summaryrefslogtreecommitdiff
path: root/key.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2010-09-10 11:39:26 +1000
committerDamien Miller <djm@mindrot.org>2010-09-10 11:39:26 +1000
commit6af914a15c0c33e8b5bab5ca61919b8562ff1db9 (patch)
treeb87546d8a88a05e6fd600cbb2b8c0b132278cb10 /key.c
parent041ab7c1e7d6514ed84a539a767f79ffb356e807 (diff)
- (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on platforms that don't have the requisite OpenSSL support. ok dtucker@
Diffstat (limited to 'key.c')
-rw-r--r--key.c67
1 files changed, 64 insertions, 3 deletions
diff --git a/key.c b/key.c
index b9dc2355b..3cda8f2cb 100644
--- a/key.c
+++ b/key.c
@@ -111,10 +111,12 @@ key_new(int type)
111 fatal("key_new: BN_new failed"); 111 fatal("key_new: BN_new failed");
112 k->dsa = dsa; 112 k->dsa = dsa;
113 break; 113 break;
114#ifdef OPENSSL_HAS_ECC
114 case KEY_ECDSA: 115 case KEY_ECDSA:
115 case KEY_ECDSA_CERT: 116 case KEY_ECDSA_CERT:
116 /* Cannot do anything until we know the group */ 117 /* Cannot do anything until we know the group */
117 break; 118 break;
119#endif
118 case KEY_UNSPEC: 120 case KEY_UNSPEC:
119 break; 121 break;
120 default: 122 default:
@@ -214,12 +216,14 @@ key_free(Key *k)
214 DSA_free(k->dsa); 216 DSA_free(k->dsa);
215 k->dsa = NULL; 217 k->dsa = NULL;
216 break; 218 break;
219#ifdef OPENSSL_HAS_ECC
217 case KEY_ECDSA: 220 case KEY_ECDSA:
218 case KEY_ECDSA_CERT: 221 case KEY_ECDSA_CERT:
219 if (k->ecdsa != NULL) 222 if (k->ecdsa != NULL)
220 EC_KEY_free(k->ecdsa); 223 EC_KEY_free(k->ecdsa);
221 k->ecdsa = NULL; 224 k->ecdsa = NULL;
222 break; 225 break;
226#endif
223 case KEY_UNSPEC: 227 case KEY_UNSPEC:
224 break; 228 break;
225 default: 229 default:
@@ -279,6 +283,7 @@ key_equal_public(const Key *a, const Key *b)
279 BN_cmp(a->dsa->q, b->dsa->q) == 0 && 283 BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
280 BN_cmp(a->dsa->g, b->dsa->g) == 0 && 284 BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
281 BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; 285 BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
286#ifdef OPENSSL_HAS_ECC
282 case KEY_ECDSA_CERT: 287 case KEY_ECDSA_CERT:
283 case KEY_ECDSA: 288 case KEY_ECDSA:
284 if (a->ecdsa == NULL || b->ecdsa == NULL || 289 if (a->ecdsa == NULL || b->ecdsa == NULL ||
@@ -297,6 +302,7 @@ key_equal_public(const Key *a, const Key *b)
297 } 302 }
298 BN_CTX_free(bnctx); 303 BN_CTX_free(bnctx);
299 return 1; 304 return 1;
305#endif /* OPENSSL_HAS_ECC */
300 default: 306 default:
301 fatal("key_equal: bad key type %d", a->type); 307 fatal("key_equal: bad key type %d", a->type);
302 } 308 }
@@ -695,11 +701,13 @@ key_read(Key *ret, char **cpp)
695 } 701 }
696 *space = '\0'; 702 *space = '\0';
697 type = key_type_from_name(cp); 703 type = key_type_from_name(cp);
704#ifdef OPENSSL_HAS_ECC
698 if (key_type_plain(type) == KEY_ECDSA && 705 if (key_type_plain(type) == KEY_ECDSA &&
699 (curve_nid = key_ecdsa_nid_from_name(cp)) == -1) { 706 (curve_nid = key_ecdsa_nid_from_name(cp)) == -1) {
700 debug("key_read: invalid curve"); 707 debug("key_read: invalid curve");
701 return -1; 708 return -1;
702 } 709 }
710#endif
703 *space = ' '; 711 *space = ' ';
704 if (type == KEY_UNSPEC) { 712 if (type == KEY_UNSPEC) {
705 debug3("key_read: missing keytype"); 713 debug3("key_read: missing keytype");
@@ -736,12 +744,14 @@ key_read(Key *ret, char **cpp)
736 key_free(k); 744 key_free(k);
737 return -1; 745 return -1;
738 } 746 }
747#ifdef OPENSSL_HAS_ECC
739 if (key_type_plain(type) == KEY_ECDSA && 748 if (key_type_plain(type) == KEY_ECDSA &&
740 curve_nid != k->ecdsa_nid) { 749 curve_nid != k->ecdsa_nid) {
741 error("key_read: type mismatch: EC curve mismatch"); 750 error("key_read: type mismatch: EC curve mismatch");
742 key_free(k); 751 key_free(k);
743 return -1; 752 return -1;
744 } 753 }
754#endif
745/*XXXX*/ 755/*XXXX*/
746 if (key_is_cert(ret)) { 756 if (key_is_cert(ret)) {
747 if (!key_is_cert(k)) { 757 if (!key_is_cert(k)) {
@@ -772,6 +782,7 @@ key_read(Key *ret, char **cpp)
772 DSA_print_fp(stderr, ret->dsa, 8); 782 DSA_print_fp(stderr, ret->dsa, 8);
773#endif 783#endif
774 } 784 }
785#ifdef OPENSSL_HAS_ECC
775 if (key_type_plain(ret->type) == KEY_ECDSA) { 786 if (key_type_plain(ret->type) == KEY_ECDSA) {
776 if (ret->ecdsa != NULL) 787 if (ret->ecdsa != NULL)
777 EC_KEY_free(ret->ecdsa); 788 EC_KEY_free(ret->ecdsa);
@@ -783,6 +794,7 @@ key_read(Key *ret, char **cpp)
783 key_dump_ec_key(ret->ecdsa); 794 key_dump_ec_key(ret->ecdsa);
784#endif 795#endif
785 } 796 }
797#endif
786 success = 1; 798 success = 1;
787/*XXXX*/ 799/*XXXX*/
788 key_free(k); 800 key_free(k);
@@ -839,11 +851,13 @@ key_write(const Key *key, FILE *f)
839 if (key->dsa == NULL) 851 if (key->dsa == NULL)
840 return 0; 852 return 0;
841 break; 853 break;
854#ifdef OPENSSL_HAS_ECC
842 case KEY_ECDSA: 855 case KEY_ECDSA:
843 case KEY_ECDSA_CERT: 856 case KEY_ECDSA_CERT:
844 if (key->ecdsa == NULL) 857 if (key->ecdsa == NULL)
845 return 0; 858 return 0;
846 break; 859 break;
860#endif
847 case KEY_RSA: 861 case KEY_RSA:
848 case KEY_RSA_CERT_V00: 862 case KEY_RSA_CERT_V00:
849 case KEY_RSA_CERT: 863 case KEY_RSA_CERT:
@@ -877,8 +891,10 @@ key_type(const Key *k)
877 return "RSA"; 891 return "RSA";
878 case KEY_DSA: 892 case KEY_DSA:
879 return "DSA"; 893 return "DSA";
894#ifdef OPENSSL_HAS_ECC
880 case KEY_ECDSA: 895 case KEY_ECDSA:
881 return "ECDSA"; 896 return "ECDSA";
897#endif
882 case KEY_RSA_CERT_V00: 898 case KEY_RSA_CERT_V00:
883 return "RSA-CERT-V00"; 899 return "RSA-CERT-V00";
884 case KEY_DSA_CERT_V00: 900 case KEY_DSA_CERT_V00:
@@ -887,8 +903,10 @@ key_type(const Key *k)
887 return "RSA-CERT"; 903 return "RSA-CERT";
888 case KEY_DSA_CERT: 904 case KEY_DSA_CERT:
889 return "DSA-CERT"; 905 return "DSA-CERT";
906#ifdef OPENSSL_HAS_ECC
890 case KEY_ECDSA_CERT: 907 case KEY_ECDSA_CERT:
891 return "ECDSA-CERT"; 908 return "ECDSA-CERT";
909#endif
892 } 910 }
893 return "unknown"; 911 return "unknown";
894} 912}
@@ -922,6 +940,7 @@ key_ssh_name_from_type_nid(int type, int nid)
922 return "ssh-rsa-cert-v01@openssh.com"; 940 return "ssh-rsa-cert-v01@openssh.com";
923 case KEY_DSA_CERT: 941 case KEY_DSA_CERT:
924 return "ssh-dss-cert-v01@openssh.com"; 942 return "ssh-dss-cert-v01@openssh.com";
943#ifdef OPENSSL_HAS_ECC
925 case KEY_ECDSA: 944 case KEY_ECDSA:
926 switch (nid) { 945 switch (nid) {
927 case NID_X9_62_prime256v1: 946 case NID_X9_62_prime256v1:
@@ -946,6 +965,7 @@ key_ssh_name_from_type_nid(int type, int nid)
946 break; 965 break;
947 } 966 }
948 break; 967 break;
968#endif /* OPENSSL_HAS_ECC */
949 } 969 }
950 return "ssh-unknown"; 970 return "ssh-unknown";
951} 971}
@@ -976,9 +996,11 @@ key_size(const Key *k)
976 case KEY_DSA_CERT_V00: 996 case KEY_DSA_CERT_V00:
977 case KEY_DSA_CERT: 997 case KEY_DSA_CERT:
978 return BN_num_bits(k->dsa->p); 998 return BN_num_bits(k->dsa->p);
999#ifdef OPENSSL_HAS_ECC
979 case KEY_ECDSA: 1000 case KEY_ECDSA:
980 case KEY_ECDSA_CERT: 1001 case KEY_ECDSA_CERT:
981 return key_curve_nid_to_bits(k->ecdsa_nid); 1002 return key_curve_nid_to_bits(k->ecdsa_nid);
1003#endif
982 } 1004 }
983 return 0; 1005 return 0;
984} 1006}
@@ -1012,17 +1034,20 @@ int
1012key_ecdsa_bits_to_nid(int bits) 1034key_ecdsa_bits_to_nid(int bits)
1013{ 1035{
1014 switch (bits) { 1036 switch (bits) {
1037#ifdef OPENSSL_HAS_ECC
1015 case 256: 1038 case 256:
1016 return NID_X9_62_prime256v1; 1039 return NID_X9_62_prime256v1;
1017 case 384: 1040 case 384:
1018 return NID_secp384r1; 1041 return NID_secp384r1;
1019 case 521: 1042 case 521:
1020 return NID_secp521r1; 1043 return NID_secp521r1;
1044#endif
1021 default: 1045 default:
1022 return -1; 1046 return -1;
1023 } 1047 }
1024} 1048}
1025 1049
1050#ifdef OPENSSL_HAS_ECC
1026/* 1051/*
1027 * This is horrid, but OpenSSL's PEM_read_PrivateKey seems not to restore 1052 * This is horrid, but OpenSSL's PEM_read_PrivateKey seems not to restore
1028 * the EC_GROUP nid when loading a key... 1053 * the EC_GROUP nid when loading a key...
@@ -1070,6 +1095,7 @@ ecdsa_generate_private_key(u_int bits, int *nid)
1070 fatal("%s: EC_KEY_generate_key failed", __func__); 1095 fatal("%s: EC_KEY_generate_key failed", __func__);
1071 return private; 1096 return private;
1072} 1097}
1098#endif /* OPENSSL_HAS_ECC */
1073 1099
1074Key * 1100Key *
1075key_generate(int type, u_int bits) 1101key_generate(int type, u_int bits)
@@ -1079,9 +1105,11 @@ key_generate(int type, u_int bits)
1079 case KEY_DSA: 1105 case KEY_DSA:
1080 k->dsa = dsa_generate_private_key(bits); 1106 k->dsa = dsa_generate_private_key(bits);
1081 break; 1107 break;
1108#ifdef OPENSSL_HAS_ECC
1082 case KEY_ECDSA: 1109 case KEY_ECDSA:
1083 k->ecdsa = ecdsa_generate_private_key(bits, &k->ecdsa_nid); 1110 k->ecdsa = ecdsa_generate_private_key(bits, &k->ecdsa_nid);
1084 break; 1111 break;
1112#endif
1085 case KEY_RSA: 1113 case KEY_RSA:
1086 case KEY_RSA1: 1114 case KEY_RSA1:
1087 k->rsa = rsa_generate_private_key(bits); 1115 k->rsa = rsa_generate_private_key(bits);
@@ -1158,6 +1186,7 @@ key_from_private(const Key *k)
1158 (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) 1186 (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL))
1159 fatal("key_from_private: BN_copy failed"); 1187 fatal("key_from_private: BN_copy failed");
1160 break; 1188 break;
1189#ifdef OPENSSL_HAS_ECC
1161 case KEY_ECDSA: 1190 case KEY_ECDSA:
1162 case KEY_ECDSA_CERT: 1191 case KEY_ECDSA_CERT:
1163 n = key_new(k->type); 1192 n = key_new(k->type);
@@ -1168,6 +1197,7 @@ key_from_private(const Key *k)
1168 EC_KEY_get0_public_key(k->ecdsa)) != 1) 1197 EC_KEY_get0_public_key(k->ecdsa)) != 1)
1169 fatal("%s: EC_KEY_set_public_key failed", __func__); 1198 fatal("%s: EC_KEY_set_public_key failed", __func__);
1170 break; 1199 break;
1200#endif
1171 case KEY_RSA: 1201 case KEY_RSA:
1172 case KEY_RSA1: 1202 case KEY_RSA1:
1173 case KEY_RSA_CERT_V00: 1203 case KEY_RSA_CERT_V00:
@@ -1199,11 +1229,13 @@ key_type_from_name(char *name)
1199 return KEY_RSA; 1229 return KEY_RSA;
1200 } else if (strcmp(name, "ssh-dss") == 0) { 1230 } else if (strcmp(name, "ssh-dss") == 0) {
1201 return KEY_DSA; 1231 return KEY_DSA;
1232#ifdef OPENSSL_HAS_ECC
1202 } else if (strcmp(name, "ecdsa") == 0 || 1233 } else if (strcmp(name, "ecdsa") == 0 ||
1203 strcmp(name, "ecdsa-sha2-nistp256") == 0 || 1234 strcmp(name, "ecdsa-sha2-nistp256") == 0 ||
1204 strcmp(name, "ecdsa-sha2-nistp384") == 0 || 1235 strcmp(name, "ecdsa-sha2-nistp384") == 0 ||
1205 strcmp(name, "ecdsa-sha2-nistp521") == 0) { 1236 strcmp(name, "ecdsa-sha2-nistp521") == 0) {
1206 return KEY_ECDSA; 1237 return KEY_ECDSA;
1238#endif
1207 } else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) { 1239 } else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) {
1208 return KEY_RSA_CERT_V00; 1240 return KEY_RSA_CERT_V00;
1209 } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { 1241 } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) {
@@ -1212,10 +1244,13 @@ key_type_from_name(char *name)
1212 return KEY_RSA_CERT; 1244 return KEY_RSA_CERT;
1213 } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { 1245 } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
1214 return KEY_DSA_CERT; 1246 return KEY_DSA_CERT;
1247#ifdef OPENSSL_HAS_ECC
1215 } else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0 || 1248 } else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0 ||
1216 strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0 || 1249 strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0 ||
1217 strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) 1250 strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) {
1218 return KEY_ECDSA_CERT; 1251 return KEY_ECDSA_CERT;
1252#endif
1253 }
1219 1254
1220 debug2("key_type_from_name: unknown key type '%s'", name); 1255 debug2("key_type_from_name: unknown key type '%s'", name);
1221 return KEY_UNSPEC; 1256 return KEY_UNSPEC;
@@ -1224,6 +1259,7 @@ key_type_from_name(char *name)
1224int 1259int
1225key_ecdsa_nid_from_name(const char *name) 1260key_ecdsa_nid_from_name(const char *name)
1226{ 1261{
1262#ifdef OPENSSL_HAS_ECC
1227 if (strcmp(name, "ecdsa-sha2-nistp256") == 0 || 1263 if (strcmp(name, "ecdsa-sha2-nistp256") == 0 ||
1228 strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0) 1264 strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0)
1229 return NID_X9_62_prime256v1; 1265 return NID_X9_62_prime256v1;
@@ -1233,6 +1269,7 @@ key_ecdsa_nid_from_name(const char *name)
1233 if (strcmp(name, "ecdsa-sha2-nistp521") == 0 || 1269 if (strcmp(name, "ecdsa-sha2-nistp521") == 0 ||
1234 strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) 1270 strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0)
1235 return NID_secp521r1; 1271 return NID_secp521r1;
1272#endif /* OPENSSL_HAS_ECC */
1236 1273
1237 debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name); 1274 debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name);
1238 return -1; 1275 return -1;
@@ -1403,7 +1440,9 @@ key_from_blob(const u_char *blob, u_int blen)
1403 int rlen, type, nid = -1; 1440 int rlen, type, nid = -1;
1404 char *ktype = NULL, *curve = NULL; 1441 char *ktype = NULL, *curve = NULL;
1405 Key *key = NULL; 1442 Key *key = NULL;
1443#ifdef OPENSSL_HAS_ECC
1406 EC_POINT *q = NULL; 1444 EC_POINT *q = NULL;
1445#endif
1407 1446
1408#ifdef DEBUG_PK 1447#ifdef DEBUG_PK
1409 dump_base64(stderr, blob, blen); 1448 dump_base64(stderr, blob, blen);
@@ -1416,8 +1455,10 @@ key_from_blob(const u_char *blob, u_int blen)
1416 } 1455 }
1417 1456
1418 type = key_type_from_name(ktype); 1457 type = key_type_from_name(ktype);
1458#ifdef OPENSSL_HAS_ECC
1419 if (key_type_plain(type) == KEY_ECDSA) 1459 if (key_type_plain(type) == KEY_ECDSA)
1420 nid = key_ecdsa_nid_from_name(ktype); 1460 nid = key_ecdsa_nid_from_name(ktype);
1461#endif
1421 1462
1422 switch (type) { 1463 switch (type) {
1423 case KEY_RSA_CERT: 1464 case KEY_RSA_CERT:
@@ -1455,6 +1496,7 @@ key_from_blob(const u_char *blob, u_int blen)
1455 DSA_print_fp(stderr, key->dsa, 8); 1496 DSA_print_fp(stderr, key->dsa, 8);
1456#endif 1497#endif
1457 break; 1498 break;
1499#ifdef OPENSSL_HAS_ECC
1458 case KEY_ECDSA_CERT: 1500 case KEY_ECDSA_CERT:
1459 (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ 1501 (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */
1460 /* FALLTHROUGH */ 1502 /* FALLTHROUGH */
@@ -1490,6 +1532,7 @@ key_from_blob(const u_char *blob, u_int blen)
1490 key_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); 1532 key_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q);
1491#endif 1533#endif
1492 break; 1534 break;
1535#endif /* OPENSSL_HAS_ECC */
1493 case KEY_UNSPEC: 1536 case KEY_UNSPEC:
1494 key = key_new(type); 1537 key = key_new(type);
1495 break; 1538 break;
@@ -1509,8 +1552,10 @@ key_from_blob(const u_char *blob, u_int blen)
1509 xfree(ktype); 1552 xfree(ktype);
1510 if (curve != NULL) 1553 if (curve != NULL)
1511 xfree(curve); 1554 xfree(curve);
1555#ifdef OPENSSL_HAS_ECC
1512 if (q != NULL) 1556 if (q != NULL)
1513 EC_POINT_free(q); 1557 EC_POINT_free(q);
1558#endif
1514 buffer_free(&b); 1559 buffer_free(&b);
1515 return key; 1560 return key;
1516} 1561}
@@ -1543,12 +1588,14 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
1543 buffer_put_bignum2(&b, key->dsa->g); 1588 buffer_put_bignum2(&b, key->dsa->g);
1544 buffer_put_bignum2(&b, key->dsa->pub_key); 1589 buffer_put_bignum2(&b, key->dsa->pub_key);
1545 break; 1590 break;
1591#ifdef OPENSSL_HAS_ECC
1546 case KEY_ECDSA: 1592 case KEY_ECDSA:
1547 buffer_put_cstring(&b, key_ssh_name(key)); 1593 buffer_put_cstring(&b, key_ssh_name(key));
1548 buffer_put_cstring(&b, key_curve_nid_to_name(key->ecdsa_nid)); 1594 buffer_put_cstring(&b, key_curve_nid_to_name(key->ecdsa_nid));
1549 buffer_put_ecpoint(&b, EC_KEY_get0_group(key->ecdsa), 1595 buffer_put_ecpoint(&b, EC_KEY_get0_group(key->ecdsa),
1550 EC_KEY_get0_public_key(key->ecdsa)); 1596 EC_KEY_get0_public_key(key->ecdsa));
1551 break; 1597 break;
1598#endif
1552 case KEY_RSA: 1599 case KEY_RSA:
1553 buffer_put_cstring(&b, key_ssh_name(key)); 1600 buffer_put_cstring(&b, key_ssh_name(key));
1554 buffer_put_bignum2(&b, key->rsa->e); 1601 buffer_put_bignum2(&b, key->rsa->e);
@@ -1582,9 +1629,11 @@ key_sign(
1582 case KEY_DSA_CERT: 1629 case KEY_DSA_CERT:
1583 case KEY_DSA: 1630 case KEY_DSA:
1584 return ssh_dss_sign(key, sigp, lenp, data, datalen); 1631 return ssh_dss_sign(key, sigp, lenp, data, datalen);
1632#ifdef OPENSSL_HAS_ECC
1585 case KEY_ECDSA_CERT: 1633 case KEY_ECDSA_CERT:
1586 case KEY_ECDSA: 1634 case KEY_ECDSA:
1587 return ssh_ecdsa_sign(key, sigp, lenp, data, datalen); 1635 return ssh_ecdsa_sign(key, sigp, lenp, data, datalen);
1636#endif
1588 case KEY_RSA_CERT_V00: 1637 case KEY_RSA_CERT_V00:
1589 case KEY_RSA_CERT: 1638 case KEY_RSA_CERT:
1590 case KEY_RSA: 1639 case KEY_RSA:
@@ -1613,9 +1662,11 @@ key_verify(
1613 case KEY_DSA_CERT: 1662 case KEY_DSA_CERT:
1614 case KEY_DSA: 1663 case KEY_DSA:
1615 return ssh_dss_verify(key, signature, signaturelen, data, datalen); 1664 return ssh_dss_verify(key, signature, signaturelen, data, datalen);
1665#ifdef OPENSSL_HAS_ECC
1616 case KEY_ECDSA_CERT: 1666 case KEY_ECDSA_CERT:
1617 case KEY_ECDSA: 1667 case KEY_ECDSA:
1618 return ssh_ecdsa_verify(key, signature, signaturelen, data, datalen); 1668 return ssh_ecdsa_verify(key, signature, signaturelen, data, datalen);
1669#endif
1619 case KEY_RSA_CERT_V00: 1670 case KEY_RSA_CERT_V00:
1620 case KEY_RSA_CERT: 1671 case KEY_RSA_CERT:
1621 case KEY_RSA: 1672 case KEY_RSA:
@@ -1670,6 +1721,7 @@ key_demote(const Key *k)
1670 if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) 1721 if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
1671 fatal("key_demote: BN_dup failed"); 1722 fatal("key_demote: BN_dup failed");
1672 break; 1723 break;
1724#ifdef OPENSSL_HAS_ECC
1673 case KEY_ECDSA_CERT: 1725 case KEY_ECDSA_CERT:
1674 key_cert_copy(k, pk); 1726 key_cert_copy(k, pk);
1675 /* FALLTHROUGH */ 1727 /* FALLTHROUGH */
@@ -1680,6 +1732,7 @@ key_demote(const Key *k)
1680 EC_KEY_get0_public_key(k->ecdsa)) != 1) 1732 EC_KEY_get0_public_key(k->ecdsa)) != 1)
1681 fatal("key_demote: EC_KEY_set_public_key failed"); 1733 fatal("key_demote: EC_KEY_set_public_key failed");
1682 break; 1734 break;
1735#endif
1683 default: 1736 default:
1684 fatal("key_free: bad key type %d", k->type); 1737 fatal("key_free: bad key type %d", k->type);
1685 break; 1738 break;
@@ -1819,6 +1872,7 @@ key_certify(Key *k, Key *ca)
1819 buffer_put_bignum2(&k->cert->certblob, k->dsa->g); 1872 buffer_put_bignum2(&k->cert->certblob, k->dsa->g);
1820 buffer_put_bignum2(&k->cert->certblob, k->dsa->pub_key); 1873 buffer_put_bignum2(&k->cert->certblob, k->dsa->pub_key);
1821 break; 1874 break;
1875#ifdef OPENSSL_HAS_ECC
1822 case KEY_ECDSA_CERT: 1876 case KEY_ECDSA_CERT:
1823 buffer_put_cstring(&k->cert->certblob, 1877 buffer_put_cstring(&k->cert->certblob,
1824 key_curve_nid_to_name(k->ecdsa_nid)); 1878 key_curve_nid_to_name(k->ecdsa_nid));
@@ -1826,6 +1880,7 @@ key_certify(Key *k, Key *ca)
1826 EC_KEY_get0_group(k->ecdsa), 1880 EC_KEY_get0_group(k->ecdsa),
1827 EC_KEY_get0_public_key(k->ecdsa)); 1881 EC_KEY_get0_public_key(k->ecdsa));
1828 break; 1882 break;
1883#endif
1829 case KEY_RSA_CERT_V00: 1884 case KEY_RSA_CERT_V00:
1830 case KEY_RSA_CERT: 1885 case KEY_RSA_CERT:
1831 buffer_put_bignum2(&k->cert->certblob, k->rsa->e); 1886 buffer_put_bignum2(&k->cert->certblob, k->rsa->e);
@@ -1955,12 +2010,14 @@ key_cert_is_legacy(Key *k)
1955int 2010int
1956key_curve_name_to_nid(const char *name) 2011key_curve_name_to_nid(const char *name)
1957{ 2012{
2013#ifdef OPENSSL_HAS_ECC
1958 if (strcmp(name, "nistp256") == 0) 2014 if (strcmp(name, "nistp256") == 0)
1959 return NID_X9_62_prime256v1; 2015 return NID_X9_62_prime256v1;
1960 else if (strcmp(name, "nistp384") == 0) 2016 else if (strcmp(name, "nistp384") == 0)
1961 return NID_secp384r1; 2017 return NID_secp384r1;
1962 else if (strcmp(name, "nistp521") == 0) 2018 else if (strcmp(name, "nistp521") == 0)
1963 return NID_secp521r1; 2019 return NID_secp521r1;
2020#endif
1964 2021
1965 debug("%s: unsupported EC curve name \"%.100s\"", __func__, name); 2022 debug("%s: unsupported EC curve name \"%.100s\"", __func__, name);
1966 return -1; 2023 return -1;
@@ -1970,12 +2027,14 @@ u_int
1970key_curve_nid_to_bits(int nid) 2027key_curve_nid_to_bits(int nid)
1971{ 2028{
1972 switch (nid) { 2029 switch (nid) {
2030#ifdef OPENSSL_HAS_ECC
1973 case NID_X9_62_prime256v1: 2031 case NID_X9_62_prime256v1:
1974 return 256; 2032 return 256;
1975 case NID_secp384r1: 2033 case NID_secp384r1:
1976 return 384; 2034 return 384;
1977 case NID_secp521r1: 2035 case NID_secp521r1:
1978 return 521; 2036 return 521;
2037#endif
1979 default: 2038 default:
1980 error("%s: unsupported EC curve nid %d", __func__, nid); 2039 error("%s: unsupported EC curve nid %d", __func__, nid);
1981 return 0; 2040 return 0;
@@ -1985,17 +2044,19 @@ key_curve_nid_to_bits(int nid)
1985const char * 2044const char *
1986key_curve_nid_to_name(int nid) 2045key_curve_nid_to_name(int nid)
1987{ 2046{
2047#ifdef OPENSSL_HAS_ECC
1988 if (nid == NID_X9_62_prime256v1) 2048 if (nid == NID_X9_62_prime256v1)
1989 return "nistp256"; 2049 return "nistp256";
1990 else if (nid == NID_secp384r1) 2050 else if (nid == NID_secp384r1)
1991 return "nistp384"; 2051 return "nistp384";
1992 else if (nid == NID_secp521r1) 2052 else if (nid == NID_secp521r1)
1993 return "nistp521"; 2053 return "nistp521";
1994 2054#endif
1995 error("%s: unsupported EC curve nid %d", __func__, nid); 2055 error("%s: unsupported EC curve nid %d", __func__, nid);
1996 return NULL; 2056 return NULL;
1997} 2057}
1998 2058
2059#ifdef OPENSSL_HAS_ECC
1999const EVP_MD * 2060const EVP_MD *
2000key_ec_nid_to_evpmd(int nid) 2061key_ec_nid_to_evpmd(int nid)
2001{ 2062{
@@ -2180,4 +2241,4 @@ key_dump_ec_key(const EC_KEY *key)
2180 fputs("\n", stderr); 2241 fputs("\n", stderr);
2181} 2242}
2182#endif /* defined(DEBUG_KEXECDH) || defined(DEBUG_PK) */ 2243#endif /* defined(DEBUG_KEXECDH) || defined(DEBUG_PK) */
2183 2244#endif /* OPENSSL_HAS_ECC */
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 12:30:19 +0000