h"
104#include "pathnames.h" 105#include "pathnames.h"
@@ -256,7 +257,9 @@ struct passwd *privsep_pw = NULL;
256void destroy_sensitive_data(void); 257void destroy_sensitive_data(void);
257void demote_sensitive_data(void); 258void demote_sensitive_data(void);
258 259
260#ifdef WITH_SSH1
259static void do_ssh1_kex(void); 261static void do_ssh1_kex(void);
262#endif
260static void do_ssh2_kex(void); 263static void do_ssh2_kex(void);
261 264
262/* 265/*
@@ -931,7 +934,13 @@ static void
931usage(void) 934usage(void)
932{ 935{
933 fprintf(stderr, "%s, %s\n", 936 fprintf(stderr, "%s, %s\n",
934 SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); 937 SSH_RELEASE,
938#ifdef WITH_OPENSSL
939 SSLeay_version(SSLEAY_VERSION)
940#else
941 "without OpenSSL"
942#endif
943 );
935 fprintf(stderr, 944 fprintf(stderr,
936"usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n" 945"usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n"
937" [-E log_file] [-f config_file] [-g login_grace_time]\n" 946" [-E log_file] [-f config_file] [-g login_grace_time]\n"
@@ -964,6 +973,7 @@ send_rexec_state(int fd, Buffer *conf)
964 buffer_init(&m); 973 buffer_init(&m);
965 buffer_put_cstring(&m, buffer_ptr(conf)); 974 buffer_put_cstring(&m, buffer_ptr(conf));
966 975
976#ifdef WITH_SSH1
967 if (sensitive_data.server_key != NULL && 977 if (sensitive_data.server_key != NULL &&
968 sensitive_data.server_key->type == KEY_RSA1) { 978 sensitive_data.server_key->type == KEY_RSA1) {
969 buffer_put_int(&m, 1); 979 buffer_put_int(&m, 1);
@@ -974,6 +984,7 @@ send_rexec_state(int fd, Buffer *conf)
974 buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); 984 buffer_put_bignum(&m, sensitive_data.server_key->rsa->p);
975 buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); 985 buffer_put_bignum(&m, sensitive_data.server_key->rsa->q);
976 } else 986 } else
987#endif
977 buffer_put_int(&m, 0); 988 buffer_put_int(&m, 0);
978 989
979#ifndef OPENSSL_PRNG_ONLY 990#ifndef OPENSSL_PRNG_ONLY
@@ -1010,6 +1021,7 @@ recv_rexec_state(int fd, Buffer *conf)
1010 free(cp); 1021 free(cp);
1011 1022
1012 if (buffer_get_int(&m)) { 1023 if (buffer_get_int(&m)) {
1024#ifdef WITH_SSH1
1013 if (sensitive_data.server_key != NULL) 1025 if (sensitive_data.server_key != NULL)
1014 key_free(sensitive_data.server_key); 1026 key_free(sensitive_data.server_key);
1015 sensitive_data.server_key = key_new_private(KEY_RSA1); 1027 sensitive_data.server_key = key_new_private(KEY_RSA1);
@@ -1021,6 +1033,9 @@ recv_rexec_state(int fd, Buffer *conf)
1021 buffer_get_bignum(&m, sensitive_data.server_key->rsa->q); 1033 buffer_get_bignum(&m, sensitive_data.server_key->rsa->q);
1022 rsa_generate_additional_parameters( 1034 rsa_generate_additional_parameters(
1023 sensitive_data.server_key->rsa); 1035 sensitive_data.server_key->rsa);
1036#else
1037 fatal("ssh1 not supported");
1038#endif
1024 } 1039 }
1025 1040
1026#ifndef OPENSSL_PRNG_ONLY 1041#ifndef OPENSSL_PRNG_ONLY
@@ -1543,7 +1558,9 @@ main(int ac, char **av)
1543 else 1558 else
1544 closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); 1559 closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
1545 1560
1561#ifdef WITH_OPENSSL
1546 OpenSSL_add_all_algorithms(); 1562 OpenSSL_add_all_algorithms();
1563#endif
1547 1564
1548 /* If requested, redirect the logs to the specified logfile. */ 1565 /* If requested, redirect the logs to the specified logfile. */
1549 if (logfile != NULL) { 1566 if (logfile != NULL) {
@@ -1648,7 +1665,12 @@ main(int ac, char **av)
1648 } 1665 }
1649 1666
1650 debug("sshd version %s, %s", SSH_VERSION, 1667 debug("sshd version %s, %s", SSH_VERSION,
1651 SSLeay_version(SSLEAY_VERSION)); 1668#ifdef WITH_OPENSSL
1669 SSLeay_version(SSLEAY_VERSION)
1670#else
1671 "without OpenSSL"
1672#endif
1673 );
1652 1674
1653 /* Store privilege separation user for later use if required. */ 1675 /* Store privilege separation user for later use if required. */
1654 if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { 1676 if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
@@ -1770,6 +1792,8 @@ main(int ac, char **av)
1770 debug("host certificate: #%d type %d %s", j, key->type, 1792 debug("host certificate: #%d type %d %s", j, key->type,
1771 key_type(key)); 1793 key_type(key));
1772 } 1794 }
1795
1796#ifdef WITH_SSH1
1773 /* Check certain values for sanity. */ 1797 /* Check certain values for sanity. */
1774 if (options.protocol & SSH_PROTO_1) { 1798 if (options.protocol & SSH_PROTO_1) {
1775 if (options.server_key_bits < 512 || 1799 if (options.server_key_bits < 512 ||
@@ -1794,6 +1818,7 @@ main(int ac, char **av)
1794 options.server_key_bits); 1818 options.server_key_bits);
1795 } 1819 }
1796 } 1820 }
1821#endif
1797 1822
1798 if (use_privsep) { 1823 if (use_privsep) {
1799 struct stat st; 1824 struct stat st;
@@ -2077,8 +2102,12 @@ main(int ac, char **av)
2077 do_ssh2_kex(); 2102 do_ssh2_kex();
2078 do_authentication2(authctxt); 2103 do_authentication2(authctxt);
2079 } else { 2104 } else {
2105#ifdef WITH_SSH1
2080 do_ssh1_kex(); 2106 do_ssh1_kex();
2081 do_authentication(authctxt); 2107 do_authentication(authctxt);
2108#else
2109 fatal("ssh1 not supported");
2110#endif
2082 } 2111 }
2083 /* 2112 /*
2084 * If we use privilege separation, the unprivileged child transfers 2113 * If we use privilege separation, the unprivileged child transfers
@@ -2162,6 +2191,7 @@ main(int ac, char **av)
2162 exit(0); 2191 exit(0);
2163} 2192}
2164 2193
2194#ifdef WITH_SSH1
2165/* 2195/*
2166 * Decrypt session_key_int using our private server key and private host key 2196 * Decrypt session_key_int using our private server key and private host key
2167 * (key with larger modulus first). 2197 * (key with larger modulus first).
@@ -2211,6 +2241,7 @@ ssh1_session_key(BIGNUM *session_key_int)
2211 } 2241 }
2212 return (rsafail); 2242 return (rsafail);
2213} 2243}
2244
2214/* 2245/*
2215 * SSH1 key exchange 2246 * SSH1 key exchange
2216 */ 2247 */
@@ -2388,6 +2419,7 @@ do_ssh1_kex(void)
2388 packet_send(); 2419 packet_send();
2389 packet_write_wait(); 2420 packet_write_wait();
2390} 2421}
2422#endif
2391 2423
2392void 2424void
2393sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, 2425sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen,
@@ -2450,11 +2482,13 @@ do_ssh2_kex(void)
2450 2482
2451 /* start key exchange */ 2483 /* start key exchange */
2452 kex = kex_setup(myproposal); 2484 kex = kex_setup(myproposal);
2485#ifdef WITH_OPENSSL
2453 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 2486 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
2454 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 2487 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
2455 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 2488 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
2456 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 2489 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
2457 kex->kex[KEX_ECDH_SHA2] = kexecdh_server; 2490 kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
2491#endif
2458 kex->kex[KEX_C25519_SHA256] = kexc25519_server; 2492 kex->kex[KEX_C25519_SHA256] = kexc25519_server;
2459 kex->server = 1; 2493 kex->server = 1;
2460 kex->client_version_string=client_version_string; 2494 kex->client_version_string=client_version_string;