summaryrefslogtreecommitdiff
path: root/authfile.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-05-15 14:24:09 +1000
committerDamien Miller <djm@mindrot.org>2014-05-15 14:24:09 +1000
commit1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 (patch)
treeae708c2a25f84a04bcb04f2dbf3e8039e0f692bc /authfile.c
parentc5893785564498cea73cb60d2cf199490483e080 (diff)
- markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Diffstat (limited to 'authfile.c')
-rw-r--r--authfile.c33
1 files changed, 32 insertions, 1 deletions
diff --git a/authfile.c b/authfile.c
index 44994a810..7cb901133 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.105 2014/04/28 03:09:18 djm Exp $ */ 1/* $OpenBSD: authfile.c,v 1.106 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -43,9 +43,11 @@
43#include <sys/param.h> 43#include <sys/param.h>
44#include <sys/uio.h> 44#include <sys/uio.h>
45 45
46#ifdef WITH_OPENSSL
46#include <openssl/err.h> 47#include <openssl/err.h>
47#include <openssl/evp.h> 48#include <openssl/evp.h>
48#include <openssl/pem.h> 49#include <openssl/pem.h>
50#endif
49 51
50/* compatibility with old or broken OpenSSL versions */ 52/* compatibility with old or broken OpenSSL versions */
51#include "openbsd-compat/openssl-compat.h" 53#include "openbsd-compat/openssl-compat.h"
@@ -419,6 +421,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase,
419 return k; 421 return k;
420} 422}
421 423
424#ifdef WITH_SSH1
422/* 425/*
423 * Serialises the authentication (private) key to a blob, encrypting it with 426 * Serialises the authentication (private) key to a blob, encrypting it with
424 * passphrase. The identification of the blob (lowest 64 bits of n) will 427 * passphrase. The identification of the blob (lowest 64 bits of n) will
@@ -508,7 +511,9 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
508 511
509 return 1; 512 return 1;
510} 513}
514#endif
511 515
516#ifdef WITH_OPENSSL
512/* convert SSH v2 key in OpenSSL PEM format */ 517/* convert SSH v2 key in OpenSSL PEM format */
513static int 518static int
514key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, 519key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase,
@@ -558,6 +563,7 @@ key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase,
558 BIO_free(bio); 563 BIO_free(bio);
559 return success; 564 return success;
560} 565}
566#endif
561 567
562/* Save a key blob to a file */ 568/* Save a key blob to a file */
563static int 569static int
@@ -588,8 +594,11 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase,
588 int new_format_rounds) 594 int new_format_rounds)
589{ 595{
590 switch (key->type) { 596 switch (key->type) {
597#ifdef WITH_SSH1
591 case KEY_RSA1: 598 case KEY_RSA1:
592 return key_private_rsa1_to_blob(key, blob, passphrase, comment); 599 return key_private_rsa1_to_blob(key, blob, passphrase, comment);
600#endif
601#ifdef WITH_OPENSSL
593 case KEY_DSA: 602 case KEY_DSA:
594 case KEY_ECDSA: 603 case KEY_ECDSA:
595 case KEY_RSA: 604 case KEY_RSA:
@@ -598,6 +607,7 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase,
598 comment, new_format_cipher, new_format_rounds); 607 comment, new_format_cipher, new_format_rounds);
599 } 608 }
600 return key_private_pem_to_blob(key, blob, passphrase, comment); 609 return key_private_pem_to_blob(key, blob, passphrase, comment);
610#endif
601 case KEY_ED25519: 611 case KEY_ED25519:
602 return key_private_to_blob2(key, blob, passphrase, 612 return key_private_to_blob2(key, blob, passphrase,
603 comment, new_format_cipher, new_format_rounds); 613 comment, new_format_cipher, new_format_rounds);
@@ -627,6 +637,7 @@ key_save_private(Key *key, const char *filename, const char *passphrase,
627 return success; 637 return success;
628} 638}
629 639
640#ifdef WITH_SSH1
630/* 641/*
631 * Parse the public, unencrypted portion of a RSA1 key. 642 * Parse the public, unencrypted portion of a RSA1 key.
632 */ 643 */
@@ -671,6 +682,7 @@ key_parse_public_rsa1(Buffer *blob, char **commentp)
671 682
672 return pub; 683 return pub;
673} 684}
685#endif
674 686
675/* Load a key from a fd into a buffer */ 687/* Load a key from a fd into a buffer */
676int 688int
@@ -727,6 +739,7 @@ key_load_file(int fd, const char *filename, Buffer *blob)
727 return 1; 739 return 1;
728} 740}
729 741
742#ifdef WITH_SSH1
730/* 743/*
731 * Loads the public part of the ssh v1 key file. Returns NULL if an error was 744 * Loads the public part of the ssh v1 key file. Returns NULL if an error was
732 * encountered (the file does not exist or is not readable), and the key 745 * encountered (the file does not exist or is not readable), and the key
@@ -870,7 +883,9 @@ fail:
870 key_free(prv); 883 key_free(prv);
871 return NULL; 884 return NULL;
872} 885}
886#endif
873 887
888#ifdef WITH_OPENSSL
874static Key * 889static Key *
875key_parse_private_pem(Buffer *blob, int type, const char *passphrase, 890key_parse_private_pem(Buffer *blob, int type, const char *passphrase,
876 char **commentp) 891 char **commentp)
@@ -964,6 +979,7 @@ key_load_private_pem(int fd, int type, const char *passphrase,
964 buffer_free(&buffer); 979 buffer_free(&buffer);
965 return prv; 980 return prv;
966} 981}
982#endif
967 983
968int 984int
969key_perm_ok(int fd, const char *filename) 985key_perm_ok(int fd, const char *filename)
@@ -1000,18 +1016,24 @@ key_parse_private_type(Buffer *blob, int type, const char *passphrase,
1000 Key *k; 1016 Key *k;
1001 1017
1002 switch (type) { 1018 switch (type) {
1019#ifdef WITH_SSH1
1003 case KEY_RSA1: 1020 case KEY_RSA1:
1004 return key_parse_private_rsa1(blob, passphrase, commentp); 1021 return key_parse_private_rsa1(blob, passphrase, commentp);
1022#endif
1023#ifdef WITH_OPENSSL
1005 case KEY_DSA: 1024 case KEY_DSA:
1006 case KEY_ECDSA: 1025 case KEY_ECDSA:
1007 case KEY_RSA: 1026 case KEY_RSA:
1008 return key_parse_private_pem(blob, type, passphrase, commentp); 1027 return key_parse_private_pem(blob, type, passphrase, commentp);
1028#endif
1009 case KEY_ED25519: 1029 case KEY_ED25519:
1010 return key_parse_private2(blob, type, passphrase, commentp); 1030 return key_parse_private2(blob, type, passphrase, commentp);
1011 case KEY_UNSPEC: 1031 case KEY_UNSPEC:
1012 if ((k = key_parse_private2(blob, type, passphrase, commentp))) 1032 if ((k = key_parse_private2(blob, type, passphrase, commentp)))
1013 return k; 1033 return k;
1034#ifdef WITH_OPENSSL
1014 return key_parse_private_pem(blob, type, passphrase, commentp); 1035 return key_parse_private_pem(blob, type, passphrase, commentp);
1036#endif
1015 default: 1037 default:
1016 error("%s: cannot parse key type %d", __func__, type); 1038 error("%s: cannot parse key type %d", __func__, type);
1017 break; 1039 break;
@@ -1061,6 +1083,7 @@ Key *
1061key_parse_private(Buffer *buffer, const char *filename, 1083key_parse_private(Buffer *buffer, const char *filename,
1062 const char *passphrase, char **commentp) 1084 const char *passphrase, char **commentp)
1063{ 1085{
1086#ifdef WITH_SSH1
1064 Key *pub, *prv; 1087 Key *pub, *prv;
1065 1088
1066 /* it's a SSH v1 key if the public key part is readable */ 1089 /* it's a SSH v1 key if the public key part is readable */
@@ -1078,6 +1101,10 @@ key_parse_private(Buffer *buffer, const char *filename,
1078 NULL); 1101 NULL);
1079 } 1102 }
1080 return prv; 1103 return prv;
1104#else
1105 return key_parse_private_type(buffer, KEY_UNSPEC,
1106 passphrase, commentp);
1107#endif
1081} 1108}
1082 1109
1083Key * 1110Key *
@@ -1162,6 +1189,7 @@ key_load_public(const char *filename, char **commentp)
1162 Key *pub; 1189 Key *pub;
1163 char file[MAXPATHLEN]; 1190 char file[MAXPATHLEN];
1164 1191
1192#ifdef WITH_SSH1
1165 /* try rsa1 private key */ 1193 /* try rsa1 private key */
1166 pub = key_load_public_type(KEY_RSA1, filename, commentp); 1194 pub = key_load_public_type(KEY_RSA1, filename, commentp);
1167 if (pub != NULL) 1195 if (pub != NULL)
@@ -1172,6 +1200,7 @@ key_load_public(const char *filename, char **commentp)
1172 if (key_try_load_public(pub, filename, commentp) == 1) 1200 if (key_try_load_public(pub, filename, commentp) == 1)
1173 return pub; 1201 return pub;
1174 key_free(pub); 1202 key_free(pub);
1203#endif
1175 1204
1176 /* try ssh2 public key */ 1205 /* try ssh2 public key */
1177 pub = key_new(KEY_UNSPEC); 1206 pub = key_new(KEY_UNSPEC);
@@ -1211,9 +1240,11 @@ key_load_private_cert(int type, const char *filename, const char *passphrase,
1211 Key *key, *pub; 1240 Key *key, *pub;
1212 1241
1213 switch (type) { 1242 switch (type) {
1243#ifdef WITH_OPENSSL
1214 case KEY_RSA: 1244 case KEY_RSA:
1215 case KEY_DSA: 1245 case KEY_DSA:
1216 case KEY_ECDSA: 1246 case KEY_ECDSA:
1247#endif
1217 case KEY_ED25519: 1248 case KEY_ED25519:
1218 break; 1249 break;
1219 default: 1250 default: