- markus@cvs.openbsd.org 2014/04/29 18:01:49

     [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
     [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
     [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
     make compiling against OpenSSL optional (make OPENSSL=no);
     reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
     allows us to explore further options; with and ok djm

1 files changed, 32 insertions, 1 deletions

diff --git a/authfile.c b/authfile.c
index 44994a810..7cb901133 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.105 2014/04/28 03:09:18 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.106 2014/04/29 18:01:49 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -43,9 +43,11 @@
 #include <sys/param.h>
 #include <sys/uio.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
+#endif
 
 /* compatibility with old or broken OpenSSL versions */
 #include "openbsd-compat/openssl-compat.h"
@@ -419,6 +421,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase,
         return k;
 }
 
+#ifdef WITH_SSH1
 /*
  * Serialises the authentication (private) key to a blob, encrypting it with
  * passphrase.  The identification of the blob (lowest 64 bits of n) will
@@ -508,7 +511,9 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
 
         return 1;
 }
+#endif
 
+#ifdef WITH_OPENSSL
 /* convert SSH v2 key in OpenSSL PEM format */
 static int
 key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase,
@@ -558,6 +563,7 @@ key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase,
         BIO_free(bio);
         return success;
 }
+#endif
 
 /* Save a key blob to a file */
 static int
@@ -588,8 +594,11 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase,
     int new_format_rounds)
 {
         switch (key->type) {
+#ifdef WITH_SSH1
         case KEY_RSA1:
                 return key_private_rsa1_to_blob(key, blob, passphrase, comment);
+#endif
+#ifdef WITH_OPENSSL
         case KEY_DSA:
         case KEY_ECDSA:
         case KEY_RSA:
@@ -598,6 +607,7 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase,
                             comment, new_format_cipher, new_format_rounds);
                 }
                 return key_private_pem_to_blob(key, blob, passphrase, comment);
+#endif
         case KEY_ED25519:
                 return key_private_to_blob2(key, blob, passphrase,
                     comment, new_format_cipher, new_format_rounds);
@@ -627,6 +637,7 @@ key_save_private(Key *key, const char *filename, const char *passphrase,
         return success;
 }
 
+#ifdef WITH_SSH1
 /*
  * Parse the public, unencrypted portion of a RSA1 key.
  */
@@ -671,6 +682,7 @@ key_parse_public_rsa1(Buffer *blob, char **commentp)
 
         return pub;
 }
+#endif
 
 /* Load a key from a fd into a buffer */
 int
@@ -727,6 +739,7 @@ key_load_file(int fd, const char *filename, Buffer *blob)
         return 1;
 }
 
+#ifdef WITH_SSH1
 /*
  * Loads the public part of the ssh v1 key file.  Returns NULL if an error was
  * encountered (the file does not exist or is not readable), and the key
@@ -870,7 +883,9 @@ fail:
         key_free(prv);
         return NULL;
 }
+#endif
 
+#ifdef WITH_OPENSSL
 static Key *
 key_parse_private_pem(Buffer *blob, int type, const char *passphrase,
     char **commentp)
@@ -964,6 +979,7 @@ key_load_private_pem(int fd, int type, const char *passphrase,
         buffer_free(&buffer);
         return prv;
 }
+#endif
 
 int
 key_perm_ok(int fd, const char *filename)
@@ -1000,18 +1016,24 @@ key_parse_private_type(Buffer *blob, int type, const char *passphrase,
         Key *k;
 
         switch (type) {
+#ifdef WITH_SSH1
         case KEY_RSA1:
                 return key_parse_private_rsa1(blob, passphrase, commentp);
+#endif
+#ifdef WITH_OPENSSL
         case KEY_DSA:
         case KEY_ECDSA:
         case KEY_RSA:
                 return key_parse_private_pem(blob, type, passphrase, commentp);
+#endif
         case KEY_ED25519:
                 return key_parse_private2(blob, type, passphrase, commentp);
         case KEY_UNSPEC:
                 if ((k = key_parse_private2(blob, type, passphrase, commentp)))
                         return k;
+#ifdef WITH_OPENSSL
                 return key_parse_private_pem(blob, type, passphrase, commentp);
+#endif
         default:
                 error("%s: cannot parse key type %d", __func__, type);
                 break;
@@ -1061,6 +1083,7 @@ Key *
 key_parse_private(Buffer *buffer, const char *filename,
     const char *passphrase, char **commentp)
 {
+#ifdef WITH_SSH1
         Key *pub, *prv;
 
         /* it's a SSH v1 key if the public key part is readable */
@@ -1078,6 +1101,10 @@ key_parse_private(Buffer *buffer, const char *filename,
                     NULL);
         }
         return prv;
+#else
+        return key_parse_private_type(buffer, KEY_UNSPEC,
+            passphrase, commentp);
+#endif
 }
 
 Key *
@@ -1162,6 +1189,7 @@ key_load_public(const char *filename, char **commentp)
         Key *pub;
         char file[MAXPATHLEN];
 
+#ifdef WITH_SSH1
         /* try rsa1 private key */
         pub = key_load_public_type(KEY_RSA1, filename, commentp);
         if (pub != NULL)
@@ -1172,6 +1200,7 @@ key_load_public(const char *filename, char **commentp)
         if (key_try_load_public(pub, filename, commentp) == 1)
                 return pub;
         key_free(pub);
+#endif
 
         /* try ssh2 public key */
         pub = key_new(KEY_UNSPEC);
@@ -1211,9 +1240,11 @@ key_load_private_cert(int type, const char *filename, const char *passphrase,
         Key *key, *pub;
 
         switch (type) {
+#ifdef WITH_OPENSSL
         case KEY_RSA:
         case KEY_DSA:
         case KEY_ECDSA:
+#endif
         case KEY_ED25519:
                 break;
         default: