diff options
Diffstat (limited to 'kex.c')
-rw-r--r-- | kex.c | 18 |
1 files changed, 13 insertions, 5 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.99 2014/04/29 18:01:49 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -33,7 +33,9 @@ | |||
33 | #include <stdlib.h> | 33 | #include <stdlib.h> |
34 | #include <string.h> | 34 | #include <string.h> |
35 | 35 | ||
36 | #ifdef WITH_OPENSSL | ||
36 | #include <openssl/crypto.h> | 37 | #include <openssl/crypto.h> |
38 | #endif | ||
37 | 39 | ||
38 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
39 | #include "ssh2.h" | 41 | #include "ssh2.h" |
@@ -74,12 +76,13 @@ struct kexalg { | |||
74 | int hash_alg; | 76 | int hash_alg; |
75 | }; | 77 | }; |
76 | static const struct kexalg kexalgs[] = { | 78 | static const struct kexalg kexalgs[] = { |
79 | #ifdef WITH_OPENSSL | ||
77 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, | 80 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
78 | { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, | 81 | { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, |
79 | { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, | 82 | { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, |
80 | #ifdef HAVE_EVP_SHA256 | 83 | #ifdef HAVE_EVP_SHA256 |
81 | { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, | 84 | { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, |
82 | #endif | 85 | #endif /* HAVE_EVP_SHA256 */ |
83 | #ifdef OPENSSL_HAS_ECC | 86 | #ifdef OPENSSL_HAS_ECC |
84 | { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, | 87 | { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, |
85 | NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, | 88 | NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, |
@@ -88,12 +91,13 @@ static const struct kexalg kexalgs[] = { | |||
88 | # ifdef OPENSSL_HAS_NISTP521 | 91 | # ifdef OPENSSL_HAS_NISTP521 |
89 | { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, | 92 | { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, |
90 | SSH_DIGEST_SHA512 }, | 93 | SSH_DIGEST_SHA512 }, |
91 | # endif | 94 | # endif /* OPENSSL_HAS_NISTP521 */ |
92 | #endif | 95 | #endif /* OPENSSL_HAS_ECC */ |
93 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, | 96 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
97 | #endif /* WITH_OPENSSL */ | ||
94 | #ifdef HAVE_EVP_SHA256 | 98 | #ifdef HAVE_EVP_SHA256 |
95 | { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, | 99 | { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, |
96 | #endif | 100 | #endif /* HAVE_EVP_SHA256 */ |
97 | { NULL, -1, -1, -1}, | 101 | { NULL, -1, -1, -1}, |
98 | }; | 102 | }; |
99 | static const struct kexalg kexalg_prefixes[] = { | 103 | static const struct kexalg kexalg_prefixes[] = { |
@@ -631,6 +635,7 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, | |||
631 | } | 635 | } |
632 | } | 636 | } |
633 | 637 | ||
638 | #ifdef WITH_OPENSSL | ||
634 | void | 639 | void |
635 | kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) | 640 | kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) |
636 | { | 641 | { |
@@ -642,6 +647,7 @@ kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) | |||
642 | buffer_ptr(&shared_secret), buffer_len(&shared_secret)); | 647 | buffer_ptr(&shared_secret), buffer_len(&shared_secret)); |
643 | buffer_free(&shared_secret); | 648 | buffer_free(&shared_secret); |
644 | } | 649 | } |
650 | #endif | ||
645 | 651 | ||
646 | Newkeys * | 652 | Newkeys * |
647 | kex_get_newkeys(int mode) | 653 | kex_get_newkeys(int mode) |
@@ -653,6 +659,7 @@ kex_get_newkeys(int mode) | |||
653 | return ret; | 659 | return ret; |
654 | } | 660 | } |
655 | 661 | ||
662 | #ifdef WITH_SSH1 | ||
656 | void | 663 | void |
657 | derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, | 664 | derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, |
658 | u_int8_t cookie[8], u_int8_t id[16]) | 665 | u_int8_t cookie[8], u_int8_t id[16]) |
@@ -685,6 +692,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, | |||
685 | explicit_bzero(nbuf, sizeof(nbuf)); | 692 | explicit_bzero(nbuf, sizeof(nbuf)); |
686 | explicit_bzero(obuf, sizeof(obuf)); | 693 | explicit_bzero(obuf, sizeof(obuf)); |
687 | } | 694 | } |
695 | #endif | ||
688 | 696 | ||
689 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) | 697 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) |
690 | void | 698 | void |