- markus@cvs.openbsd.org 2014/04/29 18:01:49

[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
author: Damien Miller <djm@mindrot.org> 2014-05-15 14:24:09 +1000
committer: Damien Miller <djm@mindrot.org> 2014-05-15 14:24:09 +1000
commit: 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 (patch)
tree: ae708c2a25f84a04bcb04f2dbf3e8039e0f692bc /kex.c
parent: c5893785564498cea73cb60d2cf199490483e080 (diff)
1 files changed, 13 insertions, 5 deletions
diff --git a/kex.c b/kex.c
index 74e2b8682..a173e70e3 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.99 2014/04/29 18:01:49 markus Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
 *
@@ -33,7 +33,9 @@
 #include <stdlib.h>
 #include <string.h>
+#ifdef WITH_OPENSSL
 #include <openssl/crypto.h>
+#endif
 #include "xmalloc.h"
 #include "ssh2.h"
@@ -70,12 +72,13 @@ struct kexalg {
        int hash_alg;
 };
 static const struct kexalg kexalgs[] = {
+#ifdef WITH_OPENSSL
        { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
        { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
        { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
 #ifdef HAVE_EVP_SHA256
        { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
-#endif
+#endif /* HAVE_EVP_SHA256 */
 #ifdef OPENSSL_HAS_ECC
        { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2,
            NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
@@ -84,12 +87,13 @@ static const struct kexalg kexalgs[] = {
 # ifdef OPENSSL_HAS_NISTP521
        { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1,
            SSH_DIGEST_SHA512 },
-# endif
+# endif /* OPENSSL_HAS_NISTP521 */
-#endif
+#endif /* OPENSSL_HAS_ECC */
        { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
+#endif /* WITH_OPENSSL */
 #ifdef HAVE_EVP_SHA256
        { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
-#endif
+#endif /* HAVE_EVP_SHA256 */
        { NULL, -1, -1, -1},
 };
@@ -615,6 +619,7 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen,
        }
 }
+#ifdef WITH_OPENSSL
 void
 kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret)
 {
@@ -626,6 +631,7 @@ kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret)
            buffer_ptr(&shared_secret), buffer_len(&shared_secret));
        buffer_free(&shared_secret);
 }
+#endif
 Newkeys *
 kex_get_newkeys(int mode)
@@ -637,6 +643,7 @@ kex_get_newkeys(int mode)
        return ret;
 }
+#ifdef WITH_SSH1
 void
 derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
    u_int8_t cookie[8], u_int8_t id[16])
@@ -669,6 +676,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
        explicit_bzero(nbuf, sizeof(nbuf));
        explicit_bzero(obuf, sizeof(obuf));
 }
+#endif
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
 void
author	Damien Miller <djm@mindrot.org>	2014-05-15 14:24:09 +1000
committer	Damien Miller <djm@mindrot.org>	2014-05-15 14:24:09 +1000
commit	1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 (patch)
tree	ae708c2a25f84a04bcb04f2dbf3e8039e0f692bc /kex.c
parent	c5893785564498cea73cb60d2cf199490483e080 (diff)