diff options
| author | Colin Watson <cjwatson@debian.org> | 2014-10-07 12:13:50 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2014-10-07 12:13:50 +0100 |
| commit | 487bdb3a5ef6075887b830ccb8a0b14f6da78e93 (patch) | |
| tree | a2cff6fec1e6c4b4153a170a3e172cfe6bfdec46 /authfd.c | |
| parent | 796ba4fd011b5d0d9d78d592ba2f30fc9d5ed2e7 (diff) | |
| parent | 28453d58058a4d60c3ebe7d7f0c31a510cbf6158 (diff) | |
Import openssh_6.7p1.orig.tar.gz
Diffstat (limited to 'authfd.c')
| -rw-r--r-- | authfd.c | 22 |
1 files changed, 17 insertions, 5 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: authfd.c,v 1.92 2014/01/31 16:39:19 tedu Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.93 2014/04/29 18:01:49 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -41,9 +41,6 @@ | |||
| 41 | #include <sys/un.h> | 41 | #include <sys/un.h> |
| 42 | #include <sys/socket.h> | 42 | #include <sys/socket.h> |
| 43 | 43 | ||
| 44 | #include <openssl/evp.h> | ||
| 45 | #include <openssl/crypto.h> | ||
| 46 | |||
| 47 | #include <fcntl.h> | 44 | #include <fcntl.h> |
| 48 | #include <stdlib.h> | 45 | #include <stdlib.h> |
| 49 | #include <signal.h> | 46 | #include <signal.h> |
| @@ -313,8 +310,10 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi | |||
| 313 | Key * | 310 | Key * |
| 314 | ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) | 311 | ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) |
| 315 | { | 312 | { |
| 313 | #ifdef WITH_SSH1 | ||
| 316 | int keybits; | 314 | int keybits; |
| 317 | u_int bits; | 315 | u_int bits; |
| 316 | #endif | ||
| 318 | u_char *blob; | 317 | u_char *blob; |
| 319 | u_int blen; | 318 | u_int blen; |
| 320 | Key *key = NULL; | 319 | Key *key = NULL; |
| @@ -328,6 +327,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio | |||
| 328 | * error if the packet is too short or contains corrupt data. | 327 | * error if the packet is too short or contains corrupt data. |
| 329 | */ | 328 | */ |
| 330 | switch (version) { | 329 | switch (version) { |
| 330 | #ifdef WITH_SSH1 | ||
| 331 | case 1: | 331 | case 1: |
| 332 | key = key_new(KEY_RSA1); | 332 | key = key_new(KEY_RSA1); |
| 333 | bits = buffer_get_int(&auth->identities); | 333 | bits = buffer_get_int(&auth->identities); |
| @@ -339,6 +339,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio | |||
| 339 | logit("Warning: identity keysize mismatch: actual %d, announced %u", | 339 | logit("Warning: identity keysize mismatch: actual %d, announced %u", |
| 340 | BN_num_bits(key->rsa->n), bits); | 340 | BN_num_bits(key->rsa->n), bits); |
| 341 | break; | 341 | break; |
| 342 | #endif | ||
| 342 | case 2: | 343 | case 2: |
| 343 | blob = buffer_get_string(&auth->identities, &blen); | 344 | blob = buffer_get_string(&auth->identities, &blen); |
| 344 | *comment = buffer_get_string(&auth->identities, NULL); | 345 | *comment = buffer_get_string(&auth->identities, NULL); |
| @@ -361,6 +362,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio | |||
| 361 | * supported) and 1 corresponding to protocol version 1.1. | 362 | * supported) and 1 corresponding to protocol version 1.1. |
| 362 | */ | 363 | */ |
| 363 | 364 | ||
| 365 | #ifdef WITH_SSH1 | ||
| 364 | int | 366 | int |
| 365 | ssh_decrypt_challenge(AuthenticationConnection *auth, | 367 | ssh_decrypt_challenge(AuthenticationConnection *auth, |
| 366 | Key* key, BIGNUM *challenge, | 368 | Key* key, BIGNUM *challenge, |
| @@ -410,6 +412,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, | |||
| 410 | buffer_free(&buffer); | 412 | buffer_free(&buffer); |
| 411 | return success; | 413 | return success; |
| 412 | } | 414 | } |
| 415 | #endif | ||
| 413 | 416 | ||
| 414 | /* ask agent to sign data, returns -1 on error, 0 on success */ | 417 | /* ask agent to sign data, returns -1 on error, 0 on success */ |
| 415 | int | 418 | int |
| @@ -457,6 +460,7 @@ ssh_agent_sign(AuthenticationConnection *auth, | |||
| 457 | 460 | ||
| 458 | /* Encode key for a message to the agent. */ | 461 | /* Encode key for a message to the agent. */ |
| 459 | 462 | ||
| 463 | #ifdef WITH_SSH1 | ||
| 460 | static void | 464 | static void |
| 461 | ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) | 465 | ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) |
| 462 | { | 466 | { |
| @@ -470,6 +474,7 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) | |||
| 470 | buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ | 474 | buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ |
| 471 | buffer_put_cstring(b, comment); | 475 | buffer_put_cstring(b, comment); |
| 472 | } | 476 | } |
| 477 | #endif | ||
| 473 | 478 | ||
| 474 | static void | 479 | static void |
| 475 | ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) | 480 | ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) |
| @@ -493,6 +498,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, | |||
| 493 | buffer_init(&msg); | 498 | buffer_init(&msg); |
| 494 | 499 | ||
| 495 | switch (key->type) { | 500 | switch (key->type) { |
| 501 | #ifdef WITH_SSH1 | ||
| 496 | case KEY_RSA1: | 502 | case KEY_RSA1: |
| 497 | type = constrained ? | 503 | type = constrained ? |
| 498 | SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : | 504 | SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : |
| @@ -500,6 +506,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, | |||
| 500 | buffer_put_char(&msg, type); | 506 | buffer_put_char(&msg, type); |
| 501 | ssh_encode_identity_rsa1(&msg, key->rsa, comment); | 507 | ssh_encode_identity_rsa1(&msg, key->rsa, comment); |
| 502 | break; | 508 | break; |
| 509 | #endif | ||
| 510 | #ifdef WITH_OPENSSL | ||
| 503 | case KEY_RSA: | 511 | case KEY_RSA: |
| 504 | case KEY_RSA_CERT: | 512 | case KEY_RSA_CERT: |
| 505 | case KEY_RSA_CERT_V00: | 513 | case KEY_RSA_CERT_V00: |
| @@ -508,6 +516,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, | |||
| 508 | case KEY_DSA_CERT_V00: | 516 | case KEY_DSA_CERT_V00: |
| 509 | case KEY_ECDSA: | 517 | case KEY_ECDSA: |
| 510 | case KEY_ECDSA_CERT: | 518 | case KEY_ECDSA_CERT: |
| 519 | #endif | ||
| 511 | case KEY_ED25519: | 520 | case KEY_ED25519: |
| 512 | case KEY_ED25519_CERT: | 521 | case KEY_ED25519_CERT: |
| 513 | type = constrained ? | 522 | type = constrained ? |
| @@ -552,12 +561,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) | |||
| 552 | 561 | ||
| 553 | buffer_init(&msg); | 562 | buffer_init(&msg); |
| 554 | 563 | ||
| 564 | #ifdef WITH_SSH1 | ||
| 555 | if (key->type == KEY_RSA1) { | 565 | if (key->type == KEY_RSA1) { |
| 556 | buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); | 566 | buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); |
| 557 | buffer_put_int(&msg, BN_num_bits(key->rsa->n)); | 567 | buffer_put_int(&msg, BN_num_bits(key->rsa->n)); |
| 558 | buffer_put_bignum(&msg, key->rsa->e); | 568 | buffer_put_bignum(&msg, key->rsa->e); |
| 559 | buffer_put_bignum(&msg, key->rsa->n); | 569 | buffer_put_bignum(&msg, key->rsa->n); |
| 560 | } else if (key->type != KEY_UNSPEC) { | 570 | } else |
| 571 | #endif | ||
| 572 | if (key->type != KEY_UNSPEC) { | ||
| 561 | key_to_blob(key, &blob, &blen); | 573 | key_to_blob(key, &blob, &blen); |
| 562 | buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); | 574 | buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); |
| 563 | buffer_put_string(&msg, blob, blen); | 575 | buffer_put_string(&msg, blob, blen); |