summaryrefslogtreecommitdiff
path: root/authfd.c
diff options
context:
space:
mode:
Diffstat (limited to 'authfd.c')
-rw-r--r--authfd.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/authfd.c b/authfd.c
index cea3f97b4..2d5a8dd5b 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfd.c,v 1.92 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: authfd.c,v 1.93 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -41,9 +41,6 @@
41#include <sys/un.h> 41#include <sys/un.h>
42#include <sys/socket.h> 42#include <sys/socket.h>
43 43
44#include <openssl/evp.h>
45#include <openssl/crypto.h>
46
47#include <fcntl.h> 44#include <fcntl.h>
48#include <stdlib.h> 45#include <stdlib.h>
49#include <signal.h> 46#include <signal.h>
@@ -313,8 +310,10 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi
313Key * 310Key *
314ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) 311ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version)
315{ 312{
313#ifdef WITH_SSH1
316 int keybits; 314 int keybits;
317 u_int bits; 315 u_int bits;
316#endif
318 u_char *blob; 317 u_char *blob;
319 u_int blen; 318 u_int blen;
320 Key *key = NULL; 319 Key *key = NULL;
@@ -328,6 +327,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
328 * error if the packet is too short or contains corrupt data. 327 * error if the packet is too short or contains corrupt data.
329 */ 328 */
330 switch (version) { 329 switch (version) {
330#ifdef WITH_SSH1
331 case 1: 331 case 1:
332 key = key_new(KEY_RSA1); 332 key = key_new(KEY_RSA1);
333 bits = buffer_get_int(&auth->identities); 333 bits = buffer_get_int(&auth->identities);
@@ -339,6 +339,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
339 logit("Warning: identity keysize mismatch: actual %d, announced %u", 339 logit("Warning: identity keysize mismatch: actual %d, announced %u",
340 BN_num_bits(key->rsa->n), bits); 340 BN_num_bits(key->rsa->n), bits);
341 break; 341 break;
342#endif
342 case 2: 343 case 2:
343 blob = buffer_get_string(&auth->identities, &blen); 344 blob = buffer_get_string(&auth->identities, &blen);
344 *comment = buffer_get_string(&auth->identities, NULL); 345 *comment = buffer_get_string(&auth->identities, NULL);
@@ -361,6 +362,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
361 * supported) and 1 corresponding to protocol version 1.1. 362 * supported) and 1 corresponding to protocol version 1.1.
362 */ 363 */
363 364
365#ifdef WITH_SSH1
364int 366int
365ssh_decrypt_challenge(AuthenticationConnection *auth, 367ssh_decrypt_challenge(AuthenticationConnection *auth,
366 Key* key, BIGNUM *challenge, 368 Key* key, BIGNUM *challenge,
@@ -410,6 +412,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
410 buffer_free(&buffer); 412 buffer_free(&buffer);
411 return success; 413 return success;
412} 414}
415#endif
413 416
414/* ask agent to sign data, returns -1 on error, 0 on success */ 417/* ask agent to sign data, returns -1 on error, 0 on success */
415int 418int
@@ -457,6 +460,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
457 460
458/* Encode key for a message to the agent. */ 461/* Encode key for a message to the agent. */
459 462
463#ifdef WITH_SSH1
460static void 464static void
461ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) 465ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
462{ 466{
@@ -470,6 +474,7 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
470 buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ 474 buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */
471 buffer_put_cstring(b, comment); 475 buffer_put_cstring(b, comment);
472} 476}
477#endif
473 478
474static void 479static void
475ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) 480ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
@@ -493,6 +498,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
493 buffer_init(&msg); 498 buffer_init(&msg);
494 499
495 switch (key->type) { 500 switch (key->type) {
501#ifdef WITH_SSH1
496 case KEY_RSA1: 502 case KEY_RSA1:
497 type = constrained ? 503 type = constrained ?
498 SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : 504 SSH_AGENTC_ADD_RSA_ID_CONSTRAINED :
@@ -500,6 +506,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
500 buffer_put_char(&msg, type); 506 buffer_put_char(&msg, type);
501 ssh_encode_identity_rsa1(&msg, key->rsa, comment); 507 ssh_encode_identity_rsa1(&msg, key->rsa, comment);
502 break; 508 break;
509#endif
510#ifdef WITH_OPENSSL
503 case KEY_RSA: 511 case KEY_RSA:
504 case KEY_RSA_CERT: 512 case KEY_RSA_CERT:
505 case KEY_RSA_CERT_V00: 513 case KEY_RSA_CERT_V00:
@@ -508,6 +516,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
508 case KEY_DSA_CERT_V00: 516 case KEY_DSA_CERT_V00:
509 case KEY_ECDSA: 517 case KEY_ECDSA:
510 case KEY_ECDSA_CERT: 518 case KEY_ECDSA_CERT:
519#endif
511 case KEY_ED25519: 520 case KEY_ED25519:
512 case KEY_ED25519_CERT: 521 case KEY_ED25519_CERT:
513 type = constrained ? 522 type = constrained ?
@@ -552,12 +561,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
552 561
553 buffer_init(&msg); 562 buffer_init(&msg);
554 563
564#ifdef WITH_SSH1
555 if (key->type == KEY_RSA1) { 565 if (key->type == KEY_RSA1) {
556 buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); 566 buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY);
557 buffer_put_int(&msg, BN_num_bits(key->rsa->n)); 567 buffer_put_int(&msg, BN_num_bits(key->rsa->n));
558 buffer_put_bignum(&msg, key->rsa->e); 568 buffer_put_bignum(&msg, key->rsa->e);
559 buffer_put_bignum(&msg, key->rsa->n); 569 buffer_put_bignum(&msg, key->rsa->n);
560 } else if (key->type != KEY_UNSPEC) { 570 } else
571#endif
572 if (key->type != KEY_UNSPEC) {
561 key_to_blob(key, &blob, &blen); 573 key_to_blob(key, &blob, &blen);
562 buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); 574 buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
563 buffer_put_string(&msg, blob, blen); 575 buffer_put_string(&msg, blob, blen);