diff options
author | Damien Miller <djm@mindrot.org> | 2014-05-15 14:24:09 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-05-15 14:24:09 +1000 |
commit | 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 (patch) | |
tree | ae708c2a25f84a04bcb04f2dbf3e8039e0f692bc /authfile.c | |
parent | c5893785564498cea73cb60d2cf199490483e080 (diff) |
- markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
[kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
[roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
make compiling against OpenSSL optional (make OPENSSL=no);
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm
Diffstat (limited to 'authfile.c')
-rw-r--r-- | authfile.c | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/authfile.c b/authfile.c index 44994a810..7cb901133 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfile.c,v 1.105 2014/04/28 03:09:18 djm Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.106 2014/04/29 18:01:49 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -43,9 +43,11 @@ | |||
43 | #include <sys/param.h> | 43 | #include <sys/param.h> |
44 | #include <sys/uio.h> | 44 | #include <sys/uio.h> |
45 | 45 | ||
46 | #ifdef WITH_OPENSSL | ||
46 | #include <openssl/err.h> | 47 | #include <openssl/err.h> |
47 | #include <openssl/evp.h> | 48 | #include <openssl/evp.h> |
48 | #include <openssl/pem.h> | 49 | #include <openssl/pem.h> |
50 | #endif | ||
49 | 51 | ||
50 | /* compatibility with old or broken OpenSSL versions */ | 52 | /* compatibility with old or broken OpenSSL versions */ |
51 | #include "openbsd-compat/openssl-compat.h" | 53 | #include "openbsd-compat/openssl-compat.h" |
@@ -419,6 +421,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase, | |||
419 | return k; | 421 | return k; |
420 | } | 422 | } |
421 | 423 | ||
424 | #ifdef WITH_SSH1 | ||
422 | /* | 425 | /* |
423 | * Serialises the authentication (private) key to a blob, encrypting it with | 426 | * Serialises the authentication (private) key to a blob, encrypting it with |
424 | * passphrase. The identification of the blob (lowest 64 bits of n) will | 427 | * passphrase. The identification of the blob (lowest 64 bits of n) will |
@@ -508,7 +511,9 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, | |||
508 | 511 | ||
509 | return 1; | 512 | return 1; |
510 | } | 513 | } |
514 | #endif | ||
511 | 515 | ||
516 | #ifdef WITH_OPENSSL | ||
512 | /* convert SSH v2 key in OpenSSL PEM format */ | 517 | /* convert SSH v2 key in OpenSSL PEM format */ |
513 | static int | 518 | static int |
514 | key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, | 519 | key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, |
@@ -558,6 +563,7 @@ key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, | |||
558 | BIO_free(bio); | 563 | BIO_free(bio); |
559 | return success; | 564 | return success; |
560 | } | 565 | } |
566 | #endif | ||
561 | 567 | ||
562 | /* Save a key blob to a file */ | 568 | /* Save a key blob to a file */ |
563 | static int | 569 | static int |
@@ -588,8 +594,11 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase, | |||
588 | int new_format_rounds) | 594 | int new_format_rounds) |
589 | { | 595 | { |
590 | switch (key->type) { | 596 | switch (key->type) { |
597 | #ifdef WITH_SSH1 | ||
591 | case KEY_RSA1: | 598 | case KEY_RSA1: |
592 | return key_private_rsa1_to_blob(key, blob, passphrase, comment); | 599 | return key_private_rsa1_to_blob(key, blob, passphrase, comment); |
600 | #endif | ||
601 | #ifdef WITH_OPENSSL | ||
593 | case KEY_DSA: | 602 | case KEY_DSA: |
594 | case KEY_ECDSA: | 603 | case KEY_ECDSA: |
595 | case KEY_RSA: | 604 | case KEY_RSA: |
@@ -598,6 +607,7 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase, | |||
598 | comment, new_format_cipher, new_format_rounds); | 607 | comment, new_format_cipher, new_format_rounds); |
599 | } | 608 | } |
600 | return key_private_pem_to_blob(key, blob, passphrase, comment); | 609 | return key_private_pem_to_blob(key, blob, passphrase, comment); |
610 | #endif | ||
601 | case KEY_ED25519: | 611 | case KEY_ED25519: |
602 | return key_private_to_blob2(key, blob, passphrase, | 612 | return key_private_to_blob2(key, blob, passphrase, |
603 | comment, new_format_cipher, new_format_rounds); | 613 | comment, new_format_cipher, new_format_rounds); |
@@ -627,6 +637,7 @@ key_save_private(Key *key, const char *filename, const char *passphrase, | |||
627 | return success; | 637 | return success; |
628 | } | 638 | } |
629 | 639 | ||
640 | #ifdef WITH_SSH1 | ||
630 | /* | 641 | /* |
631 | * Parse the public, unencrypted portion of a RSA1 key. | 642 | * Parse the public, unencrypted portion of a RSA1 key. |
632 | */ | 643 | */ |
@@ -671,6 +682,7 @@ key_parse_public_rsa1(Buffer *blob, char **commentp) | |||
671 | 682 | ||
672 | return pub; | 683 | return pub; |
673 | } | 684 | } |
685 | #endif | ||
674 | 686 | ||
675 | /* Load a key from a fd into a buffer */ | 687 | /* Load a key from a fd into a buffer */ |
676 | int | 688 | int |
@@ -727,6 +739,7 @@ key_load_file(int fd, const char *filename, Buffer *blob) | |||
727 | return 1; | 739 | return 1; |
728 | } | 740 | } |
729 | 741 | ||
742 | #ifdef WITH_SSH1 | ||
730 | /* | 743 | /* |
731 | * Loads the public part of the ssh v1 key file. Returns NULL if an error was | 744 | * Loads the public part of the ssh v1 key file. Returns NULL if an error was |
732 | * encountered (the file does not exist or is not readable), and the key | 745 | * encountered (the file does not exist or is not readable), and the key |
@@ -870,7 +883,9 @@ fail: | |||
870 | key_free(prv); | 883 | key_free(prv); |
871 | return NULL; | 884 | return NULL; |
872 | } | 885 | } |
886 | #endif | ||
873 | 887 | ||
888 | #ifdef WITH_OPENSSL | ||
874 | static Key * | 889 | static Key * |
875 | key_parse_private_pem(Buffer *blob, int type, const char *passphrase, | 890 | key_parse_private_pem(Buffer *blob, int type, const char *passphrase, |
876 | char **commentp) | 891 | char **commentp) |
@@ -964,6 +979,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, | |||
964 | buffer_free(&buffer); | 979 | buffer_free(&buffer); |
965 | return prv; | 980 | return prv; |
966 | } | 981 | } |
982 | #endif | ||
967 | 983 | ||
968 | int | 984 | int |
969 | key_perm_ok(int fd, const char *filename) | 985 | key_perm_ok(int fd, const char *filename) |
@@ -1000,18 +1016,24 @@ key_parse_private_type(Buffer *blob, int type, const char *passphrase, | |||
1000 | Key *k; | 1016 | Key *k; |
1001 | 1017 | ||
1002 | switch (type) { | 1018 | switch (type) { |
1019 | #ifdef WITH_SSH1 | ||
1003 | case KEY_RSA1: | 1020 | case KEY_RSA1: |
1004 | return key_parse_private_rsa1(blob, passphrase, commentp); | 1021 | return key_parse_private_rsa1(blob, passphrase, commentp); |
1022 | #endif | ||
1023 | #ifdef WITH_OPENSSL | ||
1005 | case KEY_DSA: | 1024 | case KEY_DSA: |
1006 | case KEY_ECDSA: | 1025 | case KEY_ECDSA: |
1007 | case KEY_RSA: | 1026 | case KEY_RSA: |
1008 | return key_parse_private_pem(blob, type, passphrase, commentp); | 1027 | return key_parse_private_pem(blob, type, passphrase, commentp); |
1028 | #endif | ||
1009 | case KEY_ED25519: | 1029 | case KEY_ED25519: |
1010 | return key_parse_private2(blob, type, passphrase, commentp); | 1030 | return key_parse_private2(blob, type, passphrase, commentp); |
1011 | case KEY_UNSPEC: | 1031 | case KEY_UNSPEC: |
1012 | if ((k = key_parse_private2(blob, type, passphrase, commentp))) | 1032 | if ((k = key_parse_private2(blob, type, passphrase, commentp))) |
1013 | return k; | 1033 | return k; |
1034 | #ifdef WITH_OPENSSL | ||
1014 | return key_parse_private_pem(blob, type, passphrase, commentp); | 1035 | return key_parse_private_pem(blob, type, passphrase, commentp); |
1036 | #endif | ||
1015 | default: | 1037 | default: |
1016 | error("%s: cannot parse key type %d", __func__, type); | 1038 | error("%s: cannot parse key type %d", __func__, type); |
1017 | break; | 1039 | break; |
@@ -1061,6 +1083,7 @@ Key * | |||
1061 | key_parse_private(Buffer *buffer, const char *filename, | 1083 | key_parse_private(Buffer *buffer, const char *filename, |
1062 | const char *passphrase, char **commentp) | 1084 | const char *passphrase, char **commentp) |
1063 | { | 1085 | { |
1086 | #ifdef WITH_SSH1 | ||
1064 | Key *pub, *prv; | 1087 | Key *pub, *prv; |
1065 | 1088 | ||
1066 | /* it's a SSH v1 key if the public key part is readable */ | 1089 | /* it's a SSH v1 key if the public key part is readable */ |
@@ -1078,6 +1101,10 @@ key_parse_private(Buffer *buffer, const char *filename, | |||
1078 | NULL); | 1101 | NULL); |
1079 | } | 1102 | } |
1080 | return prv; | 1103 | return prv; |
1104 | #else | ||
1105 | return key_parse_private_type(buffer, KEY_UNSPEC, | ||
1106 | passphrase, commentp); | ||
1107 | #endif | ||
1081 | } | 1108 | } |
1082 | 1109 | ||
1083 | Key * | 1110 | Key * |
@@ -1162,6 +1189,7 @@ key_load_public(const char *filename, char **commentp) | |||
1162 | Key *pub; | 1189 | Key *pub; |
1163 | char file[MAXPATHLEN]; | 1190 | char file[MAXPATHLEN]; |
1164 | 1191 | ||
1192 | #ifdef WITH_SSH1 | ||
1165 | /* try rsa1 private key */ | 1193 | /* try rsa1 private key */ |
1166 | pub = key_load_public_type(KEY_RSA1, filename, commentp); | 1194 | pub = key_load_public_type(KEY_RSA1, filename, commentp); |
1167 | if (pub != NULL) | 1195 | if (pub != NULL) |
@@ -1172,6 +1200,7 @@ key_load_public(const char *filename, char **commentp) | |||
1172 | if (key_try_load_public(pub, filename, commentp) == 1) | 1200 | if (key_try_load_public(pub, filename, commentp) == 1) |
1173 | return pub; | 1201 | return pub; |
1174 | key_free(pub); | 1202 | key_free(pub); |
1203 | #endif | ||
1175 | 1204 | ||
1176 | /* try ssh2 public key */ | 1205 | /* try ssh2 public key */ |
1177 | pub = key_new(KEY_UNSPEC); | 1206 | pub = key_new(KEY_UNSPEC); |
@@ -1211,9 +1240,11 @@ key_load_private_cert(int type, const char *filename, const char *passphrase, | |||
1211 | Key *key, *pub; | 1240 | Key *key, *pub; |
1212 | 1241 | ||
1213 | switch (type) { | 1242 | switch (type) { |
1243 | #ifdef WITH_OPENSSL | ||
1214 | case KEY_RSA: | 1244 | case KEY_RSA: |
1215 | case KEY_DSA: | 1245 | case KEY_DSA: |
1216 | case KEY_ECDSA: | 1246 | case KEY_ECDSA: |
1247 | #endif | ||
1217 | case KEY_ED25519: | 1248 | case KEY_ED25519: |
1218 | break; | 1249 | break; |
1219 | default: | 1250 | default: |