diff options
Diffstat (limited to 'authfd.c')
-rw-r--r-- | authfd.c | 22 |
1 files changed, 17 insertions, 5 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.c,v 1.92 2014/01/31 16:39:19 tedu Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.93 2014/04/29 18:01:49 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -41,9 +41,6 @@ | |||
41 | #include <sys/un.h> | 41 | #include <sys/un.h> |
42 | #include <sys/socket.h> | 42 | #include <sys/socket.h> |
43 | 43 | ||
44 | #include <openssl/evp.h> | ||
45 | #include <openssl/crypto.h> | ||
46 | |||
47 | #include <fcntl.h> | 44 | #include <fcntl.h> |
48 | #include <stdlib.h> | 45 | #include <stdlib.h> |
49 | #include <signal.h> | 46 | #include <signal.h> |
@@ -313,8 +310,10 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi | |||
313 | Key * | 310 | Key * |
314 | ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) | 311 | ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) |
315 | { | 312 | { |
313 | #ifdef WITH_SSH1 | ||
316 | int keybits; | 314 | int keybits; |
317 | u_int bits; | 315 | u_int bits; |
316 | #endif | ||
318 | u_char *blob; | 317 | u_char *blob; |
319 | u_int blen; | 318 | u_int blen; |
320 | Key *key = NULL; | 319 | Key *key = NULL; |
@@ -328,6 +327,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio | |||
328 | * error if the packet is too short or contains corrupt data. | 327 | * error if the packet is too short or contains corrupt data. |
329 | */ | 328 | */ |
330 | switch (version) { | 329 | switch (version) { |
330 | #ifdef WITH_SSH1 | ||
331 | case 1: | 331 | case 1: |
332 | key = key_new(KEY_RSA1); | 332 | key = key_new(KEY_RSA1); |
333 | bits = buffer_get_int(&auth->identities); | 333 | bits = buffer_get_int(&auth->identities); |
@@ -339,6 +339,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio | |||
339 | logit("Warning: identity keysize mismatch: actual %d, announced %u", | 339 | logit("Warning: identity keysize mismatch: actual %d, announced %u", |
340 | BN_num_bits(key->rsa->n), bits); | 340 | BN_num_bits(key->rsa->n), bits); |
341 | break; | 341 | break; |
342 | #endif | ||
342 | case 2: | 343 | case 2: |
343 | blob = buffer_get_string(&auth->identities, &blen); | 344 | blob = buffer_get_string(&auth->identities, &blen); |
344 | *comment = buffer_get_string(&auth->identities, NULL); | 345 | *comment = buffer_get_string(&auth->identities, NULL); |
@@ -361,6 +362,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio | |||
361 | * supported) and 1 corresponding to protocol version 1.1. | 362 | * supported) and 1 corresponding to protocol version 1.1. |
362 | */ | 363 | */ |
363 | 364 | ||
365 | #ifdef WITH_SSH1 | ||
364 | int | 366 | int |
365 | ssh_decrypt_challenge(AuthenticationConnection *auth, | 367 | ssh_decrypt_challenge(AuthenticationConnection *auth, |
366 | Key* key, BIGNUM *challenge, | 368 | Key* key, BIGNUM *challenge, |
@@ -410,6 +412,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, | |||
410 | buffer_free(&buffer); | 412 | buffer_free(&buffer); |
411 | return success; | 413 | return success; |
412 | } | 414 | } |
415 | #endif | ||
413 | 416 | ||
414 | /* ask agent to sign data, returns -1 on error, 0 on success */ | 417 | /* ask agent to sign data, returns -1 on error, 0 on success */ |
415 | int | 418 | int |
@@ -457,6 +460,7 @@ ssh_agent_sign(AuthenticationConnection *auth, | |||
457 | 460 | ||
458 | /* Encode key for a message to the agent. */ | 461 | /* Encode key for a message to the agent. */ |
459 | 462 | ||
463 | #ifdef WITH_SSH1 | ||
460 | static void | 464 | static void |
461 | ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) | 465 | ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) |
462 | { | 466 | { |
@@ -470,6 +474,7 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) | |||
470 | buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ | 474 | buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ |
471 | buffer_put_cstring(b, comment); | 475 | buffer_put_cstring(b, comment); |
472 | } | 476 | } |
477 | #endif | ||
473 | 478 | ||
474 | static void | 479 | static void |
475 | ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) | 480 | ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) |
@@ -493,6 +498,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, | |||
493 | buffer_init(&msg); | 498 | buffer_init(&msg); |
494 | 499 | ||
495 | switch (key->type) { | 500 | switch (key->type) { |
501 | #ifdef WITH_SSH1 | ||
496 | case KEY_RSA1: | 502 | case KEY_RSA1: |
497 | type = constrained ? | 503 | type = constrained ? |
498 | SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : | 504 | SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : |
@@ -500,6 +506,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, | |||
500 | buffer_put_char(&msg, type); | 506 | buffer_put_char(&msg, type); |
501 | ssh_encode_identity_rsa1(&msg, key->rsa, comment); | 507 | ssh_encode_identity_rsa1(&msg, key->rsa, comment); |
502 | break; | 508 | break; |
509 | #endif | ||
510 | #ifdef WITH_OPENSSL | ||
503 | case KEY_RSA: | 511 | case KEY_RSA: |
504 | case KEY_RSA_CERT: | 512 | case KEY_RSA_CERT: |
505 | case KEY_RSA_CERT_V00: | 513 | case KEY_RSA_CERT_V00: |
@@ -508,6 +516,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, | |||
508 | case KEY_DSA_CERT_V00: | 516 | case KEY_DSA_CERT_V00: |
509 | case KEY_ECDSA: | 517 | case KEY_ECDSA: |
510 | case KEY_ECDSA_CERT: | 518 | case KEY_ECDSA_CERT: |
519 | #endif | ||
511 | case KEY_ED25519: | 520 | case KEY_ED25519: |
512 | case KEY_ED25519_CERT: | 521 | case KEY_ED25519_CERT: |
513 | type = constrained ? | 522 | type = constrained ? |
@@ -552,12 +561,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) | |||
552 | 561 | ||
553 | buffer_init(&msg); | 562 | buffer_init(&msg); |
554 | 563 | ||
564 | #ifdef WITH_SSH1 | ||
555 | if (key->type == KEY_RSA1) { | 565 | if (key->type == KEY_RSA1) { |
556 | buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); | 566 | buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); |
557 | buffer_put_int(&msg, BN_num_bits(key->rsa->n)); | 567 | buffer_put_int(&msg, BN_num_bits(key->rsa->n)); |
558 | buffer_put_bignum(&msg, key->rsa->e); | 568 | buffer_put_bignum(&msg, key->rsa->e); |
559 | buffer_put_bignum(&msg, key->rsa->n); | 569 | buffer_put_bignum(&msg, key->rsa->n); |
560 | } else if (key->type != KEY_UNSPEC) { | 570 | } else |
571 | #endif | ||
572 | if (key->type != KEY_UNSPEC) { | ||
561 | key_to_blob(key, &blob, &blen); | 573 | key_to_blob(key, &blob, &blen); |
562 | buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); | 574 | buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); |
563 | buffer_put_string(&msg, blob, blen); | 575 | buffer_put_string(&msg, blob, blen); |